lost/hq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

revised approach

Browse Source
This commit is contained in:
rskntroot
2025-06-14 09:50:15 +00:00
parent 12941cd2c5
commit cc32c6010e
27 changed files with 1092 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.gitignore vendored
View File

@@ -1,4 +1,11 @@
mkdocs/site fleetdm/fleet/logs
fleetdm/fleet/vulndb
fleetdm/mysql/data
ghost/mysql/*
mattermost/volumes
paperless/consume
paperless/export
pihole/etc-pihole
traefik/log/*.log traefik/log/*.log
traefik/log/*.gz traefik/log/*.gz
traefik/tls/*.json traefik/tls/*.json

40
README.md
View File

@@ -2,11 +2,15 @@
Services Services
- traefik as front end proxy, tls, and http3 - traefik for front end proxy, tls, and http3
- traefik dashboard behind mtls - docs
- squidfunk/mkdocs-material to build static html - squidfunk/mkdocs-material to build static html
- nginx to host static html - nginx to host static html
- jellyfin for streaming service - paperless for document management
- chat (mattermost)
- paste (rustypaste)
- pihole
- fleet device management
## Setup ## Setup
@@ -31,33 +35,3 @@ expects `../rskio/mkdocs` to exist
``` bash ``` bash
git clone https://github.com/rskntroot/rskio.git git clone https://github.com/rskntroot/rskio.git
``` ```
### Jellyfin
expects `/mnt/jellyfin` and `/mnt/media` to exist
#### setup creds
``` bash
sudo mkdir -p /etc/smb/creds
sudo vi /etc/smb/creds/share
sudo chmod 600 /etc/smb/creds/share
```
create creds files in the format
```
username=<user>
password=<pass>
```
#### edit fstab
``` zsh
vi /etc/fstab
```
``` fstab
//192.168.1.179/Media /mnt/media cifs credentials=/etc/smb/creds/media,iocharset=utf8,vers=3.0,uid=1000,gid=1000,file_mode=0660,dir_mode=0770 0 0
//192.168.1.179/Jellyfin /mnt/jellyfin cifs credentials=/etc/smb/creds/jellyfin,iocharset=utf8,vers=3.0,uid=1000,gid=1000,file_mode=0660,dir_mode=0770 0 0
```

65
compose.yml
View File

@@ -1,65 +0,0 @@
services:
mkdocs:
image: squidfunk/mkdocs-material
command:
- build
volumes:
- ./mkdocs:/docs
traefik:
image: traefik:latest
command:
- --configFile=/etc/traefik/traefik.yml
ports:
- 80:80/tcp
- 443:443/tcp
- 443:443/udp
- 8080:8080/tcp
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /var/log/traefik:/var/log/traefik
- ./traefik/etc:/etc/traefik:ro
- ./traefik/tls:/letsencrypt
nginx:
image: nginx:latest
restart: unless-stopped
labels:
- traefik.enable=true
- traefik.http.routers.rskio.entrypoints=websecure
- traefik.http.routers.rskio.rule=Host(`docs.rskio.com`)
- traefik.http.routers.rskio.tls=true
- traefik.http.routers.rskio.tls.options=docs@file
- traefik.http.routers.rskio.tls.certresolver=rskio_certresolver
- traefik.http.routers.rskio.service=rskio@docker
- traefik.http.services.rskio.loadbalancer.server.port=80
- traefik.http.routers.rskio.middlewares=secureHeaders@file
volumes:
- ./mkdocs/site:/opt/share/mkdocs/html:ro
- ./nginx/etc/conf.d:/etc/nginx/conf.d:ro
depends_on:
mkdocs:
condition: service_completed_successfully
stream:
image: jellyfin/jellyfin
labels:
- traefik.enable=true
- traefik.http.routers.stream.entrypoints=websecure
- traefik.http.routers.stream.rule=Host(`stream.rskio.com`)
- traefik.http.routers.stream.tls=true
- traefik.http.routers.stream.tls.certresolver=rskio_certresolver
- traefik.http.routers.stream.service=stream@docker
- traefik.http.services.stream.loadbalancer.server.port=8096
tty: true
restart: unless-stopped
devices:
- /dev/dri:/dev/dri
volumes:
- ./jellyfin/config:/config
- ./jellyfin/cache:/cache
- /mnt/media:/data
ports:
- 8096:8096
environment:
- TZ=US/Mountain

33
docs/compose.yml Normal file
View File

@@ -0,0 +1,33 @@
services:
mkdocs:
image: squidfunk/mkdocs-material
command:
- build
volumes:
- ./mkdocs:/docs
docs:
image: nginx:latest
restart: unless-stopped
labels:
- traefik.enable=true
- traefik.http.routers.docs.entrypoints=websecure
- traefik.http.routers.docs.rule=Host(`docs.rskio.com`)
- traefik.http.routers.docs.tls=true
- traefik.http.routers.docs.tls.options=external@file
- traefik.http.routers.docs.tls.certresolver=rskio_certresolver
- traefik.http.routers.docs.middlewares=secureHeaders@file
- traefik.http.routers.docs.service=docs@docker
- traefik.http.services.docs.loadbalancer.server.port=80
volumes:
- ./mkdocs/site:/opt/share/mkdocs/html:ro
- ./nginx/etc/conf.d:/etc/nginx/conf.d:ro
depends_on:
mkdocs:
condition: service_completed_successfully
networks:
- traefik
networks:
traefik:
external: true

