From 6e97a453ac9472a3e8545c686bfc9efa6f047312 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Thu, 14 Nov 2024 14:06:30 +0100 Subject: [PATCH 001/112] initial push --- docker-compose/clamav/compose.yaml | 22 ++++++ docker-compose/clamav/config/clamd.conf | 81 +++++++++++++++++++++ docker-compose/clamav/config/freshclam.conf | 21 ++++++ 3 files changed, 124 insertions(+) create mode 100644 docker-compose/clamav/compose.yaml create mode 100644 docker-compose/clamav/config/clamd.conf create mode 100644 docker-compose/clamav/config/freshclam.conf diff --git a/docker-compose/clamav/compose.yaml b/docker-compose/clamav/compose.yaml new file mode 100644 index 0000000..5de7813 --- /dev/null +++ b/docker-compose/clamav/compose.yaml @@ -0,0 +1,22 @@ +--- +services: + clamav: + image: clamav/clamav:latest + container_name: clamav + volumes: + - ./scandir:/scandir:rw + - ./config/clamd.conf:/etc/clamav/clamd.conf:ro + - ./config/freshclam.conf:/etc/clamav/freshclam.conf:ro + - clamav-data:/var/lib/clamav + logging: + driver: syslog + options: + tag: "clamd/{{.ID}}" + networks: + - frontend + restart: unless-stopped +volumes: + clamav-data: +networks: + frontend: + external: true diff --git a/docker-compose/clamav/config/clamd.conf b/docker-compose/clamav/config/clamd.conf new file mode 100644 index 0000000..fe339da --- /dev/null +++ b/docker-compose/clamav/config/clamd.conf @@ -0,0 +1,81 @@ +# -- Change Log settings here... +LogSyslog yes +LogTime yes +# --> (Optional) Enable logging to file, can work together with LogSyslog +# LogFile /var/log/clamav/clamd.log +# LogRotate no +# <-- + +# -- Change process settings here... +PidFile /tmp/clamd.pid +LocalSocket /run/clamav/clamd.sock + +# -- Change TCP port settings here... +TCPSocket 3310 + +# -- Change user settings here... +User clamav + +# -- Change detection settings here... +# DetectPUA no +# HeuristicAlerts yes +# HeuristicScanPrecedence no + +# -- Change Heuristic Alerts here... +# AlertBrokenExecutables no +# AlertBrokenMedia no +# AlertEncrypted no +# AlertEncryptedArchive no +# AlertEncryptedDoc no +# AlertOLE2Macros no +# AlertPhishingSSLMismatch no +# AlertPhishingCloak no +# AlertPartitionIntersection no + +# -- Change Executable files settings here... +# ScanPE yes +# DisableCertCheck no +# ScanELF yes + +# -- Change Documents settings here... +# ScanOLE2 yes +# ScanPDF yes +# ScanSWF yes +# ScanXMLDOCS yes +# ScanHWP3 yes +# ScanOneNote yes + +# -- Change other file types settings here... +# ScanImage yes +# ScanImageFuzzyHash yes + +# -- Change Mail files settings here... +# ScanMail yes +# ScanPartialMessages no +# PhishingSignatures yes +# PhishingScanURLs yes + +# -- Change Data Loss Prevention (DLP) settings here... +# StructuredDataDetection no +# StructuredMinCreditCardCount 3 +# StructuredCCOnly no +# StructuredMinSSNCount 3 +# StructuredSSNFormatNormal yes +# StructuredSSNFormatStripped no + +# -- Change HTML settings here... +# ScanHTML yes + +# -- Change Archives settings here... +# ScanArchive yes + +# -- Change On-access Scan settings here... +# OnAccessMaxFileSize 5M +# OnAccessMaxThreads 5 +# --> (Optional) Set include paths, exclude paths, mount paths, etc... +#OnAccessIncludePath /home +#OnAccessExcludePath /home/user +#OnAccessExtraScanning no +#OnAccessMountPath / +#OnAccessMountPath /home/user +# <-- diff --git a/docker-compose/clamav/config/freshclam.conf b/docker-compose/clamav/config/freshclam.conf new file mode 100644 index 0000000..7b8ce2a --- /dev/null +++ b/docker-compose/clamav/config/freshclam.conf @@ -0,0 +1,21 @@ +# -- Change Log settings here... +LogSyslog no +LogTime yes +# --> (Optional) Enable logging to file, can work together with LogSyslog +# UpdateLogFile /var/log/clamav/freshclam.log +# LogRotate no +# <-- + +# -- Change process settings here... +PidFile /tmp/freshclam.pid + +# -- Change database settings here... +DatabaseOwner clamav +DatabaseMirror database.clamav.net + +# -- Change update and notification settings here... +ScriptedUpdates yes +NotifyClamd /etc/clamav/clamd.conf + +# -- Change custom sources for databases here... +#DatabaseCustomURL http://myserver.example.com/mysigs.ndb From 22ee39d309c6a95cedb63e1f13e2307191630f21 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Thu, 21 Nov 2024 16:36:33 +0100 Subject: [PATCH 002/112] fixed config for clamav --- docker-compose/clamav/compose.yaml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/docker-compose/clamav/compose.yaml b/docker-compose/clamav/compose.yaml index 5de7813..20d7fdd 100644 --- a/docker-compose/clamav/compose.yaml +++ b/docker-compose/clamav/compose.yaml @@ -1,22 +1,20 @@ --- services: clamav: - image: clamav/clamav:latest + image: clamav/clamav:1.4.1 container_name: clamav volumes: - - ./scandir:/scandir:rw - ./config/clamd.conf:/etc/clamav/clamd.conf:ro - ./config/freshclam.conf:/etc/clamav/freshclam.conf:ro - clamav-data:/var/lib/clamav + # --> (Optional) Add a directory to scan + # - ./scandir:/scandir:rw + # <-- + # -- Change logging driver here... (required for Wazuh integration) logging: driver: syslog options: - tag: "clamd/{{.ID}}" - networks: - - frontend + tag: "clamd" restart: unless-stopped volumes: clamav-data: -networks: - frontend: - external: true From d222e2a5e24a083283131038b12d228d1c229174 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Thu, 21 Nov 2024 17:10:28 +0100 Subject: [PATCH 003/112] wazuh deployment --- docker-compose/wazuh/.env.example | 6 + docker-compose/wazuh/compose.yaml | 173 ++++++++++ .../wazuh/config/postfix-relay/main.cf | 12 + .../wazuh/config/postfix-relay/sasl_passwd | 1 + .../wazuh/config/rules/local_rules.xml | 12 + .../config/wazuh_cluster/wazuh_manager.conf | 308 ++++++++++++++++++ .../wazuh_dashboard/opensearch_dashboards.yml | 12 + .../wazuh/config/wazuh_dashboard/wazuh.yml | 10 + .../config/wazuh_indexer/internal_users.yml | 56 ++++ .../config/wazuh_indexer/wazuh.indexer.yml | 30 ++ docker-compose/wazuh/generate-certs.yaml | 8 + 11 files changed, 628 insertions(+) create mode 100644 docker-compose/wazuh/.env.example create mode 100644 docker-compose/wazuh/compose.yaml create mode 100644 docker-compose/wazuh/config/postfix-relay/main.cf create mode 100644 docker-compose/wazuh/config/postfix-relay/sasl_passwd create mode 100644 docker-compose/wazuh/config/rules/local_rules.xml create mode 100644 docker-compose/wazuh/config/wazuh_cluster/wazuh_manager.conf create mode 100644 docker-compose/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml create mode 100644 docker-compose/wazuh/config/wazuh_dashboard/wazuh.yml create mode 100644 docker-compose/wazuh/config/wazuh_indexer/internal_users.yml create mode 100644 docker-compose/wazuh/config/wazuh_indexer/wazuh.indexer.yml create mode 100644 docker-compose/wazuh/generate-certs.yaml diff --git a/docker-compose/wazuh/.env.example b/docker-compose/wazuh/.env.example new file mode 100644 index 0000000..6c4025e --- /dev/null +++ b/docker-compose/wazuh/.env.example @@ -0,0 +1,6 @@ +INDEXER_USERNAME = "admin" +INDEXER_PASSWORD = "your-admin-password" +DASHBOARD_USERNAME = "kibanaserver" +DASHBOARD_PASSWORD = "your-kibanaserver-password" +API_USERNAME = "wazuh-wui" +API_PASSWORD = "your-wazuh-wui-password" diff --git a/docker-compose/wazuh/compose.yaml b/docker-compose/wazuh/compose.yaml new file mode 100644 index 0000000..4570c20 --- /dev/null +++ b/docker-compose/wazuh/compose.yaml @@ -0,0 +1,173 @@ +services: + wazuh.manager: + image: wazuh/wazuh-manager:4.9.2 + container_name: wazuh-prod-1-manager + hostname: wazuh.manager + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 655360 + hard: 655360 + ports: + - "1514:1514" + - "1515:1515" + - "514:514/udp" + - "55000:55000" + environment: + - INDEXER_URL=https://wazuh.indexer:9200 + - INDEXER_USERNAME=${INDEXER_USERNAME:?error} + - INDEXER_PASSWORD=${INDEXER_PASSWORD:?error} + - FILEBEAT_SSL_VERIFICATION_MODE=full + - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem + - SSL_CERTIFICATE=/etc/ssl/filebeat.pem + - SSL_KEY=/etc/ssl/filebeat.key + - API_USERNAME=${API_USERNAME:?error} + - API_PASSWORD=${API_PASSWORD:?error} + volumes: + - wazuh_api_configuration:/var/ossec/api/configuration + - wazuh_etc:/var/ossec/etc + - wazuh_logs:/var/ossec/logs + - wazuh_queue:/var/ossec/queue + - wazuh_var_multigroups:/var/ossec/var/multigroups + - wazuh_integrations:/var/ossec/integrations + - wazuh_active_response:/var/ossec/active-response/bin + - wazuh_agentless:/var/ossec/agentless + - wazuh_wodles:/var/ossec/wodles + - filebeat_etc:/etc/filebeat + - filebeat_var:/var/lib/filebeat + - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key + - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf + # --> (Optional) For custom rules + # - ./config/rules/local_rules.xml:/var/ossec/etc/rules/local_rules.xml:ro + # <-- + # --> (Optional) When using traefik + # networks: + # - frontend + # <-- + # --> (Optional) When using a separate backend network + # - backend + # <-- + restart: unless-stopped + + wazuh.indexer: + image: wazuh/wazuh-indexer:4.9.2 + container_name: wazuh-prod-1-indexer + hostname: wazuh.indexer + ports: + - "9200:9200" + environment: + - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - wazuh-indexer-data:/var/lib/wazuh-indexer + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem + - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem + - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem + - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml + # --> (Optional) When using traefik + # networks: + # - frontend + # <-- + # --> (Optional) When using a separate backend network + # - backend + # <-- + restart: unless-stopped + + wazuh.dashboard: + image: wazuh/wazuh-dashboard:4.9.2 + container_name: wazuh-prod-1-dashboard + hostname: wazuh.dashboard + # --> (Optional) Remove the port mapping when using traefik + ports: + - 4443:5601 + # <-- + environment: + - INDEXER_USERNAME=${INDEXER_USERNAME:?error} + - INDEXER_PASSWORD=${INDEXER_PASSWORD:?error} + - WAZUH_API_URL=https://wazuh.manager + - DASHBOARD_USERNAME=${DASHBOARD_USERNAME:?error} + - DASHBOARD_PASSWORD=${DASHBOARD_PASSWORD:?error} + - API_USERNAME=${API_USERNAME:?error} + - API_PASSWORD=${API_PASSWORD:?error} + volumes: + - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem + - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom + # --> (Optional) When using traefik + # labels: + # - traefik.enable=true + # - traefik.http.routers.wazuh-prod-1-https.entrypoints=websecure + # - traefik.http.routers.wazuh-prod-1-https.rule=Host(`wazuh-prod-1.srv-prod-1.home.clcreative.de`) + # - traefik.http.routers.wazuh-prod-1-https.tls=true + # - traefik.http.routers.wazuh-prod-1-https.tls.certresolver=cloudflare + # - traefik.http.services.wazuh-prod-1-service.loadbalancer.server.port=5601 + # - traefik.http.services.wazuh-prod-1-service.loadbalancer.server.scheme=https + # networks: + # - frontend + # <-- + # --> (Optional) When using a separate backend network + # - backend + # <-- + depends_on: + - wazuh.indexer + restart: unless-stopped + + # --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required + # postfix: + # image: mwader/postfix-relay:1.1.39 + # environment: + # - POSTFIX_myhostname=postfix + # volumes: + # - ./config/postfix-relay/main.cf:/etc/postfix/main.cf:ro + # - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw + # - postfix_data:/etc/postfix + # networks: + # - backend + # restart: unless-stopped + # <-- + +volumes: + wazuh_api_configuration: + wazuh_etc: + wazuh_logs: + wazuh_queue: + wazuh_var_multigroups: + wazuh_integrations: + wazuh_active_response: + wazuh_agentless: + wazuh_wodles: + filebeat_etc: + filebeat_var: + wazuh-indexer-data: + wazuh-dashboard-config: + wazuh-dashboard-custom: + # --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required + # postfix_data: + # <-- + +# --> (Optional) When using traefik +# networks: +# frontend: +# external: true +# <-- +# --> (Optional) When using a separate backend network +# backend: +# external: true +# <-- diff --git a/docker-compose/wazuh/config/postfix-relay/main.cf b/docker-compose/wazuh/config/postfix-relay/main.cf new file mode 100644 index 0000000..858bb7f --- /dev/null +++ b/docker-compose/wazuh/config/postfix-relay/main.cf @@ -0,0 +1,12 @@ +relayhost = [your-smtp-server-url]:587 ; Replace [your-smtp-server-url] with your SMTP server URL +smtp_sasl_auth_enable = yes +smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd +smtp_sasl_security_options = noanonymous +smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt +smtp_use_tls = yes +smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination +mydestination = localhost +myhostname = postfix +mynetworks = 0.0.0.0/0 +smtp_tls_security_level = may +smtpd_tls_security_level = none diff --git a/docker-compose/wazuh/config/postfix-relay/sasl_passwd b/docker-compose/wazuh/config/postfix-relay/sasl_passwd new file mode 100644 index 0000000..94dc285 --- /dev/null +++ b/docker-compose/wazuh/config/postfix-relay/sasl_passwd @@ -0,0 +1 @@ +[your-smtp-server-url]:587 username:password ; Replace [your-smtp-server-url] with your SMTP server URL, and username:password with your SMTP server credentials diff --git a/docker-compose/wazuh/config/rules/local_rules.xml b/docker-compose/wazuh/config/rules/local_rules.xml new file mode 100644 index 0000000..0fe6725 --- /dev/null +++ b/docker-compose/wazuh/config/rules/local_rules.xml @@ -0,0 +1,12 @@ + + + diff --git a/docker-compose/wazuh/config/wazuh_cluster/wazuh_manager.conf b/docker-compose/wazuh/config/wazuh_cluster/wazuh_manager.conf new file mode 100644 index 0000000..bd1d556 --- /dev/null +++ b/docker-compose/wazuh/config/wazuh_cluster/wazuh_manager.conf @@ -0,0 +1,308 @@ + + + yes + yes + no + no + no + postfix + your-from-email + your-to-email + 12 + alerts.log + 10m + 0 + + + + 3 + 12 + + + + + plain + + + + secure + 1514 + tcp + 131072 + + + + + no + yes + yes + yes + yes + yes + yes + yes + + + 43200 + + etc/rootcheck/rootkit_files.txt + etc/rootcheck/rootkit_trojans.txt + + yes + + + + yes + 1800 + 1d + yes + + wodles/java + wodles/ciscat + + + + + yes + yes + /var/log/osquery/osqueryd.results.log + /etc/osquery/osquery.conf + yes + + + + + no + 1h + yes + yes + yes + yes + yes + yes + yes + + + + 10 + + + + + yes + yes + 12h + yes + + + + yes + yes + 60m + + + + yes + + https://wazuh.indexer:9200 + + + + /etc/ssl/root-ca.pem + + /etc/ssl/filebeat.pem + /etc/ssl/filebeat.key + + + + + + no + + + 43200 + + yes + + + yes + + + no + + + /etc,/usr/bin,/usr/sbin + /bin,/sbin,/boot + + + /etc/mtab + /etc/hosts.deny + /etc/mail/statistics + /etc/random-seed + /etc/random.seed + /etc/adjtime + /etc/httpd/logs + /etc/utmpx + /etc/wtmpx + /etc/cups/certs + /etc/dumpdates + /etc/svc/volatile + + + .log$|.swp$ + + + /etc/ssl/private.key + + yes + yes + yes + yes + + + 10 + + + 100 + + + + yes + 5m + 1h + 10 + + + + + + 127.0.0.1 + ^localhost.localdomain$ + + + + disable-account + disable-account + yes + + + + restart-wazuh + restart-wazuh + + + + firewall-drop + firewall-drop + yes + + + + host-deny + host-deny + yes + + + + route-null + route-null + yes + + + + win_route-null + route-null.exe + yes + + + + netsh + netsh.exe + yes + + + + + + + command + df -P + 360 + + + + full_command + netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + netstat listening ports + 360 + + + + full_command + last -n 20 + 360 + + + + + ruleset/decoders + ruleset/rules + 0215-policy_rules.xml + etc/lists/audit-keys + etc/lists/amazon/aws-eventnames + etc/lists/security-eventchannel + + + etc/decoders + etc/rules + + + + yes + 1 + 64 + 15m + + + + + no + 1515 + no + yes + no + HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + + no + etc/sslmanager.cert + etc/sslmanager.key + no + + + + wazuh + node01 + master + aa093264ef885029653eea20dfcf51ae + 1516 + 0.0.0.0 + + wazuh.manager + + no + yes + + + + + + + syslog + /var/ossec/logs/active-responses.log + + + diff --git a/docker-compose/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml b/docker-compose/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml new file mode 100644 index 0000000..ccaec07 --- /dev/null +++ b/docker-compose/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml @@ -0,0 +1,12 @@ +server.host: 0.0.0.0 +server.port: 5601 +opensearch.hosts: https://wazuh.indexer:9200 +opensearch.ssl.verificationMode: certificate +opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: ["kibana_read_only"] +server.ssl.enabled: true +server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" +server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" +opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] +uiSettings.overrides.defaultRoute: /app/wz-home diff --git a/docker-compose/wazuh/config/wazuh_dashboard/wazuh.yml b/docker-compose/wazuh/config/wazuh_dashboard/wazuh.yml new file mode 100644 index 0000000..4cfb0fb --- /dev/null +++ b/docker-compose/wazuh/config/wazuh_dashboard/wazuh.yml @@ -0,0 +1,10 @@ +hosts: + - 1513629884013: + url: "https://wazuh.manager" + port: 55000 + username: wazuh-wui + password: "your-wazuh-wui-password" + run_as: false + +enrollment.dns: "your-enrollment-dns-server" +alerts.sample.prefix: "wazuh-alerts-" diff --git a/docker-compose/wazuh/config/wazuh_indexer/internal_users.yml b/docker-compose/wazuh/config/wazuh_indexer/internal_users.yml new file mode 100644 index 0000000..13bd41a --- /dev/null +++ b/docker-compose/wazuh/config/wazuh_indexer/internal_users.yml @@ -0,0 +1,56 @@ +--- +# This is the internal user database +# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh + +_meta: + type: "internalusers" + config_version: 2 + +# Define your internal users here + +## Demo users + +admin: + hash: "$2y$12$y85PV5Ob2lqeR30Rcm/F9..8JMgLT5ALZGMtzTo7c.p1vPpR394ki" + reserved: true + backend_roles: + - "admin" + description: "Demo admin user" + +kibanaserver: + hash: "$2y$12$b9G5KNitghhTt1V5asLQd.nDOjd7O8h.30vkZVfroWT/HFq0y51TO" + reserved: true + description: "Demo kibanaserver user" + +kibanaro: + hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" + reserved: false + backend_roles: + - "kibanauser" + - "readall" + attributes: + attribute1: "value1" + attribute2: "value2" + attribute3: "value3" + description: "Demo kibanaro user" + +logstash: + hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" + reserved: false + backend_roles: + - "logstash" + description: "Demo logstash user" + +readall: + hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" + reserved: false + backend_roles: + - "readall" + description: "Demo readall user" + +snapshotrestore: + hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" + reserved: false + backend_roles: + - "snapshotrestore" + description: "Demo snapshotrestore user" diff --git a/docker-compose/wazuh/config/wazuh_indexer/wazuh.indexer.yml b/docker-compose/wazuh/config/wazuh_indexer/wazuh.indexer.yml new file mode 100644 index 0000000..afcd0ff --- /dev/null +++ b/docker-compose/wazuh/config/wazuh_indexer/wazuh.indexer.yml @@ -0,0 +1,30 @@ +network.host: "0.0.0.0" +node.name: "wazuh.indexer" +path.data: /var/lib/wazuh-indexer +path.logs: /var/log/wazuh-indexer +discovery.type: single-node +http.port: 9200-9299 +transport.tcp.port: 9300-9399 +compatibility.override_main_response_version: true +plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem +plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false +plugins.security.authcz.admin_dn: +- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.nodes_dn: +- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.restapi.roles_enabled: +- "all_access" +- "security_rest_api_access" +plugins.security.system_indices.enabled: true +plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] +plugins.security.allow_default_init_securityindex: true +cluster.routing.allocation.disk.threshold_enabled: false diff --git a/docker-compose/wazuh/generate-certs.yaml b/docker-compose/wazuh/generate-certs.yaml new file mode 100644 index 0000000..7f9ecfe --- /dev/null +++ b/docker-compose/wazuh/generate-certs.yaml @@ -0,0 +1,8 @@ +--- +services: + generator: + image: wazuh/wazuh-certs-generator:0.0.2 + hostname: wazuh-certs-generator + volumes: + - ./config/wazuh_indexer_ssl_certs/:/certificates/ + - ./config/certs.yml:/config/certs.yml From 0d6abdc29857d72fd60c94f2675164b5d8f36d2b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 11:02:36 +0000 Subject: [PATCH 004/112] chore(deps): update docker.io/prom/prometheus docker tag to v3 --- docker-compose/prometheus/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/prometheus/compose.yaml b/docker-compose/prometheus/compose.yaml index 954eace..3a6da92 100644 --- a/docker-compose/prometheus/compose.yaml +++ b/docker-compose/prometheus/compose.yaml @@ -4,7 +4,7 @@ volumes: driver: local services: prometheus: - image: docker.io/prom/prometheus:v2.55.1 + image: docker.io/prom/prometheus:v3.0.0 container_name: prometheus ports: - 9090:9090 From 53c27514981ee6396f954513644b21d714894951 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 14:56:25 +0000 Subject: [PATCH 005/112] chore(deps): update docker.io/semaphoreui/semaphore docker tag to v2.10.43 --- docker-compose/ansiblesemaphore/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/ansiblesemaphore/compose.yaml b/docker-compose/ansiblesemaphore/compose.yaml index fe9be57..ff8560e 100644 --- a/docker-compose/ansiblesemaphore/compose.yaml +++ b/docker-compose/ansiblesemaphore/compose.yaml @@ -16,7 +16,7 @@ services: restart: unless-stopped semaphore: container_name: ansiblesemaphore - image: docker.io/semaphoreui/semaphore:v2.10.42 + image: docker.io/semaphoreui/semaphore:v2.10.43 user: "${UID}:${GID}" ports: - 3000:3000 From 6bc53ac27f0554f8e57cad855e7ee6cbb65bb1e7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 14:56:29 +0000 Subject: [PATCH 006/112] chore(deps): update ghcr.io/home-assistant/home-assistant docker tag to v2024.11.3 --- docker-compose/homeassistant/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homeassistant/compose.yaml b/docker-compose/homeassistant/compose.yaml index 1204ba4..5375d02 100644 --- a/docker-compose/homeassistant/compose.yaml +++ b/docker-compose/homeassistant/compose.yaml @@ -2,7 +2,7 @@ services: homeassistant: container_name: homeassistant - image: ghcr.io/home-assistant/home-assistant:2024.11.2 + image: ghcr.io/home-assistant/home-assistant:2024.11.3 volumes: - ./config:/config - /etc/localtime:/etc/localtime:ro From d40d0a1dcca25685f18ee94fcf3638f58ac4e8c1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 22:49:54 +0000 Subject: [PATCH 007/112] chore(deps): update docker.io/library/postgres docker tag to v16.6 --- docker-compose/authentik/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/authentik/compose.yaml b/docker-compose/authentik/compose.yaml index c834b2a..8540e59 100644 --- a/docker-compose/authentik/compose.yaml +++ b/docker-compose/authentik/compose.yaml @@ -1,7 +1,7 @@ --- services: postgres: - image: docker.io/library/postgres:16.5 + image: docker.io/library/postgres:16.6 container_name: authentik-db environment: - POSTGRES_USER=${POSTGRES_USER:-authentik} From 0fe3aacaa933c63de8e48cd21cc7a164306c7861 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 23:43:14 +0000 Subject: [PATCH 008/112] chore(deps): update docker.io/library/mariadb docker tag to v11.6.2 --- docker-compose/mariadb/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/mariadb/compose.yaml b/docker-compose/mariadb/compose.yaml index b0ca923..8636c57 100644 --- a/docker-compose/mariadb/compose.yaml +++ b/docker-compose/mariadb/compose.yaml @@ -8,7 +8,7 @@ volumes: services: mariadb: # (Recommended) replace "latest" with specific version - image: docker.io/library/mariadb:11.5.2 + image: docker.io/library/mariadb:11.6.2 # (Optional) remove this section when you don't want to expose ports: - 3306:3306 From 3ba1ee9dfe189930d2b529d5017d22787147cf7a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 23:44:15 +0000 Subject: [PATCH 009/112] chore(deps): update docker.io/library/postgres docker tag to v17.2 --- docker-compose/postgres/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/postgres/compose.yaml b/docker-compose/postgres/compose.yaml index e1c133f..385760a 100644 --- a/docker-compose/postgres/compose.yaml +++ b/docker-compose/postgres/compose.yaml @@ -1,7 +1,7 @@ --- services: postgres: - image: docker.io/library/postgres:17.1 + image: docker.io/library/postgres:17.2 container_name: postgres environment: - POSTGRES_INITDB_ARGS=${POSTGRES_INITDB_ARGS---data-checksums} From c99f4992c95e16d800344cb8c5f1c41d8dfd64d5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 23 Nov 2024 18:54:48 +0000 Subject: [PATCH 010/112] chore(deps): update