Bensuperpc/infrastructure
1
0
Fork 0
mirror of https://github.com/bensuperpc/infrastructure.git synced 2025-09-07 09:01:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Bensuperpc:fcd4dc85bc353c79c673d7289937dbc5a13a5b44
Branches Tags
Bensuperpc:main Bensuperpc:dependabot/github_actions/actions/checkout-5 Bensuperpc:dns Bensuperpc:mainold
...
compare: Bensuperpc:main
Branches Tags
Bensuperpc:main Bensuperpc:dependabot/github_actions/actions/checkout-5 Bensuperpc:dns Bensuperpc:mainold

6 Commits
fcd4dc85bc ... main

Author SHA1 Message Date
Bensuperpc
d8d00cbd24 Add Teamfortress 2 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2025-09-01 22:36:21 +02:00
Bensuperpc
6b39245125 Update Forgejo to rootless image 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2025-08-24 20:09:28 +02:00
Bensuperpc
f48cbcc522 Add cyberchef and update config 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2025-08-22 23:44:57 +02:00
Bensuperpc
36e57c4a47 Fix Rsync/SSH transfert speed 2025-08-16 00:53:47 +02:00
Bensuperpc
31596675b9 Fix Caddy config, update Makefile 2025-08-15 22:52:05 +02:00
Bensuperpc
2b902e54be Update caddy config 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2025-08-06 14:01:14 +02:00
57 changed files with 621 additions and 368 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
/*.tar.gz

31
Makefile
View File

@@ -11,25 +11,28 @@
#// //
#//////////////////////////////////////////////////////////////
ADMIN_SERVICES := openssh uptime-kuma yacht
BLOG_SERVICES := wordpress
7DAYS_TO_DIE_SERVICES := 7daystodie_server 7daystodie_backup
MINECRAFT_SERVICES := minecraft_server minecraft_backup
SATISFACTORY_SERVICES := satisfactory_server satisfactory_backup
GIT_SERVICES := forgejo forgejo-runner
ADMIN_SERVICES := openssh uptime-kuma
#BLOG_SERVICES := wordpress
#7DAYS_TO_DIE_SERVICES := 7daystodie_server 7daystodie_backup
#MINECRAFT_SERVICES := minecraft_server minecraft_backup
#SATISFACTORY_SERVICES := satisfactory_server satisfactory_backup
TEAM_FORTRESS_SERVICES := teamfortress2_server
# teamfortress2_backup
# gitea gitea-runner
IA_SERVICES := open-webui
SHARING_SERVICES := psitransfer picoshare privatebin projectsend jellyfin dufs syncthing
TORRENTS_SERVICES := qbittorrent transmission
UTILS_SERVICES := it-tools stirlingpdf omni-tools
#IA_SERVICES := open-webui
SHARING_SERVICES := privatebin
# jellyfin
# psitransfer picoshare projectsend dufs syncthing
TORRENTS_SERVICES := qbittorrent
# transmission
UTILS_SERVICES := it-tools omni-tools cyberchef
# stirlingpdf
MAIN_SERVICES := main_infrastructure caddy homepage
PROJECT_DIRECTORY := infrastructure
DOCKER_PROFILES := $(MAIN_SERVICES) \
$(ADMIN_SERVICES) $(BLOG_SERVICES) $(7DAYS_TO_DIE_SERVICES) $(MINECRAFT_SERVICES) \
$(SATISFACTORY_SERVICES) \
DOCKER_PROFILES := $(MAIN_SERVICES) $(ADMIN_SERVICES) $(BLOG_SERVICES) \
$(7DAYS_TO_DIE_SERVICES) $(MINECRAFT_SERVICES) $(SATISFACTORY_SERVICES) \
$(GIT_SERVICES) $(IA_SERVICES) $(SHARING_SERVICES) \
$(TORRENTS_SERVICES) $(UTILS_SERVICES)

22
README.md
View File

@@ -23,7 +23,6 @@ If you have any **questions** or **suggestions**, feel free to open an issue or
- [x] it-tools and omni-tools (Tools for IT)
- [x] Open-WebUI (Local chatGPT)
- [x] Privatebin (Pastebin)
- [x] Yacht (Web interface for managing docker containers)
- [X] [Satisfactory](https://github.com/bensuperpc/docker-satisfactory)
- [x] [7 days to die](https://github.com/bensuperpc/docker-7daystodie)
- [x] [minecraft](https://github.com/bensuperpc/docker-minecraft-server)
@@ -114,17 +113,11 @@ And then, caddy will generate the certificate for you and renew it automatically
| [it-tools.bensuperpc.org](https://it-tools.bensuperpc.org) | Sub | Tools for IT |
| [omni-tools.bensuperpc.org](https://omni-tools.bensuperpc.org) | Sub | Tools for IT |
| [privatebin.bensuperpc.org](https://privatebin.bensuperpc.org) | Sub | Pastebin |
| [yacht.bensuperpc.org](https://yacht.bensuperpc.org) | Sub | Web interface for managing docker containers |
| [projectsend.bensuperpc.org](https://projectsend.bensuperpc.org) | Sub | ProjectSend for file sharing |
| [picoshare.bensuperpc.org](https://picoshare.bensuperpc.org) | Sub | Picoshare for file sharing |
| [dufs.bensuperpc.org](https://dufs.bensuperpc.org) | Sub | Dufs for file sharing |
| [public.bensuperpc.org](https://public.bensuperpc.org) | Sub | Caddy for file sharing |
| [memos.bensuperpc.org](https://memos.bensuperpc.org) | Sub | Caddy for file sharing |
| [stirlingpdf.bensuperpc.org](https://stirlingpdf.bensuperpc.org) | Sub | Stirling PDF tools |
| bensuperpc.com | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
| bensuperpc.fr | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
| bensuperpc.net | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
| bensuperpc.ovh | Main | Redirect to [www.bensuperpc.org](https://www.bensuperpc.org) |
### Configure the infrastructure
@@ -195,12 +188,6 @@ For [psitransfer.env](infrastructure/services/psitransfer/env/psitransfer.env) f
PSITRANSFER_ADMIN_PASS=n9jLVNT9QUotTJTT91JqH4GyBTg9pvEn
```
For [yacht.env](infrastructure/services/yacht/env/yacht.env) file, you need to change the secret key.
```sh
SECRET_KEY=UZvg9nbcGIJlPEB3uI39TAEWyFOz9nm8
```
For [projectsend_db.env](infrastructure/services/projectsend/env/projectsend_db.env) file, you need to change the password(s) and user for the database.
```sh
@@ -300,6 +287,14 @@ You can change the homepage config in these files:
### Forgejo
Once the installation is complete, you need to set the installation lock:
```sh
FORGEJO__security__INSTALL_LOCK=true
```
### Forgejo Runner
```sh
docker exec -it forgejo_runner /bin/bash
```
@@ -384,7 +379,6 @@ ssh -p 2222 admin@bensuperpc.org
- [Privatebin](https://github.com/PrivateBin/PrivateBin)
- [ghost](https://ghost.org)
- [Homepage Tuto](https://belginux.com/installer-homepage-avec-docker/)
- [Yacht](https://yacht.sh/)
- [ProjectSend](https://www.projectsend.org/)
- [Picoshare](https://github.com/mtlynch/picoshare)
- [Dufs](https://github.com/sigoden/dufs)