1
docs/mkdocs Symbolic link
View File

@@ -0,0 +1 @@
/home/lost/workspace/rskio/mkdocs

0
nginx/etc/conf.d/default.conf → docs/nginx/etc/conf.d/default.conf
View File

56
fleetdm/compose.yml Normal file
View File

@@ -0,0 +1,56 @@
services:
db:
image: mysql
restart: unless-stopped
platform: linux/x86_64
volumes:
- ./mysql/data:/var/lib/mysql
env_file: mysql/default.env
cap_add:
- SYS_NICE
# ports:
# - 3306:3306
networks:
- default
broker:
image: redis
restart: unless-stopped
# ports:
# - 6379:6379
networks:
- default
service:
image: fleetdm/fleet
restart: unless-stopped
labels:
- traefik.enable=true
- traefik.http.routers.fleet.entrypoints=websecure
- traefik.http.routers.fleet.rule=Host(`fleet.rskio.com`)
- traefik.http.routers.fleet.middlewares=secureHeaders@file
- traefik.http.routers.fleet.tls=true
- traefik.http.routers.fleet.tls.options=external@file
- traefik.http.routers.fleet.service=fleet@docker
- traefik.http.services.fleet.loadbalancer.server.port=8412
- traefik.http.routers.fleet.tls.certresolver=rskio_certresolver
depends_on:
- db
- broker
platform: linux/x86_64
command: sh -c "/usr/bin/fleet prepare db --no-prompt && /usr/bin/fleet serve"
env_file: fleet/default.env
ports:
- 8412:8412
volumes:
- ./fleet:/fleet/
- ./fleet/logs:/logs
- ./fleet/vulndb:/vulndb
networks:
- default
- traefik
networks:
default: {}
traefik:
external: true

38
fleetdm/fleet/default.env Normal file
View File

@@ -0,0 +1,38 @@
# Mysql
FLEET_MYSQL_ADDRESS="mysql:3306"
FLEET_MYSQL_DATABASE="fleet"
FLEET_MYSQL_USERNAME="fleet"
FLEET_MYSQL_PASSWORD="fleet-mysql-pswd"
# Redis
FLEET_REDIS_ADDRESS="redis:6379"
FLEET_SERVER_ADDRESS="0.0.0.0:8412"
# TLS
FLEET_SERVER_TLS=false #TLS is handled by traefik
#FLEET_SERVER_CERT="fleet/tmp/server.cert"
#FLEET_SERVER_KEY="fleet/tmp/server.key"
# Logging
FLEET_LOGGING_JSON="true"
FLEET_OSQUERY_STATUS_LOG_PLUGIN="filesystem"
FLEET_FILESYSTEM_STATUS_LOG_FILE="/logs/osqueryd.status.log"
FLEET_OSQUERY_RESULT_LOG_PLUGIN="filesystem"
FLEET_FILESYSTEM_RESULT_LOG_FILE="/logs/osqueryd.results.log"
# If you have fleet premium, enter key and uncomment
# FLEET_LICENSE_KEY=
FLEET_OSQUERY_LABEL_UPDATE_INTERVAL="1m"
# Vulnerabilities
FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS="yes"
FLEET_VULNERABILITIES_DATABASES_PATH="/vulndb"
FLEET_VULNERABILITIES_PERIODICITY="5m"

4
fleetdm/mysql/default.env Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD="toor"
MYSQL_DATABASE="fleet"
MYSQL_USER="fleet"
MYSQL_PASSWORD="fleet-mysql-pswd"

85
ghost/compose.yml Normal file
View File

@@ -0,0 +1,85 @@
services:
service:
image: ghost:5-alpine
ports:
- 2368:2368 # Ghost
environment:
database__client: mysql
database__connection__host: ghost-mysql-1
database__connection__user: ghost
database__connection__password: ghost
database__connection__database: ghost
url: https://blog.rskio.com
depends_on:
mysql:
condition: service_healthy
redis:
condition: service_healthy
mysql:
image: mysql:8.0.35
command: --innodb-buffer-pool-size=1G --innodb-log-buffer-size=500M --innodb-change-buffer-max-size=50 --innodb-flush-log-at-trx_commit=0 --innodb-flush-method=O_DIRECT
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: ghost
MYSQL_USER: ghost
MYSQL_PASSWORD: ghost
restart: always
volumes:
- ./mysql:/var/lib/mysql
healthcheck:
test: mysql -uroot -proot ghost -e 'select 1'
interval: 5s
retries: 120
redis:
image: redis:7.0
restart: always
ports:
- 6379:6379
healthcheck:
test:
- CMD
- redis-cli
- --raw
- incr
- ping
interval: 1s
retries: 120
# prometheus:
# profiles: [monitoring]
# image: prom/prometheus:v2.30.3
# container_name: ghost-prometheus
# ports:
# - 9090:9090
# restart: always
# volumes:
# - ./.docker/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
# grafana:
# profiles: [monitoring]
# image: grafana/grafana:8.3.0
# container_name: ghost-grafana
# ports:
# - 3000:3000
# restart: always
# environment:
# - GF_AUTH_ANONYMOUS_ENABLED=true
# - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
# volumes:
# - ./.docker/grafana/datasources:/etc/grafana/provisioning/datasources
# - ./.docker/grafana/dashboard.yml:/etc/grafana/provisioning/dashboards/main.yaml
# - ./.docker/grafana/dashboards:/var/lib/grafana/dashboards
# pushgateway:
# profiles: [monitoring]
# image: prom/pushgateway:v1.6.0
# container_name: ghost-pushgateway
# ports:
# - 9091:9091
# mailhog:
# image: mailhog/mailhog:latest
# container_name: ghost-mailhog
# profiles: [ghost]
# ports:
# - "1025:1025" # SMTP server
# - "8025:8025" # Web interface
# restart: always