docker.io/b4bz/homer docker tag to v24.11.5 --- docker-compose/homer/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homer/compose.yaml b/docker-compose/homer/compose.yaml index 0c7c742..7a89662 100644 --- a/docker-compose/homer/compose.yaml +++ b/docker-compose/homer/compose.yaml @@ -1,7 +1,7 @@ --- services: homer: - image: docker.io/b4bz/homer:v24.11.4 + image: docker.io/b4bz/homer:v24.11.5 container_name: homer ports: - "8080:8080" From d6e1f2aee7efeff02087aee2a6c7692ff9b980b0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 24 Nov 2024 21:04:36 +0000 Subject: [PATCH 011/112] chore(deps): update ghcr.io/gethomepage/homepage docker tag to v0.9.13 --- docker-compose/homepage/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index 6f27d65..846bc6d 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: homepage: - image: ghcr.io/gethomepage/homepage:v0.9.12 + image: ghcr.io/gethomepage/homepage:v0.9.13 container_name: homepage environment: - LOG_LEVEL=info From 8b383ee46093bc6beb1916e3b0416643af4c5ea5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:25:29 +0000 Subject: [PATCH 012/112] chore(deps): update docker.io/passbolt/passbolt docker tag to v4.10.0 --- docker-compose/passbolt/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/passbolt/compose.yaml b/docker-compose/passbolt/compose.yaml index 81ec8a8..eb60e58 100644 --- a/docker-compose/passbolt/compose.yaml +++ b/docker-compose/passbolt/compose.yaml @@ -17,7 +17,7 @@ services: restart: unless-stopped passbolt: container_name: passbolt-app - image: docker.io/passbolt/passbolt:4.9.1-1-ce + image: docker.io/passbolt/passbolt:4.10.0-1-ce depends_on: - passbolt-db environment: From e46d5cfefc8fa794cff241c6b80ec23e7125c52b Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Mon, 25 Nov 2024 13:33:44 +0100 Subject: [PATCH 013/112] gitea compose and env example --- docker-compose/gitea/.env.example | 16 +++++ docker-compose/gitea/compose.yaml | 99 +++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+) create mode 100644 docker-compose/gitea/.env.example create mode 100644 docker-compose/gitea/compose.yaml diff --git a/docker-compose/gitea/.env.example b/docker-compose/gitea/.env.example new file mode 100644 index 0000000..ce0c6c1 --- /dev/null +++ b/docker-compose/gitea/.env.example @@ -0,0 +1,16 @@ +# Environment Variable Example File +# --- + +# Add internal database credentials here... +# POSTGRES_HOST = "your-database-host" +# POSTGRES_PORT = "your-database-port" +POSTGRES_DB = "your-database-name" +POSTGRES_USER = "your-database-user" +POSTGRES_PASSWORD = "your-database-password" + +# Add mailer credentials here... +MAILER_FROM = "your-mailer-from-address" +MAILER_SMTP_ADDR = "your-mailer-smtp" +MAILER_SMTP_PORT = "your-mailer-smtp-port" +MAILER_USER = "your-mailer-user" +MAILER_PASSWORD = "your-mailer-password" diff --git a/docker-compose/gitea/compose.yaml b/docker-compose/gitea/compose.yaml new file mode 100644 index 0000000..4d49906 --- /dev/null +++ b/docker-compose/gitea/compose.yaml @@ -0,0 +1,99 @@ +--- +services: + server: + image: gitea/gitea:1.22.1 + container_name: gitea-server + environment: + - USER_UID=1000 + - USER_GID=1000 + # -- Change your database settings here... + # --> PostgreSQL + - GITEA__database__DB_TYPE=postgres + - GITEA__database__HOST=${POSTGRES_HOST:-db}:${POSTGRES_PORT:-5432} + - GITEA__database__NAME=${POSTGRES_DB:?POSTGRES_DB not set} + - GITEA__database__USER=${POSTGRES_USER:?POSTGRES_USER not set} + - GITEA__database__PASSWD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set} + # <-- + # --> OR MySQL + # - GITEA__database__DB_TYPE=mysql + # - GITEA__database__HOST=db:3306 + # - GITEA__database__NAME=${MYSQL_DATABASE:?MYSQL_DATABASE not set} + # - GITEA__database__USER=${MYSQL_USER:?MYSQL_USER not set} + # - GITEA__database__PASSWD=${MYSQL_PASSWORD:?MYSQL_PASSWORD not set} + # <-- + # -- (Optional) Change your server settings here... + - GITEA__server__SSH_PORT=2221 # <-- (Optional) Replace with your desired SSH port + - GITEA__server__ROOT_URL=http://your-fqdn # <-- Replace with your FQDN + # --> (Optional) Change mailer settings here... + # - GITEA__mailer__ENABLED=true + # - GITEA__mailer__FROM=${MAILER_FROM:?MAILER_FROM not set} + # - GITEA__mailer__PROTOCOL=smtps + # - GITEA__mailer__SMTP_ADDR=${MAILER_SMTP_ADDR:?MAILER_SMTP_ADDR not set} + # - GITEA__mailer__SMTP_PORT=${MAILER_SMTP_PORT:?MAILER_SMTP_PORT not set} + # - GITEA__mailer__USER=${MAILER_USER:-apikey} + # - GITEA__mailer__PASSWD="""${MAILER_PASSWORD:?MAILER_PASSWORD not set}""" + # <-- + # --> (Optional) When using traefik... + # networks: + # - frontend + # <-- + # --> (Optional) When using an internal database... + # - backend + # <-- + volumes: + - gitea-data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + # --> (Optional) Remove when using traefik... + - "3000:3000" + # <-- + - "2221:22" # <-- (Optional) Replace with your desired SSH port + # --> (Optional) When using internal database... + # depends_on: + # - db + # <-- + # --> (Optional) When using traefik... + # labels: + # - traefik.enable=true + # - traefik.http.services.gitea.loadbalancer.server.port=3000 + # - traefik.http.services.gitea.loadbalancer.server.scheme=http + # - traefik.http.routers.gitea-https.entrypoints=websecure + # - traefik.http.routers.gitea-https.rule=Host(`your-fqdn`) # <-- Replace with your FQDN + # - traefik.http.routers.gitea-https.tls=true + # - traefik.http.routers.gitea-https.tls.certresolver=your-certresolver # <-- Replace with your certresolver + # <-- + restart: unless-stopped + + # --> When using internal database + # db: + # image: postgres:14 + # container_name: gitea-db + # environment: + # - POSTGRES_USER=${POSTGRES_USER:?POSTGRES_USER not set} + # - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set} + # - POSTGRES_DB=${POSTGRES_DB:?POSTGRES_DB not set} + # networks: + # - backend + # volumes: + # - gitea-db:/var/lib/postgresql/data + # restart: unless-stopped + # <-- + +volumes: + gitea-data: + driver: local + # --> When using internal database + # gitea-db: + # driver: local + # <-- + +# --> (Optional) When using traefik... +# networks: +# frontend: +# external: true +# <-- +# --> (Optional) When using an internal database... +# backend: +# external: true +# <-- From 7a4d3547a3a9976b4fa57fbc5e40623668440fa4 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Mon, 25 Nov 2024 15:57:06 +0100 Subject: [PATCH 014/112] fix for mailer integration --- docker-compose/gitea/.env.example | 8 -------- docker-compose/gitea/compose.yaml | 9 --------- 2 files changed, 17 deletions(-) diff --git a/docker-compose/gitea/.env.example b/docker-compose/gitea/.env.example index ce0c6c1..2a6bc0e 100644 --- a/docker-compose/gitea/.env.example +++ b/docker-compose/gitea/.env.example @@ -1,16 +1,8 @@ # Environment Variable Example File # --- - # Add internal database credentials here... # POSTGRES_HOST = "your-database-host" # POSTGRES_PORT = "your-database-port" POSTGRES_DB = "your-database-name" POSTGRES_USER = "your-database-user" POSTGRES_PASSWORD = "your-database-password" - -# Add mailer credentials here... -MAILER_FROM = "your-mailer-from-address" -MAILER_SMTP_ADDR = "your-mailer-smtp" -MAILER_SMTP_PORT = "your-mailer-smtp-port" -MAILER_USER = "your-mailer-user" -MAILER_PASSWORD = "your-mailer-password" diff --git a/docker-compose/gitea/compose.yaml b/docker-compose/gitea/compose.yaml index 4d49906..3af44cd 100644 --- a/docker-compose/gitea/compose.yaml +++ b/docker-compose/gitea/compose.yaml @@ -24,15 +24,6 @@ services: # -- (Optional) Change your server settings here... - GITEA__server__SSH_PORT=2221 # <-- (Optional) Replace with your desired SSH port - GITEA__server__ROOT_URL=http://your-fqdn # <-- Replace with your FQDN - # --> (Optional) Change mailer settings here... - # - GITEA__mailer__ENABLED=true - # - GITEA__mailer__FROM=${MAILER_FROM:?MAILER_FROM not set} - # - GITEA__mailer__PROTOCOL=smtps - # - GITEA__mailer__SMTP_ADDR=${MAILER_SMTP_ADDR:?MAILER_SMTP_ADDR not set} - # - GITEA__mailer__SMTP_PORT=${MAILER_SMTP_PORT:?MAILER_SMTP_PORT not set} - # - GITEA__mailer__USER=${MAILER_USER:-apikey} - # - GITEA__mailer__PASSWD="""${MAILER_PASSWORD:?MAILER_PASSWORD not set}""" - # <-- # --> (Optional) When using traefik... # networks: # - frontend From 3d3e345f3d3971af515003d2ac4e50e7a5a91dbe Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 22:52:51 +0000 Subject: [PATCH 015/112] chore(deps): update terraform kubernetes to v2.34.0 --- terraform/kubernetes/provider.tf | 2 +- terraform/templates/kubernetes-automation-example/provider.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/kubernetes/provider.tf b/terraform/kubernetes/provider.tf index d7f5cfd..218e5c8 100644 --- a/terraform/kubernetes/provider.tf +++ b/terraform/kubernetes/provider.tf @@ -9,7 +9,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.33.0" + version = "2.34.0" } } } diff --git a/terraform/templates/kubernetes-automation-example/provider.tf b/terraform/templates/kubernetes-automation-example/provider.tf index 921a220..36c41ac 100644 --- a/terraform/templates/kubernetes-automation-example/provider.tf +++ b/terraform/templates/kubernetes-automation-example/provider.tf @@ -13,7 +13,7 @@ terraform { } kubernetes = { source = "hashicorp/kubernetes" - version = "2.33.0" + version = "2.34.0" } kubectl = { source = "gavinbunney/kubectl" From df2b3e3e7103dc4d48dc57dbcd31c9fb3582dddd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 07:31:58 +0000 Subject: [PATCH 016/112] chore(deps): update terraform kubectl to v1.15.0 --- terraform/kubectl/provider.tf | 2 +- terraform/templates/kubernetes-automation-example/provider.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/kubectl/provider.tf b/terraform/kubectl/provider.tf index 50fa003..0b5a964 100644 --- a/terraform/kubectl/provider.tf +++ b/terraform/kubectl/provider.tf @@ -9,7 +9,7 @@ terraform { required_providers { kubectl = { source = "gavinbunney/kubectl" - version = "1.14.0" + version = "1.15.0" } } } diff --git a/terraform/templates/kubernetes-automation-example/provider.tf b/terraform/templates/kubernetes-automation-example/provider.tf index 36c41ac..54f87fa 100644 --- a/terraform/templates/kubernetes-automation-example/provider.tf +++ b/terraform/templates/kubernetes-automation-example/provider.tf @@ -17,7 +17,7 @@ terraform { } kubectl = { source = "gavinbunney/kubectl" - version = "1.14.0" + version = "1.15.0" } cloudflare = { source = "cloudflare/cloudflare" From cb15404bc3f1c61f2c63a859083aaea0d193ae3a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 11:21:33 +0000 Subject: [PATCH 017/112] chore(deps): update docker.io/passbolt/passbolt docker tag to v4.10.1 --- docker-compose/passbolt/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/passbolt/compose.yaml b/docker-compose/passbolt/compose.yaml index eb60e58..4177151 100644 --- a/docker-compose/passbolt/compose.yaml +++ b/docker-compose/passbolt/compose.yaml @@ -17,7 +17,7 @@ services: restart: unless-stopped passbolt: container_name: passbolt-app - image: docker.io/passbolt/passbolt:4.10.0-1-ce + image: docker.io/passbolt/passbolt:4.10.1-1-ce depends_on: - passbolt-db environment: From 09040bbe6bda8e5a04e83286e8b34c1098b54c87 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 11:37:03 +0000 Subject: [PATCH 018/112] chore(deps): update terraform kubectl to v1.16.0 --- terraform/kubectl/provider.tf | 2 +- terraform/templates/kubernetes-automation-example/provider.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/kubectl/provider.tf b/terraform/kubectl/provider.tf index 0b5a964..405dffe 100644 --- a/terraform/kubectl/provider.tf +++ b/terraform/kubectl/provider.tf @@ -9,7 +9,7 @@ terraform { required_providers { kubectl = { source = "gavinbunney/kubectl" - version = "1.15.0" + version = "1.16.0" } } } diff --git a/terraform/templates/kubernetes-automation-example/provider.tf b/terraform/templates/kubernetes-automation-example/provider.tf index 54f87fa..f0f2209 100644 --- a/terraform/templates/kubernetes-automation-example/provider.tf +++ b/terraform/templates/kubernetes-automation-example/provider.tf @@ -17,7 +17,7 @@ terraform { } kubectl = { source = "gavinbunney/kubectl" - version = "1.15.0" + version = "1.16.0" } cloudflare = { source = "cloudflare/cloudflare" From e4dd5dc3a326a03579c9d9a7014fae753d44c50f Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Fri, 29 Nov 2024 13:58:59 +0100 Subject: [PATCH 019/112] initial gitlab deployment --- docker-compose/gitlab/compose.yaml | 52 +++++++++++++++++++++++ docker-compose/gitlab/config/gitlab.rb | 58 ++++++++++++++++++++++++++ 2 files changed, 110 insertions(+) create mode 100644 docker-compose/gitlab/compose.yaml create mode 100644 docker-compose/gitlab/config/gitlab.rb diff --git a/docker-compose/gitlab/compose.yaml b/docker-compose/gitlab/compose.yaml new file mode 100644 index 0000000..76f4f61 --- /dev/null +++ b/docker-compose/gitlab/compose.yaml @@ -0,0 +1,52 @@ +--- +services: + gitlab: + image: gitlab/gitlab-ce:17.6.1-ce.0 + container_name: gitlab + shm_size: '256m' + environment: {} + # --> (Optional) When using traefik... + # networks: + # - frontend + # <-- + volumes: + - ./config:/etc/gitlab + - ./logs:/var/log/gitlab + - gitlab-data:/var/opt/gitlab + ports: + # --> (Optional) Remove when using traefik... + - "80:80" + - "443:443" + # <-- + - '2424:22' + # --> (Optional) When using traefik... + # labels: + # - traefik.enable=true + # - traefik.http.services.gitlab.loadbalancer.server.port=80 + # - traefik.http.services.gitlab.loadbalancer.server.scheme=http + # - traefik.http.routers.gitlab.service=gitlab + # - traefik.http.routers.gitlab.rule=Host(`your-gitlab-fqdn`) + # - traefik.http.routers.gitlab.entrypoints=websecure + # - traefik.http.routers.gitlab.tls=true + # - traefik.http.routers.gitlab.tls.certresolver=cloudflare + # <-- + # --> (Optional) Enable Container Registry settings here... + # - traefik.http.services.registry.loadbalancer.server.port=5678 + # - traefik.http.services.registry.loadbalancer.server.scheme=http + # - traefik.http.routers.registry.service=registry + # - traefik.http.routers.registry.rule=Host(`your-registry-fqdn`) + # - traefik.http.routers.registry.entrypoints=websecure + # - traefik.http.routers.registry.tls=true + # - traefik.http.routers.registry.tls.certresolver=cloudflare + # <-- + restart: unless-stopped + +volumes: + gitlab-data: + driver: local + +# --> (Optional) When using traefik... +# networks: +# frontend: +# external: true +# <-- diff --git a/docker-compose/gitlab/config/gitlab.rb b/docker-compose/gitlab/config/gitlab.rb new file mode 100644 index 0000000..a838539 --- /dev/null +++ b/docker-compose/gitlab/config/gitlab.rb @@ -0,0 +1,58 @@ +# -- Change GitLab settings here... +external_url 'https://your-gitlab-fqdn' # <-- Replace with your GitLab FQDN + +# -- (Optional) Change GitLab Shell settings here... +gitlab_rails['gitlab_shell_ssh_port'] = 2424 + +# -- Change internal web service settings here... +letsencrypt['enable'] = false +nginx['listen_port'] = 80 +nginx['listen_https'] = false + +# --> (Optional) Enable Container Registry settings here... +# registry_external_url 'https://your-registry-fqdn' # <-- Replace with your registry FQDN +# gitlab_rails['registry_enabled'] = true +# registry_nginx['listen_https'] = false +# registry_nginx['listen_port'] = 5678 # <-- Replace with your registry port +# <-- + +# --> (Optional) Add Authentik settings here... +# gitlab_rails['omniauth_auto_link_user'] = ['openid_connect'] +# gitlab_rails['omniauth_providers'] = [ +# { +# name: "openid_connect", # !-- Do not change this parameter +# label: "Authentik", # <-- (Optional) Change name for login button, defaults to "Openid Connect" +# icon: "https://avatars.githubusercontent.com/u/82976448?s=200&v=4", +# args: { +# name: "openid_connect", +# scope: ["openid","profile","email"], +# response_type: "code", +# issuer: "https://your-authentik-fqdn/application/o/your-gitlab-slug/", # <-- Replace with your Authentik FQDN and GitLab slug +# discovery: true, +# client_auth_method: "query", +# uid_field: "email", +# send_scope_to_token_endpoint: "false", +# pkce: true, +# client_options: { +# identifier: "your-authentik-provider-client-id", # <-- Replace with your Authentik provider client ID +# secret: "your-authentik-provider-client-secret", # <-- Replace with your Authentik provider client secret +# redirect_uri: "https://your-authentik-fqdn/users/auth/openid_connect/callback" # <-- Replace with your Authentik FQDN +# } +# } +# } +# ] +# <-- + +# --> (Optional) Change SMTP settings here... +# gitlab_rails['smtp_enable'] = true +# gitlab_rails['smtp_address'] = "your-smtp-server-addr" # <-- Replace with your SMTP server address +# gitlab_rails['smtp_port'] = 465 +# gitlab_rails['smtp_user_name'] = "your-smtp-username" # <-- Replace with your SMTP username +# gitlab_rails['smtp_password'] = "your-smtp-password" # <-- Replace with your SMTP password +# gitlab_rails['smtp_domain'] = "your-smtp-domain" # <-- Replace with your SMTP domain +# gitlab_rails['smtp_authentication'] = "login" +# gitlab_rails['smtp_ssl'] = true +# gitlab_rails['smtp_force_ssl'] = true +# gitlab_rails['gitlab_email_from'] = 'your-email-from-addr' # <-- Replace with your email from address +# gitlab_rails['gitlab_email_reply_to'] = 'your-email-replyto-addr' # <-- Replace with your email reply-to address +# <-- From 01904e1541f9d8d316aedfeeade14c215548864b Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Fri, 29 Nov 2024 14:23:34 +0100 Subject: [PATCH 020/112] fix for tls example --- .../traefik/config/conf.d/tls.yaml.example | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 docker-compose/traefik/config/conf.d/tls.yaml.example diff --git a/docker-compose/traefik/config/conf.d/tls.yaml.example b/docker-compose/traefik/config/conf.d/tls.yaml.example new file mode 100644 index 0000000..5bd28ba --- /dev/null +++ b/docker-compose/traefik/config/conf.d/tls.yaml.example @@ -0,0 +1,17 @@ +# -- Change TLS Configuration here... +tls: + options: + default: + minVersion: VersionTLS12 + sniStrict: true + curvePreferences: + - CurveP256 + - CurveP384 + - CurveP521 + cipherSuites: + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 From 0cac46823d0b2318cad4f6455f54ad83396c501e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 29 Nov 2024 18:01:37 +0000 Subject: [PATCH 021/112] chore(deps): update lscr.io/linuxserver/duplicati docker tag to v2.1.0 --- docker-compose/duplicati/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/duplicati/compose.yaml b/docker-compose/duplicati/compose.yaml index 1d8dddd..9f158fc 100644 --- a/docker-compose/duplicati/compose.yaml +++ b/docker-compose/duplicati/compose.yaml @@ -1,7 +1,7 @@ --- services: duplicati: - image: lscr.io/linuxserver/duplicati:2.0.8 + image: lscr.io/linuxserver/duplicati:2.1.0 container_name: duplicati environment: - PUID=1000 From 0e90440551e5fc0bf9f17bd1b6e7e4aff76107cf Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 17:52:37 +0000 Subject: [PATCH 022/112] chore(deps): update docker.io/b4bz/homer docker tag to v24.12.1 --- docker-compose/homer/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homer/compose.yaml b/docker-compose/homer/compose.yaml index 7a89662..659c888 100644 --- a/docker-compose/homer/compose.yaml +++ b/docker-compose/homer/compose.yaml @@ -1,7 +1,7 @@ --- services: homer: - image: docker.io/b4bz/homer:v24.11.5 + image: docker.io/b4bz/homer:v24.12.1 container_name: homer ports: - "8080:8080" From 6f22bd8056cfd61276687228d60aa704b23824b6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 02:19:42 +0000 Subject: [PATCH 023/112] chore(deps): update docker.io/library/influxdb docker tag to v2.7.11 --- docker-compose/influxdb/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/influxdb/compose.yaml b/docker-compose/influxdb/compose.yaml index 60eca8c..5cc437c 100644 --- a/docker-compose/influxdb/compose.yaml +++ b/docker-compose/influxdb/compose.yaml @@ -8,7 +8,7 @@ volumes: services: influxdb: container_name: influxdb - image: docker.io/library/influxdb:2.7.10-alpine + image: docker.io/library/influxdb:2.7.11-alpine # (Optional) remove this section when using traefik ports: - '8086:8086' From d4aecf629491449d49e16c47c6620896d8822b6b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 06:08:25 +0000 Subject: [PATCH 024/112] chore(deps): update portainer/portainer-ce docker tag to v2.24.1 --- helm/portainer/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/portainer/values.yaml b/helm/portainer/values.yaml index 2d97c88..063f2f5 100644 --- a/helm/portainer/values.yaml +++ b/helm/portainer/values.yaml @@ -1,7 +1,7 @@ --- image: repository: portainer/portainer-ce - tag: 2.24.0 + tag: 2.24.1 pullPolicy: IfNotPresent service: From a4c2b01d92e0d729ba9d2ff80d6af7f3c3581407 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Tue, 3 Dec 2024 14:43:56 +0100 Subject: [PATCH 025/112] update kestra templates --- kestra/ansible/playbook-inline.yaml | 22 +++++++-------- kestra/ansible/playbook-password.yaml | 16 +++++------ kestra/ansible/playbook-ssh-key.yaml | 18 ++++++------ kestra/docker/file-build.yaml | 26 ++++++++--------- kestra/docker/git-build.yaml | 29 +++++++++---------- kestra/docker/purge.yaml | 0 kestra/inputs.yaml | 40 +++++++++++++-------------- kestra/python/command.yaml | 5 ++-- kestra/python/script.yaml | 4 +-- kestra/variables.yaml | 10 +++---- kestra/webhook.yaml | 11 ++++---- 11 files changed, 92 insertions(+), 89 deletions(-) create mode 100644 kestra/docker/purge.yaml diff --git a/kestra/ansible/playbook-inline.yaml b/kestra/ansible/playbook-inline.yaml index 082c253..118c011 100644 --- a/kestra/ansible/playbook-inline.yaml +++ b/kestra/ansible/playbook-inline.yaml @@ -4,20 +4,20 @@ # # Run an ansible playbook defined inline the kestra flow. # -id: ansible_job -namespace: # your-namespace +id: ansible_job # <- Replace with your task id... +namespace: your-namespace # <- Replace with your namespace... + tasks: - - id: ansible + - id: ansible # <- Replace with your task id... type: io.kestra.plugin.core.flow.WorkingDirectory tasks: - - id: local_files - type: io.kestra.core.tasks.storages.LocalFiles + - id: local_files # <- Replace with your task id... + type: io.kestra.plugin.core.storage.LocalFiles inputs: - inventory.ini: | + inventory.ini: | # <- Replace with your inventory file content... srv-demo-1.home.clcreative.de - # --> replace with your playbook - myplaybook.yaml: | + myplaybook.yaml: | # <- Replace with your playbook file content... --- - hosts: srv-demo-1.home.clcreative.de tasks: @@ -27,8 +27,8 @@ tasks: upgrade: true update_cache: true # <-- - id_rsa: "{{ secret('SSH_KEY') }}" - - id: ansible_task + id_rsa: "{{ secret('SSH_KEY') }}" # <- Replace with your secret key... + - id: ansible_task # <- Replace with your task id... type: io.kestra.plugin.ansible.cli.AnsibleCLI docker: image: docker.io/cytopia/ansible:latest-tools @@ -39,4 +39,4 @@ tasks: # "ANSIBLE_REMOTE_USER": "your-remote-user" # <-- commands: - - ansible-playbook -i inventory.ini --key-file id_rsa myplaybook.yaml + - ansible-playbook -i inventory.ini --key-file id_rsa myplaybook.yaml # <- Replace with your inventory and playbook files... diff --git a/kestra/ansible/playbook-password.yaml b/kestra/ansible/playbook-password.yaml index e86dad8..f588dba 100644 --- a/kestra/ansible/playbook-password.yaml +++ b/kestra/ansible/playbook-password.yaml @@ -4,21 +4,21 @@ # # Run an ansible playbook which has been uploaded to the server. # -id: ansible_job -namespace: # your-namespace +id: ansible_job # <- Replace with your task id... +namespace: your-namespace # <- Replace with your namespace... tasks: - - id: ansible + - id: ansible # <- Replace with your task id... type: io.kestra.plugin.core.flow.WorkingDirectory tasks: - - id: ansible_task + - id: ansible_task # <- Replace with your task id... namespaceFiles: enabled: true # --> upload your files to the kestra data directory for the namespace in # //_files/ include: - - inventory.ini - - myplaybook.yaml + - inventory.ini # <- Replace with your inventory file... + - myplaybook.yaml # <- Replace with your playbook file... # <-- type: io.kestra.plugin.ansible.cli.AnsibleCLI docker: @@ -29,5 +29,5 @@ tasks: # "ANSIBLE_REMOTE_USER": "your-remote-user" # <-- commands: - - apk add sshpass # only required if use ssh passwords. - - ansible-playbook -i inventory.ini myplaybook.yaml + - apk add sshpass # <- (Optional) Only required if use ssh passwords. + - ansible-playbook -i inventory.ini myplaybook.yaml # <- Replace with your inventory and playbook files... diff --git a/kestra/ansible/playbook-ssh-key.yaml b/kestra/ansible/playbook-ssh-key.yaml index 86e17fa..bffa052 