6
infrastructure/docker-compose.yml
View File

@@ -17,6 +17,8 @@ include:
- services/it-tools/docker-compose.it-tools.yml
# omni-tools
- services/omni-tools/docker-compose.omni-tools.yml
# cyberchef
- services/cyberchef/docker-compose.cyberchef.yml
# Jellyfin
- services/jellyfin/docker-compose.jellyfin.yml
# Openssh
@@ -39,8 +41,6 @@ include:
- services/transmission/docker-compose.transmission.yml
# Uptime-kuma
- services/uptime-kuma/docker-compose.uptime-kuma.yml
# Yacht
- services/yacht/docker-compose.yacht.yml
# open-webui
- services/open-webui/docker-compose.open-webui.yml
# Minecraft
@@ -49,3 +49,5 @@ include:
- services/7daystodie-server/7daystodie-server/docker-compose.yml
# Satisfactory
- services/satisfactory-server/satisfactory-server/docker-compose.yml
# Team Fortress 2
- services/teamfortress2-server/teamfortress2-server/docker-compose.yml

12
infrastructure/services/caddy/config/Caddyfile
View File

@@ -3,13 +3,13 @@
key_type p384
log {
output file /data/logs/access.log
output file /data/logs/access.log {
roll_size 1GiB
roll_keep 20
roll_keep_for 720h
}
format json
}
}
import bensuperpc.org/*
import bensuperpc.com/*
import bensuperpc.net/*
import bensuperpc.ovh/*
import bensuperpc.fr/*
import website/*

7
infrastructure/services/caddy/config/bensuperpc.com/Caddyfile
View File

@@ -1,7 +0,0 @@
bensuperpc.com {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.com {
redir https://www.bensuperpc.org{uri} permanent
}

7
infrastructure/services/caddy/config/bensuperpc.fr/Caddyfile
View File

@@ -1,7 +0,0 @@
bensuperpc.fr {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.fr {
redir https://www.bensuperpc.org{uri} permanent
}

19
infrastructure/services/caddy/config/bensuperpc.net/Caddyfile
View File

@@ -1,19 +0,0 @@
bensuperpc.net {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.net {
redir https://www.bensuperpc.org{uri} permanent
}
git.bensuperpc.net {
redir https://git.bensuperpc.org{uri} permanent
}
jellyfin.bensuperpc.net {
redir https://jellyfin.bensuperpc.org{uri} permanent
}
uptimekuma.bensuperpc.net {
redir https://uptimekuma.bensuperpc.org{uri} permanent
}

