From fa781b59829ca2441dc6b7b03d2836792b676e41 Mon Sep 17 00:00:00 2001 From: admin Date: Sat, 31 Jan 2026 15:27:40 -0700 Subject: [PATCH] p1 variables first pass --- lxc1/p2-apps/forgejo.yml | 21 +++++++++--------- lxc1/p2-apps/guacamole.yml | 44 ++++++++++++++++++------------------- lxc1/p2-apps/komodo.yml | 21 +++++++++--------- lxc1/p2-apps/smtp-relay.yml | 6 ++--- lxc1/p2-apps/wud.yml | 22 +++++++++---------- 5 files changed, 58 insertions(+), 56 deletions(-) diff --git a/lxc1/p2-apps/forgejo.yml b/lxc1/p2-apps/forgejo.yml index 0c75177..984a8ce 100644 --- a/lxc1/p2-apps/forgejo.yml +++ b/lxc1/p2-apps/forgejo.yml @@ -4,16 +4,17 @@ services: container_name: forgejo restart: always environment: - - FORGEJO__database__DB_TYPE=mysql - - FORGEJO__database__HOST=172.16.201.208:3306 - - FORGEJO__database__NAME=forgejo - - FORGEJO__database__USER=forgejo - - FORGEJO__database__PASSWD=your_password - - FORGEJO__storage__TYPE=minio - - FORGEJO__storage__MINIO_ENDPOINT=172.16.201.208:9000 - - FORGEJO__storage__MINIO_ACCESS_KEY_ID=your_key - - FORGEJO__storage__MINIO_SECRET_ACCESS_KEY=your_secret - - FORGEJO__storage__MINIO_BUCKET=forgejo + - FORGEJO__database__DB_TYPE=${FJ_DB_TYPE} + - FORGEJO__database__HOST=${FJ_DB_HOST} + - FORGEJO__database__PORT=${FJ_DB_PORT} + - FORGEJO__database__NAME=${FJ_DB_NAME} + - FORGEJO__database__USER=${FJ_DB_USER} + - FORGEJO__database__PASSWD=${FJ_DB_PASS} + - FORGEJO__storage__TYPE=${FJ_STORE_TYPE} + - FORGEJO__storage__MINIO_ENDPOINT=${FJ_STORE_ENDPOINT} + - FORGEJO__storage__MINIO_ACCESS_KEY_ID=${FJ_STORE_KEY} + - FORGEJO__storage__MINIO_SECRET_ACCESS_KEY=${FJ_STORE_SECRET} + - FORGEJO__storage__MINIO_BUCKET=${FJ_STORE_BUCKET} - FORGEJO__storage__MINIO_USE_SSL=false volumes: - /docker/core/forgejo/data:/data diff --git a/lxc1/p2-apps/guacamole.yml b/lxc1/p2-apps/guacamole.yml index 6da3562..4149d6a 100644 --- a/lxc1/p2-apps/guacamole.yml +++ b/lxc1/p2-apps/guacamole.yml @@ -1,15 +1,15 @@ services: guacd: image: guacamole/guacd:latest - container_name: guacd + container_name: ${GUACD_NAME} restart: always cpus: 1.0 mem_limit: "1024m" mem_reservation: "256m" restart: unless-stopped networks: - - guac_internal - - guac_ssh + - ${GUAC_INT_NETWORK} + - ${GUAC_SSH_NETWORK} guacamole: image: guacamole/guacamole:latest @@ -22,29 +22,29 @@ services: mem_limit: "3072m" # 3 GB mem_reservation: "1024m" environment: - - GUACD_HOSTNAME=guacd - - MYSQL_HOSTNAME=172.16.201.208 - - MYSQL_PORT=3306 - - MYSQL_DATABASE=guacamole - - MYSQL_USER=guac_user - - MYSQL_PASSWORD=your_password + - GUACD_HOSTNAME=${GUACD_NAME} + - MYSQL_HOSTNAME=${GUAC_DB_HOST} + - MYSQL_PORT=${GUAC_DB_PORT} + - MYSQL_DATABASE=${GUAC_DB_NAME} + - MYSQL_USER=${GUAC_DB_USER} + - MYSQL_PASSWORD=${GUAC_DB_PASS} - MYSQL_SSL_MODE=disabled - CATALINA_OPTS="-Djava.security.egd=file:/dev/./urandom -Xms1g -Xmx2g" ports: - "8080:8080" depends_on: - - guacd + - ${GUACD_NAME} #networks: - #- guac_internal - #- guac_external # Connects to Traefik + - ${GUAC_INT_NETWORK} + - ${GUAC_EXT_NETWORK} labels: - - "traefik.enable=false" - - "traefik.http.routers.guac.rule=Host(`ssh.mapletree.email`)" - - "traefik.http.routers.guac.entrypoints=websecure" + - "traefik.enable=${GUAC_TRAEFIK_ENABLED}" + - "traefik.http.routers.guac.rule=Host(`${GUAC_TRAEFIK_HOSTNAME}.${TRAEFIK_DNS_SUFFIX}`)" + - "traefik.http.routers.guac.entrypoints=${GUAC_TRAEFIK_ENTRYPOINT}" - "traefik.http.routers.guac.tls=true" - - "traefik.http.services.guac.loadbalancer.server.port=8080" - - "traefik.http.routers.guac.tls.certresolver=myresolver" - - "traefik.docker.network=guac_external" + - "traefik.http.services.guac.loadbalancer.server.port=${GUAC_TRAEFIK_PORT}" + - "traefik.http.routers.guac.tls.certresolver=${GUAC_TRAEFIK_RESOLVER}" + - "traefik.docker.network=${GUAC_EXT_NETWORK}" # Middleware 1: Redirect - "traefik.http.middlewares.guac-redirect.redirectregex.regex=^https://([^/]+)/?$$" @@ -60,9 +60,9 @@ services: # Apply Both - "traefik.http.routers.guac.middlewares=guac-redirect,guac-buffer" networks: - guac_internal: + ${GUAC_INT_NETWORK}: internal: true - guac_external: - external: true - guac_ssh: + ${GUAC_EXT_NETWORK}: + driver: bridge + ${GUAC_SSH_NETWORK}: external: true \ No newline at end of file diff --git a/lxc1/p2-apps/komodo.yml b/lxc1/p2-apps/komodo.yml index 0d1ea0a..0adc733 100644 --- a/lxc1/p2-apps/komodo.yml +++ b/lxc1/p2-apps/komodo.yml @@ -2,9 +2,10 @@ services: komodo-mongo: image: mongo:7.0 - container_name: komodo-mongo + container_name: ${KOMODO_DB_HOSTNAME} restart: always - network_mode: host + networks: + - ${KOMODO_INT_NETWORK} command: ["--replSet", "rs0", "--bind_ip_all", "--port", "27017"] volumes: - /docker/management/mongodb:/data/db @@ -29,18 +30,18 @@ services: - /docker/management/komodo/repo-cache:/repo-cache - /docker:/docker depends_on: - - komodo-mongo + - ${KOMODO_DB_HOSTNAME} restart: unless-stopped labels: - "komodo.skip=true" - - KOMODO_DATABASE_URI=mongodb://172.16.201.206:27017,172.16.201.106:27017/komodo?replicaSet=rs0 - - KOMODO_DATABASE_ADDRESS= + - KOMODO_DATABASE_URI=mongodb://${KOMODO_DB_PRI}:27017,${KOMODO_DB_SEC}:27017/komodo?replicaSet=${KOMODO_DB_REPLICA} + #- KOMODO_DATABASE_ADDRESS= networks: - - komodo_external - - management_internal + - ${KOMODO_INT_NETWORK} + - ${KOMODO_EXT_NETWORK} networks: - komodo_external: + ${KOMODO_INT_NETWORK}: external: true - management_internal: - internal: true \ No newline at end of file + ${KOMODO_EXT_NETWORK}: + driver: bridge \ No newline at end of file diff --git a/lxc1/p2-apps/smtp-relay.yml b/lxc1/p2-apps/smtp-relay.yml index 498204b..b0f7c0f 100644 --- a/lxc1/p2-apps/smtp-relay.yml +++ b/lxc1/p2-apps/smtp-relay.yml @@ -7,12 +7,12 @@ services: - "25:25" environment: # 1. THE UPSTREAM SMARTHOST (Where mail goes) - - RELAY_HOST=smtp-relay.brevo.com - - RELAY_PORT=587 + - RELAY_HOST=${RELAY_HOST} + - RELAY_PORT=${RELAY_PORT} # 2. INTERNAL SECURITY (Who can send) # Allow your entire subnet (e.g., 192.168.1.0/24) to send without auth - - MYNETWORKS=172.16.201.0/24 10.19.19.0/24 192.168.19.0/24 + - MYNETWORKS=${RELAY_NETWORKS} # 3. IDENTIFICATION # The hostname this relay announces itself as diff --git a/lxc1/p2-apps/wud.yml b/lxc1/p2-apps/wud.yml index 5435aa5..47961b6 100644 --- a/lxc1/p2-apps/wud.yml +++ b/lxc1/p2-apps/wud.yml @@ -10,24 +10,24 @@ services: ports: - "3001:3000" networks: - - management_internal + - ${WUD_INT_NETWORK} volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /docker/management/wud/etc:/etc/wud - /docker/management/wud/var:/var/lib/wud - /docker/management/wud-db:/var/lib/wud/db environment: - - WUD_AUTOUPDATE=false - TZ=America/Edmonton - - WUD_WATCHER_LOCAL_WATCHBYDEFAULT=true - WUD_WATCHER_LOCAL_SOCKET=/var/run/docker.sock - - WUD_REGISTRIES_LSCR_ENABLED=true - - WUD_REGISTRY_LSCR_USERNAME=jkilloran82 + - WUD_AUTOUPDATE=${WUD_AUTOUPDATE} + - WUD_WATCHER_LOCAL_WATCHBYDEFAULT=${WUD_WATCH} + - WUD_REGISTRIES_LSCR_ENABLED=${WUD_LSCR} + - WUD_REGISTRY_LSCR_USERNAME=${WUD_LSCR_USER} - WUD_REGISTRY_LSCR_TOKEN=${GITHUB_PAT_TOKEN} - - WUD_TRIGGER_SMTP_EMAIL_FROM=wud@mapletree.email - - WUD_TRIGGER_SMTP_EMAIL_TO=jkilloran@doppio.ca - - WUD_TRIGGER_SMTP_EMAIL_HOST=10.19.19.3 - - WUD_TRIGGER_SMTP_EMAIL_PORT=25 - - WUD_TRIGGER_SMTP_EMAIL_TLS_ENABLED=false - - WUD_TRIGGER_SMTP_EMAIL_TLS_VERIFY=false + - WUD_TRIGGER_SMTP_EMAIL_FROM=${WUD_SMTP_FROM} + - WUD_TRIGGER_SMTP_EMAIL_TO=${WUD_SMTP_TO} + - WUD_TRIGGER_SMTP_EMAIL_HOST=${WUD_SMTP_HOST} + - WUD_TRIGGER_SMTP_EMAIL_PORT=${WUD_SMTP_PORT} + - WUD_TRIGGER_SMTP_EMAIL_TLS_ENABLED=${WUD_SMTP_TLS} + - WUD_TRIGGER_SMTP_EMAIL_TLS_VERIFY=${WUD_SMTP_TLS_VER} restart: unless-stopped