extern/christianlempa-boilerplates
1
0
Fork 0
mirror of https://github.com/ChristianLempa/boilerplates.git synced 2024-11-07 17:03:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into authentik

Browse Source
This commit is contained in:
Christian Lempa 2024-03-26 13:36:29 +01:00
commit ed2e1e74dc
30 changed files with 272 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/pull_request_template.md vendored
View File

@ -1,12 +1,5 @@
### Pull Request
*Please write all text in English in order to facilitate communication and collaboration, and follow this checklist. It will help the contributors to review your PR. Thank you!*
- [ ] My pull request has a descriptive title. (unlike `Update index.md`). Check [this](https://www.conventionalcommits.org/en/v1.0.0/) guide regarding titles.
- [ ] If applicable, I have tested these changes locally.
*If your pull request closes a GitHub issue, replace the XXXXX below with the issue number.*
Closes #XXXXX
*Please write all text in English in order to facilitate communication and collaboration. Thank you!*
---

7
.gitignore vendored
View File

@ -1,4 +1,7 @@
.obsidian
# Ignore local development files
**/.vscode
**/.env
**/.DS_Store
# Docker Secrets, Environment Files
**/secret.*
**/.env

4
docker-compose/ansiblesemaphore/docker-compose.yaml
View File

@ -4,7 +4,7 @@ volumes:
driver: local
services:
mysql:
image: mysql:8.0
image: mysql:8.3
hostname: mysql
volumes:
- semaphore-mysql:/var/lib/mysql
@ -16,7 +16,7 @@ services:
restart: unless-stopped
semaphore:
container_name: ansiblesemaphore
image: semaphoreui/semaphore:v2.9.45
image: semaphoreui/semaphore:v2.9.58
user: "${UID}:${GID}"
ports:
- 3000:3000

34
docker-compose/cadvisor/docker-compose.yaml
View File

@ -1,17 +1,17 @@
---
services:
cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.47.0
container_name: cadvisor
ports:
- 8080:8080
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
devices:
- /dev/kmsg
privileged: true
restart: unless-stopped
---
services:
cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.49.1
container_name: cadvisor
ports:
- 8080:8080
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
devices:
- /dev/kmsg
privileged: true
restart: unless-stopped

2
docker-compose/grafana/docker-compose.yaml
View File

@ -4,7 +4,7 @@ volumes:
driver: local
services:
grafana:
image: grafana/grafana-oss:10.3.3
image: docker.io/grafana/grafana-oss:10.4.1
container_name: grafana
ports:
- "3000:3000"

2
docker-compose/heimdall/docker-compose.yaml
View File

@ -1,7 +1,7 @@
---
services:
heimdall:
image: lscr.io/linuxserver/heimdall:2.6.1
image: lscr.io/linuxserver/heimdall:2021.11.28
container_name: heimdall
environment:
- PUID=1000

3
docker-compose/homeassistant/docker-compose.yaml
View File

@ -2,10 +2,11 @@
services:
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:2023.6"
image: ghcr.io/home-assistant/home-assistant:2024.3.3
volumes:
- ./config:/config
- /etc/localtime:/etc/localtime:ro
- /run/dbus:/run/dbus:ro
# devices:
# - /dev/ttyACMO # (optional) Add serial devices to the container
privileged: true

33
docker-compose/homepage/docker-compose.yaml Normal file
View File

@ -0,0 +1,33 @@
---
services:
homepage:
image: ghcr.io/gethomepage/homepage::v0.8.9
container_name: homepage
environment:
- LOG_LEVEL=info
# (Optional) Run as a specific user
# - PUID=your-user-id
# - PGID=your-group-id
# (Optional) For secret variables
# - HOMEPAGE_VAR_YOURSECRET=your-secret-key
ports:
- 3000:3000
volumes:
- ./config:/app/config
- ./images:/app/images # for custom background images
- ./icons:/app/icons # for custom icons
restart: unless-stopped
# (Optional) For secure docker socket integration
# dockerproxy:
# image: ghcr.io/tecnativa/docker-socket-proxy:v0.1.1
# container_name: homepage-demo-1-dockerproxy
# environment:
# - CONTAINERS=1 # Allow access to viewing containers
# - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
# - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
# - POST=0 # Disallow any POST operations (effectively read-only)
# ports:
# - 127.0.0.1:2375:2375
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
# restart: unless-stopped