184
infrastructure/services/caddy/config/bensuperpc.org/Caddyfile
View File

@@ -1,184 +0,0 @@
www.{$MAIN_DOMAIN} {
reverse_proxy homepage:3000
}
{$MAIN_DOMAIN} {
redir https://www.{host}{uri} permanent
}
homepage.{$MAIN_DOMAIN} {
redir https://www.{$MAIN_DOMAIN}{uri} permanent
}
public.{$MAIN_DOMAIN} {
root * /public_data
file_server browse
}
wordpress.{$MAIN_DOMAIN} {
root * /var/www/html
php_fastcgi wordpress:9000
file_server
encode zstd gzip
@disallowed {
path /xmlrpc.php
path *.sql
path /wp-content/uploads/*.php
}
rewrite @disallowed '/index.php'
respond /uploads/*.php 404
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
# X-Frame-Options DENY
# Disable powerful features we don't need
Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
}
}
it-tools.{$MAIN_DOMAIN} {
# Load balance between 2 instances
reverse_proxy {
to it-tools0:80 it-tools1:80
lb_policy round_robin
lb_retries 3
lb_try_interval 1s
}
}
omni-tools.{$MAIN_DOMAIN} {
# Load balance between 2 instances
reverse_proxy {
to omni-tools0:80 omni-tools1:80
lb_policy round_robin
lb_retries 3
lb_try_interval 1s
}
}
uptimekuma.{$MAIN_DOMAIN} {
reverse_proxy uptime-kuma:3001
}
torrent.{$MAIN_DOMAIN} {
reverse_proxy qbittorrent:8080
}
qbittorrent.{$MAIN_DOMAIN} {
redir https://torrent.{$MAIN_DOMAIN} permanent
}
transmission.{$MAIN_DOMAIN} {
reverse_proxy transmission:9091
}
gitea.{$MAIN_DOMAIN} {
reverse_proxy gitea:3000
}
git.{$MAIN_DOMAIN} {
reverse_proxy forgejo:3000
}
forgejo.{$MAIN_DOMAIN} {
redir https://git.{$MAIN_DOMAIN}{uri} permanent
}
jellyfin.{$MAIN_DOMAIN} {
reverse_proxy jellyfin:8096
}
transfer.{$MAIN_DOMAIN} {
reverse_proxy psitransfer:3000
}
psitransfer.{$MAIN_DOMAIN} {
redir https://transfer.{$MAIN_DOMAIN}{uri} permanent
}
picoshare.{$MAIN_DOMAIN} {
reverse_proxy picoshare:4001
}
syncthing.{$MAIN_DOMAIN} {
reverse_proxy syncthing:8384 {
header_up Host {upstream_hostport}
}
}
privatebin.{$MAIN_DOMAIN} {
reverse_proxy privatebin:8080
}
pastebin.{$MAIN_DOMAIN} {
redir https://privatebin.{$MAIN_DOMAIN} permanent
}
yacht.{$MAIN_DOMAIN} {
reverse_proxy yacht:8000
}
projectsend.{$MAIN_DOMAIN} {
reverse_proxy projectsend:80
}
dufs.{$MAIN_DOMAIN} {
reverse_proxy dufs:5000
}
stirlingpdf.{$MAIN_DOMAIN} {
reverse_proxy stirlingpdf:8080
}
memos.{$MAIN_DOMAIN} {
reverse_proxy memos:5230
}
open-webui.{$MAIN_DOMAIN} {
reverse_proxy open-webui:8080
}
link.{$MAIN_DOMAIN} {
# TODO: Use service with database
# Friendly links
redir /gnous https://gnous.eu permanent
redir /proxy https://imagisphe.re permanent
redir /patch https://spaceint.fr permanent
redir /greep https://greep.fr permanent
# Youtube links
redir /rickroll https://www.youtube.com/watch?v=dQw4w9WgXcQ permanent
redir /babyshark https://www.youtube.com/watch?v=XqZsoesa55w permanent
redir /cowcowcow https://www.youtube.com/watch?v=FavUpD_IjVY permanent
redir /badapple https://www.youtube.com/watch?v=FtutLA63Cp8 permanent
redir /macdo https://www.youtube.com/watch?v=Q16KpquGsIc permanent
redir /superiser https://www.youtube.com/watch?v=srnyVw-OR0g permanent
redir /daicon https://youtu.be/-840keiiFDE?si=zIPIokytxcnGw5fJ&t=162 permanent
redir /scp https://www.youtube.com/watch?v=FGCDndN20G8 permanent
redir /scpfb https://youtu.be/9zrKk-1E8zM?si=8R_ZBVG3GzMUYOe8&t=36 permanent
redir /mother https://youtu.be/w3NyycHR3fE?si=rNNSW9zYv0bcO2Eu permanent
redir /cpu https://www.youtube.com/watch?v=y39D4529FM4 permanent
redir /lechanteur https://youtu.be/HXdP15Ubu6M?si=N0qvhqo--3pmSGmb permanent
redir /nohero https://youtu.be/4DuUejBkMqE?si=bkB8G6PHwCp56jxb permanent
redir /indochine https://youtu.be/M7X6oYg6iro?si=ZRarm3qamTJ8vIJ0 permanent
redir /bna https://youtu.be/3T3ofoKfEoY?si=_7HkGQXMC7rBng8O permanent
redir /jojo https://youtu.be/U0TXIXTzJEY?si=2acWJWX06ju2w4uj permanent
redir /patapon https://youtu.be/H6CbNHLHkmk?si=ZvU8SzrOK-oCUXT5 permanent
redir /darkwater https://youtu.be/Tr8ZgF4Dc0E?si=CEOmm2J6Jp5rdbbt permanent
redir /train https://youtu.be/l8mScKWj3kQ?si=BV07uJ9eP3kzV9Kl permanent
redir /jdg https://www.youtube.com/@joueurdugrenier permanent
}

7
infrastructure/services/caddy/config/bensuperpc.ovh/Caddyfile
View File

@@ -1,7 +0,0 @@
bensuperpc.ovh {
redir https://www.bensuperpc.org{uri} permanent
}
www.bensuperpc.ovh {
redir https://www.bensuperpc.org{uri} permanent
}

9
infrastructure/services/caddy/config/website/cyberchef.caddy Normal file
View File

@@ -0,0 +1,9 @@
cyberchef.{$MAIN_DOMAIN} {
# Load balance between 2 instances
reverse_proxy {
to cyberchef0:8000 cyberchef1:8000
lb_policy round_robin
lb_retries 3
lb_try_interval 1s
}
}

3
infrastructure/services/caddy/config/website/dufs.caddy Normal file
View File

@@ -0,0 +1,3 @@
dufs.{$MAIN_DOMAIN} {
reverse_proxy dufs:5000
}

7
infrastructure/services/caddy/config/website/forgejo.caddy Normal file
View File

@@ -0,0 +1,7 @@
git.{$MAIN_DOMAIN} {
reverse_proxy forgejo:3000
}
forgejo.{$MAIN_DOMAIN} {
redir https://git.{$MAIN_DOMAIN}{uri} permanent
}

3
infrastructure/services/caddy/config/website/gitea.caddy Normal file
View File

@@ -0,0 +1,3 @@
gitea.{$MAIN_DOMAIN} {
reverse_proxy gitea:3000
}

14
infrastructure/services/caddy/config/website/header.caddy Normal file
View File

@@ -0,0 +1,14 @@
(header_common) {
Permissions-Policy: geolocation=(), camera=(), microphone=(), clipboard-read=(), usb=()
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Referrer-Policy: strict-origin-when-cross-origin
# Only useful for old browsers
X-XSS-Protection: "1; mode=block"
# Can cause issues with external resources
#Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
#Cross-Origin-Resource-Policy: same-origin
}

3
infrastructure/services/caddy/config/website/homepage.caddy Normal file
View File

@@ -0,0 +1,3 @@
homepage.{$MAIN_DOMAIN} {
reverse_proxy homepage:3000
}

9
infrastructure/services/caddy/config/website/it-tools.caddy Normal file
View File

@@ -0,0 +1,9 @@
it-tools.{$MAIN_DOMAIN} {
# Load balance between 2 instances
reverse_proxy {
to it-tools0:8080 it-tools1:8080
lb_policy round_robin
lb_retries 3
lb_try_interval 1s
}
}

3
infrastructure/services/caddy/config/website/jellyfin.caddy Normal file
View File