1
jellyfin
View File

@@ -1 +0,0 @@
/mnt/jellyfin

88
mattermost/.env Normal file
View File

@@ -0,0 +1,88 @@
# Domain of service
DOMAIN=chat.rskio.com
# Container settings
## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'.
## A list of these tz database names can be looked up at Wikipedia
## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=US/Mountain
RESTART_POLICY=unless-stopped
# Postgres settings
## Documentation for this image and available settings can be found on hub.docker.com
## https://hub.docker.com/_/postgres
## Please keep in mind this will create a superuser and it's recommended to use a less privileged
## user to connect to the database.
## A guide on how to change the database user to a nonsuperuser can be found in docs/creation-of-nonsuperuser.md
POSTGRES_IMAGE_TAG=13-alpine
POSTGRES_DATA_PATH=./volumes/db/var/lib/postgresql/data
POSTGRES_USER=mattermost
POSTGRES_PASSWORD=kixvep-sasWaq-gocwy3
POSTGRES_DB=mattermost
# Nginx
## The nginx container will use a configuration found at the NGINX_MATTERMOST_CONFIG. The config aims
## to be secure and uses a catch-all server vhost which will work out-of-the-box. For additional settings
## or changes ones can edit it or provide another config. Important note: inside the container, nginx sources
## every config file inside */etc/nginx/conf.d* ending with a *.conf* file extension.
## Inside the container the uid and gid is 101. The folder owner can be set with
## `sudo chown -R 101:101 ./nginx` if needed.
## Note that this repository requires nginx version 1.25.1 or later
NGINX_IMAGE_TAG=alpine
## The folder containing server blocks and any additional config to nginx.conf
#NGINX_CONFIG_PATH=./nginx/conf.d
#NGINX_DHPARAMS_FILE=./nginx/dhparams4096.pem
#CERT_PATH=./volumes/web/cert/cert.pem
#KEY_PATH=./volumes/web/cert/key-no-password.pem
#GITLAB_PKI_CHAIN_PATH=<path_to_your_gitlab_pki>/pki_chain.pem
#CERT_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/fullchain.pem
#KEY_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/privkey.pem
## Exposed ports to the host. Inside the container 80, 443 and 8443 will be used
#HTTPS_PORT=443
#HTTP_PORT=80
#CALLS_PORT=8443
# Mattermost settings
## Inside the container the uid and gid is 2000. The folder owner can be set with
## `sudo chown -R 2000:2000 ./volumes/app/mattermost`.
MATTERMOST_CONFIG_PATH=./volumes/app/mattermost/config
MATTERMOST_DATA_PATH=./volumes/app/mattermost/data
MATTERMOST_LOGS_PATH=./volumes/app/mattermost/logs
MATTERMOST_PLUGINS_PATH=./volumes/app/mattermost/plugins
MATTERMOST_CLIENT_PLUGINS_PATH=./volumes/app/mattermost/client/plugins
MATTERMOST_BLEVE_INDEXES_PATH=./volumes/app/mattermost/bleve-indexes
## Bleve index (inside the container)
MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes
## This will be 'mattermost-enterprise-edition' or 'mattermost-team-edition' based on the version of Mattermost you're installing.
MATTERMOST_IMAGE=mattermost-enterprise-edition
## Update the image tag if you want to upgrade your Mattermost version. You may also upgrade to the latest one. The example is based on the latest Mattermost ESR version.
MATTERMOST_IMAGE_TAG=9.11.6
## Make Mattermost container readonly. This interferes with the regeneration of root.html inside the container. Only use
## it if you know what you're doing.
## See https://github.com/mattermost/docker/issues/18
MATTERMOST_CONTAINER_READONLY=false
## The app port is only relevant for using Mattermost without the nginx container as reverse proxy. This is not meant
## to be used with the internal HTTP server exposed but rather in case one wants to host several services on one host
## or for using it behind another existing reverse proxy.
APP_PORT=8065
## Configuration settings for Mattermost. Documentation on the variables and the settings itself can be found at
## https://docs.mattermost.com/administration/config-settings.html
## Keep in mind that variables set here will take precedence over the same setting in config.json. This includes
## the system console as well and settings set with env variables will be greyed out.
## Below one can find necessary settings to spin up the Mattermost container
MM_SQLSETTINGS_DRIVERNAME=postgres
MM_SQLSETTINGS_DATASOURCE=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable&connect_timeout=10
## Example settings (any additional setting added here also needs to be introduced in the docker-compose.yml)
MM_SERVICESETTINGS_SITEURL=https://${DOMAIN}

62
mattermost/compose.yml Normal file
View File

@@ -0,0 +1,62 @@
services:
postgres:
image: postgres:${POSTGRES_IMAGE_TAG}
restart: ${RESTART_POLICY}
#security_opt:
# - no-new-privileges:true
#pids_limit: 100
#read_only: true
tmpfs:
- /tmp
- /var/run/postgresql
volumes:
- ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data
environment:
- TZ
- POSTGRES_USER
- POSTGRES_PASSWORD
- POSTGRES_DB
networks:
- default
service:
depends_on:
- postgres
image: mattermost/${MATTERMOST_IMAGE}:${MATTERMOST_IMAGE_TAG}
labels:
- traefik.enable=true
- traefik.http.routers.mattermost.entrypoints=websecure
- traefik.http.routers.mattermost.rule=Host(`chat.rskio.com`)
- traefik.http.routers.mattermost.tls=true
- traefik.http.routers.mattermost.tls.options=external@file
- traefik.http.routers.mattermost.tls.certresolver=rskio_certresolver
- traefik.http.routers.mattermost.service=mattermost@docker
- traefik.http.services.mattermost.loadbalancer.server.port=8065
- traefik.http.routers.mattermost.middlewares=secureHeaders@file
restart: ${RESTART_POLICY}
#security_opt:
# - no-new-privileges:true
#pids_limit: 200
#read_only: ${MATTERMOST_CONTAINER_READONLY}
tmpfs:
- /tmp
volumes:
- ${MATTERMOST_CONFIG_PATH}:/mattermost/config:rw
- ${MATTERMOST_DATA_PATH}:/mattermost/data:rw
- ${MATTERMOST_LOGS_PATH}:/mattermost/logs:rw
- ${MATTERMOST_PLUGINS_PATH}:/mattermost/plugins:rw
- ${MATTERMOST_CLIENT_PLUGINS_PATH}:/mattermost/client/plugins:rw
- ${MATTERMOST_BLEVE_INDEXES_PATH}:/mattermost/bleve-indexes:rw
environment:
- TZ
- MM_SQLSETTINGS_DRIVERNAME
- MM_SQLSETTINGS_DATASOURCE
- MM_BLEVESETTINGS_INDEXDIR
- MM_SERVICESETTINGS_SITEURL
networks:
- default
- traefik
networks:
traefik:
external: true