2
docker-compose/nextcloud/docker-compose.yaml
View File

@ -19,7 +19,7 @@ services:
nextcloud-db:
# See compatibility matrix for Nextcloud 28
# https://docs.nextcloud.com/server/28/admin_manual/installation/system_requirements.html
image: docker.io/library/mariadb:10.6.17
image: docker.io/library/mariadb:11.3.2
container_name: nextcloud-db
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:

4
docker-compose/nginxproxymanager/docker-compose.yaml
View File

@ -5,7 +5,7 @@ volumes:
nginxproxymanager-db:
services:
nginxproxymanager:
image: jc21/nginx-proxy-manager:2.10.3
image: docker.io/jc21/nginx-proxy-manager:2.11.1
ports:
- 80:80
- 81:81
@ -20,7 +20,7 @@ services:
- nginxproxymanager-data:/data
- nginxproxymanager-ssl:/etc/letsencrypt
nginxproxymanager-db:
image: jc21/mariadb-aria:10.4.15
image: jc21/mariadb-aria:10.11.5
environment:
- MYSQL_ROOT_PASSWORD=npm
- MYSQL_DATABASE=npm

18
docker-compose/nodeexporter/docker-compose.yaml
View File

@ -1,10 +1,10 @@
---
services:
node_exporter:
image: quay.io/prometheus/node-exporter:v1.5.0
container_name: node_exporter
command: "--path.rootfs=/host"
pid: host
restart: unless-stopped
volumes:
---
services:
node_exporter:
image: quay.io/prometheus/node-exporter:v1.7.0
container_name: node_exporter
command: "--path.rootfs=/host"
pid: host
restart: unless-stopped
volumes:
- /:/host:ro,rslave

2
docker-compose/nvidiasmi/docker-compose.yaml
View File

@ -1,7 +1,7 @@
---
services:
nvidia_smi_exporter:
image: utkuozdemir/nvidia_gpu_exporter:0.3.0
image: utkuozdemir/nvidia_gpu_exporter:1.2.0
container_name: nvidia_smi_exporter
runtime: nvidia
environment:

2
docker-compose/passbolt/docker-compose.yaml
View File

@ -6,7 +6,7 @@ volumes:
services:
passbolt-db:
container_name: passbolt-db
image: mariadb:10.3
image: mariadb:11.3
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=true
- MYSQL_DATABASE=$PASSBOLT_DB_NAME

45
docker-compose/postgres/docker-compose.yaml Normal file
View File

@ -0,0 +1,45 @@
---
services:
postgres:
image: postgres:16.2
container_name: postgres
environment:
- POSTGRES_INITDB_ARGS=${POSTGRES_INITDB_ARGS---data-checksums}
- POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD-}
- POSTGRES_USER=${POSTGRES_USER:-postgres}
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
- POSTGRES_DB=${POSTGRES_DB:-$POSTGRES_USER}
- TZ=${TZ:-UTC}
ports:
- 5432:5432
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U "${POSTGRES_USER:-postgres}"']
start_period: 30s
interval: 10s
timeout: 10s
retries: 5
# (Optional) When using custom network, see also
# https://docs.docker.com/compose/compose-file/compose-file-v3/#networks
#
# networks:
# - yournetwork
secrets:
- postgres_password
volumes:
- postgres_data:/var/lib/postgresql/data
restart: unless-stopped
# (Optional) When using custom network, see also
# https://docs.docker.com/compose/compose-file/compose-file-v3/#network-configuration-reference
#
# networks:
# yournetwork:
# external: true
secrets:
postgres_password:
file: secret.postgres_password.txt
volumes:
postgres_data:
driver: local