100644 --- a/kestra/ansible/playbook-ssh-key.yaml +++ b/kestra/ansible/playbook-ssh-key.yaml @@ -5,25 +5,25 @@ # Run an ansible playbook which has been uploaded to the server, using # ssh key authentication. # -id: ansible_job -namespace: # your-namespace +id: ansible_job # <- Replace with your task id... +namespace: your-namespace # <- Replace with your namespace... tasks: - - id: ansible + - id: ansible # <- Replace with your task id... type: io.kestra.plugin.core.flow.WorkingDirectory tasks: - - id: load_ssh_key - type: io.kestra.core.tasks.storages.LocalFiles + - id: load_ssh_key # <- Replace with your task id... + type: io.kestra.plugin.core.storage.LocalFiles inputs: - id_rsa: "{{ secret('SSH_KEY') }}" + id_rsa: "{{ secret('SSH_KEY') }}" # <- Replace with your secret key... - id: ansible_task namespaceFiles: enabled: true # --> upload your files to the kestra data directory for the namespace in # //_files/ include: - - inventory.ini - - myplaybook.yaml + - inventory.ini # <- Replace with your inventory file... + - myplaybook.yaml # <- Replace with your playbook file... # <-- type: io.kestra.plugin.ansible.cli.AnsibleCLI docker: @@ -35,4 +35,4 @@ tasks: # "ANSIBLE_REMOTE_USER": "your-remote-user" # <-- commands: - - ansible-playbook -i inventory.ini --key-file id_rsa myplaybook.yaml + - ansible-playbook -i inventory.ini --key-file id_rsa myplaybook.yaml # <- Replace with your inventory and playbook files... diff --git a/kestra/docker/file-build.yaml b/kestra/docker/file-build.yaml index bf689af..45558fc 100644 --- a/kestra/docker/file-build.yaml +++ b/kestra/docker/file-build.yaml @@ -5,35 +5,35 @@ # Build a Docker image from a File. # -id: docker-file-build -namespace: # your-namespace +id: docker-file-build # <- Replace with your task id... +namespace: your-namespace # <- Replace with your namespace... tasks: - - id: file - type: io.kestra.core.tasks.flows.WorkingDirectory + - id: file # <- Replace with your task id... + type: io.kestra.plugin.core.flow.WorkingDirectory tasks: - - id: createFiles - type: io.kestra.core.tasks.storages.LocalFiles + - id: createFiles # <- Replace with your task id... + type: io.kestra.plugin.core.storage.LocalFiles inputs: - Dockerfile: | + Dockerfile: | # <- Replace with your Dockerfile content... FROM alpine:latest WORKDIR /app COPY . /app RUN apk add --update python3 CMD [ "python", "main.py"] - main.py: | + main.py: | # <- Replace with your Python script content... if __name__ == "__main__": print("Hello from Docker!") exit(0) - - id: build + - id: build # <- Replace with your task id... type: io.kestra.plugin.docker.Build - dockerfile: "src/Dockerfile" + dockerfile: "src/Dockerfile" # <- Replace with your Dockerfile path... tags: - - your-username/your-repository:your-tag + - your-username/your-repository:your-tag # <- Replace with your Docker image tag... push: true credentials: registry: https://index.docker.io/v1/ - username: "{{ secret('YOUR_USERNAME') }}" - password: "{{ secret('YOUR_PASSWORD') }}" + username: "{{ secret('YOUR_USERNAME') }}" # <- Replace with your Docker Hub username... + password: "{{ secret('YOUR_PASSWORD') }}" # <- Replace with your Docker Hub password... diff --git a/kestra/docker/git-build.yaml b/kestra/docker/git-build.yaml index 2046b70..9da3126 100644 --- a/kestra/docker/git-build.yaml +++ b/kestra/docker/git-build.yaml @@ -5,26 +5,27 @@ # Build a Docker image from a Git repository. # -id: docker-git-build -namespace: # your-namespace +id: docker-git-build # <- Replace with your task id... +namespace: your-namespace # <- Replace with your namespace... tasks: - - id: git - type: io.kestra.core.tasks.flows.WorkingDirectory - tasks: - - id: clone - type: io.kestra.plugin.git.Clone - url: https://your-git-repo-url - branch: your-branch + - id: git # <- Replace with your task id... + type: io.kestra.plugin.core.flow.WorkingDirectory - - id: build + tasks: + - id: clone # <- Replace with your task id... + type: io.kestra.plugin.git.Clone + url: https://your-git-repo-url # <- Replace with your Git repository URL... + branch: your-branch # <- Replace with your Git branch... + + - id: build # <- Replace with your task id... type: io.kestra.plugin.docker.Build - dockerfile: "src/Dockerfile" + dockerfile: "src/Dockerfile" # <- Replace with your Dockerfile path... tags: - - your-username/your-repository:your-tag + - your-username/your-repository:your-tag # <- Replace with your Docker image tag... push: true credentials: registry: https://index.docker.io/v1/ - username: "{{ secret('YOUR_USERNAME') }}" - password: "{{ secret('YOUR_PASSWORD') }}" + username: "{{ secret('YOUR_USERNAME') }}" # <- Replace with your Docker Hub username... + password: "{{ secret('YOUR_PASSWORD') }}" # <- Replace with your Docker Hub password... diff --git a/kestra/docker/purge.yaml b/kestra/docker/purge.yaml new file mode 100644 index 0000000..e69de29 diff --git a/kestra/inputs.yaml b/kestra/inputs.yaml index 432e692..2d60e59 100644 --- a/kestra/inputs.yaml +++ b/kestra/inputs.yaml @@ -5,61 +5,61 @@ # Inputs is a list of dynamic values passed to the flow at runtime. # -id: inputs -namespace: # your-namespace +id: inputs # <- Replace with your task id... +namespace: your-namespace # <- Replace with your namespace... inputs: - - id: string + - id: string # <- Replace with your input name... type: STRING - - id: optional + - id: optional # <- Replace with your input name... type: STRING required: false - - id: int + - id: int # <- Replace with your input name... type: INT - - id: bool + - id: bool # <- Replace with your input name... type: BOOLEAN - - id: float + - id: float # <- Replace with your input name... type: FLOAT - - id: instant + - id: instant # <- Replace with your input name... type: DATETIME - - id: date + - id: date # <- Replace with your input name... type: DATE - - id: time + - id: time # <- Replace with your input name... type: TIME - - id: duration + - id: duration # <- Replace with your input name... type: DURATION - - id: file + - id: file # <- Replace with your input name... type: FILE - - id: optionalFile + - id: optionalFile # <- Replace with your input name... type: FILE - - id: instantDefaults + - id: instantDefaults # <- Replace with your input name... type: DATETIME - defaults: "2013-08-09T14:19:00Z" + defaults: "2013-08-09T14:19:00Z" # <- Replace with your default value... - - id: json + - id: json # <- Replace with your input name... type: JSON - - id: uri + - id: uri # <- Replace with your input name... type: URI - - id: secret + - id: secret # <- Replace with your input name... type: SECRET - - id: nested.string + - id: nested.string # <- Replace with your input name... type: STRING tasks: - id: using_inputs - type: io.kestra.core.tasks.log.Log + type: io.kestra.plugin.core.log.Log message: "{{ inputs.string }}" diff --git a/kestra/python/command.yaml b/kestra/python/command.yaml index 50c7b56..8c5ce88 100644 --- a/kestra/python/command.yaml +++ b/kestra/python/command.yaml @@ -7,9 +7,10 @@ # usage: # make sure the Kestra instance can access the /app/scripts/your-python-script.py file # if you're running Kestra in Docker, use a volume to mount the file/directory. +# -id: python-command -namespace: # your-namespace +id: python-command # <- Replace with your task id... +namespace: your-namespace # <- Replace with your namespace... tasks: diff --git a/kestra/python/script.yaml b/kestra/python/script.yaml index e69b1c7..b737754 100644 --- a/kestra/python/script.yaml +++ b/kestra/python/script.yaml @@ -5,8 +5,8 @@ # This template is a simple Python script that can be used to make a request to a website and log the status code. # -id: python-script -namespace: # your-namespace +id: python-script # <- Replace with your task id... +namespace: your-namespace # <- Replace with your namespace... tasks: diff --git a/kestra/variables.yaml b/kestra/variables.yaml index 10f3ef7..e708cc1 100644 --- a/kestra/variables.yaml +++ b/kestra/variables.yaml @@ -2,16 +2,16 @@ # Kestra Variable Template # --- # -# +# Variables is a list of static values passed to the flow at runtime. # -id: variables -namespace: # your-namespace +id: variables # <- Replace with your task id... +namespace: your-namespace # <- Replace with your namespace... variables: - variable-name: "variable-value" + variable-name: "variable-value" # <- Replace with your variable name and value... tasks: - id: using_variables - type: io.kestra.core.tasks.log.Log + type: io.kestra.plugin.core.log.Log message: "{{ vars.variable-name }}" diff --git a/kestra/webhook.yaml b/kestra/webhook.yaml index c37506e..dfb07d7 100644 --- a/kestra/webhook.yaml +++ b/kestra/webhook.yaml @@ -6,14 +6,15 @@ # # usage: # curl http://your-kestra-instance/api/v1/executions/webhook/your-namespace/your-task-id/your-secret-key +# -id: webhook -namespace: # your-namespace +id: webhook # <- Replace with your task id... +namespace: your-namespace # <- Replace with your namespace... tasks: -# - your-tasks +# -- Add your tasks here... triggers: - id: webhook - type: io.kestra.core.models.triggers.types.Webhook - key: # your-secret-key, keep this secret! + type: io.kestra.plugin.core.trigger.Webhook + key: your-secret-key # <- Replace with your secret key... From 44a037d8025be9fdd6679b5a61d434399f228f7e Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Tue, 3 Dec 2024 15:44:52 +0100 Subject: [PATCH 026/112] fixed templates for 1.19 kestra --- kestra/ansible/ansible-playbook-git.yaml | 35 ++++++++++++++++ kestra/ansible/ansible-playbook-inline.yaml | 37 ++++++++++++++++ kestra/ansible/playbook-inline.yaml | 42 ------------------- kestra/ansible/playbook-password.yaml | 33 --------------- kestra/ansible/playbook-ssh-key.yaml | 38 ----------------- .../{git-build.yaml => docker-build-git.yaml} | 27 ++++++------ kestra/docker/docker-build-inline.yaml | 32 ++++++++++++++ kestra/docker/file-build.yaml | 39 ----------------- kestra/docker/purge.yaml | 0 .../{command.yaml => python_command.yaml} | 14 +++---- .../{script.yaml => python_script.yaml} | 18 +++----- 11 files changed, 129 insertions(+), 186 deletions(-) create mode 100644 kestra/ansible/ansible-playbook-git.yaml create mode 100644 kestra/ansible/ansible-playbook-inline.yaml delete mode 100644 kestra/ansible/playbook-inline.yaml delete mode 100644 kestra/ansible/playbook-password.yaml delete mode 100644 kestra/ansible/playbook-ssh-key.yaml rename kestra/docker/{git-build.yaml => docker-build-git.yaml} (52%) create mode 100644 kestra/docker/docker-build-inline.yaml delete mode 100644 kestra/docker/file-build.yaml delete mode 100644 kestra/docker/purge.yaml rename kestra/python/{command.yaml => python_command.yaml} (62%) rename kestra/python/{script.yaml => python_script.yaml} (62%) diff --git a/kestra/ansible/ansible-playbook-git.yaml b/kestra/ansible/ansible-playbook-git.yaml new file mode 100644 index 0000000..892554d --- /dev/null +++ b/kestra/ansible/ansible-playbook-git.yaml @@ -0,0 +1,35 @@ +# Kestra ansible-playbook Template +# --- +# +# Run an ansible playbook cloned from a Git Repository +# +id: ansible_playbook_git +namespace: your_namespace # <-- Replace with your namespace... +tasks: + - id: ansible_job + type: io.kestra.plugin.core.flow.WorkingDirectory + inputFiles: + id_rsa: "{{ secret('RSA_SSH_KEY') }}" # <-- (Required) Replace with your secret key... + # id_ed25519: "{{ secret('ED25519_SSH_KEY') }}" # <-- (Optional) Replace with your secret key, when using ED25519... + tasks: + - id: git_clone + type: io.kestra.plugin.git.Clone + url: your-git-repository-url # <-- Replace with your Git repository URL... + directory: ansible + branch: main # <-- (Optional) Replace with your Git branch... + # --> (Optional) If Git repository is private, add your Git token... + # username: xcad + # password: "{{ secret('GITOKEN') }}" + # <-- + - id: ansible_playbook + type: io.kestra.plugin.ansible.cli.AnsibleCLI + taskRunner: + type: io.kestra.plugin.scripts.runner.docker.Docker + image: docker.io/cytopia/ansible:latest-tools + user: "1000" # <-- (Required) Replace with your user id... + env: + "ANSIBLE_HOST_KEY_CHECKING": "false" + "ANSIBLE_REMOTE_USER": "your-remote-user" # <-- (Required) Replace with your remote user... + commands: + - ansible-playbook -i ansible/inventory --key-file id_rsa ansible/your-playbook.yaml + # - ansible-playbook -i ansible/inventory --key-file id_ed25519 ansible/your-playbook.yaml # <-- (Optional) when using ED25519... diff --git a/kestra/ansible/ansible-playbook-inline.yaml b/kestra/ansible/ansible-playbook-inline.yaml new file mode 100644 index 0000000..bbc66c2 --- /dev/null +++ b/kestra/ansible/ansible-playbook-inline.yaml @@ -0,0 +1,37 @@ +# Kestra ansible-playbook Template +# --- +# +# Run an ansible playbook defined inline the kestra flow. +# +id: ansible_playbook_inline +namespace: your_namespace # <-- Replace with your namespace... +tasks: + - id: ansible_job + type: io.kestra.plugin.core.flow.WorkingDirectory + inputFiles: + inventory.ini: | # <-- Replace with your inventory file content... + srv-demo-1.home.clcreative.de + myplaybook.yaml: | # <-- Replace with your playbook file content... + --- + - hosts: srv-demo-1.home.clcreative.de + tasks: + - name: upgrade apt packages + become: true + ansible.builtin.apt: + upgrade: true + update_cache: true + id_rsa: "{{ secret('RSA_SSH_KEY') }}" # <-- (Required) Replace with your secret key... + # id_ed25519: "{{ secret('ED25519_SSH_KEY') }}" # <-- (Optional) Replace with your secret key, when using ED25519... + tasks: + - id: ansible_playbook + type: io.kestra.plugin.ansible.cli.AnsibleCLI + taskRunner: + type: io.kestra.plugin.scripts.runner.docker.Docker + image: docker.io/cytopia/ansible:latest-tools + user: "1000" # <-- (Required) Replace with your user id... + env: + "ANSIBLE_HOST_KEY_CHECKING": "false" + "ANSIBLE_REMOTE_USER": "your-remote-user" # <-- (Required) Replace with your remote user... + commands: + - ansible-playbook -i inventory.ini --key-file id_rsa myplaybook.yaml + # - ansible-playbook -i inventory.ini --key-file id_ed25519 myplaybook.yaml # <-- (Optional) when using ED25519... diff --git a/kestra/ansible/playbook-inline.yaml b/kestra/ansible/playbook-inline.yaml deleted file mode 100644 index 118c011..0000000 --- a/kestra/ansible/playbook-inline.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Kestra ansible-playbook Template -# --- -# -# Run an ansible playbook defined inline the kestra flow. -# - -id: ansible_job # <- Replace with your task id... -namespace: your-namespace # <- Replace with your namespace... - -tasks: - - id: ansible # <- Replace with your task id... - type: io.kestra.plugin.core.flow.WorkingDirectory - tasks: - - id: local_files # <- Replace with your task id... - type: io.kestra.plugin.core.storage.LocalFiles - inputs: - inventory.ini: | # <- Replace with your inventory file content... - srv-demo-1.home.clcreative.de - myplaybook.yaml: | # <- Replace with your playbook file content... - --- - - hosts: srv-demo-1.home.clcreative.de - tasks: - - name: upgrade apt packages - become: true - ansible.builtin.apt: - upgrade: true - update_cache: true - # <-- - id_rsa: "{{ secret('SSH_KEY') }}" # <- Replace with your secret key... - - id: ansible_task # <- Replace with your task id... - type: io.kestra.plugin.ansible.cli.AnsibleCLI - docker: - image: docker.io/cytopia/ansible:latest-tools - user: "1000" # required to set ssh key permissions - env: - "ANSIBLE_HOST_KEY_CHECKING": "false" - # --> (optional) when using a different remote user - # "ANSIBLE_REMOTE_USER": "your-remote-user" - # <-- - commands: - - ansible-playbook -i inventory.ini --key-file id_rsa myplaybook.yaml # <- Replace with your inventory and playbook files... diff --git a/kestra/ansible/playbook-password.yaml b/kestra/ansible/playbook-password.yaml deleted file mode 100644 index f588dba..0000000 --- a/kestra/ansible/playbook-password.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Kestra ansible-playbook Template -# --- -# -# Run an ansible playbook which has been uploaded to the server. -# -id: ansible_job # <- Replace with your task id... -namespace: your-namespace # <- Replace with your namespace... - -tasks: - - id: ansible # <- Replace with your task id... - type: io.kestra.plugin.core.flow.WorkingDirectory - tasks: - - id: ansible_task # <- Replace with your task id... - namespaceFiles: - enabled: true - # --> upload your files to the kestra data directory for the namespace in - # //_files/ - include: - - inventory.ini # <- Replace with your inventory file... - - myplaybook.yaml # <- Replace with your playbook file... - # <-- - type: io.kestra.plugin.ansible.cli.AnsibleCLI - docker: - image: docker.io/cytopia/ansible:latest-tools - env: - "ANSIBLE_HOST_KEY_CHECKING": "false" - # --> (optional) when using a different remote user - # "ANSIBLE_REMOTE_USER": "your-remote-user" - # <-- - commands: - - apk add sshpass # <- (Optional) Only required if use ssh passwords. - - ansible-playbook -i inventory.ini myplaybook.yaml # <- Replace with your inventory and playbook files... diff --git a/kestra/ansible/playbook-ssh-key.yaml b/kestra/ansible/playbook-ssh-key.yaml deleted file mode 100644 index bffa052..0000000 --- a/kestra/ansible/playbook-ssh-key.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Kestra ansible-playbook Template -# --- -# -# Run an ansible playbook which has been uploaded to the server, using -# ssh key authentication. -# -id: ansible_job # <- Replace with your task id... -namespace: your-namespace # <- Replace with your namespace... - -tasks: - - id: ansible # <- Replace with your task id... - type: io.kestra.plugin.core.flow.WorkingDirectory - tasks: - - id: load_ssh_key # <- Replace with your task id... - type: io.kestra.plugin.core.storage.LocalFiles - inputs: - id_rsa: "{{ secret('SSH_KEY') }}" # <- Replace with your secret key... - - id: ansible_task - namespaceFiles: - enabled: true - # --> upload your files to the kestra data directory for the namespace in - # //_files/ - include: - - inventory.ini # <- Replace with your inventory file... - - myplaybook.yaml # <- Replace with your playbook file... - # <-- - type: io.kestra.plugin.ansible.cli.AnsibleCLI - docker: - image: docker.io/cytopia/ansible:latest-tools - user: "1000" # required to set ssh key permissions - env: - "ANSIBLE_HOST_KEY_CHECKING": "false" - # --> (optional) when using a different remote user - # "ANSIBLE_REMOTE_USER": "your-remote-user" - # <-- - commands: - - ansible-playbook -i inventory.ini --key-file id_rsa myplaybook.yaml # <- Replace with your inventory and playbook files... diff --git a/kestra/docker/git-build.yaml b/kestra/docker/docker-build-git.yaml similarity index 52% rename from kestra/docker/git-build.yaml rename to kestra/docker/docker-build-git.yaml index 9da3126..35516bd 100644 --- a/kestra/docker/git-build.yaml +++ b/kestra/docker/docker-build-git.yaml @@ -1,27 +1,26 @@ ---- # Kestra Docker Git Build Template # --- # # Build a Docker image from a Git repository. # - -id: docker-git-build # <- Replace with your task id... -namespace: your-namespace # <- Replace with your namespace... - +id: docker_build_git +namespace: your_namespace # <- Replace with your namespace... tasks: - - - id: git # <- Replace with your task id... + - id: docker_job type: io.kestra.plugin.core.flow.WorkingDirectory - tasks: - - id: clone # <- Replace with your task id... + - id: git_clone type: io.kestra.plugin.git.Clone - url: https://your-git-repo-url # <- Replace with your Git repository URL... - branch: your-branch # <- Replace with your Git branch... - - - id: build # <- Replace with your task id... + url: your-git-repository-url # <-- Replace with your Git repository URL... + directory: docker + branch: main # <-- (Optional) Replace with your Git branch... + # --> (Optional) If Git repository is private, add your Git token... + # username: xcad + # password: "{{ secret('GITOKEN') }}" + # <-- + - id: docker_build type: io.kestra.plugin.docker.Build - dockerfile: "src/Dockerfile" # <- Replace with your Dockerfile path... + dockerfile: "docker/src/Dockerfile" # <- Replace with your Dockerfile path... tags: - your-username/your-repository:your-tag # <- Replace with your Docker image tag... push: true diff --git a/kestra/docker/docker-build-inline.yaml b/kestra/docker/docker-build-inline.yaml new file mode 100644 index 0000000..9ad9d1d --- /dev/null +++ b/kestra/docker/docker-build-inline.yaml @@ -0,0 +1,32 @@ +# Kestra Docker File Build Template +# --- +# +# Build a Docker image from a File. +# +id: docker_build_inline +namespace: your_namespace # <- Replace with your namespace... +tasks: + - id: docker_job + type: io.kestra.plugin.core.flow.WorkingDirectory + inputFiles: + Dockerfile: | # <- Replace with your Dockerfile content... + FROM alpine:latest + WORKDIR /app + COPY . /app + RUN apk add --update python3 + CMD [ "python", "main.py"] + main.py: | # <- Replace with your Python script content... + if __name__ == "__main__": + print("Hello from Docker!") + exit(0) + tasks: + - id: docker_build + type: io.kestra.plugin.docker.Build + dockerfile: "src/Dockerfile" # <- Replace with your Dockerfile path... + tags: + - your-username/your-repository:your-tag # <- Replace with your Docker image tag... + push: true + credentials: + registry: https://index.docker.io/v1/ + username: "{{ secret('YOUR_USERNAME') }}" # <- Replace with your Docker Hub username... + password: "{{ secret('YOUR_PASSWORD') }}" # <- Replace with your Docker Hub password... diff --git a/kestra/docker/file-build.yaml b/kestra/docker/file-build.yaml deleted file mode 100644 index 45558fc..0000000 --- a/kestra/docker/file-build.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Kestra Docker File Build Template -# --- -# -# Build a Docker image from a File. -# - -id: docker-file-build # <- Replace with your task id... -namespace: your-namespace # <- Replace with your namespace... - -tasks: - - - id: file # <- Replace with your task id... - type: io.kestra.plugin.core.flow.WorkingDirectory - tasks: - - id: createFiles # <- Replace with your task id... - type: io.kestra.plugin.core.storage.LocalFiles - inputs: - Dockerfile: | # <- Replace with your Dockerfile content... - FROM alpine:latest - WORKDIR /app - COPY . /app - RUN apk add --update python3 - CMD [ "python", "main.py"] - main.py: | # <- Replace with your Python script content... - if __name__ == "__main__": - print("Hello from Docker!") - exit(0) - - - id: build # <- Replace with your task id... - type: io.kestra.plugin.docker.Build - dockerfile: "src/Dockerfile" # <- Replace with your Dockerfile path... - tags: - - your-username/your-repository:your-tag # <- Replace with your Docker image tag... - push: true - credentials: - registry: https://index.docker.io/v1/ - username: "{{ secret('YOUR_USERNAME') }}" # <- Replace with your Docker Hub username... - password: "{{ secret('YOUR_PASSWORD') }}" # <- Replace with your Docker Hub password... diff --git a/kestra/docker/purge.yaml b/kestra/docker/purge.