35
mattermost/scripts/UPGRADE.md Normal file
View File

@@ -0,0 +1,35 @@
# IMPORTANT: Please make sure you have enough disk space available for the backups!
Because it is more complicated to check the available disk space for various disk formatting options provided by different linux distributions, the script does currently not check for if there is enough disk space.
Please check manually before executing this script!
## Upgrading Postgres
```
$ export PATH_TO_MATTERMOST_DOCKER=path/to/mattermost-docker
$ ./scripts/upgrade-postgres.sh
```
Environment variables for upgrading:
`ttf` means, the script 'tries to find' the environment variables.
| Name | Description | Type | Default | Required |
|------|-------------|------|:---------:|:--------:|
| PATH_TO_MATTERMOST_DOCKER | absolute path to your mattermost-docker folder | `string` | n/a | yes |
| POSTGRES_USER | postgres user to connect to the mattermost database | `string` | ttf | yes |
| POSTGRES_PASSWORD | postgres password for the POSTGRES_USER to connect to the mattermost database | `string` | ttf | yes |
| POSTGRES_DB | postgres database name for the mattermost database | `string` | ttf | yes |
| POSTGRES_OLD_VERSION | postgres database old version which should be upgraded from | `semver` | ttf | yes |
| POSTGRES_NEW_VERSION | postgres database new version which should be upgraded to | `semver` | 13 | yes |
| POSTGRES_DOCKER_TAG | postgres docker tag found [here](https://hub.docker.com/_/postgres) including python3-dev | `string` | 13.2-alpine | yes |
| POSTGRES_OLD_DOCKER_FROM | FROM declaration in the postgres Dockerfile to be replaced | `string` | ttf | yes |
| POSTGRES_NEW_DOCKER_FROM | FROM declaration in the postgres Dockerfile replacing POSTGRES_OLD_DOCKER_FROM | `string` | ttf | yes |
| POSTGRES_UPGRADE_LINE | folder name required to upgrade postgres (Needs to match a folder [here](https://github.com/tianon/docker-postgres-upgrade)) | `string` | ttf | yes |
| MM_OLD_VERSION | mattermost old version which should be upgraded from | `semver` | ttf | yes |
| MM_NEW_VERSION | mattermost new version which should be upgraded to | `semver` | 5.32.1 | yes |
You can overwrite any of these variables before running this script with:
```
$ export VAR_NAME_FROM_ABOVE=yourValue
$ export PATH_TO_MATTERMOST_DOCKER=path/to/mattermost-docker
$ ./scripts/upgrade-postgres.sh
```

76
mattermost/scripts/issue-certificate.sh Executable file
View File

@@ -0,0 +1,76 @@
#!/bin/bash
usage() {
cat <<EOF
Usage: $0 [-h] <-d DOMAIN> <-o PATH>
Options
-h Print this help
-o Output path (e.g. \${PWD}/certs)
-d Domain certificate is issued for (e.g. mm.example.com)
EOF
}
issue_cert_standalone() {
docker run -it --rm --name certbot -p 80:80 \
-v "${1}/etc/letsencrypt:/etc/letsencrypt" \
-v "${1}/lib/letsencrypt:/var/lib/letsencrypt" \
certbot/certbot certonly --standalone -d "${2}"
}
authenticator_to_webroot() {
sed -i 's/standalone/webroot/' "${1}"/etc/letsencrypt/renewal/"${2}".conf
tee -a "${1}"/etc/letsencrypt/renewal/"${2}".conf >/dev/null <<EOF
webroot_path = /usr/share/nginx/html,
[[webroot_map]]
EOF
}
# become root (keeping environment) and make script executable
if [ $EUID != 0 ]; then
chmod +x "$0"
sudo -E ./"$0" "$@"
exit $?
fi
while getopts d:o:h opt; do
case "$opt" in
d)
domain=$OPTARG
;;
o)
output=$OPTARG
;;
h)
usage
exit 0
;;
\?)
usage >&2
exit 64
;;
esac
done
shift $((OPTIND - 1))
if [ -z "$domain" ]; then
echo "-d is required" >&2
usage >&2
exit 64
fi
if [ -z "$output" ]; then
echo "-o is required" >&2
usage >&2
exit 64
fi
if ! which docker 1>/dev/null; then
echo "Can't find Docker command" >&2
exit 64
fi
issue_cert_standalone "${output}" "${domain}"
authenticator_to_webroot "${output}" "${domain}"