54
docker-compose/prometheus/config/prometheus.yml
View File

@ -1,27 +1,27 @@
global:
scrape_interval: 15s # By default, scrape targets every 15 seconds.
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
# external_labels:
# monitor: 'codelab-monitor'
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: 'prometheus'
# Override the global default and scrape targets from this job every 5 seconds.
scrape_interval: 5s
static_configs:
- targets: ['localhost:9090']
# Example job for node_exporter
# - job_name: 'node_exporter'
# static_configs:
# - targets: ['node_exporter:9100']
# Example job for cadvisor
# - job_name: 'cadvisor'
# static_configs:
# - targets: ['cadvisor:8080']
global:
scrape_interval: 15s # By default, scrape targets every 15 seconds.
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
# external_labels:
# monitor: 'codelab-monitor'
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: 'prometheus'
# Override the global default and scrape targets from this job every 5 seconds.
scrape_interval: 5s
static_configs:
- targets: ['localhost:9090']
# Example job for node_exporter
# - job_name: 'node_exporter'
# static_configs:
# - targets: ['node_exporter:9100']
# Example job for cadvisor
# - job_name: 'cadvisor'
# static_configs:
# - targets: ['cadvisor:8080']

2
docker-compose/prometheus/docker-compose.yaml
View File

@ -4,7 +4,7 @@ volumes:
driver: local
services:
prometheus:
image: prom/prometheus:v2.50.1
image: prom/prometheus:v2.51.0
container_name: prometheus
ports:
- 9090:9090

2
docker-compose/teleport/docker-compose.yaml
View File

@ -5,7 +5,7 @@
# external: true
services:
teleport:
image: public.ecr.aws/gravitational/teleport-distroless:13
image: public.ecr.aws/gravitational/teleport-distroless:15
container_name: teleport
ports:
# -- (Optional) Remove this section, when using Traefik

16
docker-compose/traefik/config/conf/example-externalservice.yaml Normal file
View File

@ -0,0 +1,16 @@
http:
routers:
your-local-router:
rule: "Host(`your-local-service.your-domain.com`) && PathPrefix(`/`)"
service: your-local-service
priority: 1000
entryPoints:
- web
# (optional) Permanent Redirect to HTTPS
# - websecure
services:
your-local-service:
loadBalancer:
servers:
- url: "http://your-local-service:port"

2
kubernetes/traefik/values.yml
View File

@ -84,7 +84,7 @@ deployment:
# The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/containous/traefik/issues/6972
- name: volume-permissions
image: busybox:1.31.1
image: busybox:1.36.1
command: ["sh", "-c", "chmod -Rv 600 /ssl-certs/*"]
volumeMounts:
- name: ssl-certs

19
renovate.json Normal file
View File

@ -0,0 +1,19 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"labels": ["renovate"],
"packageRules": [
{
"depTypeList": [ "devDependencies", "require-dev" ],
"updateTypes": [ "patch", "minor", "digest"],
"groupName": "devDependencies (non-major)"
}
],
"extends": [
"config:base",
":preserveSemverRanges",
":dependencyDashboard",
":rebaseStalePrs",
":enableVulnerabilityAlertsWithLabel('security')",
"group:recommended"
]
}

2
terraform/cloudflare/provider.tf
View File

@ -8,7 +8,7 @@ terraform {
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 3.0"
version = "~> 4.0"
}
}
}

2
terraform/kubectl/provider.tf
View File

@ -9,7 +9,7 @@ terraform {
required_providers {
kubectl = {
source = "gavinbunney/kubectl"
version = "1.13.1"
version = "1.14.0"
}
}
}

2
terraform/kubernetes/provider.tf
View File

@ -9,7 +9,7 @@ terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.8.0"
version = "2.27.0"
}
}
}

2
terraform/templates/cloud-deployment-example/main.tf
View File

@ -5,7 +5,7 @@ terraform {
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 3.0"
version = "~> 4.0"
}
civo = {
source = "civo/civo"

8
terraform/templates/kubernetes-automation-example/provider.tf
View File

@ -9,19 +9,19 @@ terraform {
}
helm = {
source = "hashicorp/helm"
version = "2.4.1"
version = "2.12.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.8.0"
version = "2.27.0"
}
kubectl = {
source = "gavinbunney/kubectl"
version = "1.13.1"
version = "1.14.0"
}
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 3.0"
version = "~> 4.0"
}
}
}

2
terraform/templates/simple-docker-example/main.tf
View File

@ -2,7 +2,7 @@ terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "~> 2.13.0"
version = "~> 3.0.0"
}
}
}