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kestra/python/command.yaml b/kestra/python/python_command.yaml similarity index 62% rename from kestra/python/command.yaml rename to kestra/python/python_command.yaml index 8c5ce88..5deb26b 100644 --- a/kestra/python/command.yaml +++ b/kestra/python/python_command.yaml @@ -1,4 +1,3 @@ ---- # Kestra Python Command Template # --- # @@ -8,14 +7,13 @@ # make sure the Kestra instance can access the /app/scripts/your-python-script.py file # if you're running Kestra in Docker, use a volume to mount the file/directory. # - -id: python-command # <- Replace with your task id... -namespace: your-namespace # <- Replace with your namespace... - +id: python_command +namespace: your_namespace # <-- Replace with your namespace... tasks: - - - id: python_command + - id: python_job type: io.kestra.plugin.scripts.python.Commands commands: - python /app/scripts/your-python-script.py - runner: PROCESS # or DOCKER (might be deprecated in the future) use TaskRunner instead + taskRunner: + type: io.kestra.plugin.core.runner.Process + \ No newline at end of file diff --git a/kestra/python/script.yaml b/kestra/python/python_script.yaml similarity index 62% rename from kestra/python/script.yaml rename to kestra/python/python_script.yaml index b737754..575b7a6 100644 --- a/kestra/python/script.yaml +++ b/kestra/python/python_script.yaml @@ -1,18 +1,15 @@ ---- # Kestra Python Command Template # --- # # This template is a simple Python script that can be used to make a request to a website and log the status code. # - -id: python-script # <- Replace with your task id... -namespace: your-namespace # <- Replace with your namespace... - +id: python_script +namespace: your_namespace # <-- Replace with your namespace... tasks: - - - id: python_script + - id: python_job type: io.kestra.plugin.scripts.python.Script - runner: DOCKER # (might be deprecated in the future) use TaskRunner instead + taskRunner: + type: io.kestra.plugin.core.runner.Process script: | from kestra import Kestra import requests @@ -21,9 +18,6 @@ tasks: print(response.status_code) Kestra.outputs({'status': response.status_code, 'text': response.text}) - beforeCommands: - - pip install requests kestra - - id: log - type: io.kestra.core.tasks.log.Log + type: io.kestra.plugin.core.log.Log message: "StatusCode: {{outputs.pythonscript.vars.status}}" From 4bcedd20cb28a162936910b5c185d72e4acf6bb2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 14:51:53 +0000 Subject: [PATCH 027/112] chore(deps): update gitea/gitea docker tag to v1.22.4 --- docker-compose/gitea/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/gitea/compose.yaml b/docker-compose/gitea/compose.yaml index 3af44cd..f9cad76 100644 --- a/docker-compose/gitea/compose.yaml +++ b/docker-compose/gitea/compose.yaml @@ -1,7 +1,7 @@ --- services: server: - image: gitea/gitea:1.22.1 + image: gitea/gitea:1.22.4 container_name: gitea-server environment: - USER_UID=1000 From a931673934d502f53bc158d8167dc17d037bbe26 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 21:14:21 +0000 Subject: [PATCH 028/112] chore(deps): update public.ecr.aws/gravitational/teleport-distroless docker tag to v16.4.9 --- docker-compose/teleport/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/teleport/compose.yaml b/docker-compose/teleport/compose.yaml index c330c88..aee47a8 100644 --- a/docker-compose/teleport/compose.yaml +++ b/docker-compose/teleport/compose.yaml @@ -5,7 +5,7 @@ # external: true services: teleport: - image: public.ecr.aws/gravitational/teleport-distroless:16.4.8 + image: public.ecr.aws/gravitational/teleport-distroless:16.4.9 container_name: teleport ports: # -- (Optional) Remove this section, when using Traefik From aeb77b5008e431400ba8f8cfaeab123e7854a9ee Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 07:26:40 +0000 Subject: [PATCH 029/112] chore(deps): update terraform kubectl to v1.17.0 --- terraform/kubectl/provider.tf | 2 +- terraform/templates/kubernetes-automation-example/provider.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/kubectl/provider.tf b/terraform/kubectl/provider.tf index 405dffe..ce87670 100644 --- a/terraform/kubectl/provider.tf +++ b/terraform/kubectl/provider.tf @@ -9,7 +9,7 @@ terraform { required_providers { kubectl = { source = "gavinbunney/kubectl" - version = "1.16.0" + version = "1.17.0" } } } diff --git a/terraform/templates/kubernetes-automation-example/provider.tf b/terraform/templates/kubernetes-automation-example/provider.tf index f0f2209..64632c2 100644 --- a/terraform/templates/kubernetes-automation-example/provider.tf +++ b/terraform/templates/kubernetes-automation-example/provider.tf @@ -17,7 +17,7 @@ terraform { } kubectl = { source = "gavinbunney/kubectl" - version = "1.16.0" + version = "1.17.0" } cloudflare = { source = "cloudflare/cloudflare" From 6b5cb8cd637aef08fbf8f6405462cbb937d52c77 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 07:28:13 +0000 Subject: [PATCH 030/112] chore(deps): update longhornio/support-bundle-kit docker tag to v0.0.47 --- helm/longhorn/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/longhorn/values.yaml b/helm/longhorn/values.yaml index 934f16c..51fc0d1 100644 --- a/helm/longhorn/values.yaml +++ b/helm/longhorn/values.yaml @@ -21,7 +21,7 @@ image: tag: "v1.7.2" supportBundleKit: repository: "longhornio/support-bundle-kit" - tag: "v0.0.45" + tag: "v0.0.47" csi: attacher: repository: "longhornio/csi-attacher" From 324f0321c3bbd844b20c64b8d860d2184cf25bd7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 23:26:44 +0000 Subject: [PATCH 031/112] chore(deps): update docker.io/grafana/grafana-oss docker tag to v11.3.2 --- docker-compose/grafana/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/grafana/compose.yaml b/docker-compose/grafana/compose.yaml index 8b4a1e9..d520d6b 100644 --- a/docker-compose/grafana/compose.yaml +++ b/docker-compose/grafana/compose.yaml @@ -4,7 +4,7 @@ volumes: driver: local services: grafana: - image: docker.io/grafana/grafana-oss:11.3.1 + image: docker.io/grafana/grafana-oss:11.3.2 container_name: grafana ports: - "3000:3000" From a66dfda81ae6e1faaaca966e3832cc04e42dae75 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 23:26:48 +0000 Subject: [PATCH 032/112] chore(deps): update ghcr.io/home-assistant/home-assistant docker tag to v2024.12.0 --- docker-compose/homeassistant/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homeassistant/compose.yaml b/docker-compose/homeassistant/compose.yaml index 5375d02..a5c499f 100644 --- a/docker-compose/homeassistant/compose.yaml +++ b/docker-compose/homeassistant/compose.yaml @@ -2,7 +2,7 @@ services: homeassistant: container_name: homeassistant - image: ghcr.io/home-assistant/home-assistant:2024.11.3 + image: ghcr.io/home-assistant/home-assistant:2024.12.0 volumes: - ./config:/config - /etc/localtime:/etc/localtime:ro From fcdd779f607780505c498124818a704d26d7b35c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 06:29:38 +0000 Subject: [PATCH 033/112] chore(deps): update docker.io/library/nextcloud docker tag to v30.0.3 --- docker-compose/nextcloud/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/nextcloud/compose.yaml b/docker-compose/nextcloud/compose.yaml index 422d8b3..9ccfd53 100644 --- a/docker-compose/nextcloud/compose.yaml +++ b/docker-compose/nextcloud/compose.yaml @@ -4,7 +4,7 @@ volumes: nextcloud-db: services: nextcloud-app: - image: docker.io/library/nextcloud:30.0.2-apache + image: docker.io/library/nextcloud:30.0.3-apache container_name: nextcloud-app ports: - 80:80 From a3e5cd9e5f380e713f783bda49fdbed8200037f1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 08:22:45 +0000 Subject: [PATCH 034/112] chore(deps): update public.ecr.aws/gravitational/teleport-distroless docker tag to v16.4.10 --- docker-compose/teleport/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/teleport/compose.yaml b/docker-compose/teleport/compose.yaml index aee47a8..7b3c39b 100644 --- a/docker-compose/teleport/compose.yaml +++ b/docker-compose/teleport/compose.yaml @@ -5,7 +5,7 @@ # external: true services: teleport: - image: public.ecr.aws/gravitational/teleport-distroless:16.4.9 + image: public.ecr.aws/gravitational/teleport-distroless:16.4.10 container_name: teleport ports: # -- (Optional) Remove this section, when using Traefik From 330eae6f95aa2b2d49e194b50e8e3bb636f9630b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 08:23:34 +0000 Subject: [PATCH 035/112] chore(deps): update docker.io/grafana/grafana-oss docker tag to v11.4.0 --- docker-compose/grafana/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/grafana/compose.yaml b/docker-compose/grafana/compose.yaml index d520d6b..f805307 100644 --- a/docker-compose/grafana/compose.yaml +++ b/docker-compose/grafana/compose.yaml @@ -4,7 +4,7 @@ volumes: driver: local services: grafana: - image: docker.io/grafana/grafana-oss:11.3.2 + image: docker.io/grafana/grafana-oss:11.4.0 container_name: grafana ports: - "3000:3000" From 36da56baf3d59a39eb334b63962fb7229b9e27a8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 21:40:46 +0000 Subject: [PATCH 036/112] chore(deps): update ghcr.io/home-assistant/home-assistant docker tag to v2024.12.1 --- docker-compose/homeassistant/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homeassistant/compose.yaml b/docker-compose/homeassistant/compose.yaml index a5c499f..65ae2a8 100644 --- a/docker-compose/homeassistant/compose.yaml +++ b/docker-compose/homeassistant/compose.yaml @@ -2,7 +2,7 @@ services: homeassistant: container_name: homeassistant - image: ghcr.io/home-assistant/home-assistant:2024.12.0 + image: ghcr.io/home-assistant/home-assistant:2024.12.1 volumes: - ./config:/config - /etc/localtime:/etc/localtime:ro From 1d3cd82e635be06b808c045a4201db532b5b5322 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Mon, 9 Dec 2024 14:49:02 +0100 Subject: [PATCH 037/112] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index ab889cb..9816ae9 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,6 @@ If you’d like to contribute to this project, reach out to me on social media o - [Dotfiles](https://github.com/christianlempa/dotfiles) - My personal configuration files on macOS - [Cheat-Sheets](https://github.com/christianlempa/cheat-sheets) - Command Reference for various tools and technologies -- [Homelab](https://github.com/christianlempa/homelab) - This is my entire Homelab documentation, and configurations for infrastructure, applications, networking, and more. ## Support me From d00b0c29d6819449add3909eea692da31de54083 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Mon, 9 Dec 2024 16:17:41 +0100 Subject: [PATCH 038/112] fix for 554 --- docker-compose/wazuh/compose.yaml | 2 +- docker-compose/wazuh/config/postfix-relay/main.cf | 9 ++++++--- docker-compose/wazuh/config/postfix-relay/sasl_passwd | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/docker-compose/wazuh/compose.yaml b/docker-compose/wazuh/compose.yaml index 4570c20..e8cf6d9 100644 --- a/docker-compose/wazuh/compose.yaml +++ b/docker-compose/wazuh/compose.yaml @@ -136,7 +136,7 @@ services: # - POSTFIX_myhostname=postfix # volumes: # - ./config/postfix-relay/main.cf:/etc/postfix/main.cf:ro - # - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw + # - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw # <-- (Optional) Remove when using inline credentials # - postfix_data:/etc/postfix # networks: # - backend diff --git a/docker-compose/wazuh/config/postfix-relay/main.cf b/docker-compose/wazuh/config/postfix-relay/main.cf index 858bb7f..4a6aec0 100644 --- a/docker-compose/wazuh/config/postfix-relay/main.cf +++ b/docker-compose/wazuh/config/postfix-relay/main.cf @@ -1,12 +1,15 @@ relayhost = [your-smtp-server-url]:587 ; Replace [your-smtp-server-url] with your SMTP server URL smtp_sasl_auth_enable = yes -smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_use_tls = yes -smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination +smtpd_relay_restrictions = permit_mynetworks mydestination = localhost myhostname = postfix -mynetworks = 0.0.0.0/0 +mynetworks = 127.0.0.0/8, 172.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, [::1]/128 smtp_tls_security_level = may smtpd_tls_security_level = none +smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # <-- (Optional) Remove when using inline credentials +# --> (Optional) When using inline credentials, uncomment the following line and replace the placeholders with your SMTP server address and credentials +# smtp_sasl_password_maps = inline:{ [your-smtp-server-addr]:587=username:password } # <-- Replace [your-smtp-server-addr] with your SMTP server address, and username:password with your SMTP server credentials +# <-- diff --git a/docker-compose/wazuh/config/postfix-relay/sasl_passwd b/docker-compose/wazuh/config/postfix-relay/sasl_passwd index 94dc285..81d7682 100644 --- a/docker-compose/wazuh/config/postfix-relay/sasl_passwd +++ b/docker-compose/wazuh/config/postfix-relay/sasl_passwd @@ -1 +1 @@ -[your-smtp-server-url]:587 username:password ; Replace [your-smtp-server-url] with your SMTP server URL, and username:password with your SMTP server credentials +[your-smtp-server-addr]:587 username:password ; Replace [your-smtp-server-addr] with your SMTP server address, and username:password with your SMTP server credentials From f177ab5b66352645e27f095f4a5832316d87fa73 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Mon, 9 Dec 2024 17:09:21 +0100 Subject: [PATCH 039/112] update relayhost name --- docker-compose/wazuh/config/postfix-relay/main.cf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/wazuh/config/postfix-relay/main.cf b/docker-compose/wazuh/config/postfix-relay/main.cf index 4a6aec0..bc9b5a9 100644 --- a/docker-compose/wazuh/config/postfix-relay/main.cf +++ b/docker-compose/wazuh/config/postfix-relay/main.cf @@ -1,4 +1,4 @@ -relayhost = [your-smtp-server-url]:587 ; Replace [your-smtp-server-url] with your SMTP server URL +relayhost = [your-smtp-server-addr]:587 ; Replace [your-smtp-server-addr] with your SMTP server URL smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt From 22bd7bba0e15a06a8d03c8594e474549e307a609 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Mon, 9 Dec 2024 17:09:59 +0100 Subject: [PATCH 040/112] udpate description --- docker-compose/wazuh/config/postfix-relay/main.cf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/wazuh/config/postfix-relay/main.cf b/docker-compose/wazuh/config/postfix-relay/main.cf index bc9b5a9..c3cede7 100644 --- a/docker-compose/wazuh/config/postfix-relay/main.cf +++ b/docker-compose/wazuh/config/postfix-relay/main.cf @@ -1,4 +1,4 @@ -relayhost = [your-smtp-server-addr]:587 ; Replace [your-smtp-server-addr] with your SMTP server URL +relayhost = [your-smtp-server-addr]:587 ; Replace [your-smtp-server-addr] with your SMTP server address smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt From 902e8d852da21ec49ff010f06117ce013b169dd7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 19:53:53 +0000 Subject: [PATCH 041/112] chore(deps): update docker.io/refactr/runner-pool docker tag to v0.152.5 --- docker-compose/factory/runner-pool/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/factory/runner-pool/compose.yaml b/docker-compose/factory/runner-pool/compose.yaml index 563d0c8..e135cdf 100644 --- a/docker-compose/factory/runner-pool/compose.yaml +++ b/docker-compose/factory/runner-pool/compose.yaml @@ -2,7 +2,7 @@ services: refactr-runner: container_name: factory-runnerpool-prod-1 - image: docker.io/refactr/runner-pool:v0.152.4 + image: docker.io/refactr/runner-pool:v0.152.5 user: root volumes: - /run/docker.sock:/run/docker.sock From 13c09e7259ff69a2dee9963d0b5f1912fca8b513 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 19:16:32 +0000 Subject: [PATCH 042/112] chore(deps): update ghcr.io/goauthentik/server docker tag to v2024.10.5 --- docker-compose/authentik/compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose/authentik/compose.yaml b/docker-compose/authentik/compose.yaml index 8540e59..4da6a21 100644 --- a/docker-compose/authentik/compose.yaml +++ b/docker-compose/authentik/compose.yaml @@ -31,7 +31,7 @@ services: - redis_data:/data restart: unless-stopped server: - image: ghcr.io/goauthentik/server:2024.10.4 + image: ghcr.io/goauthentik/server:2024.10.5 container_name: authentik-server command: server environment: @@ -65,7 +65,7 @@ services: - redis restart: unless-stopped worker: - image: ghcr.io/goauthentik/server:2024.10.4 + image: ghcr.io/goauthentik/server:2024.10.5 container_name: authentik-worker command: worker environment: From 447f31b77f799828ed5493bb13adfaa8f4100926 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 19:53:03 +0000 Subject: [PATCH 043/112] chore(deps): update docker.io/refactr/runner-pool docker tag to v0.152.6 --- docker-compose/factory/runner-pool/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/factory/runner-pool/compose.yaml b/docker-compose/factory/runner-pool/compose.yaml index e135cdf..d460bca 100644 --- a/docker-compose/factory/runner-pool/compose.yaml +++ b/docker-compose/factory/runner-pool/compose.yaml @@ -2,7 +2,7 @@ services: refactr-runner: container_name: factory-runnerpool-prod-1 - image: docker.io/refactr/runner-pool:v0.152.5 + image: docker.io/refactr/runner-pool:v0.152.6 user: root volumes: - /run/docker.sock:/run/docker.sock From 76cde8b01bf8bcab1307f1efeeb6a41331ca5780 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 23:25:16 +0000 Subject: [PATCH 044/112] chore(deps): update docker.io/library/traefik docker tag to v3.2.2 --- docker-compose/traefik/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/traefik/compose.yaml b/docker-compose/traefik/compose.yaml index 0765be3..f69bb15 100644 --- a/docker-compose/traefik/compose.yaml +++ b/docker-compose/traefik/compose.yaml @@ -1,7 +1,7 @@ --- services: traefik: - image: docker.io/library/traefik:v3.2.1 + image: docker.io/library/traefik:v3.2.2 container_name: traefik ports: - 80:80 From d94dcd9e8ba6bc1ba3225ad6e130505c38f467f6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 23:25:22 +0000 Subject: [PATCH 045/112] chore(deps): update ghcr.io/home-assistant/home-assistant docker tag to v2024.12.2 --- docker-compose/homeassistant/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homeassistant/compose.yaml b/docker-compose/homeassistant/compose.yaml index 65ae2a8..7a86721 100644 --- a/docker-compose/homeassistant/compose.yaml +++ b/docker-compose/homeassistant/compose.yaml @@ -2,7 +2,7 @@ services: homeassistant: container_name: homeassistant - image: ghcr.io/home-assistant/home-assistant:2024.12.1 + image: ghcr.io/home-assistant/home-assistant:2024.12.2 volumes: - ./config:/config - /etc/localtime:/etc/localtime:ro From 837de59e83f9c6a2add8b2e9b025a1e20c7ff5e1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 07:17:14 +0000 Subject: [PATCH 046/112] chore(deps): update terraform kubectl to v1.18.0 --- terraform/kubectl/provider.tf | 2 +- terraform/templates/kubernetes-automation-example/provider.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/kubectl/provider.tf b/terraform/kubectl/provider.tf index ce87670..346a326 100644 --- a/terraform/kubectl/provider.tf +++ b/terraform/kubectl/provider.tf @@ -9,7 +9,7 @@ terraform { required_providers { kubectl = { source = "gavinbunney/kubectl" - version = "1.17.0" + version = "1.18.0" } } } diff --git a/terraform/templates/kubernetes-automation-example/provider.tf b/terraform/templates/kubernetes-automation-example/provider.tf index 64632c2..0e1469d 100644 --- a/terraform/templates/kubernetes-automation-example/provider.tf +++ b/terraform/templates/kubernetes-automation-example/provider.tf @@ -17,7 +17,7 @@ terraform { } kubectl = { source = "gavinbunney/kubectl" - version = "1.17.0" + version = "1.18.0" } cloudflare = { source = "cloudflare/cloudflare" From e8a232220af255f5fc0da0b1015c85cbb0c510be Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 07:19:32 +0000 Subject: [PATCH 047/112] chore(deps): update traefik docker tag to v3.2.2 --- helm/traefik/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/traefik/values.yaml b/helm/traefik/values.yaml index ab55c03..7262c3f 100644 --- a/helm/traefik/values.yaml +++ b/helm/traefik/values.yaml @@ -1,6 +1,6 @@ image: repository: traefik - version: v3.2.1 + version: v3.2.2 pullPolicy: IfNotPresent # --> (Optional) Change log settings here... From 3c6b4ff571409234f824770d7aba303eb418c8c4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 11:31:59 +0000 Subject: [PATCH 048/112] chore(deps): update gitlab/gitlab-ce docker tag to v17.6.2 --- docker-compose/gitlab/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/gitlab/compose.yaml b/docker-compose/gitlab/compose.yaml index 76f4f61..0fdc084 100644 --- a/docker-compose/gitlab/compose.yaml +++ b/docker-compose/gitlab/compose.yaml @@ -1,7 +1,7 @@ --- services: gitlab: - image: gitlab/gitlab-ce:17.6.1-ce.0 + image: gitlab/gitlab-ce:17.6.2-ce.0 container_name: gitlab shm_size: '256m' environment: {} From 9f15772ccd22c17200f42017780b297bd05e21cb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 01:06:45 +0000 Subject: [PATCH 049/112] chore(deps): update gitea/gitea docker tag to v1.22.5 --- docker-compose/gitea/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/gitea/compose.yaml b/docker-compose/gitea/compose.yaml index f9cad76..1d1eef4 100644 --- a/docker-compose/gitea/compose.yaml +++ b/docker-compose/gitea/compose.yaml @@ -1,7 +1,7 @@ --- services: server: - image: gitea/gitea:1.22.4 + image: gitea/gitea:1.22.5 container_name: gitea-server environment: - USER_UID=1000 From 5bd0883168e2349526a719fc2b3061630d4b0c43 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 01:06:51 +0000 Subject: [PATCH 050/112] chore(deps): update public.ecr.aws/gravitational/teleport-distroless docker tag to v16.4.11 --- docker-compose/teleport/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/teleport/compose.yaml b/docker-compose/teleport/compose.yaml index 7b3c39b..0f6d16f 100644 --- a/docker-compose/teleport/compose.yaml +++ b/docker-compose/teleport/compose.yaml @@ -5,7 +5,7 @@ # external: true services: teleport: - image: public.ecr.aws/gravitational/teleport-distroless:16.4.10 + image: public.ecr.aws/gravitational/teleport-distroless:16.4.11 container_name: teleport ports: # -- (Optional) Remove this section, when using Traefik From a6862c6467eef21a5018d3064a32c3c956d402cc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 05:12:52 +0000 Subject: [PATCH 051/112] chore(deps): update docker.io/library/nextcloud docker tag to v30.0.4 --- docker-compose/nextcloud/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/nextcloud/compose.yaml b/docker-compose/nextcloud/compose.yaml index 9ccfd53..f0743a3 100644 --- a/docker-compose/nextcloud/compose.yaml +++ b/docker-compose/nextcloud/compose.yaml @@ -4,7 +4,7 @@ volumes: nextcloud-db: services: nextcloud-app: - image: docker.io/library/nextcloud:30.0.3-apache + image: docker.io/library/nextcloud:30.0.4-apache container_name: nextcloud-app ports: - 80:80 From e2f06cad56b6341d6a2867f28840f0934ada1b3f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 12:26:22 +0000 Subject: [PATCH 052/112] chore(deps): update ghcr.io/home-assistant/home-assistant docker tag to v2024.12.3 --- docker-compose/homeassistant/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homeassistant/compose.yaml b/docker-compose/homeassistant/compose.yaml index 7a86721..ea78191 100644 --- a/docker-compose/homeassistant/compose.yaml +++ b/docker-compose/homeassistant/compose.yaml @@ -2,7 +2,7 @@ services: homeassistant: container_name: homeassistant - image: ghcr.io/home-assistant/home-assistant:2024.12.2 + image: ghcr.io/home-assistant/home-assistant:2024.12.3 volumes: - ./config:/config - /etc/localtime:/etc/localtime:ro From 32df61f07ef0db921a969f383e6ef9eb8fcafa6c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 14 Dec 2024 00:28:29 +0000 Subject: [PATCH 053/112] chore(deps): update gitea/gitea docker tag to v1.22.6 --- docker-compose/gitea/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/gitea/compose.yaml b/docker-compose/gitea/compose.yaml index 1d1eef4..5695cc9 100644 --- a/docker-compose/gitea/compose.yaml +++ b/docker-compose/gitea/compose.yaml @@ -1,7 +1,7 @@ --- services: server: - image: gitea/gitea:1.22.5 + image: gitea/gitea:1.22.6 container_name: gitea-server environment: - USER_UID=1000 From 68d355d26f0eb7db3fc4fd7d6975203857664e5a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 00:09:46 +0000 Subject: [PATCH 054/112] chore(deps): update portainer/portainer-ce docker tag to v2.25.0 --- helm/portainer/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/portainer/values.yaml b/helm/portainer/values.yaml index 063f2f5..e0df31b 100644 --- a/helm/portainer/values.yaml +++ b/helm/portainer/values.yaml @@ -1,7 +1,7 @@ --- image: repository: portainer/portainer-ce - tag: 2.24.1 + tag: 2.25.0 pullPolicy: IfNotPresent service: From 62183d902c9b54328b15813c6556858b8470caaa Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 22:08:10 +0000 Subject: [PATCH 055/112] chore(deps): update docker.io/library/traefik docker tag to v3.2.3 --- docker-compose/traefik/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/traefik/compose.yaml b/docker-compose/traefik/compose.yaml index f69bb15..9abe327 100644 --- a/docker-compose/traefik/compose.yaml +++ b/docker-compose/traefik/compose.yaml @@ -1,7 +1,7 @@ --- services: traefik: - image: docker.io/library/traefik:v3.2.2 + image: docker.io/library/traefik:v3.2.3 container_name: traefik ports: - 80:80 From 6785f44fc9ed283c6e12dd46ba4a4d8b06ec34dc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 22:08:15 +0000 Subject: [PATCH 056/112] chore(deps): update traefik docker tag to v3.2.3 --- helm/traefik/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/traefik/values.yaml b/helm/traefik/values.yaml index 7262c3f..1c0756b 100644 --- a/helm/traefik/values.yaml +++ b/helm/traefik/values.yaml @@ -1,6 +1,6 @@ image: repository: traefik - version: v3.2.2 + version: v3.2.3 pullPolicy: IfNotPresent # --> (Optional) Change log settings here... From 3cea26429faa98857962ca944e6cd16821696797 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 23:30:59 +0000 Subject: [PATCH 057/112] chore(deps): update terraform kubernetes to v2.35.0 --- terraform/kubernetes/provider.tf | 2 +- terraform/templates/kubernetes-automation-example/provider.