@@ -0,0 +1,3 @@
jellyfin.{$MAIN_DOMAIN} {
reverse_proxy jellyfin:8096
}

27
infrastructure/services/caddy/config/website/main.caddy Normal file
View File

@@ -0,0 +1,27 @@
www.{$MAIN_DOMAIN} {
header {
Cache-Control "public, max-age=10"
import header_common
}
handle_errors {
@notFound expression `{http.error.status_code} == 404`
redir @notFound https://www.{$MAIN_DOMAIN} permanent
}
reverse_proxy homepage:3000
}
{$MAIN_DOMAIN} {
redir https://www.{host}{uri} permanent
}
#public.{$MAIN_DOMAIN} {
# root * /public_data
# file_server browse
#
# header / {
# Cache-Control "no-store"
# import header_common
# }
#}

3
infrastructure/services/caddy/config/website/memos.caddy Normal file
View File

@@ -0,0 +1,3 @@
memos.{$MAIN_DOMAIN} {
reverse_proxy memos:5230
}

9
infrastructure/services/caddy/config/website/omni-tools.caddy Normal file
View File

@@ -0,0 +1,9 @@
omni-tools.{$MAIN_DOMAIN} {
# Load balance between 2 instances
reverse_proxy {
to omni-tools0:80 omni-tools1:80
lb_policy round_robin
lb_retries 3
lb_try_interval 1s
}
}

3
infrastructure/services/caddy/config/website/open-webui.caddy Normal file
View File

@@ -0,0 +1,3 @@
open-webui.{$MAIN_DOMAIN} {
reverse_proxy open-webui:8080
}

3
infrastructure/services/caddy/config/website/picoshare.caddy Normal file
View File

@@ -0,0 +1,3 @@
picoshare.{$MAIN_DOMAIN} {
reverse_proxy picoshare:4001
}

7
infrastructure/services/caddy/config/website/privatebin.caddy Normal file
View File

@@ -0,0 +1,7 @@
privatebin.{$MAIN_DOMAIN} {
reverse_proxy privatebin:8080
}
pastebin.{$MAIN_DOMAIN} {
redir https://privatebin.{$MAIN_DOMAIN} permanent
}

3
infrastructure/services/caddy/config/website/projectsend.caddy Normal file
View File

@@ -0,0 +1,3 @@
projectsend.{$MAIN_DOMAIN} {
reverse_proxy projectsend:80
}

7
infrastructure/services/caddy/config/website/psitransfer.caddy Normal file
View File

@@ -0,0 +1,7 @@
transfer.{$MAIN_DOMAIN} {
reverse_proxy psitransfer:3000
}
psitransfer.{$MAIN_DOMAIN} {
redir https://transfer.{$MAIN_DOMAIN}{uri} permanent
}

7
infrastructure/services/caddy/config/website/qbittorrent.caddy Normal file
View File

@@ -0,0 +1,7 @@
torrent.{$MAIN_DOMAIN} {
reverse_proxy qbittorrent:8080
}
qbittorrent.{$MAIN_DOMAIN} {
redir https://torrent.{$MAIN_DOMAIN} permanent
}

3
infrastructure/services/caddy/config/website/stirlingpdf.caddy Normal file
View File

@@ -0,0 +1,3 @@
stirlingpdf.{$MAIN_DOMAIN} {
reverse_proxy stirlingpdf:8080
}

5
infrastructure/services/caddy/config/website/syncthing.caddy Normal file
View File

@@ -0,0 +1,5 @@
syncthing.{$MAIN_DOMAIN} {
reverse_proxy syncthing:8384 {
header_up Host {upstream_hostport}
}
}

3
infrastructure/services/caddy/config/website/transmission.caddy Normal file
View File

@@ -0,0 +1,3 @@
transmission.{$MAIN_DOMAIN} {
reverse_proxy transmission:9091
}

3
infrastructure/services/caddy/config/website/uptimekuma.caddy Normal file
View File

@@ -0,0 +1,3 @@
uptimekuma.{$MAIN_DOMAIN} {
reverse_proxy uptime-kuma:3001
}

34
infrastructure/services/caddy/config/website/wordpress.caddy Normal file
View File

@@ -0,0 +1,34 @@
wordpress.{$MAIN_DOMAIN} {
root * /var/www/html
php_fastcgi wordpress:9000
file_server
encode zstd gzip
@disallowed {
path /xmlrpc.php
path *.sql
path /wp-content/uploads/*.php
}
rewrite @disallowed '/index.php'
respond /uploads/*.php 404
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# disable clients from sniffing the media type
X-Content-Type-Options nosniff
# clickjacking protection
# X-Frame-Options DENY
# Disable powerful features we don't need
Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
}
}

51
infrastructure/services/cyberchef/docker-compose.cyberchef.yml Normal file
View File

@@ -0,0 +1,51 @@
services:
# cyberchef
cyberchef0:
image: mpepping/cyberchef:latest
container_name: cyberchef0
profiles:
- cyberchef
restart: on-failure:5
depends_on:
- caddy
networks:
- infra-network
read_only: false
security_opt:
- no-new-privileges:true
cap_drop:
- SYS_ADMIN
deploy:
resources:
limits:
cpus: '0.5'
memory: 512M
reservations:
cpus: '0.001'
memory: 20M
cyberchef1:
image: mpepping/cyberchef:latest
container_name: cyberchef1
profiles:
- cyberchef
restart: on-failure:5
depends_on:
- caddy
networks:
- infra-network
read_only: false
security_opt:
- no-new-privileges:true
cap_drop:
- SYS_ADMIN
deploy:
resources:
limits:
cpus: '0.5'
memory: 512M
reservations:
cpus: '0.001'
memory: 20M

13
infrastructure/services/forgejo/docker-compose.forgejo.yml
View File

@@ -1,7 +1,7 @@
services:
# forgejo
forgejo:
image: codeberg.org/forgejo/forgejo:11-rootless
image: codeberg.org/forgejo/forgejo:12-rootless
container_name: forgejo
profiles:
- forgejo
@@ -10,7 +10,7 @@ services:
- database_forgejo
- caddy
ports:
- "22:22"
- "22:2222"
env_file:
- ./env/forgejo.env
volumes:
@@ -20,6 +20,7 @@ services:
- /etc/localtime:/etc/localtime:ro
networks:
- infra-network
user: ${PUID:-1000}:${PGID:-1000}
security_opt:
- no-new-privileges:true
@@ -50,7 +51,7 @@ services:
networks:
- infra-network
profiles:
- forgejo
- forgejo-runner
privileged: true
environment:
DOCKER_TLS_CERTDIR: /certs
@@ -59,11 +60,11 @@ services:
- forgejo_certs:/certs
forgejo_runner:
image: 'code.forgejo.org/forgejo/runner:6.3.1'
image: data.forgejo.org/forgejo/runner:9
networks:
- infra-network
profiles:
- forgejo
- forgejo-runner
links:
- docker-in-docker
depends_on:
@@ -72,7 +73,7 @@ services:
container_name: 'forgejo_runner'
env_file:
- ./env/forgejo_runner.env
# user: 1001:1001
user: ${PUID:-1000}:${PGID:-1000}
volumes:
# - ./config/forgejo_runner/config.yaml:/config.yaml:ro
- forgejo_runner:/data

