nemo
/
nebula
1
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

Compare commits

base: nemo:938ed017c943ee4d9751f5bc7e44c74185fe30bc
Branches Tags
nemo:master
nemo:tf-0.12
nemo:kaarana-wordpress
nemo:files-airsonic
nemo:kubernetes
nemo:1.0.0
nemo:no-k8s
nemo:monicahq
nemo:test
nemo:timemachine-fixes
nemo:docker-file-test
nemo:hydrogen
nemo:monitoring
nemo:locals
nemo:radicale
nemo:lychee
nemo:pre-k8s
...
compare: nemo:af2be53caaea675e9db291ed3510b14704a785ed
Branches Tags
nemo:master
nemo:tf-0.12
nemo:kaarana-wordpress
nemo:files-airsonic
nemo:kubernetes
nemo:1.0.0
nemo:no-k8s
nemo:monicahq
nemo:test
nemo:timemachine-fixes
nemo:docker-file-test
nemo:hydrogen
nemo:monitoring
nemo:locals
nemo:radicale
nemo:lychee
nemo:pre-k8s

10 Commits
938ed017c9 ... af2be53caa

Author SHA1 Message Date
Nemo af2be53caa [navidrome] Move to ssd 2023-07-10 17:12:03 +05:30
Nemo 9e8c5710f2 upgrade mastodon and use persistent redis 2023-07-10 17:01:50 +05:30
Nemo e4858d5d05 move sonarr/radarr to ssd 2023-07-10 17:01:30 +05:30
Nemo d59512c625 HSTS Preload on tatooine.club 2023-06-22 14:24:26 +05:30
Nemo 4a4504447f upgrade miniflux 2023-06-22 13:15:17 +05:30
Nemo 9b316b036b upgrade mastodon 2023-06-22 13:15:10 +05:30
Nemo f9b52957a8 fix resolver for dns/acme 2023-06-01 14:01:12 +05:30
Nemo 9b79cab3af gitea upgrade and fixes 
fixes the svg favicons, but these are not nice
 2023-06-01 14:01:06 +05:30
Nemo 5bd44d411f mastodon image conflict fixes 2023-06-01 14:00:08 +05:30
Nemo 406f4557fe fix+upgrade miniflux resource limits 2023-06-01 13:59:55 +05:30
16 changed files with 192 additions and 30 deletions
Show Stats Expand all files Collapse all files

1
docker/conf/traefik.toml
View File

@ -58,6 +58,7 @@ acmelogging = true
[acme.dnsChallenge]
provider = "cloudflare"
delayBeforeCheck = 120
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
# Primary 2 wildcard certs
[[acme.domains]]