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/kubernetes/provider.tf b/terraform/kubernetes/provider.tf index 218e5c8..313cea0 100644 --- a/terraform/kubernetes/provider.tf +++ b/terraform/kubernetes/provider.tf @@ -9,7 +9,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.34.0" + version = "2.35.0" } } } diff --git a/terraform/templates/kubernetes-automation-example/provider.tf b/terraform/templates/kubernetes-automation-example/provider.tf index 0e1469d..3b591dd 100644 --- a/terraform/templates/kubernetes-automation-example/provider.tf +++ b/terraform/templates/kubernetes-automation-example/provider.tf @@ -13,7 +13,7 @@ terraform { } kubernetes = { source = "hashicorp/kubernetes" - version = "2.34.0" + version = "2.35.0" } kubectl = { source = "gavinbunney/kubectl" From 73b5981f7569613d6f6868b5c170abffc41e5aab Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Tue, 17 Dec 2024 09:35:21 +0100 Subject: [PATCH 058/112] added playbooks --- .../docker/docker-certs-enable.yaml | 52 ++++++ .../configuration/docker/docker-certs.yaml | 158 ++++++++++++++++++ 2 files changed, 210 insertions(+) create mode 100644 ansible/configuration/docker/docker-certs-enable.yaml create mode 100644 ansible/configuration/docker/docker-certs.yaml diff --git a/ansible/configuration/docker/docker-certs-enable.yaml b/ansible/configuration/docker/docker-certs-enable.yaml new file mode 100644 index 0000000..6e50972 --- /dev/null +++ b/ansible/configuration/docker/docker-certs-enable.yaml @@ -0,0 +1,52 @@ +--- +- name: "Docker Certs enable" + hosts: "{{ target_hosts | default('all') }}" + become: true + vars: + certs_path: "/root/docker-certs" + + tasks: + - name: Check if docker certs are existing + ansible.builtin.stat: + path: "{{ certs_path }}" + register: certs_dir + + - name: Fail if docker certs are not existing + ansible.builtin.fail: + msg: "Docker certificates are not existing in /root/docker-certs." + when: not certs_dir.stat.exists + + - name: Get machine's primary internal ip address from eth0 interface + ansible.builtin.setup: + register: ip_address + + - name: Set machine's primary internal ip address + ansible.builtin.set_fact: + ip_address: "{{ ip_address.ansible_facts.ansible_default_ipv4.address }}" + + - name: Check if ip_address is a valid ip address + ansible.builtin.assert: + that: + - ip_address is match("^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$") + fail_msg: "ip_address is not a valid ip address." + success_msg: "ip_address is a valid ip address." + + - name: Change docker daemon to use certs + ansible.builtin.lineinfile: + path: /lib/systemd/system/docker.service + line: > + ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock + -H tcp://{{ ip_address }}:2376 --tlsverify --tlscacert={{ certs_path }}/ca.pem + --tlscert={{ certs_path }}/server-cert.pem --tlskey={{ certs_path }}/server-key.pem + regexp: '^ExecStart=' + state: present + + - name: Reload systemd daemon + ansible.builtin.systemd: + daemon_reload: true + + - name: Restart docker daemon + ansible.builtin.systemd: + name: docker + state: restarted + enabled: true diff --git a/ansible/configuration/docker/docker-certs.yaml b/ansible/configuration/docker/docker-certs.yaml new file mode 100644 index 0000000..8cbb642 --- /dev/null +++ b/ansible/configuration/docker/docker-certs.yaml @@ -0,0 +1,158 @@ +--- +- name: "Docker Certs" + hosts: "{{ target_hosts | default('all') }}" + become: true + vars: + certs_path: "/root/docker-certs" + cert_validity_days: 3650 + cn_domain: "clcreative.de" + + tasks: + - name: Check if docker certs are existing + ansible.builtin.stat: + path: "{{ certs_path }}" + register: certs_dir + + - name: Create docker certs directory (if needed) + ansible.builtin.file: + path: "{{ certs_path }}" + state: directory + mode: '0700' + when: not certs_dir.stat.exists + + - name: Check if docker certs directory is empty + ansible.builtin.command: ls -A "{{ certs_path }}" + register: certs_list + when: certs_dir.stat.exists + changed_when: false + ignore_errors: true + + - name: Fail if docker certs already exist + ansible.builtin.fail: + msg: "Docker certificates already exist in /root/docker-certs." + when: certs_list.stdout | default('') != '' + + - name: Get machine's primary internal ip address from eth0 interface + ansible.builtin.setup: + register: ip_address + + - name: Set machine's primary internal ip address + ansible.builtin.set_fact: + ip_address: "{{ ip_address.ansible_facts.ansible_default_ipv4.address }}" + + - name: Check if ip_address is a valid ip address + ansible.builtin.assert: + that: + - ip_address is match("^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$") + fail_msg: "ip_address is not a valid ip address." + success_msg: "ip_address is a valid ip address." + + - name: Generate CA private key + ansible.builtin.command: + cmd: > + openssl genrsa -out "{{ certs_path }}/ca-key.pem" 4096 + args: + creates: "{{ certs_path }}/ca-key.pem" + + - name: Generate CA certificate + ansible.builtin.command: + cmd: > + openssl req -sha256 -new -x509 + -subj "/CN={{ cn_domain }}" + -days "{{ cert_validity_days }}" + -key "{{ certs_path }}/ca-key.pem" + -out "{{ certs_path }}/ca.pem" + args: + creates: "{{ certs_path }}/ca.pem" + + - name: Generate server private key + ansible.builtin.command: + cmd: > + openssl genrsa -out "{{ certs_path }}/server-key.pem" 4096 + creates: "{{ certs_path }}/server-key.pem" + + - name: Generate server certificate signing request + ansible.builtin.command: + cmd: > + openssl req -sha256 -new + -subj "/CN={{ inventory_hostname }}" + -key "{{ certs_path }}/server-key.pem" + -out "{{ certs_path }}/server.csr" + creates: "{{ certs_path }}/server.csr" + + - name: Generate server certificate extension file + ansible.builtin.shell: | + echo "subjectAltName = DNS:{{ inventory_hostname }},IP:{{ ip_address }},IP:127.0.0.1" >> "{{ certs_path }}/extfile.cnf" + echo "extendedKeyUsage = serverAuth" >> "{{ certs_path }}/extfile.cnf" + args: + creates: "{{ certs_path }}/extfile.cnf" + + - name: Generate server certificate + ansible.builtin.command: + cmd: > + openssl x509 -req -days "{{ cert_validity_days }}" -sha256 + -in "{{ certs_path }}/server.csr" + -CA "{{ certs_path }}/ca.pem" + -CAkey "{{ certs_path }}/ca-key.pem" + -CAcreateserial -out "{{ certs_path }}/server-cert.pem" + -extfile "{{ certs_path }}/extfile.cnf" + creates: "{{ certs_path }}/server-cert.pem" + + - name: Generate client private key + ansible.builtin.command: + cmd: > + openssl genrsa -out "{{ certs_path }}/key.pem" 4096 + creates: "{{ certs_path }}/key.pem" + + - name: Generate client certificate signing request + ansible.builtin.command: + cmd: > + openssl req -sha256 -new + -subj "/CN=client" + -key "{{ certs_path }}/key.pem" + -out "{{ certs_path }}/client.csr" + creates: "{{ certs_path }}/client.csr" + + - name: Generate client certificate extension file + ansible.builtin.shell: | + echo "extendedKeyUsage = clientAuth" >> "{{ certs_path }}/client-extfile.cnf" + args: + creates: "{{ certs_path }}/client-extfile.cnf" + + - name: Generate client certificate + ansible.builtin.command: + cmd: > + openssl x509 -req -days "{{ cert_validity_days }}" + -sha256 -in "{{ certs_path }}/client.csr" + -CA "{{ certs_path }}/ca.pem" + -CAkey "{{ certs_path }}/ca-key.pem" + -CAcreateserial -out "{{ certs_path }}/cert.pem" + -extfile "{{ certs_path }}/client-extfile.cnf" + creates: "{{ certs_path }}/cert.pem" + + - name: Remove client certificate signing request + ansible.builtin.file: + path: "{{ certs_path }}/server.csr" + state: absent + + - name: Remove client certificate signing request + ansible.builtin.file: + path: "{{ certs_path }}/client.csr" + state: absent + + - name: Remove server certificate extension file + ansible.builtin.file: + path: "{{ certs_path }}/extfile.cnf" + state: absent + + - name: Remove client certificate extension file + ansible.builtin.file: + path: "{{ certs_path }}/client-extfile.cnf" + state: absent + + - name: Set permissions for docker certs + ansible.builtin.file: + path: "{{ certs_path }}" + mode: '0700' + recurse: true + follow: true From 3d3532f60b9dc4a7512f62d1a1539e7931ee9877 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 15:27:41 +0000 Subject: [PATCH 059/112] chore(deps): update ghcr.io/home-assistant/home-assistant docker tag to v2024.12.4 --- docker-compose/homeassistant/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homeassistant/compose.yaml b/docker-compose/homeassistant/compose.yaml index ea78191..73c4ea3 100644 --- a/docker-compose/homeassistant/compose.yaml +++ b/docker-compose/homeassistant/compose.yaml @@ -2,7 +2,7 @@ services: homeassistant: container_name: homeassistant - image: ghcr.io/home-assistant/home-assistant:2024.12.3 + image: ghcr.io/home-assistant/home-assistant:2024.12.4 volumes: - ./config:/config - /etc/localtime:/etc/localtime:ro From 29d2e46e00fdc10977ad569ea3b5f7e54f5a0212 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 21:07:41 +0000 Subject: [PATCH 060/112] chore(deps): update docker.io/twingate/connector docker tag to v1.73.0 --- docker-compose/twingate/connector/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/twingate/connector/compose.yaml b/docker-compose/twingate/connector/compose.yaml index 55433d8..765d55a 100644 --- a/docker-compose/twingate/connector/compose.yaml +++ b/docker-compose/twingate/connector/compose.yaml @@ -7,7 +7,7 @@ services: twingate_connector: container_name: twingate_connector - image: docker.io/twingate/connector:1.72.0 + image: docker.io/twingate/connector:1.73.0 environment: - TWINGATE_NETWORK=your-twingate-network - TWINGATE_ACCESS_TOKEN=${TWINGATE_ACCESS_TOKEN} From 1a3f0759b426612e9a327d9c04b36b4699b9ec2f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 21:18:29 +0000 Subject: [PATCH 061/112] chore(config): migrate config renovate.json --- renovate.json | 58 +++++++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/renovate.json b/renovate.json index 1b1347e..12bb977 100644 --- a/renovate.json +++ b/renovate.json @@ -1,7 +1,7 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "config:base", + "config:recommended", ":dependencyDashboard", ":enableVulnerabilityAlertsWithLabel('security')", ":preserveSemverRanges", @@ -12,7 +12,9 @@ "renovate" ], "kubernetes": { - "fileMatch": ["(^|/)kubernetes/.+\/[^\/]+\\.ya?ml$"] + "fileMatch": [ + "(^|/)kubernetes/.+/[^/]+\\.ya?ml$" + ] }, "packageRules": [ { @@ -30,7 +32,7 @@ { "description": "Update MariaDB or MySQL on a patch level only, bumps to major and minor versions might break compatibilty with an application", "enabled": false, - "managers": [ + "matchManagers": [ "docker-compose", "dockerfile" ], @@ -38,28 +40,28 @@ "major", "minor" ], - "packagePatterns": [ - "^([^/]+\\/)*(mariadb|mysql)(:.+)?$" + "matchPackageNames": [ + "/^([^/]+\\/)*(mariadb|mysql)(:.+)?$/" ] }, { "description": "Update PostgreSQL on a minor version or patch level only, bumps to major versions might break compatibilty with an application", "enabled": false, - "managers": [ + "matchManagers": [ "docker-compose", "dockerfile" ], "matchUpdateTypes": [ "major" ], - "packagePatterns": [ - "^([^/]+\\/)*postgres(:.+)?$" + "matchPackageNames": [ + "/^([^/]+\\/)*postgres(:.+)?$/" ] }, { "description": "Update MariaDB or PostgreSQL to the most recent release if they are standalone and not part of an application stack", "enabled": true, - "managers": [ + "matchManagers": [ "docker-compose", "dockerfile" ], @@ -72,49 +74,51 @@ "minor", "patch" ], - "packagePatterns": [ - "^([^/]+\\/)*(mariadb|postgres)(:.+)?$" + "matchPackageNames": [ + "/^([^/]+\\/)*(mariadb|postgres)(:.+)?$/" ] }, { "description": "Over time Heimdall changed its versioning schema several times, ensure we only consider the current style", - "managers": [ + "matchManagers": [ "docker-compose", "dockerfile" ], - "packagePatterns": [ - "^([^/]+\\/)*heimdall(:.+)?$" - ], - "versioning": "regex:^(?\\d{1,2})\\.(?\\d+)(\\.(?\\d+))?$" + "versioning": "regex:^(?\\d{1,2})\\.(?\\d+)(\\.(?\\d+))?$", + "matchPackageNames": [ + "/^([^/]+\\/)*heimdall(:.+)?$/" + ] }, { "description": "Track stable releases of Nginx only", - "managers": [ + "matchManagers": [ "docker-compose", "dockerfile" ], - "packagePatterns": [ - "^([^/]+\\/)*nginx(:.+)?$" - ], - "versioning": "regex:^(?\\d+)\\.(?\\d*[02468])(\\.(?\\d+))?(?:-(?.*))?$" + "versioning": "regex:^(?\\d+)\\.(?\\d*[02468])(\\.(?\\d+))?(?:-(?.*))?$", + "matchPackageNames": [ + "/^([^/]+\\/)*nginx(:.+)?$/" + ] }, { "description": "Ignore erroneous version tags of Semaphore", - "managers": [ + "matchManagers": [ "docker-compose", "dockerfile" ], - "packagePatterns": [ - "^([^/]+\\/)*semaphore(:.+)?$" - ], - "allowedVersions": "!/^v?2\\.19\\.10$/" + "allowedVersions": "!/^v?2\\.19\\.10$/", + "matchPackageNames": [ + "/^([^/]+\\/)*semaphore(:.+)?$/" + ] } ], "customManagers": [ { "customType": "regex", "description": "Update Longhorn images in Helm", - "fileMatch": ["(^|/)helm/longhorn/.+\\.yaml$"], + "fileMatch": [ + "(^|/)helm/longhorn/.+\\.yaml$" + ], "matchStrings": [ "engine:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", "manager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", From 1c02e6d1fb2d575162d305234b9b182d1a4497da Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Wed, 18 Dec 2024 14:07:54 +0100 Subject: [PATCH 062/112] traefik kubernetes updates and reorganization --- .../github}/kubectl/kubernetes-deploy.yml | 0 .../github}/scp-action/copy-config-files.yml | 0 .../github}/ssh-action/restart-docker.yml | 0 ...vice.yaml.example => externalservice.yaml} | 0 .../config/conf.d/middleware-authentik.yaml | 20 ++++++++++++ .../config/conf.d/middleware-passbolt.yaml | 22 +++++++++++++ .../conf.d/{tls.yaml.example => tls.yaml} | 0 helm/traefik/values.yaml | 19 ----------- .../certificate.yaml} | 0 .../cert-manager/helm-values.yaml | 0 .../longhorn/helm-values.yaml | 0 .../portainer/helm-values.yaml | 0 kubernetes/traefik/certificate.yaml | 14 ++++++++ .../ingressroute.yaml} | 0 .../ingressroutetcp.yaml} | 0 kubernetes/traefik/helm-values.yaml | 32 +++++++++++++++++++ kubernetes/traefik/middleware.yaml | 23 +++++++++++++ 17 files changed, 111 insertions(+), 19 deletions(-) rename {github-actions => actions/github}/kubectl/kubernetes-deploy.yml (100%) rename {github-actions => actions/github}/scp-action/copy-config-files.yml (100%) rename {github-actions => actions/github}/ssh-action/restart-docker.yml (100%) rename docker-compose/traefik/config/conf.d/{externalservice.yaml.example => externalservice.yaml} (100%) create mode 100644 docker-compose/traefik/config/conf.d/middleware-authentik.yaml create mode 100644 docker-compose/traefik/config/conf.d/middleware-passbolt.yaml rename docker-compose/traefik/config/conf.d/{tls.yaml.example => tls.yaml} (100%) delete mode 100644 helm/traefik/values.yaml rename kubernetes/cert-manager/{certificate.yaml.example => examples/certificate.yaml} (100%) rename helm/cert-manager/values.yaml => kubernetes/cert-manager/helm-values.yaml (100%) rename helm/longhorn/values.yaml => kubernetes/longhorn/helm-values.yaml (100%) rename helm/portainer/values.yaml => kubernetes/portainer/helm-values.yaml (100%) create mode 100644 kubernetes/traefik/certificate.yaml rename kubernetes/traefik/{ingressroute.yaml.example => examples/ingressroute.yaml} (100%) rename kubernetes/traefik/{ingressroutetcp.yaml.example => examples/ingressroutetcp.yaml} (100%) create mode 100644 kubernetes/traefik/helm-values.yaml create mode 100644 kubernetes/traefik/middleware.yaml diff --git a/github-actions/kubectl/kubernetes-deploy.yml b/actions/github/kubectl/kubernetes-deploy.yml similarity index 100% rename from github-actions/kubectl/kubernetes-deploy.yml rename to actions/github/kubectl/kubernetes-deploy.yml diff --git a/github-actions/scp-action/copy-config-files.yml b/actions/github/scp-action/copy-config-files.yml similarity index 100% rename from github-actions/scp-action/copy-config-files.yml rename to actions/github/scp-action/copy-config-files.yml diff --git a/github-actions/ssh-action/restart-docker.yml b/actions/github/ssh-action/restart-docker.yml similarity index 100% rename from github-actions/ssh-action/restart-docker.yml rename to actions/github/ssh-action/restart-docker.yml diff --git a/docker-compose/traefik/config/conf.d/externalservice.yaml.example b/docker-compose/traefik/config/conf.d/externalservice.yaml similarity index 100% rename from docker-compose/traefik/config/conf.d/externalservice.yaml.example rename to docker-compose/traefik/config/conf.d/externalservice.yaml diff --git a/docker-compose/traefik/config/conf.d/middleware-authentik.yaml b/docker-compose/traefik/config/conf.d/middleware-authentik.yaml new file mode 100644 index 0000000..6a1c451 --- /dev/null +++ b/docker-compose/traefik/config/conf.d/middleware-authentik.yaml @@ -0,0 +1,20 @@ +# --> (Optional) Securely expose apps using the Traefik proxy outpost... +# http: +# middlewares: +# authentik-middleware: +# forwardAuth: +# address: http://your-authentik-outpost-fqdn:9000/outpost.goauthentik.io/auth/traefik +# trustForwardHeader: true +# authResponseHeaders: +# - X-authentik-username +# - X-authentik-groups +# - X-authentik-email +# - X-authentik-name +# - X-authentik-uid +# - X-authentik-jwt +# - X-authentik-meta-jwks +# - X-authentik-meta-outpost +# - X-authentik-meta-provider +# - X-authentik-meta-app +# - X-authentik-meta-version +# <-- diff --git a/docker-compose/traefik/config/conf.d/middleware-passbolt.yaml b/docker-compose/traefik/config/conf.d/middleware-passbolt.yaml new file mode 100644 index 0000000..012fae1 --- /dev/null +++ b/docker-compose/traefik/config/conf.d/middleware-passbolt.yaml @@ -0,0 +1,22 @@ +# --> (Optional) When using Passbolt with Traefik... +# http: +# middlewares: +# passbolt-middleware: +# headers: +# FrameDeny: true +# AccessControlAllowMethods: 'GET,OPTIONS,PUT' +# AccessControlAllowOriginList: +# - origin-list-or-null +# AccessControlMaxAge: 100 +# AddVaryHeader: true +# BrowserXssFilter: true +# ContentTypeNosniff: true +# ForceSTSHeader: true +# STSIncludeSubdomains: true +# STSPreload: true +# ContentSecurityPolicy: default-src 'self' 'unsafe-inline' +# CustomFrameOptionsValue: SAMEORIGIN +# ReferrerPolicy: same-origin +# PermissionsPolicy: vibrate 'self' +# STSSeconds: 315360000 +# <-- diff --git a/docker-compose/traefik/config/conf.d/tls.yaml.example b/docker-compose/traefik/config/conf.d/tls.yaml similarity index 100% rename from docker-compose/traefik/config/conf.d/tls.yaml.example rename to docker-compose/traefik/config/conf.d/tls.yaml diff --git a/helm/traefik/values.yaml b/helm/traefik/values.yaml deleted file mode 100644 index 1c0756b..0000000 --- a/helm/traefik/values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -image: - repository: traefik - version: v3.2.3 - pullPolicy: IfNotPresent - -# --> (Optional) Change log settings here... -# logs: -# general: -# level: ERROR -# access: -# enabled: false -# <-- - -# --> (Optional) Redirect HTTP to HTTPs by default -# ports: -# web: -# redirectTo: -# port: websecure -# <-- diff --git a/kubernetes/cert-manager/certificate.yaml.example b/kubernetes/cert-manager/examples/certificate.yaml similarity index 100% rename from kubernetes/cert-manager/certificate.yaml.example rename to kubernetes/cert-manager/examples/certificate.yaml diff --git a/helm/cert-manager/values.yaml b/kubernetes/cert-manager/helm-values.yaml similarity index 100% rename from helm/cert-manager/values.yaml rename to kubernetes/cert-manager/helm-values.yaml diff --git a/helm/longhorn/values.yaml b/kubernetes/longhorn/helm-values.yaml similarity index 100% rename from helm/longhorn/values.yaml rename to kubernetes/longhorn/helm-values.yaml diff --git a/helm/portainer/values.yaml b/kubernetes/portainer/helm-values.yaml similarity index 100% rename from helm/portainer/values.yaml rename to kubernetes/portainer/helm-values.yaml diff --git a/kubernetes/traefik/certificate.yaml b/kubernetes/traefik/certificate.yaml new file mode 100644 index 0000000..3169aec --- /dev/null +++ b/kubernetes/traefik/certificate.yaml @@ -0,0 +1,14 @@ +# --> (Optional) Securely expose the Traefik dashboard... +# apiVersion: cert-manager.io/v1 +# kind: Certificate +# metadata: +# name: traefik-web-ui-cert +# namespace: traefik +# spec: +# secretName: traefik-web-ui-tls +# dnsNames: +# - your-traefik-dashboard-fqdn +# issuerRef: +# name: cloudflare-clusterissuer # <-- Replace with your issuer name +# kind: ClusterIssuer +# <-- diff --git a/kubernetes/traefik/ingressroute.yaml.example b/kubernetes/traefik/examples/ingressroute.yaml similarity index 100% rename from kubernetes/traefik/ingressroute.yaml.example rename to kubernetes/traefik/examples/ingressroute.yaml diff --git a/kubernetes/traefik/ingressroutetcp.yaml.example b/kubernetes/traefik/examples/ingressroutetcp.yaml similarity index 100% rename from kubernetes/traefik/ingressroutetcp.yaml.example rename to kubernetes/traefik/examples/ingressroutetcp.yaml diff --git a/kubernetes/traefik/helm-values.yaml b/kubernetes/traefik/helm-values.yaml new file mode 100644 index 0000000..adc0ea3 --- /dev/null +++ b/kubernetes/traefik/helm-values.yaml @@ -0,0 +1,32 @@ +image: + repository: traefik + tag: v3.2.3 + pullPolicy: IfNotPresent + +# --> Change redirect HTTP to HTTPs by default here... +ports: + web: + redirectTo: + port: websecure +# <-- + +# --> (Optional) Securely expose the Traefik dashboard... +# ingressRoute: +# dashboard: +# enabled: true +# entryPoints: +# - websecure +# matchRule: Host(`your-traefik-dashboard-fqdn`) # <-- Replace with your FQDN +# middlewares: +# - name: traefik-web-ui-middleware # <-- Replace with your authentication middleware +# tls: +# secretName: traefik-web-ui-tls # <-- Replace with your TLS secret name +# <-- + +# --> (Optional) Change log settings here... +# logs: +# general: +# level: ERROR +# access: +# enabled: false +# <-- diff --git a/kubernetes/traefik/middleware.yaml b/kubernetes/traefik/middleware.yaml new file mode 100644 index 0000000..fad3409 --- /dev/null +++ b/kubernetes/traefik/middleware.yaml @@ -0,0 +1,23 @@ +# --> (Optional) Securely expose the Traefik dashboard... +# apiVersion: traefik.io/v1alpha1 +# kind: Middleware +# metadata: +# name: traefik-web-ui-middleware +# namespace: traefik +# spec: +# forwardAuth: +# address: "http://your-authentik-outpost-fqdn:9000/outpost.goauthentik.io/auth/traefik" +# trustForwardHeader: true +# authResponseHeaders: +# - X-authentik-username +# - X-authentik-groups +# - X-authentik-email +# - X-authentik-name +# - X-authentik-uid +# - X-authentik-jwt +# - X-authentik-meta-jwks +# - X-authentik-meta-outpost +# - X-authentik-meta-provider +# - X-authentik-meta-app +# - X-authentik-meta-version +# <-- From 267299c088b8858b6d53d56e7960e8d98a76a022 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Wed, 18 Dec 2024 14:19:23 +0100 Subject: [PATCH 063/112] reorganization and docker certs update to ansible --- .../fail2ban/config-f2b-protect-sshd.yaml | 25 ----------------- .../configfiles/debian-sshd-default.conf | 3 --- .../notify-discord.yaml | 0 .../docker/docker-certs-enable.yaml | 2 +- .../docker/docker-certs.yaml | 4 +-- .../inst-docker-ubuntu.yaml | 0 .../maint-docker-clean.yaml | 0 ansible/installation/inst-core.yaml | 12 --------- ansible/installation/inst-microk8s.yaml | 16 ----------- .../inst-k8s => kubernetes}/README.md | 0 .../inst-k8s => kubernetes}/ansible.cfg | 0 .../inst-k8s => kubernetes}/inst-k8s.yaml | 0 .../k8s_worker_node_connection.j2 | 0 .../portainer/deploy-portainer.yaml | 0 .../traefik/deploy-traefik.yaml | 0 .../ssh => ubuntu}/config-add-sshkey.yaml | 0 .../inst-qemu-agent.yaml | 0 .../inst-vm-core.yaml | 0 .../{installation => ubuntu}/inst-zsh.yaml | 0 .../maint-diskspace.yaml | 0 .../maint-reboot-required.yaml | 0 .../{maintenance => ubuntu}/maint-reboot.yaml | 0 ansible/ubuntu/upd-apt.yaml | 14 ++++++++++ ansible/update/upd-apt-dist.yaml | 1 - ansible/update/upd-apt.yaml | 27 ------------------- .../inst-wireguard.yaml | 0 26 files changed, 17 insertions(+), 87 deletions(-) delete mode 100644 ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml delete mode 100644 ansible/configuration/fail2ban/configfiles/debian-sshd-default.conf rename ansible/{notification => discord}/notify-discord.yaml (100%) rename ansible/{configuration => }/docker/docker-certs-enable.yaml (97%) rename ansible/{configuration => }/docker/docker-certs.yaml (98%) rename ansible/{installation => docker}/inst-docker-ubuntu.yaml (100%) rename ansible/{maintenance => docker}/maint-docker-clean.yaml (100%) delete mode 100644 ansible/installation/inst-core.yaml delete mode 100644 ansible/installation/inst-microk8s.yaml rename ansible/{installation/inst-k8s => kubernetes}/README.md (100%) rename ansible/{installation/inst-k8s => kubernetes}/ansible.cfg (100%) rename ansible/{installation/inst-k8s => kubernetes}/inst-k8s.yaml (100%) rename ansible/{installation/inst-k8s => kubernetes}/k8s_worker_node_connection.j2 (100%) rename ansible/{deployment => }/portainer/deploy-portainer.yaml (100%) rename ansible/{deployment => }/traefik/deploy-traefik.yaml (100%) rename ansible/{configuration/ssh => ubuntu}/config-add-sshkey.yaml (100%) rename ansible/{installation => ubuntu}/inst-qemu-agent.yaml (100%) rename ansible/{installation => ubuntu}/inst-vm-core.yaml (100%) rename ansible/{installation => ubuntu}/inst-zsh.yaml (100%) rename ansible/{maintenance => ubuntu}/maint-diskspace.yaml (100%) rename ansible/{maintenance => ubuntu}/maint-reboot-required.yaml (100%) rename ansible/{maintenance => ubuntu}/maint-reboot.yaml (100%) create mode 100644 ansible/ubuntu/upd-apt.yaml delete mode 100644 ansible/update/upd-apt-dist.yaml delete mode 100644 ansible/update/upd-apt.yaml rename ansible/{installation => wireguard}/inst-wireguard.yaml (100%) diff --git a/ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml b/ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml deleted file mode 100644 index 7f83962..0000000 --- a/ansible/configuration/fail2ban/config-f2b-protect-sshd.