4
infrastructure/services/forgejo/env/forgejo.env vendored
View File

@@ -5,12 +5,12 @@ FORGEJO__database__HOST=database_forgejo:3306
FORGEJO__database__NAME=forgejo
FORGEJO__database__USER=bensuperpc
FORGEJO__database__PASSWD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
FORGEJO__APP_NAME=The Homelab Git
FORGEJO__APP_NAME=Bensuperpc's Forgejo
FORGEJO__APP_SLOGAN=Personal Code, Mirrors, and More
FORGEJO__server__DOMAIN=git.bensuperpc.org
FORGEJO__server__SSH_DOMAIN=git.bensuperpc.org
FORGEJO__server__HTTP_PORT=3000
FORGEJO__server__SSH_LISTEN_PORT=22
FORGEJO__server__SSH_LISTEN_PORT=2222
FORGEJO__server__SSH_PORT=22
FORGEJO__server__ROOT_URL=https://git.bensuperpc.org
FORGEJO__security__SECRET_KEY=ykcZt23an1E4lFHWvrCKdAyt16WAiK9c

4
infrastructure/services/homepage/config/proxmox.yaml Normal file
View File

@@ -0,0 +1,4 @@
---
# url: https://proxmox.host.or.ip:8006
# token: username@pam!Token ID
# secret: secret

24
infrastructure/services/homepage/config/services.yaml
View File

@@ -64,12 +64,12 @@
description: Dufs
ping: dufs.bensuperpc.org
container: dufs
- caddy:
icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/caddy.png
href: https://public.bensuperpc.org/
description: File browser
ping: public.bensuperpc.org
container: caddy
# - caddy:
# icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/caddy.png
# href: https://public.bensuperpc.org/
# description: File browser
# ping: public.bensuperpc.org
# container: caddy
- Utils:
- it-tools:
@@ -84,6 +84,12 @@
description: Omni Tools
ping: omni-tools.bensuperpc.org
container: omni-tools0
- cyberchef:
icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/cyberchef.png
href: https://cyberchef.bensuperpc.org/
description: CyberChef
ping: cyberchef.bensuperpc.org
container: cyberchef0
- stirlingpdf:
#icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/stirlingpdf.png
href: https://stirlingpdf.bensuperpc.org/
@@ -136,10 +142,4 @@
description: Uptime Kuma
ping: uptimekuma.bensuperpc.org
container: uptime-kuma
- yacht:
# icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/yacht.png
href: https://yacht.bensuperpc.org/
description: Yacht
ping: yacht.bensuperpc.org
container: yacht

2
infrastructure/services/homepage/docker-compose.homepage.yml
View File

@@ -15,7 +15,7 @@ services:
- ./env/homepage.env
volumes:
- homepage_log:/app/logs
- ./config:/app/config:ro
- ./config:/app/config
- ./image:/app/public/image:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
# develop:

4
infrastructure/services/it-tools/docker-compose.it-tools.yml
View File

@@ -1,7 +1,7 @@
services:
# it-tools
it-tools0:
image: corentinth/it-tools:latest
image: ghcr.io/sharevb/it-tools:latest
container_name: it-tools0
profiles:
- it-tools
@@ -26,7 +26,7 @@ services:
memory: 20M
it-tools1:
image: corentinth/it-tools:latest
image: ghcr.io/sharevb/it-tools:latest
container_name: it-tools1
profiles:
- it-tools

2
infrastructure/services/minecraft-server

Submodule infrastructure/services/minecraft-server updated: 94be77f9a7...d9509579ca

11
infrastructure/services/openssh/docker-compose.openssh.yml
View File

@@ -14,8 +14,8 @@ services:
volumes:
- openssh_config:/config:rw
- ./config/authorized_keys:/authorized_ssh_keys:ro
- public_data:/public:rw
- private_data:/private:rw
- public_data:/public_data:rw
- private_data:/private_data:rw
- caddy_data:/caddy_data:rw
- caddy_config:/caddy_config:rw
- caddy_backup:/caddy_backup:rw
@@ -36,6 +36,8 @@ services:
- gitea_data:/gitea_data:rw
- gitea_config:/gitea_config:rw
- gitea_db:/gitea_db:rw
- teamfortress2_backup:/teamfortress2_backup:rw
- teamfortress2_data:/teamfortress2_data:rw
networks:
- infra-network
@@ -81,6 +83,11 @@ volumes:
name: minecraft_proxy_data
minecraft_rcon_data:
name: minecraft_rcon_data
# teamfortress2
teamfortress2_backup:
name: teamfortress2_backup
teamfortress2_data:
name: teamfortress2_data
# forgejo
forgejo_data:
name: forgejo_data