48
gitea/conf/conf.ini.tpl
View File

@ -2,7 +2,7 @@
; Copy required sections to your own app.ini (default is custom/conf/app.ini)
; and modify as needed.
; See the cheatsheet at https://docs.gitea.io/en-us/config-cheat-sheet/
; A sample file with all configuration documented is at https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample
; A sample file with all configuration documented is at https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini
; App name that shows on every page title
APP_NAME = Nemo's code
@ -17,6 +17,10 @@ USE_COMPAT_SSH_URI = false
TEMP_PATH = /data/gitea/uploads
[ui]
;; Number of issues that are displayed on one page
ISSUE_PAGING_NUM = 20
; Value of `theme-color` meta tag, used by Android >= 5.0
; An invalid color like "none" or "disable" will have the default style
; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
@ -36,6 +40,11 @@ NOTICE_PAGING_NUM = 25
; Number of organization that are showed in one page
ORG_PAGING_NUM = 50
;; Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
;; A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
ONLY_SHOW_RELEVANT_REPOS = true
[ui.user]
; Number of repos that are showed in one page
REPO_PAGING_NUM = 15
@ -53,6 +62,9 @@ ENABLE_HARD_LINE_BREAK = false
CUSTOM_URL_SCHEMES = git,magnet,steam,irc,slack
FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
;; Enables math inline and block detection
ENABLE_MATH = true
; Define allowed algorithms and their minimum key length (use -1 to disable a type)
[ssh.minimum_key_sizes]
ED25519 = 256
@ -99,6 +111,7 @@ SQLITE_TIMEOUT = 500
; ITERATE_BUFFER_SIZE = 50
; Show the database generated SQL
LOG_SQL = false
SQLITE_JOURNAL_MODE = WAL
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
@ -164,7 +177,9 @@ ENABLED = true
FROM = git@captnemo.in
USER = git@captnemo.in
PASSWD = ${smtp_password}
HOST = smtp.migadu.com:587
PROTOCOL = smtps
SMTP_ADDR = smtp.migadu.com
SMTP_PORT = 465
SEND_AS_PLAIN_TEXT = true
SUBJECT_PREFIX = "[git.captnemo.in] "
@ -183,6 +198,11 @@ COOKIE_SECURE = true
; SameSite settings. Either "none", "lax", or "strict"
SAME_SITE = strict
[migrations]
ALLOWED_DOMAINS = github.com
ALLOW_LOCALNETWORKS = false
[attachment]
; ; Whether attachments are enabled. Defaults to `true`
ENABLE = true
@ -262,3 +282,27 @@ JWT_SECRET = "${oauth2-jwt-secret}"
[federation]
ENABLED=false
;; Enable/Disable user statistics for nodeinfo if federation is enabled
;SHARE_USER_STATISTICS = true
;;
;; Maximum federation request and response size (MB)
;MAX_SIZE = 4
;;
;; WARNING: Changing the settings below can break federation.
;;
;; HTTP signature algorithms
;ALGORITHMS = rsa-sha256, rsa-sha512, ed25519
;;
;; HTTP signature digest algorithm
;DIGEST_ALGORITHM = SHA-256
;;
;; GET headers for federation requests
;GET_HEADERS = (request-target), Date
;;
;; POST headers for federation requests
;POST_HEADERS = (request-target), Date, Digest
[packages]
;; Enable/Disable package registry capabilities
ENABLED = true