40
vagrant/hyperv/ubuntu/docker/Vagrantfile vendored
View File

@ -1,20 +1,20 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "generic/ubuntu2004"
config.vm.network "public_network"
config.vm.synced_folder ".", "/vagrant_data", disabled: true
config.vm.provider "hyperv"
config.vm.provider "hyperv" do |h|
h.enable_virtualization_extensions = false
h.linked_clone = true
h.memory = 2048
h.vmname = "ubuntu_docker_1"
end
config.vm.provision "ansible" do |a|
a.verbose = "v"
a.playbook = "playbook.yaml"
end
end
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "generic/ubuntu2004"
config.vm.network "public_network"
config.vm.synced_folder ".", "/vagrant_data", disabled: true
config.vm.provider "hyperv"
config.vm.provider "hyperv" do |h|
h.enable_virtualization_extensions = false
h.linked_clone = true
h.memory = 2048
h.vmname = "ubuntu_docker_1"
end
config.vm.provision "ansible" do |a|
a.verbose = "v"
a.playbook = "playbook.yaml"
end
end

40
vagrant/hyperv/ubuntu/microk8s-installed/Vagrantfile vendored
View File

@ -1,20 +1,20 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "generic/ubuntu2004"
config.vm.network "public_network"
config.vm.synced_folder ".", "/vagrant_data", disabled: true
config.vm.provider "hyperv"
config.vm.provider "hyperv" do |h|
h.enable_virtualization_extensions = false
h.linked_clone = true
h.memory = 2048
h.vmname = "ubuntu_plain_1"
end
config.vm.provision "ansible" do |a|
a.verbose = "v"
a.playbook = "playbook.yaml"
end
end
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "generic/ubuntu2004"
config.vm.network "public_network"
config.vm.synced_folder ".", "/vagrant_data", disabled: true
config.vm.provider "hyperv"
config.vm.provider "hyperv" do |h|
h.enable_virtualization_extensions = false
h.linked_clone = true
h.memory = 2048
h.vmname = "ubuntu_plain_1"
end
config.vm.provision "ansible" do |a|
a.verbose = "v"
a.playbook = "playbook.yaml"
end
end

44
vagrant/hyperv/ubuntu/plain-with-cockpit/Vagrantfile vendored
View File

@ -1,22 +1,22 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "generic/ubuntu2004"
config.vm.network "public_network", bridge: "BRIDGE"
config.vm.synced_folder ".", "/vagrant_data", disabled: true
config.vm.provider "hyperv"
config.vm.hostname = "ubuntu_plan-with-cockpit-1"
config.vm.provider "hyperv" do |h|
h.enable_virtualization_extensions = false
h.linked_clone = true
h.memory = 2048
h.vmname = "ubuntu_plan-with-cockpit-1"
end
config.vm.provision "ansible" do |a|
a.verbose = "v"
a.playbook = "playbook.yaml"
end
end
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "generic/ubuntu2004"
config.vm.network "public_network", bridge: "BRIDGE"
config.vm.synced_folder ".", "/vagrant_data", disabled: true
config.vm.provider "hyperv"
config.vm.hostname = "ubuntu_plan-with-cockpit-1"
config.vm.provider "hyperv" do |h|
h.enable_virtualization_extensions = false
h.linked_clone = true
h.memory = 2048
h.vmname = "ubuntu_plan-with-cockpit-1"
end
config.vm.provision "ansible" do |a|
a.verbose = "v"
a.playbook = "playbook.yaml"
end
end

30
vagrant/hyperv/ubuntu/plain/Vagrantfile vendored
View File

@ -1,15 +1,15 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "generic/ubuntu2004"
config.vm.network "public_network"
config.vm.synced_folder ".", "/vagrant_data", disabled: true
config.vm.provider "hyperv"
config.vm.provider "hyperv" do |h|
h.enable_virtualization_extensions = false
h.linked_clone = true
h.memory = 2048
h.vmname = "ubuntu_plain_1"
end
end
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "generic/ubuntu2004"
config.vm.network "public_network"
config.vm.synced_folder ".", "/vagrant_data", disabled: true
config.vm.provider "hyperv"
config.vm.provider "hyperv" do |h|
h.enable_virtualization_extensions = false
h.linked_clone = true
h.memory = 2048
h.vmname = "ubuntu_plain_1"
end
end