196
mattermost/scripts/upgrade-postgres.sh Executable file
View File

@@ -0,0 +1,196 @@
#!/usr/bin/env bash
set -o errexit
##
## Instructions
##
# Dockerfile stolen from contributions in this issue: https://github.com/mattermost/mattermost-docker/issues/489#issuecomment-790277661
# 1. Edit the variables below to match your environment. This uses default variables and assumes you're on 5.31.0.
# If you're wanting to use another version of Postgres/Mattermost , update the variables as desired.
# 2. run 'sudo bash upgrade-postgres.sh' replace upgrade.sh with what you've named the file.
# This may take some time to complete as it's migrating the database to Postgres 13.6 from 9.4
if [[ $PATH_TO_MATTERMOST_DOCKER == "" ]]; then
# shellcheck disable=SC2016
echo 'Please export environment variable PATH_TO_MATTERMOST_DOCKER with "$ export PATH_TO_MATTERMOST_DOCKER=/path/to/mattermost-docker", i.e. $PWD before running this script. '
exit 1
fi
##
## Environment Variables
##
# Below are default values in the mattermost-docker container.
# The script is trying to fetch those variables first. Should fetching fail, please export the variables before running the script.
if [[ $POSTGRES_USER == "" ]]; then
echo "trying to fetch POSTGRES_USER from $PATH_TO_MATTERMOST_DOCKER/docker-compose.yml"
POSTGRES_USER=$(grep "^.*-.*POSTGRES_USER=.*$" "$PATH_TO_MATTERMOST_DOCKER"/docker-compose.yml | sed s~^.*-.*POSTGRES_USER=~~g)
if [[ $POSTGRES_USER == "" ]]; then
echo "could not find POSTGRES_USER set in $PATH_TO_MATTERMOST_DOCKER/docker-compose.yml"
echo "please run 'export POSTGRES_USER=yourPostgresUser' before running this script"
exit 1
fi
echo "found POSTGRES_USER=redacted"
fi
if [[ $POSTGRES_PASSWORD == "" ]]; then
echo "trying to fetch POSTGRES_PASSWORD from $PATH_TO_MATTERMOST_DOCKER/docker-compose.yml"
POSTGRES_PASSWORD=$(grep "^.*-.*POSTGRES_PASSWORD=.*$" "$PATH_TO_MATTERMOST_DOCKER"/docker-compose.yml | sed s~^.*-.*POSTGRES_PASSWORD=~~g)
if [[ $POSTGRES_PASSWORD == "" ]]; then
echo "could not find POSTGRES_PASSWORD set in $PATH_TO_MATTERMOST_DOCKER/docker-compose.yml"
echo "please run 'export POSTGRES_PASSWORD=yourPostgresPassword' before running this script"
exit 1
fi
echo "found POSTGRES_PASSWORD=redacted"
fi
if [[ $POSTGRES_DB == "" ]]; then
echo "trying to fetch POSTGRES_DB from $PATH_TO_MATTERMOST_DOCKER/docker-compose.yml"
POSTGRES_DB=$(grep "^.*-.*POSTGRES_DB=.*$" "$PATH_TO_MATTERMOST_DOCKER"/docker-compose.yml | sed s~^.*-.*POSTGRES_DB=~~g)
if [[ $POSTGRES_DB == "" ]]; then
echo "could not find POSTGRES_DB set in $PATH_TO_MATTERMOST_DOCKER/docker-compose.yml"
echo "please run 'export POSTGRES_DB=yourPostgresDatabase' before running this script"
exit 1
fi
echo "found POSTGRES_DB=$POSTGRES_DB"
fi
printf "\n"
if [[ $POSTGRES_OLD_VERSION == "" ]]; then
echo "trying to fetch POSTGRES_OLD_VERSION by connecting to database container and echoing the environment variable PG_VERSION"
POSTGRES_OLD_VERSION=$(docker exec mattermost-docker_db_1 bash -c 'echo $PG_VERSION') # i.e. 9.4
if [[ $POSTGRES_OLD_VERSION == "" ]]; then
echo "could not connect to database container to get PG_VERSION"
echo "please run 'export POSTGRES_OLD_VERSION=i.e. 9.4' before running this script"
echo "check by i.e. running 'sudo cat $PATH_TO_MATTERMOST_DOCKER/volumes/db/var/lib/postgresql/data/PG_VERSION'"
exit 1
fi
echo "found POSTGRES_OLD_VERSION=$POSTGRES_OLD_VERSION"
fi
if [[ $POSTGRES_NEW_VERSION == "" ]]; then
echo "no exported POSTGRES_NEW_VERSION environment variable found"
echo "setting POSTGRES_NEW_VERSION environment variable to default 13"
POSTGRES_NEW_VERSION=13 # i.e. 13
echo "set POSTGRES_NEW_VERSION=$POSTGRES_NEW_VERSION"
fi
if [[ $POSTGRES_DOCKER_TAG == "" ]]; then
echo "no exported POSTGRES_DOCKER_TAG environment variable found"
echo "setting POSTGRES_DOCKER_TAG environment variable to default 13.2-alpine"
echo "tag needs to be an alpine release to include python3-dev found here - https://hub.docker.com/_/postgres"
POSTGRES_DOCKER_TAG=13.2-alpine # i.e. '13.2-alpine'
echo "set POSTGRES_DOCKER_TAG=$POSTGRES_DOCKER_TAG"
fi
if [[ $POSTGRES_OLD_DOCKER_FROM == "" ]]; then
echo "no exported POSTGRES_OLD_DOCKER_FROM environment variable found"
echo "setting POSTGRES_OLD_DOCKER_FROM to default '$(grep 'FROM postgres' "$PATH_TO_MATTERMOST_DOCKER"/db/Dockerfile)'"
POSTGRES_OLD_DOCKER_FROM=$(grep 'FROM postgres' "$PATH_TO_MATTERMOST_DOCKER/db/Dockerfile")
echo "set POSTGRES_OLD_DOCKER_FROM=$POSTGRES_OLD_DOCKER_FROM"
fi
if [[ $POSTGRES_NEW_DOCKER_FROM == "" ]]; then
echo "no exported POSTGRES_NEW_DOCKER_FROM environment variable found"
echo "setting POSTGRES_NEW_DOCKER_FROM to default 'FROM postgres:$POSTGRES_DOCKER_TAG'"
POSTGRES_NEW_DOCKER_FROM="FROM postgres:$POSTGRES_DOCKER_TAG"
echo "set POSTGRES_NEW_DOCKER_FROM=$POSTGRES_NEW_DOCKER_FROM"
fi
if [[ $POSTGRES_UPGRADE_LINE == "" ]]; then
echo "no exported POSTGRES_UPGRADE_LINE environment variable found"
echo "setting POSTGRES_UPGRADE_LINE to default $POSTGRES_OLD_VERSION-to-$POSTGRES_POSTGRES_NEW_VERSION"
echo "the POSTGRES_UPGRADE_LINE needs to match a folder found here - https://github.com/tianon/docker-postgres-upgrade"
echo "it should read 'old-to-new'"
POSTGRES_UPGRADE_LINE=$POSTGRES_OLD_VERSION-to-$POSTGRES_NEW_VERSION # i.e. '9.4-to-13'
echo "set POSTGRES_UPGRADE_LINE=$POSTGRES_UPGRADE_LINE"
fi
printf "\n"
if [[ $MM_OLD_VERSION == "" ]]; then
echo "trying to fetch MM_OLD_VERSION from $PATH_TO_MATTERMOST_DOCKER/docker-compose.yml"
MM_OLD_VERSION=$(grep ".*-.*MM_VERSION=.*" "$PATH_TO_MATTERMOST_DOCKER"/docker-compose.yml | sed s~.*-.*MM_VERSION=~~g)
if [[ $MM_OLD_VERSION == "" ]]; then
echo "could not find MM_OLD_VERSION set in $PATH_TO_MATTERMOST_DOCKER/docker-compose.yml"
echo "please run 'export MM_OLD_VERSION=yourMMVersion' before running this script"
exit 1
fi
echo "found MM_OLD_VERSION=$MM_OLD_VERSION"
fi
if [[ $MM_NEW_VERSION == "" ]]; then
echo "no exported MM_NEW_VERSION environment variable found"
echo "setting MM_NEW_VERSION to default 5.32.1"
MM_NEW_VERSION=5.32.1
echo "found MM_NEW_VERSION=$MM_NEW_VERSION"
fi
printf "\n"
echo "Path to mattermost-docker: $PATH_TO_MATTERMOST_DOCKER"
echo "Postgres user: redacted"
echo "Postgres password: redacted"
echo "Postgres database name: $POSTGRES_DB"
echo "Postgres old version: $POSTGRES_OLD_VERSION"
echo "Postgres new version: $POSTGRES_NEW_VERSION"
echo "Postgres alpine docker tag including python3-dev: $POSTGRES_DOCKER_TAG"
echo "Postgres old Dockerfile: $POSTGRES_OLD_DOCKER_FROM"
echo "Postgres new Dockerfile: $POSTGRES_NEW_DOCKER_FROM"
echo "Postgres upgrade-line matches a folder here - https://github.com/tianon/docker-postgres-upgrade: $POSTGRES_UPGRADE_LINE"
echo "Mattermost old version: $MM_OLD_VERSION"
echo "Mattermost new version: $MM_NEW_VERSION"
printf "\n"
df -h
read -rp "Please make sure you have enough disk space left on your devices. Try to backup and upgrade now? (y/n)" choice
if [[ "$choice" != "y" && "$choice" != "Y" && "$choice" != "yes" ]]; then
exit 0;
fi
##
## Script Start
##
cd "$PATH_TO_MATTERMOST_DOCKER"
docker-compose stop
# Creating a backup folder and backing up the mattermost / database.
mkdir "$PATH_TO_MATTERMOST_DOCKER"/backups
DATE=$(date +'%F-%H-%M')
cp -ra "$PATH_TO_MATTERMOST_DOCKER"/volumes/app/mattermost/ "$PATH_TO_MATTERMOST_DOCKER"/backups/mattermost-backup-"$DATE"/
cp -ra "$PATH_TO_MATTERMOST_DOCKER"/volumes/db/ "$PATH_TO_MATTERMOST_DOCKER"/backups/database-backup-"$DATE"/
mkdir "$PATH_TO_MATTERMOST_DOCKER"/volumes/db/"$POSTGRES_OLD_VERSION"
mv "$PATH_TO_MATTERMOST_DOCKER"/volumes/db/var/lib/postgresql/data/ "$PATH_TO_MATTERMOST_DOCKER"/volumes/db/"$POSTGRES_OLD_VERSION"
rm -rf "$PATH_TO_MATTERMOST_DOCKER"/volumes/db/var
mkdir -p "$PATH_TO_MATTERMOST_DOCKER"/volumes/db/$POSTGRES_NEW_VERSION/data
sed -i "s/$POSTGRES_OLD_DOCKER_FROM/$POSTGRES_NEW_DOCKER_FROM/" "$PATH_TO_MATTERMOST_DOCKER"/db/Dockerfile
sed -i "s/python-dev/python3-dev/" "$PATH_TO_MATTERMOST_DOCKER"/db/Dockerfile
sed -i "s/$MM_OLD_VERSION/$MM_NEW_VERSION/" "$PATH_TO_MATTERMOST_DOCKER"/app/Dockerfile
# replacing the old postgres path with a new path
sed -i "s#./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data#./volumes/db/$POSTGRES_NEW_VERSION/data:/var/lib/postgresql/data#" "$PATH_TO_MATTERMOST_DOCKER"/docker-compose.yml
# migrate the database to the new postgres version
docker run --rm \
-e PGUSER="$POSTGRES_USER" \
-e POSTGRES_INITDB_ARGS=" -U $POSTGRES_USER" \
-e POSTGRES_PASSWORD="$POSTGRES_PASSWORD" \
-e POSTGRES_DB="$POSTGRES_DB" \
-v "$PATH_TO_MATTERMOST_DOCKER"/volumes/db:/var/lib/postgresql \
tianon/postgres-upgrade:"$POSTGRES_UPGRADE_LINE" \
--link
cp -p "$PATH_TO_MATTERMOST_DOCKER"/volumes/db/"$POSTGRES_OLD_VERSION"/data/pg_hba.conf "$PATH_TO_MATTERMOST_DOCKER"/volumes/db/$POSTGRES_NEW_VERSION/data/
# rebuild the containers
docker-compose build
docker-compose up -d
# reindex the database
echo "REINDEX SCHEMA CONCURRENTLY public;" | docker exec mattermost-docker_db_1 psql -U "$POSTGRES_USER" "$POSTGRES_DB"
cd -