56
gitea/conf/public/img/favicon.svg Normal file
View File

@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
version="1.0"
width="2000.000000pt"
height="2000.000000pt"
viewBox="0 0 2000.000000 2000.000000"
preserveAspectRatio="xMidYMid meet"
id="svg10"
sodipodi:docname="favicon.svg"
inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg">
<defs
id="defs14" />
<sodipodi:namedview
id="namedview12"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:showpageshadow="2"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="0"
inkscape:deskcolor="#d1d1d1"
inkscape:document-units="pt"
showgrid="false"
inkscape:zoom="0.23281491"
inkscape:cx="1232.7389"
inkscape:cy="1415.2874"
inkscape:window-width="1920"
inkscape:window-height="1037"
inkscape:window-x="0"
inkscape:window-y="18"
inkscape:window-maximized="1"
inkscape:current-layer="g8" />
<metadata
id="metadata2">
Created by potrace 1.16, written by Peter Selinger 2001-2019
</metadata>
<g
transform="translate(0.000000,2000.000000) scale(0.100000,-0.100000)"
fill="#000000"
stroke="none"
id="g8"
style="fill:#000080">
<path
d="M0 10000 l0 -10000 10000 0 10000 0 0 10000 0 10000 -10000 0 -10000 0 0 -10000z m11852 5356 c553 -141 882 -698 738 -1251 -27 -102 -104 -261 -168 -346 -71 -94 -197 -207 -296 -265 -109 -65 -274 -121 -405 -136 l-100 -12 -90 -221 c-69 -169 -87 -222 -76 -227 12 -7 1420 -613 2145 -923 162 -69 310 -132 328 -140 31 -14 32 -16 20 -44 -7 -15 -55 -127 -107 -247 -52 -121 -96 -221 -98 -223 -4 -5 -131 48 -1385 585 -608 261 -1111 474 -1116 474 -5 0 -19 -24 -31 -52 -76 -181 -1440 -3576 -1474 -3667 -16 -43 -21 -81 -21 -166 -1 -99 2 -116 26 -167 38 -81 83 -133 158 -182 160 -104 244 -120 614 -113 383 7 564 38 731 125 90 47 218 173 263 258 67 128 79 306 32 471 -11 40 -20 75 -20 78 0 3 91 5 203 5 402 0 680 43 1017 156 226 76 540 218 768 348 35 20 66 36 68 36 9 0 3 -122 -11 -237 -57 -462 -214 -845 -470 -1152 -100 -119 -281 -291 -403 -383 -92 -70 -344 -228 -363 -228 -4 0 -35 29 -70 65 -105 109 -219 151 -345 125 -36 -7 -108 -38 -184 -78 -489 -261 -847 -376 -1345 -434 -180 -21 -653 -15 -955 11 -140 13 -338 25 -440 28 l-185 5 125 -126 125 -126 75 6 c97 8 170 -17 234 -82 65 -64 90 -137 82 -234 l-6 -75 206 -206 206 -207 83 6 c73 4 89 2 137 -20 184 -84 232 -302 100 -449 -67 -75 -110 -94 -212 -94 -68 0 -93 5 -125 22 -51 27 -119 100 -140 150 -19 43 -24 127 -12 188 l8 40 -201 200 -200 200 0 -531 0 -531 26 -14 c41 -22 101 -96 118 -146 38 -110 8 -222 -80 -302 -96 -88 -207 -103 -321 -45 -134 69 -192 232 -130 367 26 58 83 119 128 139 l29 13 0 531 0 532 -28 11 c-42 18 -108 89 -132 144 -24 53 -28 144 -10 191 11 30 9 32 -203 245 -117 119 -219 230 -226 246 -44 103 -170 239 -486 523 -412 371 -643 616 -819 865 -236 336 -397 688 -501 1092 -44 170 -80 249 -141 305 -76 70 -138 92 -263 95 l-106 2 -28 109 c-49 190 -70 366 -71 589 -1 220 10 324 54 505 61 246 161 471 308 691 134 200 315 410 326 378 3 -8 19 -68 36 -134 136 -520 354 -976 638 -1332 95 -119 277 -319 322 -354 l33 -25 -89 -49 c-166 -93 -288 -240 -324 -393 -15 -66 -15 -212 0 -289 24 -120 126 -300 267 -476 139 -172 374 -408 455 -456 181 -106 352 -125 492 -54 66 33 153 123 193 198 17 33 365 794 773 1690 408 897 760 1668 782 1715 72 154 120 262 116 265 -1 1 -91 40 -198 85 -321 136 -871 371 -935 400 -33 15 -161 70 -285 123 -735 312 -1076 459 -1082 466 -11 10 201 501 216 501 6 0 200 -81 431 -181 1489 -641 2052 -882 2070 -886 17 -3 33 24 118 212 l97 217 -48 61 c-96 122 -154 239 -194 392 -30 114 -36 323 -13 436 23 114 72 242 131 341 58 96 199 245 293 308 124 83 285 146 437 170 97 15 276 4 386 -24z"
id="path4"
style="fill:#192a56;fill-opacity:1" />
<path
d="M11496 14790 c-110 -28 -228 -126 -281 -234 -103 -210 -11 -470 203 -577 65 -33 71 -34 187 -34 116 0 122 1 187 34 82 41 169 128 204 206 99 217 11 466 -202 571 -66 33 -83 37 -166 40 -51 2 -110 -1 -132 -6z"
id="path6"
style="fill:#192a56;fill-opacity:1" />
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.1 KiB

2
gitea/conf/public/robots.txt
View File

@ -18,3 +18,5 @@ User-agent: Xenus
Disallow: /
User-agent: Xenus Link Sleuth 1.1c
Disallow: /
User-agent: AhrefsBot
Disallow: /