93
infrastructure/services/privatebin/config/conf.php
View File

@@ -39,16 +39,29 @@ defaultformatter = "plaintext"
; (optional) set a syntax highlighting theme, as found in css/prettify/
; syntaxhighlightingtheme = "sons-of-obsidian"
; size limit per paste or comment in bytes, defaults to 10 Mebibytes
sizelimit = 10485760
; size limit per document or comment in bytes, defaults to 10 Megabytes
sizelimit = 10000000
; template to include, default is "bootstrap" (tpl/bootstrap.php), also
; available are "page" (tpl/page.php), the classic ZeroBin style and several
; bootstrap variants: "bootstrap-dark", "bootstrap-compact", "bootstrap-page",
; which can be combined with "-dark" and "-compact" for "bootstrap-dark-page"
; and finally "bootstrap-compact-page" - previews at:
; by default PrivateBin use "bootstrap5" template (tpl/bootstrap5.php).
; Optionally you can enable the template selection menu, which uses
; a session cookie to store the choice until the browser is closed.
templateselection = false
; List of available for selection templates when "templateselection" option is enabled
availabletemplates[] = "bootstrap5"
availabletemplates[] = "bootstrap"
availabletemplates[] = "bootstrap-page"
availabletemplates[] = "bootstrap-dark"
availabletemplates[] = "bootstrap-dark-page"
availabletemplates[] = "bootstrap-compact"
availabletemplates[] = "bootstrap-compact-page"
; set the template your installs defaults to, defaults to "bootstrap5" (tpl/bootstrap5.php), also
; bootstrap template (tpl/bootstrap.php) and it's variants: "bootstrap-dark", "bootstrap-compact", "bootstrap-page",
; which can be combined with "-dark" and "-compact" for "bootstrap-dark-page",
; "bootstrap-compact-page" - previews at:
; https://privatebin.info/screenshots.html
template = "bootstrap-dark"
; template = "bootstrap5"
; (optional) info text to display
; use single, instead of double quotes for HTML attributes
@@ -66,17 +79,22 @@ languageselection = false
; if this is set and language selection is disabled, this will be the only language
; languagedefault = "en"
; (optional) URL shortener address to offer after a new paste is created.
; (optional) URL shortener address to offer after a new document is created.
; It is suggested to only use this with self-hosted shorteners as this will leak
; the pastes encryption key.
; the documents encryption key.
; urlshortener = "https://shortener.example.com/api?link="
; (optional) Let users create a QR code for sharing the paste URL with one click.
; It works both when a new paste is created and when you view a paste.
; (optional) Whether to shorten the URL by default when a new document is created.
; If set to true, the "Shorten URL" functionality will be automatically called.
; This only works if the "urlshortener" option is set.
; shortenbydefault = false
; (optional) Let users create a QR code for sharing the document URL with one click.
; It works both when a new document is created and when you view a document.
; qrcode = true
; (optional) Let users send an email sharing the paste URL with one click.
; It works both when a new paste is created and when you view a paste.
; (optional) Let users send an email sharing the document URL with one click.
; It works both when a new document is created and when you view a document.
; email = true
; (optional) IP based icons are a weak mechanism to detect if a comment was from
@@ -84,7 +102,7 @@ languageselection = false
; used to get the IP of a comment poster if the server salt is leaked and a
; SHA512 HMAC rainbow table is generated for all (relevant) IPs.
; Can be set to one these values:
; "none" / "identicon" (default) / "jdenticon" / "vizhash".
; "none" / "identicon" / "jdenticon" (default) / "vizhash".
; icon = "none"
; Content Security Policy headers allow a website to restrict what sources are
@@ -93,24 +111,21 @@ languageselection = false
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
; Notes:
; - If you use any bootstrap theme, you can remove the allow-popups from the
; sandbox restrictions.
; - If you use the bootstrap5 theme, you must change default-src to 'self' to
; enable display of the svg icons
; - By default this disallows to load images from third-party servers, e.g. when
; they are embedded in pastes. If you wish to allow that, you can adjust the
; they are embedded in documents. If you wish to allow that, you can adjust the
; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
; for details.
; - The 'unsafe-eval' is used in two cases; to check if the browser supports
; async functions and display an error if not and for Chrome to enable
; webassembly support (used for zlib compression). You can remove it if Chrome
; doesn't need to be supported and old browsers don't need to be warned.
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
; sha256 in HMAC for the deletion token
; zerobincompatibility = false
; - The 'wasm-unsafe-eval' is used to enable webassembly support (used for zlib
; compression). You can remove it if compression doesn't need to be supported.
; - The 'unsafe-inline' style-src is used by Chrome when displaying PDF previews
; and can be omitted if attachment upload is disabled (which is the default).
; See https://issues.chromium.org/issues/343754409
; - To allow displaying PDF previews in Firefox or Chrome, sandboxing must also
; get turned off. The following CSP allows PDF previews:
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-ancestors 'none'; frame-src blob:; img-src 'self' data: blob:; media-src blob:; object-src blob:"
;
; The recommended and default used CSP is:
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; frame-src blob:; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-modals allow-downloads"
; Enable or disable the warning message when the site is served over an insecure
; connection (insecure HTTP instead of HTTPS), defaults to true.
@@ -119,7 +134,7 @@ languageselection = false
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
; httpwarning = true
; Pick compression algorithm or disable it. Only applies to pastes/comments
; Pick compression algorithm or disable it. Only applies to documents & comments
; created after changing the setting.
; Can be set to one these values: "none" / "zlib" (default).
; compression = "zlib"
@@ -160,9 +175,9 @@ limit = 10
; exempted = "1.2.3.4,10.10.10/24"
; (optional) If you want only some source IP addresses (v4 or v6) or subnets
; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
; (CIDR) to be allowed to create documents, set these here. Invalid IPs will be
; ignored. If multiple values are to be exempted, the list needs to be comma
; separated. Leave unset to allow anyone to create pastes.
; separated. Leave unset to allow anyone to create documents.
; creators = "1.2.3.4,10.10.10/24"
; (optional) if your website runs behind a reverse proxy or load balancer,
@@ -170,12 +185,12 @@ limit = 10
; header = "X_FORWARDED_FOR"
[purge]
; minimum time limit between two purgings of expired pastes, it is only
; triggered when pastes are created
; Set this to 0 to run a purge every time a paste is created.
; minimum time limit between two purgings of expired documents, it is only
; checked when documents get created
; Set this to 0 to run a purge every time a document is created.
limit = 300
; maximum amount of expired pastes to delete in one purge
; maximum amount of expired documents to delete in one purge
; Set this to 0 to disable purging. Set it higher, if you are running a large
; site
batchsize = 10
@@ -259,7 +274,7 @@ dir = PATH "data"
;version = "latest"
;bucket = "my-bucket"
[yourls]
;[yourls]
; When using YOURLS as a "urlshortener" config item:
; - By default, "urlshortener" will point to the YOURLS API URL, with or without
; credentials, and will be visible in public on the PrivateBin web page.
@@ -280,4 +295,4 @@ dir = PATH "data"
; Subresource integrity (SRI) hashes used in template files. Uncomment and set
; these for all js files used. See:
; https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files
;privatebin.js = sha512-[]
;js/privatebin.js = "sha512-[…]"