1
mkdocs
View File

@@ -1 +0,0 @@
../rskio/mkdocs

37
paperless/compose.env Normal file
View File

@@ -0,0 +1,37 @@
###############################################################################
# Paperless-ngx settings #
###############################################################################
# See http://docs.paperless-ngx.com/configuration/ for all available options.
# The UID and GID of the user used to run paperless in the container. Set this
# to your UID and GID on the host so that you have write access to the
# consumption directory.
USERMAP_UID=1000
USERMAP_GID=1000
# See the documentation linked above for all options. A few commonly adjusted settings
# are provided below.
# This is required if you will be exposing Paperless-ngx on a public domain
# (if doing so please consider security measures such as reverse proxy)
PAPERLESS_URL=https://paperless.rskio.com
# Adjust this key if you plan to make paperless available publicly. It should
# be a very long sequence of random characters. You don't need to remember it.
PAPERLESS_SECRET_KEY=g8fjagl-ahgzxl0-b8zujk1s
# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
PAPERLESS_TIME_ZONE=America/Denver
# The default language to use for OCR. Set this to the language most of your
# documents are written in.
#PAPERLESS_OCR_LANGUAGE=eng
# Additional languages to install for text recognition, separated by a whitespace.
# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
# the language used for OCR.
# The container installs English, German, Italian, Spanish and French by default.
# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
# for available languages.
#PAPERLESS_OCR_LANGUAGES=tur ces