2
gitea/conf/robots.txt
View File

@ -18,3 +18,5 @@ User-agent: Xenus
Disallow: /
User-agent: Xenus Link Sleuth 1.1c
Disallow: /
User-agent: AhrefsBot
Disallow: /

2
gitea/data.tf
View File

@ -1,6 +1,6 @@
# https://github.com/go-gitea/gitea/releases
data "docker_registry_image" "gitea" {
name = "gitea/gitea:1.17"
name = "gitea/gitea:1.19"
}
data "docker_registry_image" "redis" {

31
gitea/main.tf
View File

@ -23,29 +23,44 @@ resource "docker_container" "gitea" {
host_path = docker_volume.gitea_volume.mountpoint
}
# Logos
# TODO: Add svg
# For the following uploads, note that
# /data/gitea is GITEA_CUSTOM_PATH
# Logos
# https://docs.gitea.com/next/administration/customizing-gitea#changing-the-logo
# PNG images
upload {
content_base64 = filebase64("${path.module}/conf/public/img/gitea-lg.png")
file = "/data/gitea/public/img/gitea-lg.png"
file = "/data/gitea/public/img/logo.png"
}
upload {
content_base64 = filebase64("${path.module}/conf/public/img/gitea-sm.png")
file = "/data/gitea/public/img/gitea-sm.png"
content_base64 = filebase64("${path.module}/conf/public/img/gitea-lg.png")
file = "/data/gitea/public/img/apple-touch-icon.png"
}
upload {
content_base64 = filebase64("${path.module}/conf/public/img/gitea-sm.png")
file = "/data/gitea/public/img/favicon.png"
executable = false
}
# SVG images
upload {
content_base64 = filebase64("${path.module}/conf/public/img/favicon.svg")
file = "/data/gitea/public/img/logo.svg"
}
upload {
content_base64 = filebase64("${path.module}/conf/public/img/favicon.svg")
file = "/data/gitea/public/img/favicon.svg"
}
# Some files at top-level
upload {
content = file("${path.module}/../docker/conf/humans.txt")
file = "/data/gitea/public/humans.txt"
file = "/data/gitea/humans.txt"
}
upload {
content = file("${path.module}/conf/public/robots.txt")
file = "/data/gitea/public/robots.txt"
file = "/data/gitea/robots.txt"
}
# Extra Links in header

11
mastodon/db.tf
View File

@ -9,6 +9,17 @@ module "mastodon-redis" {
memory = 256
memory_swap = 256
}
# In case the cache dies,
# tootctl feeds build
# regenerates the feeds, run it from
# inside a mastodon container
volumes = [
{
host_path = "/mnt/zwing/cache/mastodon-redis"
container_path = "/data"
}
]
}
module "mastodon-db" {

2
mastodon/locals.tf
View File

@ -1,5 +1,5 @@
locals {
version = "4.1"
version = "4.1.4"
env = [
"LOCAL_DOMAIN=tatooine.club",
"REDIS_HOST=mastodon-redis",

29
mastodon/main.tf
View File

@ -1,10 +1,17 @@
module "mastodon-web" {
name = "mastodon-web"
source = "../modules/container"
image = "tootsuite/mastodon:v${local.version}"
image = "ghcr.io/mastodon/mastodon:v${local.version}"
keep_image = true
networks = ["mastodon", "traefik", "external", "postgres"]
labels = {
"traefik.frontend.headers.STSPreload" = "true"
"traefik.frontend.headers.STSIncludeSubdomains" = "true"
"traefik.frontend.headers.STSSeconds" = "31536000"
}
env = concat(local.env,[
"MAX_THREADS=4",
"WEB_CONCURRENCY=5"
@ -28,8 +35,8 @@ module "mastodon-web" {
}
resource = {
memory = 1024
memory_swap = 1024
memory = 2048
memory_swap = 2048
}
}
@ -37,7 +44,9 @@ module "mastodon-web" {
module "mastodon-streaming" {
name = "mastodon-streaming"
source = "../modules/container"
image = "tootsuite/mastodon:v${local.version}"
image = "ghcr.io/mastodon/mastodon:v${local.version}"
keep_image = true
# 24 threads for Streaming
env = concat(local.env,[
"DB_POOL=8",
@ -56,16 +65,16 @@ module "mastodon-streaming" {
}
resource = {
memory = 1024
memory_swap = 1024
memory = 512
memory_swap = 512
}
}
module "mastodon-sidekiq" {
name = "mastodon-sidekiq"
source = "../modules/container"
image = "tootsuite/mastodon:v${local.version}"
image = "ghcr.io/mastodon/mastodon:v${local.version}"
keep_image = true
env = concat(local.env,[
"DB_POOL=50"
])
@ -88,7 +97,7 @@ module "mastodon-sidekiq" {
}]
resource = {
memory = 1024
memory_swap = 1024
memory = 2048
memory_swap = 2048
}
}