3
infrastructure/services/qbittorrent/docker-compose.qbittorrent.yml
View File

@@ -13,6 +13,9 @@ services:
environment:
- PUID=${PUID:-1000}
- PGID=${PGID:-1000}
ports:
- 6881:6881
- 6881:6881/udp
volumes:
- qbittorrent_config:/config
- public_data:/downloads

85
infrastructure/services/teamfortress2-server/DockerCompose.mk Normal file
View File

@@ -0,0 +1,85 @@
#//////////////////////////////////////////////////////////////
#// //
#// docker-multimedia, 2024 //
#// Created: 30, May, 2021 //
#// Modified: 14 November, 2024 //
#// file: - //
#// - //
#// Source: //
#// OS: ALL //
#// CPU: ALL //
#// //
#//////////////////////////////////////////////////////////////
PROJECT_DIRECTORY ?= infrastructure
DOCKER_EXEC ?= docker
DOCKER_PROFILES ?= main_infrastructure
PROFILE_CMD ?= $(addprefix --profile ,$(DOCKER_PROFILES))
COMPOSE_FILES ?= $(shell find ./$(PROJECT_DIRECTORY) -maxdepth 1 -name 'docker-compose*.yml' -type f | sed -e 's/^/--file /')
COMPOSE_DIR ?= --project-directory ./$(PROJECT_DIRECTORY)
UID ?= 1000
GID ?= 1000
ENV_ARG_VAR ?= PUID=$(UID) PGID=$(GID)
DOCKER_COMPOSE_COMMAND ?= $(ENV_ARG_VAR) $(DOCKER_EXEC) compose $(COMPOSE_DIR) $(COMPOSE_FILES) $(PROFILE_CMD)
.PHONY: build all
all: start
.PHONY: build
build:
$(DOCKER_COMPOSE_COMMAND) build
.PHONY: start
start:
$(DOCKER_COMPOSE_COMMAND) up -d
.PHONY: start-at
start-at:
$(DOCKER_COMPOSE_COMMAND) up
.PHONY: docker-check
docker-check:
$(DOCKER_COMPOSE_COMMAND) config
.PHONY: stop
stop: down
.PHONY: down
down:
$(DOCKER_COMPOSE_COMMAND) down
.PHONY: restart
restart: stop start
.PHONY: logs
logs:
$(DOCKER_COMPOSE_COMMAND) logs
.PHONY: state
state:
$(DOCKER_COMPOSE_COMMAND) ps
$(DOCKER_COMPOSE_COMMAND) top
.PHONY: update-docker
update-docker:
$(DOCKER_COMPOSE_COMMAND) pull
.PHONY: update
update: update-docker
# git submodule update --init --recursive --remote
git pull --recurse-submodules --all --progress
.PHONY: clean
clean:
docker system prune -f
.PHONY: purge
purge:
$(ENV_ARG_VAR) $(DOCKER_EXEC) compose $(COMPOSE_DIR) $(COMPOSE_FILES) down -v --rmi all

18
infrastructure/services/teamfortress2-server/Makefile Normal file
View File

@@ -0,0 +1,18 @@
#//////////////////////////////////////////////////////////////
#// //
#// Script, 2022 //
#// Created: 14, April, 2022 //
#// Modified: 30, November, 2024 //
#// file: - //
#// - //
#// Source: //
#// OS: ALL //
#// CPU: ALL //
#// //
#//////////////////////////////////////////////////////////////
PROJECT_DIRECTORY := teamfortress2-server
DOCKER_PROFILES := team_fortress_server team_fortress_backup
include DockerCompose.mk

27
infrastructure/services/teamfortress2-server/teamfortress2-server/backup/docker-compose.backup.yml Normal file
View File

@@ -0,0 +1,27 @@
services:
teamfortress2_backup:
image: mazzolino/restic:latest
container_name: teamfortress2_backup
profiles:
- teamfortress2_backup
depends_on:
- teamfortress2_server
restart: on-failure:5
env_file:
- ./env/teamfortress2_backup.env
volumes:
- teamfortress2_backup:/mnt/restic
- teamfortress2_data:/data:ro
security_opt:
- no-new-privileges:true
network_mode: none
cap_drop:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
volumes:
teamfortress2_backup:
name: teamfortress2_backup
teamfortress2_data:
name: teamfortress2_data

14
infrastructure/services/teamfortress2-server/teamfortress2-server/backup/env/teamfortress2_backup.env vendored Normal file
View File

@@ -0,0 +1,14 @@
#RUN_ON_STARTUP=true
RESTIC_REPOSITORY=/mnt/restic
RESTIC_BACKUP_SOURCES=/data
RESTIC_PASSWORD=SCY5cmu12Odca302EXabPA9jXYkCb2NN
# Backup (exuclusive with Check and Prune)
BACKUP_CRON=*/15 * * * *
RESTIC_BACKUP_ARGS=--tag docker-volumes --verbose
#RESTIC_FORGET_ARGS=--prune --keep-last 8 --keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 4
# Check (exuclusive with Check and Prune)
#CHECK_CRON=*/15 * * * *
#RESTIC_CHECK_ARGS=--read-data-subset=40%
# Prune (exuclusive with Check and Prune)
#PRUNE_CRON=*/15 * * * *
#RESTIC_PRUNE_ARGS=

7
infrastructure/services/teamfortress2-server/teamfortress2-server/docker-compose.yml Normal file
View File

@@ -0,0 +1,7 @@
include:
# Team Fortress 2 server
- teamfortress2/docker-compose.teamfortress2.yml
# OpenSSH server
- openssh/docker-compose.openssh.yml
# Backup server
- backup/docker-compose.backup.yml

1
infrastructure/services/teamfortress2-server/teamfortress2-server/openssh/config/authorized_keys/id_ed25519.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVtzpnPr0Boy+bUbL+viOYfqeetDZF6Hu40EwNLXNb0 bensuperpc@gmail.com