58
paperless/compose.yml Normal file
View File

@@ -0,0 +1,58 @@
services:
broker:
image: docker.io/library/redis:8
restart: unless-stopped
volumes:
- redisdata:/data
networks:
- default
db:
image: docker.io/library/postgres:17
restart: unless-stopped
volumes:
- pgdata:/var/lib/postgresql/data
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperless
POSTGRES_PASSWORD: paperless
networks:
- default
service:
labels:
- traefik.enable=true
- traefik.http.routers.paperless.entrypoints=websecure
- traefik.http.routers.paperless.rule=Host(`paperless.rskio.com`)
- traefik.http.routers.paperless.middlewares=secureHeaders@file
- traefik.http.routers.paperless.tls=true
- traefik.http.routers.paperless.tls.options=internal@file
- traefik.http.routers.paperless.service=paperless@docker
- traefik.http.services.paperless.loadbalancer.server.port=8000
- traefik.http.routers.paperless.tls.certresolver=rskio_certresolver
image: ghcr.io/paperless-ngx/paperless-ngx:latest
restart: unless-stopped
depends_on:
- db
- broker
volumes:
- data:/usr/src/paperless/data
- media:/usr/src/paperless/media
- ./export:/usr/src/paperless/export
- ./consume:/usr/src/paperless/consume
env_file: compose.env
environment:
PAPERLESS_REDIS: redis://broker:6379
PAPERLESS_DBHOST: db
networks:
- default
- traefik
volumes:
data:
media:
pgdata:
redisdata:
networks:
traefik:
external: true
default: {}

25
paste/compose.yml Normal file
View File

@@ -0,0 +1,25 @@
services:
service:
image: orhunp/rustypaste:latest
restart: unless-stopped
labels:
- traefik.enable=true
- traefik.http.routers.paste.entrypoints=websecure
- traefik.http.routers.paste.rule=Host(`paste.rskio.com`)
- traefik.http.routers.paste.tls=true
- traefik.http.routers.paste.tls.options=external@file
- traefik.http.routers.paste.tls.certresolver=rskio_certresolver
- traefik.http.routers.paste.middlewares=secureHeaders@file
- traefik.http.routers.paste.service=paste@docker
- traefik.http.services.paste.loadbalancer.server.port=8000
environment:
- RUST_LOG=debug
volumes:
- ./paste/data/:/app/upload
- ./paste/config.toml:/app/config.toml
networks:
- traefik
networks:
traefik:
external: true

62
paste/config.toml Normal file
View File

@@ -0,0 +1,62 @@
[config]
refresh_rate = "3s"
[server]
address = "127.0.0.1:8000"
url = "https://paste.rskio.com"
#workers=4
max_content_length = "10MB"
upload_path = "./upload"
timeout = "30s"
expose_version = false
expose_list = false
#auth_tokens = [
# "super_secret_token1",
# "super_secret_token2",
#]
#delete_tokens = [
# "super_secret_token1",
# "super_secret_token3",
#]
handle_spaces = "replace" # or "encode"
[landing_page]
text = """
┌─┐┌─┐┬┌─┬┌─┐ ┌─┐┌─┐┌─┐┌┬┐┌─┐
├┬┘└─┐├┴┐││ │ ├─┘├─┤└─┐ │ ├┤
┴└─└─┘┴ ┴┴└─┘ ┴ ┴ ┴└─┘ ┴ └─┘
Submit files via HTTP POST here:
curl -F 'file=@example.txt' paste.rskio.com
This will return the URL of the uploaded file.
Content expires 24 hours.
The content may be removed without warning.
"""
#file = "index.txt"
content_type = "text/plain; charset=utf-8"
[paste]
random_url = { type = "petname", words = 2, separator = "-" }
#random_url = { type = "alphanumeric", length = 8 }
#random_url = { type = "alphanumeric", length = 8, no_extension = true }
#random_url = { type = "alphanumeric", length = 6, suffix_mode = true }
default_extension = "txt"
mime_override = [
{ mime = "image/jpeg", regex = "^.*\\.jpg$" },
{ mime = "image/png", regex = "^.*\\.png$" },
{ mime = "image/svg+xml", regex = "^.*\\.svg$" },
{ mime = "video/webm", regex = "^.*\\.webm$" },
{ mime = "video/x-matroska", regex = "^.*\\.mkv$" },
{ mime = "application/octet-stream", regex = "^.*\\.bin$" },
{ mime = "text/plain", regex = "^.*\\.(log|txt|diff|sh|rs|toml)$" },
]
mime_blacklist = [
"application/x-dosexec",
"application/java-archive",
"application/java-vm",
]
duplicate_files = true
# default_expiry = "1h"
delete_expired_files = { enabled = true, interval = "24h" }

1
pihole/.env Normal file
View File

@@ -0,0 +1 @@
PIHOLE_SECRET=deviceADMIN

28
pihole/compose.yml Normal file
View File

@@ -0,0 +1,28 @@
services:
service:
image: pihole/pihole:latest
ports:
- "192.168.1.152:53:53/tcp"
- "192.168.1.152:53:53/udp"
- "8001:80/tcp"
#- "443:443/tcp"
#- "67:67/udp"
#- "123:123/udp"
environment:
TZ: "America/Denver"
FTLCONF_webserver_api_password: ${PIHOLE_SECRET}
FTLCONF_dns_listeningMode: "all"
volumes:
- "./etc-pihole:/etc/pihole"
#- './etc-dnsmasq.d:/etc/dnsmasq.d'
cap_add:
- NET_ADMIN
- SYS_TIME
- SYS_NICE
restart: unless-stopped
networks:
- traefik
networks:
traefik:
external: true