8
media/navidrome.tf
View File

@ -17,7 +17,7 @@ module "navidrome" {
}
env = [
"ND_SCANINTERVAL=1h",
"ND_SCANINTERVAL=6h",
"ND_LOGLEVEL=info",
"ND_SESSIONTIMEOUT=300h",
"ND_BASEURL=",
@ -31,10 +31,14 @@ module "navidrome" {
# TODO FIXME
# networks = [docker_network.media.id, data.docker_network.bridge.id]
# Keep cache and data config so we can do easier backups
volumes = [
{
host_path = "/mnt/xwing/data/navidrome"
host_path = "/mnt/zwing/config/navidrome"
container_path = "/data"
},{
host_path = "/mnt/zwing/cache/navidrome"
container_path = "/data/cache"
},
{
host_path = "/mnt/xwing/media/Music"

7
media/radarr.tf
View File

@ -18,9 +18,14 @@ module "radarr" {
volumes = [
{
host_path = "/mnt/xwing/config/radarr"
host_path = "/mnt/zwing/config/radarr"
container_path = "/config"
},
# Backups stay on spinning disks
{
host_path = "/mnt/xwing/backups/config/sonarr"
container_path = "/config/Backups"
},
{
host_path = "/mnt/xwing/media/DL"
container_path = "/downloads"

7
media/sonarr.tf
View File

@ -16,9 +16,14 @@ module "sonarr-container" {
volumes = [
{
host_path = "/mnt/xwing/config/sonarr"
host_path = "/mnt/zwing/config/sonarr"
container_path = "/config"
},
# Backups stay on spinning disks
{
host_path = "/mnt/xwing/backups/config/sonarr"
container_path = "/config/Backups"
},
{
host_path = "/mnt/xwing/media/DL"
container_path = "/downloads"

7
miniflux.tf
View File

@ -1,7 +1,7 @@
module "miniflux-container" {
name = "miniflux"
source = "./modules/container"
image = "miniflux/miniflux:2.0.39"
image = "miniflux/miniflux:2.0.45"
web = {
expose = true
@ -15,6 +15,11 @@ module "miniflux-container" {
"DATABASE_URL=postgres://miniflux:${data.pass_password.miniflux-db-password.password}@postgres/miniflux?sslmode=disable",
"RUN_MIGRATIONS=1",
]
resource = {
memory = 512
memory_swap = 1024
}
}
module "miniflux-db" {

2
modules/container/locals.tf
View File

@ -41,6 +41,8 @@ locals {
var.web.expose ? local.web : null,
# And finally a label for Basic Authentication if the service wants it
var.web.auth != null ? (var.web.auth ? local.traefik_auth_labels : null) : null,
var.labels,
)
networks = concat(var.networks, var.web.expose ? ["traefik"] : [])

7
modules/container/vars.tf
View File

@ -55,9 +55,10 @@ variable "env" {
default = []
}
# variable "labels" {
# description = "labels"
# }
variable "labels" {
description = "labels"
default = {}
}
variable "xpoweredby" {
default = "X-Powered-By:Allomancy||X-Server:Blackbox"