36
infrastructure/services/teamfortress2-server/teamfortress2-server/openssh/docker-compose.openssh.yml Normal file
View File

@@ -0,0 +1,36 @@
services:
# openssh
teamfortress2_openssh:
image: linuxserver/openssh-server:latest
container_name: teamfortress2_openssh
profiles:
- teamfortress2_openssh
depends_on:
- teamfortress2_server
restart: on-failure:5
env_file:
- ./env/openssh.env
environment:
- PUID=${PUID:-1000}
- PGID=${PGID:-1000}
volumes:
- teamfortress2_openssh_config:/config
- ./config/authorized_keys:/authorized_ssh_keys:ro
- teamfortress2_backup:/teamfortress2_backup
- teamfortress2_data:/teamfortress2_data
networks:
- infra-network
security_opt:
- no-new-privileges:false
cap_drop:
- SYS_ADMIN
ports:
- 2222:2222
volumes:
teamfortress2_openssh_config:
name: teamfortress2_openssh_config
teamfortress2_backup:
name: teamfortress2_backup
teamfortress2_data:
name: teamfortress2_data

15
infrastructure/services/teamfortress2-server/teamfortress2-server/openssh/env/openssh.env vendored Normal file
View File

@@ -0,0 +1,15 @@
TZ=Etc/UTC
SUDO_ACCESS=true
PASSWORD_ACCESS=false
DOCKER_MODS=linuxserver/mods:openssh-server-rsync
#PUBLIC_KEY_URL=https://github.com/bensuperpc.keys
PUBLIC_KEY_DIR=/authorized_ssh_keys
USER_NAME=admin
USER_PASSWORD=K4CLuwknhW6sl6fxKI5DsNt9R9SSelmC
#PUBLIC_KEY=yourpublickey
#PUBLIC_KEY_FILE=/path/to/file
#PUBLIC_KEY_DIR=/path/to/directory/containing/_only_/pubkeys
#PUBLIC_KEY_URL=https://github.com/username.keys
#USER_PASSWORD_FILE=/path/to/file
#LOG_STDOUT=

39
infrastructure/services/teamfortress2-server/teamfortress2-server/teamfortress2/docker-compose.teamfortress2.yml Normal file
View File

@@ -0,0 +1,39 @@
services:
# Team Fortress 2 server
teamfortress2_server:
image: cm2network/tf2:latest-x64
container_name: teamfortress2_server
profiles:
- teamfortress2_server
restart: on-failure:5
ports:
- "27015:27015/tcp"
- "27015:27015/udp"
volumes:
- teamfortress2_data:/home/steam/tf-dedicated
networks:
- infra-network
env_file:
- ./env/teamfortress2.env
# environment:
# - PUID=${PUID:-1000}
# - PGID=${PGID:-1000}
security_opt:
- no-new-privileges:true
cap_drop:
- SYS_ADMIN
deploy:
resources:
limits:
memory: 16G
reservations:
memory: 4G
volumes:
teamfortress2_data:
name: teamfortress2_data
networks:
infra-network:
driver: bridge
name: infra-network

8
infrastructure/services/teamfortress2-server/teamfortress2-server/teamfortress2/env/teamfortress2.env vendored Normal file
View File

@@ -0,0 +1,8 @@
SRCDS_TOKEN=
SRCDS_PW=linuxmasterrace
SRCDS_PORT=27015
SRCDS_MAXPLAYERS=32
SRCDS_REGION=3
SRCDS_STARTMAP=pl_badwater
SRCDS_CFG=server.cfg
SRCDS_SECURED=0

23
infrastructure/services/yacht/docker-compose.yacht.yml
View File

@@ -1,23 +0,0 @@
services:
# yacht
yacht:
image: selfhostedpro/yacht:latest
container_name: yacht
profiles:
- yacht
restart: on-failure:5
depends_on:
- caddy
env_file:
- ./env/yacht.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- yacht_config:/config
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
yacht_config:
name: yacht_config

3
infrastructure/services/yacht/env/yacht.env vendored
View File

@@ -1,3 +0,0 @@
ADMIN_EMAIL=bensuperpc@gmail.com
SECRET_KEY=UZvg9nbcGIJlPEB3uI39TAEWyFOz9nm8
#DATABASE_URL=postgresql://user:password@postgresserver/db

32
tools/docker_volumes_export.sh
View File

@@ -7,14 +7,17 @@ volumes=(
7daystodie_server_save
7daystodie_server_config_lgsm
7daystodie_server_log
# 7daystodie_server_file
7daystodie_server_file
# satisfactory_server_config
# satisfactory_backup
forgejo_data
wordpress_db
minecraft_proxy_data
minecraft_rcon_data
minecraft_server_data
minecraft_server_backup
stirlingpdf_tessdata
wordpress
gitea_db
# wordpress_backup
projectsend_share
transmission_config
@@ -22,35 +25,32 @@ volumes=(
projectsend_db
projectsend_config
open-webui
minecraft_rcon_data
jellyfin_cache
caddy_backup
# satisfactory_backup
caddy_config
caddy_data
homepage_log
syncthing_config
openssh_config
minecraft_server_backup
qbittorrent_config
gitea_runner
gitea_config
minecraft_server_data
ollama
caddy_data
forgejo_config
stirlingpdf_config
uptimekuma_data
# private_data
yacht_config
transmission_watch
forgejo_db
privatebin_data
caddy_config
psitransfer_data
forgejo_certs
forgejo_runner
gitea_data
# gitea_db
# gitea_data
# gitea_runner
# gitea_config
jellyfin_config
picoshare_data
forgejo_data
forgejo_config
forgejo_db
forgejo_certs
forgejo_runner
)
export_volume() {

6
tools/sync_data.sh
View File

@@ -10,4 +10,8 @@ fi
SOURCE="${1}"
DEST="${2}"
rsync -e 'ssh -p 2222' --progress --human-readable --archive --verbose --compress --acls --xattrs --bwlimit=30000 --stats --delete-during "${SOURCE}" "${DEST}"
# --bwlimit=30000 --whole-file
rsync -e "ssh -p 2222 -o Compression=no" \
--progress --human-readable --archive --stats --verbose --acls --xattrs --stats --delete-during \
"${SOURCE}" "${DEST}"