21
setup-network.sh Executable file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
# Create shared network for Traefik and all services
NETWORK_NAME="traefik"
echo "Setting up Docker network: $NETWORK_NAME"
# Check if network already exists
if docker network ls | grep -q "$NETWORK_NAME"; then
echo "Network $NETWORK_NAME already exists"
else
# Create the network with a specific subnet to ensure consistency
docker network create \
--driver bridge \
--subnet=172.20.0.0/16 \
--gateway=172.20.0.1 \
"$NETWORK_NAME"
fi
echo "Network details:"
docker network inspect "$NETWORK_NAME" | grep -E "(Name|Subnet|Gateway)"

22
traefik/compose.yml Normal file
View File

@@ -0,0 +1,22 @@
services:
ingress:
image: traefik:latest
restart: unless-stopped
command:
- --configFile=/etc/traefik/traefik.yml
ports:
- 80:80/tcp
- 443:443/tcp
- 443:443/udp
- 8080:8080/tcp
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /var/log/traefik:/var/log/traefik
- ./etc:/etc/traefik:ro
- ./tls:/letsencrypt
networks:
- traefik
networks:
traefik:
external: true

175
traefik/etc/dynamic.yml
View File

@@ -1,50 +1,167 @@
defaultTLS: &defaultTLS
minVersion: VersionTLS13
cipherSuites:
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_FALLBACK_SCSV
tls: tls:
options: options:
docs: external:
minVersion: VersionTLS13 <<: *defaultTLS
cipherSuites:
- TLS_AES_256_GCM_SHA384 internal:
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_FALLBACK_SCSV
dashboard:
minVersion: VersionTLS13
cipherSuites:
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_FALLBACK_SCSV
clientAuth: clientAuth:
caFiles: caFiles:
- /etc/traefik/com.rskio.ca.crt - /etc/traefik/com.rskio.ca.crt
clientAuthType: RequireAndVerifyClientCert clientAuthType: RequireAndVerifyClientCert
<<: *defaultTLS
http: http:
routers: routers:
traefik-dashboard: stream:
rule: "Host(`oxy.rskio.com`)" rule: Host(`stream.rskio.com`)
service: "api@internal" service: stream@file
entryPoints: entryPoints:
- "websecure" - websecure
middlewares:
- "redirect-dashboard"
tls: tls:
options: dashboard@file options: external@file
certResolver: rskio_certresolver certResolver: rskio_certresolver
# storage:
# rule: Host(`storage.rskio.com`)
# service: storage@file
# entryPoints:
# - websecure
# tls:
# options: internal@file
# certResolver: rskio_certresolver
#
# metrics:
# rule: Host(`metrics.rskio.com`)
# service: metrics@file
# entryPoints:
# - websecure
# tls:
# options: internal@file
# certResolver: rskio_certresolver
pihole:
rule: Host(`dns.rskio.com`)
service: pihole@file
entryPoints:
- websecure
middlewares:
- redirect-pihole
tls:
options: internal@file
certResolver: rskio_certresolver
# ghost:
# rule: Host(`blog.rskio.com`)
# service: ghost@file
# entryPoints:
# - websecure
# middlewares:
# - secureHeaders
# tls:
# options: external@file
# certResolver: rskio_certresolver
network:
rule: Host(`network.rskio.com`)
service: network@file
entryPoints:
- websecure
middlewares:
- secureHeaders
tls:
options: internal@file
certResolver: rskio_certresolver
core01kvm:
rule: Host(`core01.rskio.com`)
service: core01kvm@file
entrypoints:
- websecure
middlewares:
- secureHeaders
tls:
options: internal@file
certResolver: rskio_certresolver
traefik-dashboard:
rule: Host(`oxy.rskio.com`)
service: api@internal
entryPoints:
- websecure
middlewares:
- redirect-dashboard
tls:
options: internal@file
certResolver: rskio_certresolver
serversTransports:
backendIgnoreTLS:
insecureSkipVerify: true
services:
stream:
loadBalancer:
servers:
- url: "http://192.168.1.179:8096"
# storage:
# loadBalancer:
# servers:
# - url: "https://192.168.1.230:8443"
# serversTransport: backendIgnoreTLS
#
# metrics:
# loadBalancer:
# servers:
# - url: "https://192.168.1.230:3000"
# serversTransport: backendIgnoreTLS
pihole:
loadBalancer:
servers:
- url: "http://192.168.1.152:8001"
# ghost:
# loadBalancer:
# servers:
# - url: "http://192.168.1.152:2368"
network:
loadBalancer:
servers:
- url: "https://192.168.1.254"
serversTransport: backendIgnoreTLS
core01kvm:
loadBalancer:
servers:
- url: "http://192.168.1.202"
middlewares: middlewares:
redirect-dashboard: redirect-dashboard:
redirectRegex: redirectRegex:
regex: "^https?://([^/]+)/?$" regex: "^https?://([^/]+)/?$"
replacement: "https://${1}/dashboard/" replacement: "https://${1}/dashboard/"
permanent: true permanent: true
redirect-pihole:
redirectRegex:
regex: "^https?://([^/]+)/?$"
replacement: "https://${1}/admin/"
permanent: true
secureHeaders: secureHeaders:
headers: headers:
browserXssFilter: true browserXssFilter: true

2
traefik/etc/traefik.yml
View File

@@ -37,7 +37,7 @@ api:
providers: providers:
docker: docker:
endpoint: unix:///var/run/docker.sock endpoint: unix:///var/run/docker.sock
network: hq_default network: traefik
exposedByDefault: false exposedByDefault: false
file: file:
filename: /etc/traefik/dynamic.yml filename: /etc/traefik/dynamic.yml