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Install fail2ban and configure sshd - hosts: "{{ my_hosts | d([]) }}" - become: true - - tasks: - - name: Install fail2ban - ansible.builtin.apt: - name: - - fail2ban - update_cache: true - - - name: Copy fail2ban config file - ansible.builtin.copy: - src: configfiles/debian-sshd-default.conf - dest: /etc/fail2ban/jail.d/debian-sshd-default.conf - mode: '0644' - owner: root - group: root - - - name: Restart fail2ban - ansible.builtin.systemd_service: - state: restarted - daemon_reload: true - name: fail2ban diff --git a/ansible/configuration/fail2ban/configfiles/debian-sshd-default.conf b/ansible/configuration/fail2ban/configfiles/debian-sshd-default.conf deleted file mode 100644 index df10058..0000000 --- a/ansible/configuration/fail2ban/configfiles/debian-sshd-default.conf +++ /dev/null @@ -1,3 +0,0 @@ -[sshd] -enabled = true -bantime = 3600 diff --git a/ansible/notification/notify-discord.yaml b/ansible/discord/notify-discord.yaml similarity index 100% rename from ansible/notification/notify-discord.yaml rename to ansible/discord/notify-discord.yaml diff --git a/ansible/configuration/docker/docker-certs-enable.yaml b/ansible/docker/docker-certs-enable.yaml similarity index 97% rename from ansible/configuration/docker/docker-certs-enable.yaml rename to ansible/docker/docker-certs-enable.yaml index 6e50972..ff0f3d3 100644 --- a/ansible/configuration/docker/docker-certs-enable.yaml +++ b/ansible/docker/docker-certs-enable.yaml @@ -1,6 +1,6 @@ --- - name: "Docker Certs enable" - hosts: "{{ target_hosts | default('all') }}" + hosts: "{{ my_hosts | d([]) }}" become: true vars: certs_path: "/root/docker-certs" diff --git a/ansible/configuration/docker/docker-certs.yaml b/ansible/docker/docker-certs.yaml similarity index 98% rename from ansible/configuration/docker/docker-certs.yaml rename to ansible/docker/docker-certs.yaml index 8cbb642..f7b8f71 100644 --- a/ansible/configuration/docker/docker-certs.yaml +++ b/ansible/docker/docker-certs.yaml @@ -1,11 +1,11 @@ --- - name: "Docker Certs" - hosts: "{{ target_hosts | default('all') }}" + hosts: "{{ my_hosts | d([]) }}" become: true vars: certs_path: "/root/docker-certs" cert_validity_days: 3650 - cn_domain: "clcreative.de" + cn_domain: "your-domain.tld" tasks: - name: Check if docker certs are existing diff --git a/ansible/installation/inst-docker-ubuntu.yaml b/ansible/docker/inst-docker-ubuntu.yaml similarity index 100% rename from ansible/installation/inst-docker-ubuntu.yaml rename to ansible/docker/inst-docker-ubuntu.yaml diff --git a/ansible/maintenance/maint-docker-clean.yaml b/ansible/docker/maint-docker-clean.yaml similarity index 100% rename from ansible/maintenance/maint-docker-clean.yaml rename to ansible/docker/maint-docker-clean.yaml diff --git a/ansible/installation/inst-core.yaml b/ansible/installation/inst-core.yaml deleted file mode 100644 index 24ca7da..0000000 --- a/ansible/installation/inst-core.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Install core packages - hosts: "{{ my_hosts | d([]) }}" - become: true - - tasks: - - name: Install core packages - ansible.builtin.apt: - name: - - prometheus-node-exporter - - nfs-common - update_cache: true diff --git a/ansible/installation/inst-microk8s.yaml b/ansible/installation/inst-microk8s.yaml deleted file mode 100644 index c7c63c7..0000000 --- a/ansible/installation/inst-microk8s.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Install microk8s - hosts: "{{ my_hosts | d([]) }}" - become: true - - tasks: - - name: Install microk8s - community.general.snap: - classic: true - name: microk8s - - - name: Add user to group microk8s - ansible.builtin.user: - name: "{{ lookup('env', 'USER') }}" - groups: microk8s - append: true diff --git a/ansible/installation/inst-k8s/README.md b/ansible/kubernetes/README.md similarity index 100% rename from ansible/installation/inst-k8s/README.md rename to ansible/kubernetes/README.md diff --git a/ansible/installation/inst-k8s/ansible.cfg b/ansible/kubernetes/ansible.cfg similarity index 100% rename from ansible/installation/inst-k8s/ansible.cfg rename to ansible/kubernetes/ansible.cfg diff --git a/ansible/installation/inst-k8s/inst-k8s.yaml b/ansible/kubernetes/inst-k8s.yaml similarity index 100% rename from ansible/installation/inst-k8s/inst-k8s.yaml rename to ansible/kubernetes/inst-k8s.yaml diff --git a/ansible/installation/inst-k8s/k8s_worker_node_connection.j2 b/ansible/kubernetes/k8s_worker_node_connection.j2 similarity index 100% rename from ansible/installation/inst-k8s/k8s_worker_node_connection.j2 rename to ansible/kubernetes/k8s_worker_node_connection.j2 diff --git a/ansible/deployment/portainer/deploy-portainer.yaml b/ansible/portainer/deploy-portainer.yaml similarity index 100% rename from ansible/deployment/portainer/deploy-portainer.yaml rename to ansible/portainer/deploy-portainer.yaml diff --git a/ansible/deployment/traefik/deploy-traefik.yaml b/ansible/traefik/deploy-traefik.yaml similarity index 100% rename from ansible/deployment/traefik/deploy-traefik.yaml rename to ansible/traefik/deploy-traefik.yaml diff --git a/ansible/configuration/ssh/config-add-sshkey.yaml b/ansible/ubuntu/config-add-sshkey.yaml similarity index 100% rename from ansible/configuration/ssh/config-add-sshkey.yaml rename to ansible/ubuntu/config-add-sshkey.yaml diff --git a/ansible/installation/inst-qemu-agent.yaml b/ansible/ubuntu/inst-qemu-agent.yaml similarity index 100% rename from ansible/installation/inst-qemu-agent.yaml rename to ansible/ubuntu/inst-qemu-agent.yaml diff --git a/ansible/installation/inst-vm-core.yaml b/ansible/ubuntu/inst-vm-core.yaml similarity index 100% rename from ansible/installation/inst-vm-core.yaml rename to ansible/ubuntu/inst-vm-core.yaml diff --git a/ansible/installation/inst-zsh.yaml b/ansible/ubuntu/inst-zsh.yaml similarity index 100% rename from ansible/installation/inst-zsh.yaml rename to ansible/ubuntu/inst-zsh.yaml diff --git a/ansible/maintenance/maint-diskspace.yaml b/ansible/ubuntu/maint-diskspace.yaml similarity index 100% rename from ansible/maintenance/maint-diskspace.yaml rename to ansible/ubuntu/maint-diskspace.yaml diff --git a/ansible/maintenance/maint-reboot-required.yaml b/ansible/ubuntu/maint-reboot-required.yaml similarity index 100% rename from ansible/maintenance/maint-reboot-required.yaml rename to ansible/ubuntu/maint-reboot-required.yaml diff --git a/ansible/maintenance/maint-reboot.yaml b/ansible/ubuntu/maint-reboot.yaml similarity index 100% rename from ansible/maintenance/maint-reboot.yaml rename to ansible/ubuntu/maint-reboot.yaml diff --git a/ansible/ubuntu/upd-apt.yaml b/ansible/ubuntu/upd-apt.yaml new file mode 100644 index 0000000..b6b4017 --- /dev/null +++ b/ansible/ubuntu/upd-apt.yaml @@ -0,0 +1,14 @@ +--- +- name: Update and upgrade apt packages + hosts: all + + tasks: + - name: Update packages with apt + when: ansible_pkg_mgr == 'apt' + ansible.builtin.apt: + update_cache: true + + - name: Upgrade packages with apt + when: ansible_pkg_mgr == 'apt' + ansible.builtin.apt: + upgrade: dist diff --git a/ansible/update/upd-apt-dist.yaml b/ansible/update/upd-apt-dist.yaml deleted file mode 100644 index ed97d53..0000000 --- a/ansible/update/upd-apt-dist.yaml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/ansible/update/upd-apt.yaml b/ansible/update/upd-apt.yaml deleted file mode 100644 index b2b552e..0000000 --- a/ansible/update/upd-apt.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Update and upgrade apt packages - hosts: all - - tasks: - - name: Update packages with apt - when: ansible_pkg_mgr == 'apt' - ansible.builtin.apt: - update_cache: true - - - name: Update packages with yum - when: ansible_pkg_mgr == 'yum' - ansible.builtin.yum: - name: '*' - state: latest # noqa: package-latest - - - name: Upgrade packages with apt - when: ansible_pkg_mgr == 'apt' - ansible.builtin.apt: - upgrade: dist - - - name: Upgrade packages with yum - when: ansible_pkg_mgr == 'yum' - ansible.builtin.yum: - name: '*' - state: latest # noqa: package-latest - exclude: kernel* diff --git a/ansible/installation/inst-wireguard.yaml b/ansible/wireguard/inst-wireguard.yaml similarity index 100% rename from ansible/installation/inst-wireguard.yaml rename to ansible/wireguard/inst-wireguard.yaml From 24232515d87ed8f79651cedf5d68b69c28465093 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 04:17:01 +0000 Subject: [PATCH 064/112] chore(deps): update public.ecr.aws/gravitational/teleport-distroless docker tag to v16.4.12 --- docker-compose/teleport/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/teleport/compose.yaml b/docker-compose/teleport/compose.yaml index 0f6d16f..c7e77a2 100644 --- a/docker-compose/teleport/compose.yaml +++ b/docker-compose/teleport/compose.yaml @@ -5,7 +5,7 @@ # external: true services: teleport: - image: public.ecr.aws/gravitational/teleport-distroless:16.4.11 + image: public.ecr.aws/gravitational/teleport-distroless:16.4.12 container_name: teleport ports: # -- (Optional) Remove this section, when using Traefik From 9e15bd0a84b88a1bf1127c73997feaff9319eef4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 17:12:41 +0000 Subject: [PATCH 065/112] chore(deps): update gitlab/gitlab-ce docker tag to v17.7.0 --- docker-compose/gitlab/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/gitlab/compose.yaml b/docker-compose/gitlab/compose.yaml index 0fdc084..621acd6 100644 --- a/docker-compose/gitlab/compose.yaml +++ b/docker-compose/gitlab/compose.yaml @@ -1,7 +1,7 @@ --- services: gitlab: - image: gitlab/gitlab-ce:17.6.2-ce.0 + image: gitlab/gitlab-ce:17.7.0-ce.0 container_name: gitlab shm_size: '256m' environment: {} From 19fb86e05887c66f5decfb4c6efacb87494373f9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 21:07:35 +0000 Subject: [PATCH 066/112] chore(deps): update ghcr.io/goauthentik/server docker tag to v2024.12.0 --- docker-compose/authentik/compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose/authentik/compose.yaml b/docker-compose/authentik/compose.yaml index 4da6a21..2166631 100644 --- a/docker-compose/authentik/compose.yaml +++ b/docker-compose/authentik/compose.yaml @@ -31,7 +31,7 @@ services: - redis_data:/data restart: unless-stopped server: - image: ghcr.io/goauthentik/server:2024.10.5 + image: ghcr.io/goauthentik/server:2024.12.0 container_name: authentik-server command: server environment: @@ -65,7 +65,7 @@ services: - redis restart: unless-stopped worker: - image: ghcr.io/goauthentik/server:2024.10.5 + image: ghcr.io/goauthentik/server:2024.12.0 container_name: authentik-worker command: worker environment: From 44f76a1a3899786c77c25b2040b7df4f1f6010f0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 13:30:20 +0000 Subject: [PATCH 067/112] chore(deps): update ghcr.io/home-assistant/home-assistant docker tag to v2024.12.5 --- docker-compose/homeassistant/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homeassistant/compose.yaml b/docker-compose/homeassistant/compose.yaml index 73c4ea3..66e847e 100644 --- a/docker-compose/homeassistant/compose.yaml +++ b/docker-compose/homeassistant/compose.yaml @@ -2,7 +2,7 @@ services: homeassistant: container_name: homeassistant - image: ghcr.io/home-assistant/home-assistant:2024.12.4 + image: ghcr.io/home-assistant/home-assistant:2024.12.5 volumes: - ./config:/config - /etc/localtime:/etc/localtime:ro From cfa3eb659d80abdc0c9f49bb59207f6d120fbefe Mon Sep 17 00:00:00 2001 From: Christoph Schug Date: Fri, 20 Dec 2024 17:24:23 +0100 Subject: [PATCH 068/112] fix: use fully qualified container image name including the registry --- docker-compose/clamav/compose.yaml | 2 +- docker-compose/dockge/compose.yaml | 2 +- docker-compose/wazuh/compose.yaml | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-compose/clamav/compose.yaml b/docker-compose/clamav/compose.yaml index 20d7fdd..f1d7c42 100644 --- a/docker-compose/clamav/compose.yaml +++ b/docker-compose/clamav/compose.yaml @@ -1,7 +1,7 @@ --- services: clamav: - image: clamav/clamav:1.4.1 + image: docker.io/clamav/clamav:1.4.1 container_name: clamav volumes: - ./config/clamd.conf:/etc/clamav/clamd.conf:ro diff --git a/docker-compose/dockge/compose.yaml b/docker-compose/dockge/compose.yaml index 83f7961..cc546fa 100644 --- a/docker-compose/dockge/compose.yaml +++ b/docker-compose/dockge/compose.yaml @@ -2,7 +2,7 @@ services: dockge: container_name: dockge - image: louislam/dockge:1.4.2 + image: docker.io/louislam/dockge:1.4.2 volumes: - /var/run/docker.sock:/var/run/docker.sock - dockge-data:/app/data diff --git a/docker-compose/wazuh/compose.yaml b/docker-compose/wazuh/compose.yaml index e8cf6d9..e0395f0 100644 --- a/docker-compose/wazuh/compose.yaml +++ b/docker-compose/wazuh/compose.yaml @@ -1,6 +1,6 @@ services: wazuh.manager: - image: wazuh/wazuh-manager:4.9.2 + image: docker.io/wazuh/wazuh-manager:4.9.2 container_name: wazuh-prod-1-manager hostname: wazuh.manager ulimits: @@ -54,7 +54,7 @@ services: restart: unless-stopped wazuh.indexer: - image: wazuh/wazuh-indexer:4.9.2 + image: docker.io/wazuh/wazuh-indexer:4.9.2 container_name: wazuh-prod-1-indexer hostname: wazuh.indexer ports: @@ -87,7 +87,7 @@ services: restart: unless-stopped wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.9.2 + image: docker.io/wazuh/wazuh-dashboard:4.9.2 container_name: wazuh-prod-1-dashboard hostname: wazuh.dashboard # --> (Optional) Remove the port mapping when using traefik @@ -131,7 +131,7 @@ services: # --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required # postfix: - # image: mwader/postfix-relay:1.1.39 + # image: docker.io/mwader/postfix-relay:1.1.39 # environment: # - POSTFIX_myhostname=postfix # volumes: From 520d123c83846b3f148050a1c225e960573a9fb9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 19:01:23 +0000 Subject: [PATCH 069/112] chore(deps): update docker.io/louislam/uptime-kuma docker tag to v1.23.16 --- docker-compose/uptimekuma/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/uptimekuma/compose.yaml b/docker-compose/uptimekuma/compose.yaml index 71817be..be71fac 100644 --- a/docker-compose/uptimekuma/compose.yaml +++ b/docker-compose/uptimekuma/compose.yaml @@ -4,7 +4,7 @@ volumes: driver: local services: uptimekuma: - image: docker.io/louislam/uptime-kuma:1.23.15 + image: docker.io/louislam/uptime-kuma:1.23.16 container_name: uptimekuma ports: - 3001:3001 From c9a29d6cb6f36b3019ddd60e60fa648cfa7fda57 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 22:01:16 +0000 Subject: [PATCH 070/112] chore(deps): update ghcr.io/gethomepage/homepage docker tag to v0.10.0 --- docker-compose/homepage/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index 846bc6d..ffd42aa 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: homepage: - image: ghcr.io/gethomepage/homepage:v0.9.13 + image: ghcr.io/gethomepage/homepage:v0.10.0 container_name: homepage environment: - LOG_LEVEL=info From 085969961af1a01274f4bcc7c9626b7a3aee8ced Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 05:03:41 +0000 Subject: [PATCH 071/112] chore(deps): update ghcr.io/gethomepage/homepage docker tag to v0.10.1 --- docker-compose/homepage/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index ffd42aa..1c10cc3 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: homepage: - image: ghcr.io/gethomepage/homepage:v0.10.0 + image: ghcr.io/gethomepage/homepage:v0.10.1 container_name: homepage environment: - LOG_LEVEL=info From 77340024321280297bed848541e59ef901b0cf45 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 22 Dec 2024 07:34:49 +0000 Subject: [PATCH 072/112] chore(deps): update ghcr.io/gethomepage/homepage docker tag to v0.10.2 --- docker-compose/homepage/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index 1c10cc3..4578d6c 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: homepage: - image: ghcr.io/gethomepage/homepage:v0.10.1 + image: ghcr.io/gethomepage/homepage:v0.10.2 container_name: homepage environment: - LOG_LEVEL=info From 0aa15fcd7bb0482c6799733ca788dec688c82ae8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 17:28:14 +0000 Subject: [PATCH 073/112] chore(deps): update ghcr.io/goauthentik/server docker tag to v2024.12.1 --- docker-compose/authentik/compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose/authentik/compose.yaml b/docker-compose/authentik/compose.yaml index 2166631..7f0b6f6 100644 --- a/docker-compose/authentik/compose.yaml +++ b/docker-compose/authentik/compose.yaml @@ -31,7 +31,7 @@ services: - redis_data:/data restart: unless-stopped server: - image: ghcr.io/goauthentik/server:2024.12.0 + image: ghcr.io/goauthentik/server:2024.12.1 container_name: authentik-server command: server environment: @@ -65,7 +65,7 @@ services: - redis restart: unless-stopped worker: - image: ghcr.io/goauthentik/server:2024.12.0 + image: ghcr.io/goauthentik/server:2024.12.1 container_name: authentik-worker command: worker environment: From bd5c96c8c7b9b898f501a2a1e64a29a820a9c7e4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 01:47:40 +0000 Subject: [PATCH 074/112] chore(deps): update ghcr.io/gethomepage/homepage docker tag to v0.10.3 --- docker-compose/homepage/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index 4578d6c..a79ba82 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: homepage: - image: ghcr.io/gethomepage/homepage:v0.10.2 + image: ghcr.io/gethomepage/homepage:v0.10.3 container_name: homepage environment: - LOG_LEVEL=info From f0e776a31edde10a23657649c0053b118781ba9a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 09:38:31 +0000 Subject: [PATCH 075/112] chore(deps): update ghcr.io/gethomepage/homepage docker tag to v0.10.4 --- docker-compose/homepage/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index a79ba82..f78fa97 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: homepage: - image: ghcr.io/gethomepage/homepage:v0.10.3 + image: ghcr.io/gethomepage/homepage:v0.10.4 container_name: homepage environment: - LOG_LEVEL=info From d57943bda99349ea2e4c251690ed5aebc3cd5883 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 12:12:32 +0000 Subject: [PATCH 076/112] chore(deps): update docker.io/semaphoreui/semaphore docker tag to v2.11.1 --- docker-compose/ansiblesemaphore/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/ansiblesemaphore/compose.yaml b/docker-compose/ansiblesemaphore/compose.yaml index ff8560e..4c1baa1 100644 --- a/docker-compose/ansiblesemaphore/compose.yaml +++ b/docker-compose/ansiblesemaphore/compose.yaml @@ -16,7 +16,7 @@ services: restart: unless-stopped semaphore: container_name: ansiblesemaphore - image: docker.io/semaphoreui/semaphore:v2.10.43 + image: docker.io/semaphoreui/semaphore:v2.11.1 user: "${UID}:${GID}" ports: - 3000:3000 From d1bc405df664230c6993f2a36ffd7730fa012147 Mon Sep 17 00:00:00 2001 From: Christoph Schug Date: Wed, 25 Dec 2024 15:50:45 +0100 Subject: [PATCH 077/112] chore(deps): update docker.io/library/mysql docker tag to 8.4 --- docker-compose/ansiblesemaphore/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/ansiblesemaphore/compose.yaml b/docker-compose/ansiblesemaphore/compose.yaml index 4c1baa1..a99fe3e 100644 --- a/docker-compose/ansiblesemaphore/compose.yaml +++ b/docker-compose/ansiblesemaphore/compose.yaml @@ -4,7 +4,7 @@ volumes: driver: local services: mysql: - image: docker.io/library/mysql:8.3 + image: docker.io/library/mysql:8.4 hostname: mysql volumes: - semaphore-mysql:/var/lib/mysql From d334a1283d6ff2c3558f8a06049f5fe3cd2a1965 Mon Sep 17 00:00:00 2001 From: Christoph Schug Date: Wed, 25 Dec 2024 16:18:32 +0100 Subject: [PATCH 078/112] fix: remove trailing spaces --- docker-compose/gitea/compose.yaml | 2 +- docker-compose/gitlab/compose.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose/gitea/compose.yaml b/docker-compose/gitea/compose.yaml index 5695cc9..364ffe2 100644 --- a/docker-compose/gitea/compose.yaml +++ b/docker-compose/gitea/compose.yaml @@ -13,7 +13,7 @@ services: - GITEA__database__NAME=${POSTGRES_DB:?POSTGRES_DB not set} - GITEA__database__USER=${POSTGRES_USER:?POSTGRES_USER not set} - GITEA__database__PASSWD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set} - # <-- + # <-- # --> OR MySQL # - GITEA__database__DB_TYPE=mysql # - GITEA__database__HOST=db:3306 diff --git a/docker-compose/gitlab/compose.yaml b/docker-compose/gitlab/compose.yaml index 621acd6..e74b9a1 100644 --- a/docker-compose/gitlab/compose.yaml +++ b/docker-compose/gitlab/compose.yaml @@ -24,7 +24,7 @@ services: # - traefik.enable=true # - traefik.http.services.gitlab.loadbalancer.server.port=80 # - traefik.http.services.gitlab.loadbalancer.server.scheme=http - # - traefik.http.routers.gitlab.service=gitlab + # - traefik.http.routers.gitlab.service=gitlab # - traefik.http.routers.gitlab.rule=Host(`your-gitlab-fqdn`) # - traefik.http.routers.gitlab.entrypoints=websecure # - traefik.http.routers.gitlab.tls=true From 9e1bbe96a8a2ecc18e994aff2a65622eced34fe5 Mon Sep 17 00:00:00 2001 From: Christoph Schug Date: Wed, 25 Dec 2024 16:21:02 +0100 Subject: [PATCH 079/112] fix: add missing YAML document start marker --- docker-compose/prometheus/config/prometheus.yaml | 1 + docker-compose/teleport/config/teleport.yaml | 1 + docker-compose/traefik/config/conf.d/externalservice.yaml | 1 + docker-compose/traefik/config/conf.d/tls.yaml | 1 + docker-compose/traefik/config/traefik.yaml | 1 + docker-compose/wazuh/compose.yaml | 1 + 6 files changed, 6 insertions(+) diff --git a/docker-compose/prometheus/config/prometheus.yaml b/docker-compose/prometheus/config/prometheus.yaml index 8f41942..76202cb 100755 --- a/docker-compose/prometheus/config/prometheus.yaml +++ b/docker-compose/prometheus/config/prometheus.yaml @@ -1,3 +1,4 @@ +--- global: scrape_interval: 15s # By default, scrape targets every 15 seconds. diff --git a/docker-compose/teleport/config/teleport.yaml b/docker-compose/teleport/config/teleport.yaml index d4ae4e0..94a8645 100644 --- a/docker-compose/teleport/config/teleport.yaml +++ b/docker-compose/teleport/config/teleport.yaml @@ -1,3 +1,4 @@ +--- version: v2 teleport: nodename: your-server-name diff --git a/docker-compose/traefik/config/conf.d/externalservice.yaml b/docker-compose/traefik/config/conf.d/externalservice.yaml index a138191..33ba61c 100644 --- a/docker-compose/traefik/config/conf.d/externalservice.yaml +++ b/docker-compose/traefik/config/conf.d/externalservice.yaml @@ -1,3 +1,4 @@ +--- http: # -- Change Router Configuration here... routers: diff --git a/docker-compose/traefik/config/conf.d/tls.yaml b/docker-compose/traefik/config/conf.d/tls.yaml index 5bd28ba..3bf9464 100644 --- a/docker-compose/traefik/config/conf.d/tls.yaml +++ b/docker-compose/traefik/config/conf.d/tls.yaml @@ -1,3 +1,4 @@ +--- # -- Change TLS Configuration here... tls: options: diff --git a/docker-compose/traefik/config/traefik.yaml b/docker-compose/traefik/config/traefik.yaml index 850b1be..8121cb6 100644 --- a/docker-compose/traefik/config/traefik.yaml +++ b/docker-compose/traefik/config/traefik.yaml @@ -1,3 +1,4 @@ +--- global: checkNewVersion: false sendAnonymousUsage: false diff --git a/docker-compose/wazuh/compose.yaml b/docker-compose/wazuh/compose.yaml index e0395f0..a67de65 100644 --- a/docker-compose/wazuh/compose.yaml +++ b/docker-compose/wazuh/compose.yaml @@ -1,3 +1,4 @@ +--- services: wazuh.manager: image: docker.io/wazuh/wazuh-manager:4.9.2 From 95fcf4aa17bcdd2dd7d56904253662116ada1d8e Mon Sep 17 00:00:00 2001 From: Christoph Schug Date: Wed, 25 Dec 2024 16:23:34 +0100 Subject: [PATCH 080/112] fix: remove too many spaces after colon --- docker-compose/prometheus/config/prometheus.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/prometheus/config/prometheus.yaml b/docker-compose/prometheus/config/prometheus.yaml index 76202cb..28985ca 100755 --- a/docker-compose/prometheus/config/prometheus.yaml +++ b/docker-compose/prometheus/config/prometheus.yaml @@ -1,6 +1,6 @@ --- global: - scrape_interval: 15s # By default, scrape targets every 15 seconds. + scrape_interval: 15s # By default, scrape targets every 15 seconds. # Attach these labels to any time series or alerts when communicating with # external systems (federation, remote storage, Alertmanager). From 17d6bf2fed7ca5b4ff76dc4efab8fa0292d2c8da Mon Sep 17 00:00:00 2001 From: Christoph Schug Date: Wed, 25 Dec 2024 16:26:12 +0100 Subject: [PATCH 081/112] fix: correct too few spaces before comment --- docker-compose/traefik/compose.yaml | 4 ++-- docker-compose/traefik/config/traefik.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-compose/traefik/compose.yaml b/docker-compose/traefik/compose.yaml index 9abe327..ffaeec8 100644 --- a/docker-compose/traefik/compose.yaml +++ b/docker-compose/traefik/compose.yaml @@ -15,10 +15,10 @@ services: - ./data/certs/:/var/traefik/certs/:rw - ./config/conf.d/:/etc/traefik/conf.d/:ro environment: - - CF_DNS_API_TOKEN=your-cloudflare-api-token # <-- Change this to your Cloudflare API Token + - CF_DNS_API_TOKEN=your-cloudflare-api-token # <-- Change this to your Cloudflare API Token networks: - frontend restart: unless-stopped networks: frontend: - external: true # <-- (Optional) Change this to false if you want to create a new network + external: true # <-- (Optional) Change this to false if you want to create a new network diff --git a/docker-compose/traefik/config/traefik.yaml b/docker-compose/traefik/config/traefik.yaml index 8121cb6..a6dd2f7 100644 --- a/docker-compose/traefik/config/traefik.yaml +++ b/docker-compose/traefik/config/traefik.yaml @@ -41,7 +41,7 @@ certificatesResolvers: storage: /var/traefik/certs/cloudflare-acme.json caServer: "https://acme-v02.api.letsencrypt.org/directory" dnsChallenge: - provider: cloudflare # <-- (Optional) Change this to your DNS provider + provider: cloudflare # <-- (Optional) Change this to your DNS provider resolvers: - "1.1.1.1:53" - "8.8.8.8:53" From 2a6101d1648682aede54345d7b364cf6c9746999 Mon Sep 17 00:00:00 2001 From: Christoph Schug Date: Wed, 25 Dec 2024 16:29:36 +0100 Subject: [PATCH 082/112] fix: change truthy values to be either true or false --- docker-compose/teleport/config/teleport.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-compose/teleport/config/teleport.yaml b/docker-compose/teleport/config/teleport.yaml index 94a8645..0b0cde6 100644 --- a/docker-compose/teleport/config/teleport.yaml +++ b/docker-compose/teleport/config/teleport.yaml @@ -10,7 +10,7 @@ teleport: output: text auth_service: - enabled: "yes" + enabled: true listen_addr: 0.0.0.0:3025 proxy_listener_mode: multiplex cluster_name: your-server-url @@ -27,10 +27,10 @@ auth_service: # api_token_path: /etc/teleport/openai_key ssh_service: - enabled: "no" + enabled: false proxy_service: - enabled: "yes" + enabled: true web_listen_addr: 0.0.0.0:3080 # -- (Optional) when using reverse proxy # public_addr: ['your-server-url:443'] @@ -38,7 +38,7 @@ proxy_service: acme: {} # --(Optional) ACME # acme: - # enabled: "yes" + # enabled: true # email: your-email-address # -- (Optional) Teleport Assist # assist: @@ -46,9 +46,9 @@ proxy_service: # api_token_path: /etc/teleport/openai_key app_service: - enabled: no + enabled: false # -- (Optional) App Service - # enabled: yes + # enabled: true # apps: # - name: "yourapp" # uri: "http://your-app-url" From 973c98fb44010319f97db056cd84676386cdb0e7 Mon Sep 17 00:00:00 2001 From: Christoph Schug Date: Wed, 25 Dec 2024 16:53:10 +0100 Subject: [PATCH 083/112] chore(deps): remove obsolete comment Remove comment which applied before we were switching to using Renovate. --- docker-compose/mariadb/compose.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-compose/mariadb/compose.yaml b/docker-compose/mariadb/compose.yaml index 8636c57..8131e38 100644 --- a/docker-compose/mariadb/compose.yaml +++ b/docker-compose/mariadb/compose.yaml @@ -7,7 +7,6 @@ volumes: mariadb-data: services: mariadb: - # (Recommended) replace "latest" with specific version image: docker.io/library/mariadb:11.6.2 # (Optional) remove this section when you don't want to expose ports: From 30402f858b02a4059dcb65785725656129f728dd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 15:55:36 +0000 Subject: [PATCH 084/112] chore(deps): update terraform kubernetes to v2.35.1 --- terraform/kubernetes/provider.tf | 2 +- terraform/templates/kubernetes-automation-example/provider.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/kubernetes/provider.tf b/terraform/kubernetes/provider.tf index 313cea0..c64be59 100644 --- a/terraform/kubernetes/provider.tf +++ b/terraform/kubernetes/provider.tf @@ -9,7 +9,7 @@ terraform { required_providers { kubernetes = { source = "hashicorp/kubernetes" - version = "2.35.0" + version = "2.35.1" } } } diff --git a/terraform/templates/kubernetes-automation-example/provider.tf b/terraform/templates/kubernetes-automation-example/provider.tf index 3b591dd..d02304c 100644 --- a/terraform/templates/kubernetes-automation-example/provider.tf +++ b/terraform/templates/kubernetes-automation-example/provider.tf @@ -13,7 +13,7 @@ terraform { } kubernetes = { source = "hashicorp/kubernetes" - version = "2.35.0" + version = "2.35.1" } kubectl = { source = "gavinbunney/kubectl" From 2cf98c962085a5728ae6a5adb236cbad98c3a714 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 15:55:39 +0000 Subject: [PATCH 085/112] chore(deps): update terraform helm to v2.17.0 --- terraform/templates/kubernetes-automation-example/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/templates/kubernetes-automation-example/provider.tf b/terraform/templates/kubernetes-automation-example/provider.tf index 3b591dd..3e2dbc2 100644 --- a/terraform/templates/kubernetes-automation-example/provider.tf +++ b/terraform/templates/kubernetes-automation-example/provider.tf @@ -9,7 +9,7 @@ terraform { } helm = { source = "hashicorp/helm" - version = "2.16.1" + version = "2.17.0" } kubernetes = { source = "hashicorp/kubernetes" From acaca2b29691801ad570a9e417e4a3f7e390c12a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 14:17:28 +0000 Subject: [PATCH 086/112] chore(deps): update docker.io/semaphoreui/semaphore docker tag to v2.11.2 --- docker-compose/ansiblesemaphore/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/ansiblesemaphore/compose.yaml b/docker-compose/ansiblesemaphore/compose.yaml index a99fe3e..5a6b762 100644 --- a/docker-compose/ansiblesemaphore/compose.yaml +++ b/docker-compose/ansiblesemaphore/compose.yaml @@ -16,7 +16,7 @@ services: restart: unless-stopped semaphore: container_name: ansiblesemaphore - image: docker.io/semaphoreui/semaphore:v2.11.1 + image: docker.io/semaphoreui/semaphore:v2.11.2 user: "${UID}:${GID}" ports: - 3000:3000 From da2f51076fbbea8fb7b5fa4d68cd2b2fae18e763 Mon Sep 17 00:00:00 2001 From: Christoph Schug Date: Thu, 26 Dec 2024 14:05:46 +0100 Subject: [PATCH 087/112] feat: lint YAML files on pull requests on the main branch --- .github/workflows/lint.yaml | 19 +++++++++++++++++++ .yamllint | 7 +++++++ 2 files changed, 26 insertions(+) create mode 100644 .github/workflows/lint.yaml create mode 100644 .yamllint diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..50aadc6 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,19 @@ +--- +name: Lint + +on: # yamllint disable-line rule:truthy + pull_request: + branches: + - main + +permissions: + contents: read + +jobs: + lint: + name: Linters + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - run: yamllint --strict -- $(git ls-files '*.yaml' '*.yml') diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..0f25798 --- /dev/null +++ b/.yamllint @@ -0,0 +1,7 @@ +--- +extends: default + +rules: + line-length: + max: 160 + level: warning From 43000046f7386caf7141fec50a5fe2233cd11bc9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 27 Dec 2024 04:50:06 +0000 Subject: [PATCH 088/112] chore(deps): update ghcr.io/gethomepage/homepage docker tag to v0.10.5 --- docker-compose/homepage/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index f78fa97..3cd5c80 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: homepage: - image: ghcr.io/gethomepage/homepage:v0.10.4 + image: ghcr.io/gethomepage/homepage:v0.10.5 container_name: homepage environment: - LOG_LEVEL=info From 979f62d3a1de33713674b971d86ddc4c11b6be4b Mon Sep 17 00:00:00 2001 From: Christian Gubesch Date: Fri, 27 Dec 2024 10:54:45 +0100 Subject: [PATCH 089/112] feat: define network in Traefik's docker provider Update Traefik docker-compose config to ensure DNS resolving and autodiscovery with multiple networks. --- docker-compose/traefik/config/traefik.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose/traefik/config/traefik.yaml b/docker-compose/traefik/config/traefik.yaml index a6dd2f7..dfa7525 100644 --- a/docker-compose/traefik/config/traefik.yaml +++ b/docker-compose/traefik/config/traefik.yaml @@ -54,6 +54,7 @@ certificatesResolvers: providers: docker: exposedByDefault: false # <-- (Optional) Change this to true if you want to expose all services + network: frontend # <-- Specify discovery network - This ensures correct name resolving and possible issues with containers, that are in multiple networks. E.g. Database container in a seperate network and a container in the frontend and database network. file: directory: /etc/traefik watch: true From 1f897faac23e399b277c62be848fc1a36256e69f Mon Sep 17 00:00:00 2001 From: Christoph Schug Date: Fri, 27 Dec 2024 11:45:43 +0100 Subject: [PATCH 090/112] style: fix remaining yamllint rule violations --- .github/FUNDING.yml | 1 + actions/github/kubectl/kubernetes-deploy.yml | 3 +- .../github/scp-action/copy-config-files.yml | 3 +- actions/github/ssh-action/restart-docker.yml | 3 +- ansible/ubuntu/maint-diskspace.yaml | 20 ++++----- docker-compose/gitea/compose.yaml | 42 +++++++++---------- docker-compose/gitlab/compose.yaml | 4 +- docker-compose/homepage/compose.yaml | 28 ++++++------- .../homer/assets/example.config.yml | 10 ++--- .../prometheus/config/prometheus.yaml | 16 +++---- docker-compose/teleport/compose.yaml | 22 +++++----- docker-compose/traefik/config/traefik.yaml | 4 +- docker-compose/wazuh/compose.yaml | 26 ++++++------ .../wazuh_dashboard/opensearch_dashboards.yml | 11 +++-- .../wazuh/config/wazuh_dashboard/wazuh.yml | 1 + .../config/wazuh_indexer/internal_users.yml | 12 +++--- .../config/wazuh_indexer/wazuh.indexer.yml | 23 +++++++--- kestra/ansible/ansible-playbook-git.yaml | 1 + kestra/ansible/ansible-playbook-inline.yaml | 1 + kestra/docker/docker-build-git.yaml | 1 + kestra/docker/docker-build-inline.yaml | 1 + kestra/python/python_command.yaml | 2 +- kestra/python/python_script.yaml | 1 + kestra/variables.yaml | 2 +- kestra/webhook.yaml | 2 +- kubernetes/cert-manager/clusterissuer.yaml | 2 +- kubernetes/cert-manager/helm-values.yaml | 2 +- kubernetes/longhorn/ingressroute.yaml | 2 +- kubernetes/traefik/examples/ingressroute.yaml | 25 +++++------ .../traefik/examples/ingressroutetcp.yaml | 27 ++++++------ kubernetes/traefik/helm-values.yaml | 3 +- 31 files changed, 167 insertions(+), 134 deletions(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 2004d35..a371b35 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,3 +1,4 @@ +--- # These are supported funding model platforms patreon: christianlempa diff --git a/actions/github/kubectl/kubernetes-deploy.yml b/actions/github/kubectl/kubernetes-deploy.yml index 9851873..28cb002 100644 --- a/actions/github/kubectl/kubernetes-deploy.yml +++ b/actions/github/kubectl/kubernetes-deploy.yml @@ -1,6 +1,7 @@ +--- name: Kubernetes Deploy -on: +on: # yamllint disable-line rule:truthy push: branches: - main diff --git a/actions/github/scp-action/copy-config-files.yml b/actions/github/scp-action/copy-config-files.yml index 4f16db3..0c3b731 100644 --- a/actions/github/scp-action/copy-config-files.yml +++ b/actions/github/scp-action/copy-config-files.yml @@ -1,6 +1,7 @@ +--- name: copy config files to remote machine -on: +on: # yamllint disable-line rule:truthy push: branches: - main diff --git a/actions/github/ssh-action/restart-docker.yml b/actions/github/ssh-action/restart-docker.yml index 9930840..b6735f7 100644 --- a/actions/github/ssh-action/restart-docker.yml +++ b/actions/github/ssh-action/restart-docker.yml @@ -1,6 +1,7 @@ +--- name: Update Docker Compose File -on: +on: # yamllint disable-line rule:truthy push: branches: - main diff --git a/ansible/ubuntu/maint-diskspace.yaml b/ansible/ubuntu/maint-diskspace.yaml index 5164855..19eaaee 100644 --- a/ansible/ubuntu/maint-diskspace.yaml +++ b/ansible/ubuntu/maint-diskspace.yaml @@ -13,13 +13,13 @@ check_mode: false register: disk_usage - # - name: Send discord message when disk space is over 80% - # uri: - # url: "your-webhook" - # method: POST - # body_format: json - # body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}' - # headers: - # Content-Type: application/json - # status_code: 204 - # when: disk_usage.stdout[:-1]|int > 80 +# - name: Send discord message when disk space is over 80% +# uri: +# url: "your-webhook" +# method: POST +# body_format: json +# body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}' +# headers: +# Content-Type: application/json +# status_code: 204 +# when: disk_usage.stdout[:-1]|int > 80 diff --git a/docker-compose/gitea/compose.yaml b/docker-compose/gitea/compose.yaml index 364ffe2..0310f48 100644 --- a/docker-compose/gitea/compose.yaml +++ b/docker-compose/gitea/compose.yaml @@ -36,11 +36,11 @@ services: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - # --> (Optional) Remove when using traefik... + # --> (Optional) Remove when using traefik... - "3000:3000" - # <-- + # <-- - "2221:22" # <-- (Optional) Replace with your desired SSH port - # --> (Optional) When using internal database... + # --> (Optional) When using internal database... # depends_on: # - db # <-- @@ -56,28 +56,28 @@ services: # <-- restart: unless-stopped - # --> When using internal database - # db: - # image: postgres:14 - # container_name: gitea-db - # environment: - # - POSTGRES_USER=${POSTGRES_USER:?POSTGRES_USER not set} - # - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set} - # - POSTGRES_DB=${POSTGRES_DB:?POSTGRES_DB not set} - # networks: - # - backend - # volumes: - # - gitea-db:/var/lib/postgresql/data - # restart: unless-stopped - # <-- +# --> When using internal database +# db: +# image: postgres:14 +# container_name: gitea-db +# environment: +# - POSTGRES_USER=${POSTGRES_USER:?POSTGRES_USER not set} +# - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set} +# - POSTGRES_DB=${POSTGRES_DB:?POSTGRES_DB not set} +# networks: +# - backend +# volumes: +# - gitea-db:/var/lib/postgresql/data +# restart: unless-stopped +# <-- volumes: gitea-data: driver: local - # --> When using internal database - # gitea-db: - # driver: local - # <-- +# --> When using internal database +# gitea-db: +# driver: local +# <-- # --> (Optional) When using traefik... # networks: diff --git a/docker-compose/gitlab/compose.yaml b/docker-compose/gitlab/compose.yaml index e74b9a1..e77d671 100644 --- a/docker-compose/gitlab/compose.yaml +++ b/docker-compose/gitlab/compose.yaml @@ -14,10 +14,10 @@ services: - ./logs:/var/log/gitlab - gitlab-data:/var/opt/gitlab ports: - # --> (Optional) Remove when using traefik... + # --> (Optional) Remove when using traefik... - "80:80" - "443:443" - # <-- + # <-- - '2424:22' # --> (Optional) When using traefik... # labels: diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index 3cd5c80..0cb8a65 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -17,17 +17,17 @@ services: - ./images:/app/images # for custom background images - ./icons:/app/icons # for custom icons restart: unless-stopped - # (Optional) For secure docker socket integration - # dockerproxy: - # image: ghcr.io/tecnativa/docker-socket-proxy:0.3.0 - # container_name: homepage-demo-1-dockerproxy - # environment: - # - CONTAINERS=1 # Allow access to viewing containers - # - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm) - # - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm) - # - POST=0 # Disallow any POST operations (effectively read-only) - # ports: - # - 127.0.0.1:2375:2375 - # volumes: - # - /run/docker.sock:/run/docker.sock:ro # Mounted as read-only - # restart: unless-stopped +# (Optional) For secure docker socket integration +# dockerproxy: +# image: ghcr.io/tecnativa/docker-socket-proxy:0.3.0 +# container_name: homepage-demo-1-dockerproxy +# environment: +# - CONTAINERS=1 # Allow access to viewing containers +# - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm) +# - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm) +# - POST=0 # Disallow any POST operations (effectively read-only) +# ports: +# - 127.0.0.1:2375:2375 +# volumes: +# - /run/docker.sock:/run/docker.sock:ro # Mounted as read-only +# restart: unless-stopped diff --git a/docker-compose/homer/assets/example.config.yml b/docker-compose/homer/assets/example.config.yml index e59e138..3aa1f41 100644 --- a/docker-compose/homer/assets/example.config.yml +++ b/docker-compose/homer/assets/example.config.yml @@ -8,7 +8,7 @@ logo: "logo.png" # icon: "fas fa-skull-crossbones" # Optional icon header: true -footer: '

Created with with bulma, vuejs & font awesome // Fork me on

' # set false if you want to hide it. +footer: false # Optional theme customization theme: default @@ -40,8 +40,8 @@ colors: # Optional message message: - #url: https://b4bz.io - style: "is-dark" # See https://bulma.io/documentation/components/message/#colors for styling options. + # url: https://b4bz.io + style: "is-dark" # See https://bulma.io/documentation/components/message/#colors for styling options. title: "Demo !" icon: "fa fa-grin" content: "This is a dummy homepage demo.
Find more information on github.com/bastienwirtz/homer" @@ -52,7 +52,7 @@ links: - name: "Contribute" icon: "fab fa-github" url: "https://github.com/bastienwirtz/homer" - target: "_blank" # optional html a tag target attribute + target: "_blank" # optional html a tag target attribute - name: "Wiki" icon: "fas fa-book" url: "https://www.wikipedia.org/" @@ -74,7 +74,7 @@ services: subtitle: "Bookmark example" tag: "app" url: "https://www.reddit.com/r/selfhosted/" - target: "_blank" # optional html a tag target attribute + target: "_blank" # optional html a tag target attribute - name: "Another one" logo: "assets/tools/sample2.png" subtitle: "Another application" diff --git a/docker-compose/prometheus/config/prometheus.yaml b/docker-compose/prometheus/config/prometheus.yaml index 28985ca..69e5117 100755 --- a/docker-compose/prometheus/config/prometheus.yaml +++ b/docker-compose/prometheus/config/prometheus.yaml @@ -17,12 +17,12 @@ scrape_configs: static_configs: - targets: ['localhost:9090'] - # Example job for node_exporter - # - job_name: 'node_exporter' - # static_configs: - # - targets: ['node_exporter:9100'] +# Example job for node_exporter +# - job_name: 'node_exporter' +# static_configs: +# - targets: ['node_exporter:9100'] - # Example job for cadvisor - # - job_name: 'cadvisor' - # static_configs: - # - targets: ['cadvisor:8080'] +# Example job for cadvisor +# - job_name: 'cadvisor' +# static_configs: +# - targets: ['cadvisor:8080'] diff --git a/docker-compose/teleport/compose.yaml b/docker-compose/teleport/compose.yaml index c7e77a2..687899f 100644 --- a/docker-compose/teleport/compose.yaml +++ b/docker-compose/teleport/compose.yaml @@ -18,17 +18,17 @@ services: - ./data:/var/lib/teleport # -- (Optional) Traefik example configuration # labels: - # - "traefik.enable=true" - # - "traefik.http.services.teleport.loadbalancer.server.port=3080" - # - "traefik.http.services.teleport.loadbalancer.server.scheme=https" - # - "traefik.http.routers.teleport-http.entrypoints=web" - # - "traefik.http.routers.teleport-http.rule=HostRegexp(`^(?i)(?:[[:alnum:]]+(?:-+[[:alnum:]]+)*\\.)?your-server-url(?::\\d+)?$`)" - # - "traefik.http.routers.teleport-https.entrypoints=websecure" - # - "traefik.http.routers.teleport-https.rule=HostRegexp(`^(?i)(?:[[:alnum:]]+(?:-+[[:alnum:]]+)*\\.)?your-server-url(?::\\d+)?$`)" - # - "traefik.http.routers.teleport-https.tls=true" - # - "traefik.http.routers.teleport-https.tls.certresolver=your-certresolver" - # - "traefik.http.routers.teleport-https.tls.domains[0].main=your-server-url" - # - "traefik.http.routers.teleport-https.tls.domains[0].sans=*.your-server-url" + # - "traefik.enable=true" + # - "traefik.http.services.teleport.loadbalancer.server.port=3080" + # - "traefik.http.services.teleport.loadbalancer.server.scheme=https" + # - "traefik.http.routers.teleport-http.entrypoints=web" + # - "traefik.http.routers.teleport-http.rule=HostRegexp(`^(?i)(?:[[:alnum:]]+(?:-+[[:alnum:]]+)*\\.)?your-server-url(?::\\d+)?$`)" + # - "traefik.http.routers.teleport-https.entrypoints=websecure" + # - "traefik.http.routers.teleport-https.rule=HostRegexp(`^(?i)(?:[[:alnum:]]+(?:-+[[:alnum:]]+)*\\.)?your-server-url(?::\\d+)?$`)" + # - "traefik.http.routers.teleport-https.tls=true" + # - "traefik.http.routers.teleport-https.tls.certresolver=your-certresolver" + # - "traefik.http.routers.teleport-https.tls.domains[0].main=your-server-url" + # - "traefik.http.routers.teleport-https.tls.domains[0].sans=*.your-server-url" # networks: # - your-traefik-network restart: unless-stopped diff --git a/docker-compose/traefik/config/traefik.yaml b/docker-compose/traefik/config/traefik.yaml index dfa7525..f9446a1 100644 --- a/docker-compose/traefik/config/traefik.yaml +++ b/docker-compose/traefik/config/traefik.yaml @@ -54,7 +54,9 @@ certificatesResolvers: providers: docker: exposedByDefault: false # <-- (Optional) Change this to true if you want to expose all services - network: frontend # <-- Specify discovery network - This ensures correct name resolving and possible issues with containers, that are in multiple networks. E.g. Database container in a seperate network and a container in the frontend and database network. + # Specify discovery network - This ensures correct name resolving and possible issues with containers, that are in multiple networks. + # E.g. Database container in a separate network and a container in the frontend and database network. + network: frontend file: directory: /etc/traefik watch: true diff --git a/docker-compose/wazuh/compose.yaml b/docker-compose/wazuh/compose.yaml index a67de65..a23aed8 100644 --- a/docker-compose/wazuh/compose.yaml +++ b/docker-compose/wazuh/compose.yaml @@ -130,19 +130,19 @@ services: - wazuh.indexer restart: unless-stopped - # --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required - # postfix: - # image: docker.io/mwader/postfix-relay:1.1.39 - # environment: - # - POSTFIX_myhostname=postfix - # volumes: - # - ./config/postfix-relay/main.cf:/etc/postfix/main.cf:ro - # - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw # <-- (Optional) Remove when using inline credentials - # - postfix_data:/etc/postfix - # networks: - # - backend - # restart: unless-stopped - # <-- +# --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required +# postfix: +# image: docker.io/mwader/postfix-relay:1.1.39 +# environment: +# - POSTFIX_myhostname=postfix +# volumes: +# - ./config/postfix-relay/main.cf:/etc/postfix/main.cf:ro +# - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw # <-- (Optional) Remove when using inline credentials +# - postfix_data:/etc/postfix +# networks: +# - backend +# restart: unless-stopped +# <-- volumes: wazuh_api_configuration: diff --git a/docker-compose/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml b/docker-compose/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml index ccaec07..fce78dc 100644 --- a/docker-compose/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml +++ b/docker-compose/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml @@ -1,12 +1,17 @@ +--- server.host: 0.0.0.0 server.port: 5601 opensearch.hosts: https://wazuh.indexer:9200 opensearch.ssl.verificationMode: certificate -opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] +opensearch.requestHeadersWhitelist: + - "securitytenant" + - "Authorization" opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] +opensearch_security.readonly_mode.roles: + - "kibana_read_only" server.ssl.enabled: true server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] +opensearch.ssl.certificateAuthorities: + - "/usr/share/wazuh-dashboard/certs/root-ca.pem" uiSettings.overrides.defaultRoute: /app/wz-home diff --git a/docker-compose/wazuh/config/wazuh_dashboard/wazuh.yml b/docker-compose/wazuh/config/wazuh_dashboard/wazuh.yml index 4cfb0fb..1528933 100644 --- a/docker-compose/wazuh/config/wazuh_dashboard/wazuh.yml +++ b/docker-compose/wazuh/config/wazuh_dashboard/wazuh.yml @@ -1,3 +1,4 @@ +--- hosts: - 1513629884013: url: "https://wazuh.manager" diff --git a/docker-compose/wazuh/config/wazuh_indexer/internal_users.yml b/docker-compose/wazuh/config/wazuh_indexer/internal_users.yml index 13bd41a..e62e890 100644 --- a/docker-compose/wazuh/config/wazuh_indexer/internal_users.yml +++ b/docker-compose/wazuh/config/wazuh_indexer/internal_users.yml @@ -14,7 +14,7 @@ admin: hash: "$2y$12$y85PV5Ob2lqeR30Rcm/F9..8JMgLT5ALZGMtzTo7c.p1vPpR394ki" reserved: true backend_roles: - - "admin" + - admin description: "Demo admin user" kibanaserver: @@ -26,8 +26,8 @@ kibanaro: hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" reserved: false backend_roles: - - "kibanauser" - - "readall" + - kibanauser + - readall attributes: attribute1: "value1" attribute2: "value2" @@ -38,19 +38,19 @@ logstash: hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" reserved: false backend_roles: - - "logstash" + - logstash description: "Demo logstash user" readall: hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" reserved: false backend_roles: - - "readall" + - readall description: "Demo readall user" snapshotrestore: hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" reserved: false backend_roles: - - "snapshotrestore" + - snapshotrestore description: "Demo snapshotrestore user" diff --git a/docker-compose/wazuh/config/wazuh_indexer/wazuh.indexer.yml b/docker-compose/wazuh/config/wazuh_indexer/wazuh.indexer.yml index afcd0ff..77e5d07 100644 --- a/docker-compose/wazuh/config/wazuh_indexer/wazuh.indexer.yml +++ b/docker-compose/wazuh/config/wazuh_indexer/wazuh.indexer.yml @@ -1,3 +1,4 @@ +--- network.host: "0.0.0.0" node.name: "wazuh.indexer" path.data: /var/lib/wazuh-indexer @@ -16,15 +17,27 @@ plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" plugins.security.check_snapshot_restore_write_privileges: true plugins.security.enable_snapshot_restore_privilege: true plugins.security.nodes_dn: -- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" + - "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" + - "all_access" + - "security_rest_api_access" plugins.security.system_indices.enabled: true -plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] +plugins.security.system_indices.indices: + - ".opendistro-alerting-config" + - ".opendistro-alerting-alert*" + - ".opendistro-anomaly-results*" + - ".opendistro-anomaly-detector*" + - ".opendistro-anomaly-checkpoints" + - ".opendistro-anomaly-detection-state" + - ".opendistro-reports-*" + - ".opendistro-notifications-*" + - ".opendistro-notebooks" + - ".opensearch-observability" + - ".opendistro-asynchronous-search-response*" + - ".replication-metadata-store" plugins.security.allow_default_init_securityindex: true cluster.routing.allocation.disk.threshold_enabled: false diff --git a/kestra/ansible/ansible-playbook-git.yaml b/kestra/ansible/ansible-playbook-git.yaml index 892554d..e786323 100644 --- a/kestra/ansible/ansible-playbook-git.yaml +++ b/kestra/ansible/ansible-playbook-git.yaml @@ -1,3 +1,4 @@ +--- # Kestra ansible-playbook Template # --- # diff --git a/kestra/ansible/ansible-playbook-inline.yaml b/kestra/ansible/ansible-playbook-inline.yaml index bbc66c2..38f2628 100644 --- a/kestra/ansible/ansible-playbook-inline.yaml +++ b/kestra/ansible/ansible-playbook-inline.yaml @@ -1,3 +1,4 @@ +--- # Kestra ansible-playbook Template # --- # diff --git a/kestra/docker/docker-build-git.yaml b/kestra/docker/docker-build-git.yaml index 35516bd..68fa04c 100644 --- a/kestra/docker/docker-build-git.yaml +++ b/kestra/docker/docker-build-git.yaml @@ -1,3 +1,4 @@ +--- # Kestra Docker Git Build Template # --- # diff --git a/kestra/docker/docker-build-inline.yaml b/kestra/docker/docker-build-inline.yaml index 9ad9d1d..d6546be 100644 --- a/kestra/docker/docker-build-inline.yaml +++ b/kestra/docker/docker-build-inline.yaml @@ -1,3 +1,4 @@ +--- # Kestra Docker File Build Template # --- # diff --git a/kestra/python/python_command.yaml b/kestra/python/python_command.yaml index 5deb26b..b2f4e57 100644 --- a/kestra/python/python_command.yaml +++ b/kestra/python/python_command.yaml @@ -1,3 +1,4 @@ +--- # Kestra Python Command Template # --- # @@ -16,4 +17,3 @@ tasks: - python /app/scripts/your-python-script.py taskRunner: type: io.kestra.plugin.core.runner.Process - \ No newline at end of file diff --git a/kestra/python/python_script.yaml b/kestra/python/python_script.yaml index 575b7a6..15226fb 100644 --- a/kestra/python/python_script.yaml +++ b/kestra/python/python_script.yaml @@ -1,3 +1,4 @@ +--- # Kestra Python Command Template # --- # diff --git a/kestra/variables.yaml b/kestra/variables.yaml index e708cc1..51123bb 100644 --- a/kestra/variables.yaml +++ b/kestra/variables.yaml @@ -6,7 +6,7 @@ # id: variables # <- Replace with your task id... -namespace: your-namespace # <- Replace with your namespace... +namespace: your-namespace # <- Replace with your namespace... variables: variable-name: "variable-value" # <- Replace with your variable name and value... diff --git a/kestra/webhook.yaml b/kestra/webhook.yaml index dfb07d7..a7eb03b 100644 --- a/kestra/webhook.yaml +++ b/kestra/webhook.yaml @@ -6,7 +6,7 @@ # # usage: # curl http://your-kestra-instance/api/v1/executions/webhook/your-namespace/your-task-id/your-secret-key -# +# id: webhook # <- Replace with your task id... namespace: your-namespace # <- Replace with your namespace... diff --git a/kubernetes/cert-manager/clusterissuer.yaml b/kubernetes/cert-manager/clusterissuer.yaml index f1b25af..e830541 100644 --- a/kubernetes/cert-manager/clusterissuer.yaml +++ b/kubernetes/cert-manager/clusterissuer.yaml @@ -14,4 +14,4 @@ spec: cloudflare: apiTokenSecretRef: name: cloudflare-api-token-secret - key: api-token + key: api-token diff --git a/kubernetes/cert-manager/helm-values.yaml b/kubernetes/cert-manager/helm-values.yaml index 9476682..71a0484 100644 --- a/kubernetes/cert-manager/helm-values.yaml +++ b/kubernetes/cert-manager/helm-values.yaml @@ -11,7 +11,7 @@ cainjector: repository: quay.io/jetstack/cert-manager-cainjector tag: v1.16.2 -crds: +crds: enabled: true extraArgs: diff --git a/kubernetes/longhorn/ingressroute.yaml b/kubernetes/longhorn/ingressroute.yaml index e530a02..c8916bb 100644 --- a/kubernetes/longhorn/ingressroute.yaml +++ b/kubernetes/longhorn/ingressroute.yaml @@ -14,4 +14,4 @@ spec: - name: longhorn-frontend port: 80 tls: - secretName: longhorn-certificate-secret + secretName: longhorn-certificate-secret diff --git a/kubernetes/traefik/examples/ingressroute.yaml b/kubernetes/traefik/examples/ingressroute.yaml index 36f0da4..a8e80ac 100644 --- a/kubernetes/traefik/examples/ingressroute.yaml +++ b/kubernetes/traefik/examples/ingressroute.yaml @@ -1,19 +1,20 @@ +--- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: - name: your-ingressroute # <-- Replace with your IngressRoute name + name: your-ingressroute # <-- Replace with your IngressRoute name namespace: your-namespace # <-- Replace with your namespace spec: entryPoints: - - web - - websecure + - web + - websecure routes: - - match: Host(`your-fqdn`) # <-- Replace with your FQDN - kind: Rule - services: - - name: your-service # <-- Replace with your service name - port: 80 - # --> (Optional) Add certificate secret - # tls: - # secretName: your-certificate-secret - # <-- + - match: Host(`your-fqdn`) # <-- Replace with your FQDN + kind: Rule + services: + - name: your-service # <-- Replace with your service name + port: 80 +# --> (Optional) Add certificate secret +# tls: +# secretName: your-certificate-secret +# <-- diff --git a/kubernetes/traefik/examples/ingressroutetcp.yaml b/kubernetes/traefik/examples/ingressroutetcp.yaml index 55178e4..2b0f1ae 100644 --- a/kubernetes/traefik/examples/ingressroutetcp.yaml +++ b/kubernetes/traefik/examples/ingressroutetcp.yaml @@ -1,19 +1,20 @@ +--- apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP metadata: - name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name - namespace: your-namespace # <-- Replace with your namespace + name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name + namespace: your-namespace # <-- Replace with your namespace spec: entryPoints: - - web - - websecure + - web + - websecure routes: - - match: HostSNI(`your-sni`) # <-- Replace with your SNI - priority: 10 # <-- (Optional) change rule priority - services: - - name: your-service # <-- Replace with your service name - port: 80 - # --> (Optional) Enable TLS Passthrough - # tls: - # passthrough: true - # <-- + - match: HostSNI(`your-sni`) # <-- Replace with your SNI + priority: 10 # <-- (Optional) change rule priority + services: + - name: your-service # <-- Replace with your service name + port: 80 +# --> (Optional) Enable TLS Passthrough +# tls: +# passthrough: true +# <-- diff --git a/kubernetes/traefik/helm-values.yaml b/kubernetes/traefik/helm-values.yaml index adc0ea3..c94243b 100644 --- a/kubernetes/traefik/helm-values.yaml +++ b/kubernetes/traefik/helm-values.yaml @@ -1,3 +1,4 @@ +--- image: repository: traefik tag: v3.2.3 @@ -6,7 +7,7 @@ image: # --> Change redirect HTTP to HTTPs by default here... ports: web: - redirectTo: + redirectTo: port: websecure # <-- From 322935c1e48fabe58715d0caa4f5c4c582397fa4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 28 Dec 2024 08:08:00 +0000 Subject: [PATCH 091/112] chore(deps): update ghcr.io/gethomepage/homepage docker tag to v0.10.6 --- docker-compose/homepage/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index 0cb8a65..4c2be94 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: homepage: - image: ghcr.io/gethomepage/homepage:v0.10.5 + image: ghcr.io/gethomepage/homepage:v0.10.6 container_name: homepage environment: - LOG_LEVEL=info From ec9ff51e5805b9e2b322b439501be926f740380d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 29 Dec 2024 11:13:09 +0000 Subject: [PATCH 092/112] chore(deps): update docker.io/jc21/nginx-proxy-manager docker tag to v2.12.2 --- docker-compose/nginxproxymanager/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/nginxproxymanager/compose.yaml b/docker-compose/nginxproxymanager/compose.yaml index 031acad..ddff9c5 100644 --- a/docker-compose/nginxproxymanager/compose.yaml +++ b/docker-compose/nginxproxymanager/compose.yaml @@ -5,7 +5,7 @@ volumes: nginxproxymanager-db: services: nginxproxymanager: - image: docker.io/jc21/nginx-proxy-manager:2.12.1 + image: docker.io/jc21/nginx-proxy-manager:2.12.2 ports: - 80:80 - 81:81 From 35db8c9b035c93cb487aa5e4f4674d00934ce5ca Mon Sep 17 00:00:00 2001 From: Christoph Schug Date: Sun, 29 Dec 2024 14:00:19 +0100 Subject: [PATCH 093/112] fix: adjust list of Docker packages to be installed Don't try to install the obsolete docker-scan-plugin package and avoid being overly explicit by requesting transitive dependencies which get installed implicitly anyway. Fixes #578. --- ansible/docker/inst-docker-ubuntu.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/ansible/docker/inst-docker-ubuntu.yaml b/ansible/docker/inst-docker-ubuntu.yaml index d2b4f42..4db252e 100644 --- a/ansible/docker/inst-docker-ubuntu.yaml +++ b/ansible/docker/inst-docker-ubuntu.yaml @@ -30,9 +30,6 @@ ansible.builtin.apt: name: - docker-ce - - docker-ce-cli - - containerd.io - docker-buildx-plugin - - docker-scan-plugin - docker-compose-plugin update_cache: true From 059a02442fe3985f5668d44cec676206e9ea261b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 10:20:24 +0000 Subject: [PATCH 094/112] chore(deps): update ghcr.io/gethomepage/homepage docker tag to v0.10.7 --- docker-compose/homepage/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index 4c2be94..14143b3 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: homepage: - image: ghcr.io/gethomepage/homepage:v0.10.6 + image: ghcr.io/gethomepage/homepage:v0.10.7 container_name: homepage environment: - LOG_LEVEL=info From 4cfb2e942edb836a1c8523ee3537c816e03ba1de Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 3 Jan 2025 23:14:59 +0000 Subject: [PATCH 095/112] chore(deps): update ghcr.io/home-assistant/home-assistant docker tag to v2025 --- docker-compose/homeassistant/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homeassistant/compose.yaml b/docker-compose/homeassistant/compose.yaml index 66e847e..d1c9d75 100644 --- a/docker-compose/homeassistant/compose.yaml +++ b/docker-compose/homeassistant/compose.yaml @@ -2,7 +2,7 @@ services: homeassistant: container_name: homeassistant - image: ghcr.io/home-assistant/home-assistant:2024.12.5 + image: ghcr.io/home-assistant/home-assistant:2025.1.0 volumes: - ./config:/config - /etc/localtime:/etc/localtime:ro From 12939b92605262d0855fb03ae13e24f1e54cb380 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 5 Jan 2025 19:05:03 +0000 Subject: [PATCH 096/112] chore(deps): update ghcr.io/gethomepage/homepage docker tag to v0.10.8 --- docker-compose/homepage/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index 14143b3..76b65a7 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: homepage: - image: ghcr.io/gethomepage/homepage:v0.10.7 + image: ghcr.io/gethomepage/homepage:v0.10.8 container_name: homepage environment: - LOG_LEVEL=info From e99fed0d7d392625ed42603779329ee4ba1fa747 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 21:03:39 +0000 Subject: [PATCH 097/112] chore(deps): update docker.io/library/traefik docker tag to v3.3.0 --- docker-compose/traefik/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/traefik/compose.yaml b/docker-compose/traefik/compose.yaml index ffaeec8..a0c883e 100644 --- a/docker-compose/traefik/compose.yaml +++ b/docker-compose/traefik/compose.yaml @@ -1,7 +1,7 @@ --- services: traefik: - image: docker.io/library/traefik:v3.2.3 + image: docker.io/library/traefik:v3.3.0 container_name: traefik ports: - 80:80 From cc0bd7b5053fe3f79e2a984a6b662c82dffac5d7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 21:09:18 +0000 Subject: [PATCH 098/112] chore(deps): update ghcr.io/gethomepage/homepage docker tag to v0.10.9 --- docker-compose/homepage/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homepage/compose.yaml b/docker-compose/homepage/compose.yaml index 76b65a7..2702740 100644 --- a/docker-compose/homepage/compose.yaml +++ b/docker-compose/homepage/compose.yaml @@ -1,7 +1,7 @@ --- services: homepage: - image: ghcr.io/gethomepage/homepage:v0.10.8 + image: ghcr.io/gethomepage/homepage:v0.10.9 container_name: homepage environment: - LOG_LEVEL=info From 01e1b764243822a04f15e27a920c1da83801e460 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 21:11:00 +0000 Subject: [PATCH 099/112] chore(deps): update docker.io/library/redis docker tag to v7.4.2 --- docker-compose/authentik/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/authentik/compose.yaml b/docker-compose/authentik/compose.yaml index 7f0b6f6..c1cf5b8 100644 --- a/docker-compose/authentik/compose.yaml +++ b/docker-compose/authentik/compose.yaml @@ -18,7 +18,7 @@ services: - postgres_data:/var/lib/postgresql/data restart: unless-stopped redis: - image: docker.io/library/redis:7.4.1 + image: docker.io/library/redis:7.4.2 container_name: authentik-redis command: --save 60 1 --loglevel warning healthcheck: From d4d7362231fc46af5c2816e6cbb655c4d352885a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 08:36:54 +0000 Subject: [PATCH 100/112] chore(deps): update ghcr.io/home-assistant/home-assistant docker tag to v2025.1.1 --- docker-compose/homeassistant/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homeassistant/compose.yaml b/docker-compose/homeassistant/compose.yaml index d1c9d75..f8c1e3e 100644 --- a/docker-compose/homeassistant/compose.yaml +++ b/docker-compose/homeassistant/compose.yaml @@ -2,7 +2,7 @@ services: homeassistant: container_name: homeassistant - image: ghcr.io/home-assistant/home-assistant:2025.1.0 + image: ghcr.io/home-assistant/home-assistant:2025.1.1 volumes: - ./config:/config - /etc/localtime:/etc/localtime:ro From 4f64b3723fa1dcb79fa1d5c97c556f34f27dd6db Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 00:14:32 +0000 Subject: [PATCH 101/112] chore(deps): update docker.io/library/traefik docker tag to v3.3.1 --- docker-compose/traefik/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/traefik/compose.yaml b/docker-compose/traefik/compose.yaml index a0c883e..281289a 100644 --- a/docker-compose/traefik/compose.yaml +++ b/docker-compose/traefik/compose.yaml @@ -1,7 +1,7 @@ --- services: traefik: - image: docker.io/library/traefik:v3.3.0 + image: docker.io/library/traefik:v3.3.1 container_name: traefik ports: - 80:80 From 346142d7593f0a18ce165deea68753fa5cc0b802 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 11:03:37 +0000 Subject: [PATCH 102/112] chore(deps): update docker.io/linuxserver/swag docker tag to v3.1.0 --- docker-compose/swag/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/swag/compose.yaml b/docker-compose/swag/compose.yaml index 31aee80..a46a4e6 100644 --- a/docker-compose/swag/compose.yaml +++ b/docker-compose/swag/compose.yaml @@ -15,7 +15,7 @@ services: - /opt/webserver_swag/config/mariadb:/config restart: unless-stopped swag: - image: docker.io/linuxserver/swag:3.0.1 + image: docker.io/linuxserver/swag:3.1.0 container_name: swag cap_add: - NET_ADMIN From 0a89eba4196996cfbfab3ad5d6399f5fa78bbcf7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 16:50:56 +0000 Subject: [PATCH 103/112] chore(deps): update gitlab/gitlab-ce docker tag to v17.7.1 --- docker-compose/gitlab/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/gitlab/compose.yaml b/docker-compose/gitlab/compose.yaml index e77d671..ebe2128 100644 --- a/docker-compose/gitlab/compose.yaml +++ b/docker-compose/gitlab/compose.yaml @@ -1,7 +1,7 @@ --- services: gitlab: - image: gitlab/gitlab-ce:17.7.0-ce.0 + image: gitlab/gitlab-ce:17.7.1-ce.0 container_name: gitlab shm_size: '256m' environment: {} From 6e08f6e48e9d19ce8bc915c6dea77bbd6680204d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Jan 2025 05:36:10 +0000 Subject: [PATCH 104/112] chore(deps): update gitea/gitea docker tag to v1.23.0 --- docker-compose/gitea/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/gitea/compose.yaml b/docker-compose/gitea/compose.yaml index 0310f48..c406ba9 100644 --- a/docker-compose/gitea/compose.yaml +++ b/docker-compose/gitea/compose.yaml @@ -1,7 +1,7 @@ --- services: server: - image: gitea/gitea:1.22.6 + image: gitea/gitea:1.23.0 container_name: gitea-server environment: - USER_UID=1000 From c5918788ca704f23ff6615cb3373d04497177d6b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Jan 2025 22:35:06 +0000 Subject: [PATCH 105/112] chore(deps): update ghcr.io/goauthentik/server docker tag to v2024.12.2 --- docker-compose/authentik/compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose/authentik/compose.yaml b/docker-compose/authentik/compose.yaml index c1cf5b8..3c0ed38 100644 --- a/docker-compose/authentik/compose.yaml +++ b/docker-compose/authentik/compose.yaml @@ -31,7 +31,7 @@ services: - redis_data:/data restart: unless-stopped server: - image: ghcr.io/goauthentik/server:2024.12.1 + image: ghcr.io/goauthentik/server:2024.12.2 container_name: authentik-server command: server environment: @@ -65,7 +65,7 @@ services: - redis restart: unless-stopped worker: - image: ghcr.io/goauthentik/server:2024.12.1 + image: ghcr.io/goauthentik/server:2024.12.2 container_name: authentik-worker command: worker environment: From 335b22afde852910950e94eb69d60584d1d9f876 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Jan 2025 22:37:35 +0000 Subject: [PATCH 106/112] chore(deps): update docker.io/wazuh/wazuh-dashboard docker tag to v4.10.0 --- docker-compose/wazuh/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/wazuh/compose.yaml b/docker-compose/wazuh/compose.yaml index a23aed8..c9176ea 100644 --- a/docker-compose/wazuh/compose.yaml +++ b/docker-compose/wazuh/compose.yaml @@ -88,7 +88,7 @@ services: restart: unless-stopped wazuh.dashboard: - image: docker.io/wazuh/wazuh-dashboard:4.9.2 + image: docker.io/wazuh/wazuh-dashboard:4.10.0 container_name: wazuh-prod-1-dashboard hostname: wazuh.dashboard # --> (Optional) Remove the port mapping when using traefik From 9d65117128dfd4a148c469626ad233654b3b8d8d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 01:45:06 +0000 Subject: [PATCH 107/112] chore(deps): update ghcr.io/home-assistant/home-assistant docker tag to v2025.1.2 --- docker-compose/homeassistant/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/homeassistant/compose.yaml b/docker-compose/homeassistant/compose.yaml index f8c1e3e..fa776cf 100644 --- a/docker-compose/homeassistant/compose.yaml +++ b/docker-compose/homeassistant/compose.yaml @@ -2,7 +2,7 @@ services: homeassistant: container_name: homeassistant - image: ghcr.io/home-assistant/home-assistant:2025.1.1 + image: ghcr.io/home-assistant/home-assistant:2025.1.2 volumes: - ./config:/config - /etc/localtime:/etc/localtime:ro From 02eb88d5d5ed402273fba12cb5bcedc6e1499c28 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 07:12:27 +0000 Subject: [PATCH 108/112] chore(deps): update docker.io/wazuh/wazuh-indexer docker tag to v4.10.0 --- docker-compose/wazuh/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/wazuh/compose.yaml b/docker-compose/wazuh/compose.yaml index c9176ea..36df196 100644 --- a/docker-compose/wazuh/compose.yaml +++ b/docker-compose/wazuh/compose.yaml @@ -55,7 +55,7 @@ services: restart: unless-stopped wazuh.indexer: - image: docker.io/wazuh/wazuh-indexer:4.9.2 + image: docker.io/wazuh/wazuh-indexer:4.10.0 container_name: wazuh-prod-1-indexer hostname: wazuh.indexer ports: From 94666f0ad69b5714c50cf2147c02e190a0a23693 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 10:29:38 +0000 Subject: [PATCH 109/112] chore(deps): update docker.io/wazuh/wazuh-manager docker tag to v4.10.0 --- docker-compose/wazuh/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/wazuh/compose.yaml b/docker-compose/wazuh/compose.yaml index 36df196..6971d24 100644 --- a/docker-compose/wazuh/compose.yaml +++ b/docker-compose/wazuh/compose.yaml @@ -1,7 +1,7 @@ --- services: wazuh.manager: - image: docker.io/wazuh/wazuh-manager:4.9.2 + image: docker.io/wazuh/wazuh-manager:4.10.0 container_name: wazuh-prod-1-manager hostname: wazuh.manager ulimits: From 2799fde8083149f3fe5debe1e2f6aaa15b0ecfb0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 10:30:46 +0000 Subject: [PATCH 110/112] chore(deps): update gitea/gitea docker tag to v1.23.1 --- docker-compose/gitea/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/gitea/compose.yaml b/docker-compose/gitea/compose.yaml index c406ba9..c8e02b9 100644 --- a/docker-compose/gitea/compose.yaml +++ b/docker-compose/gitea/compose.yaml @@ -1,7 +1,7 @@ --- services: server: - image: gitea/gitea:1.23.0 + image: gitea/gitea:1.23.1 container_name: gitea-server environment: - USER_UID=1000 From b3776fec26d6d636399907a8c8d485684c97e0fd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 01:27:10 +0000 Subject: [PATCH 111/112] chore(deps): update public.ecr.aws/gravitational/teleport-distroless docker tag to v16.4.13 --- docker-compose/teleport/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/teleport/compose.yaml b/docker-compose/teleport/compose.yaml index 687899f..06ef4c8 100644 --- a/docker-compose/teleport/compose.yaml +++ b/docker-compose/teleport/compose.yaml @@ -5,7 +5,7 @@ # external: true services: teleport: - image: public.ecr.aws/gravitational/teleport-distroless:16.4.12 + image: public.ecr.aws/gravitational/teleport-distroless:16.4.13 container_name: teleport ports: # -- (Optional) Remove this section, when using Traefik From 76ff2233f2e0ace8cb05ed06740326f5226a6da1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 01:27:14 +0000 Subject: [PATCH 112/112] chore(deps): update docker.io/utkuozdemir/nvidia_gpu_exporter docker tag to v1.3.0 --- docker-compose/nvidiasmi/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/nvidiasmi/compose.yaml b/docker-compose/nvidiasmi/compose.yaml index 1fbe86c..ee51711 100644 --- a/docker-compose/nvidiasmi/compose.yaml +++ b/docker-compose/nvidiasmi/compose.yaml @@ -1,7 +1,7 @@ --- services: nvidia_smi_exporter: - image: docker.io/utkuozdemir/nvidia_gpu_exporter:1.2.1 + image: docker.io/utkuozdemir/nvidia_gpu_exporter:1.3.0 container_name: nvidia_smi_exporter runtime: nvidia environment: