rescla/qnap-containers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rescla:0636be99d91fd20635f1409e5450f736971dd544
Branches Tags
rescla:main
..
compare: rescla:main
Branches Tags
rescla:main

104 Commits
0636be99d9 ... main

Author SHA1 Message Date
Rescla
30d3f07340 Updates 2025-12-04 09:37:03 +01:00
Rescla
bb82b4730e Updates 2025-11-25 10:37:17 +01:00
Rescla
b5945e7532 Get malla back on meshnet 2025-11-17 14:58:17 +01:00
Marc Fokkert
95e2febd70 Updates 2025-11-17 11:14:26 +01:00
Marc Fokkert
c179cb1245 Updates 
Add Yamtrack
 2025-11-15 13:55:52 +01:00
Marc Fokkert
0eed6b7f3f Update 2025-11-14 07:45:53 +01:00
Rescla
0c50dbd35a Updates 2025-11-13 13:30:22 +01:00
Marc Fokkert
d07b1ece64 Update 2025-11-06 21:11:45 +01:00
Rescla
7eab1f11f0 Add searxng 
Updates
 2025-11-05 16:42:56 +01:00
Marc Fokkert
7053059053 Update 2025-11-01 21:18:58 +01:00
Rescla
cebde1aa76 Updates 
Add ripe-atlas probe
 2025-10-29 13:45:43 +01:00
Marc Fokkert
c9817d5b20 Update 2025-10-26 08:29:44 +01:00
Rescla
693a57aa93 Add local Malla instance 2025-10-24 11:09:30 +02:00
Rescla
db50dda2f1 Updates 2025-10-20 16:42:00 +02:00
Rescla
e4f652b6e2 Update 2025-10-17 17:15:06 +02:00
Rescla
49c37db596 Update 2025-10-17 15:11:29 +02:00
Marc Fokkert
b4f22f54d0 Update 2025-10-17 14:59:25 +02:00
Marc Fokkert
8c149a4b38 WIP 2025-10-17 14:58:05 +02:00
Rescla
d1298973a2 Add synapse 2025-10-17 14:57:09 +02:00
Marc Fokkert
195a16cbe1 updates 2025-10-14 10:34:31 +02:00
Marc Fokkert
01f8549149 updates 2025-10-11 13:50:29 +02:00
Marc Fokkert
1f9026ef32 updates 2025-10-06 21:54:06 +02:00
Marc Fokkert
d0bc3c7af3 Updates, add meshtastic 2025-10-01 13:50:37 +02:00
Marc Fokkert
29a4cc4ee8 Updates 2025-09-30 13:13:17 +02:00
Marc Fokkert
6900f9ad0c Updates 2025-09-23 08:37:10 +02:00
Marc Fokkert
f69e1b60a6 Updates 2025-09-23 08:36:37 +02:00
Marc Fokkert
c4b51117c6 Updates 2025-09-16 11:00:13 +02:00
Marc Fokkert
9a5969e129 Updates, add piped 2025-09-15 10:58:33 +02:00
Marc Fokkert
8d2a5c5494 Updates 2025-09-11 08:26:07 +02:00
Marc Fokkert
995332e672 Updates 2025-09-07 11:30:11 +02:00
Marc Fokkert
c1bc782361 Updates 2025-09-02 10:04:07 +02:00
Marc Fokkert
ef08e991f2 Updates 2025-09-02 08:15:00 +02:00
Marc Fokkert
7b140dd002 Add some new services 2025-09-01 14:45:25 +02:00
Marc Fokkert
29cfb698d2 Add memos 2025-09-01 13:55:58 +02:00
Marc Fokkert
1c1aaa1d71 Move jellyseerr 2025-08-31 11:58:11 +02:00
Marc Fokkert
bbf82974ac Move arrs 2025-08-31 11:48:50 +02:00
Marc Fokkert
6fb5b7da0f Move unifi, uptime kuma and sabnzdb 2025-08-31 10:52:57 +02:00
Marc Fokkert
46a9677551 Disable some services 
Move vikunja, ofellia and nginx-lb to microos
 2025-08-31 08:45:51 +02:00
Marc Fokkert
5c7f056376 Disable some services 
Move deluge to microos
 2025-08-31 08:21:50 +02:00
Marc Fokkert
7ea67d2cf0 Fix gitea config 2025-08-31 07:44:33 +02:00
Marc Fokkert
ee560f51e5 Move various servies to microos 2025-08-31 07:43:11 +02:00
Marc Fokkert
ea8edac9ee Move audiobookshelf to coreos 2025-08-30 10:55:04 +02:00
Rescla
b65fec102e Update 2025-08-05 11:06:38 +02:00
Rescla
7fcbd05b99 Update 2025-07-20 12:25:23 +02:00
Rescla
77ef11461c Updates 2025-06-29 15:46:56 +02:00
Marc Fokkert
71352270da Updates 2025-06-06 11:48:26 +02:00
Marc Fokkert
e5ce28f918 Updates 2025-05-27 08:36:22 +02:00
Marc Fokkert
82fb383c2e Temp 2025-05-27 08:14:30 +02:00
Marc Fokkert
0f4ba8da39 Updates 
Add resilio
 2025-05-13 14:54:01 +02:00
Marc Fokkert
d73be9d4e5 Run updates 
Remove airsonic and replace with navidrome
 2025-05-05 15:40:06 +02:00
Marc Fokkert
e0e2c8d009 Updates, move hoarder/karakeep to proxmox 2025-05-05 09:40:04 +02:00
Marc Fokkert
9cbec6287c - 2025-05-02 19:13:09 +02:00
Marc Fokkert
51cf450411 IPV6 tryout 2025-04-30 13:56:49 +02:00
Marc Fokkert
c1980a6afa Add new jellyfin instance on proxmox 2025-04-22 00:06:27 +02:00
Marc Fokkert
e0ce1d67ca Move photoprisms to proxmox 2025-04-20 17:14:04 +02:00
Marc Fokkert
87f8cc3c10 Finally get proxmox/microos/docker to work 2025-04-20 15:29:45 +02:00
Rescla
a6871c214b Update all, add configarr wip 2025-04-08 07:37:25 +02:00
Rescla
0e0fb0474d Run update with opentofu 2025-03-27 21:20:27 +01:00
Marc Fokkert
f118ab302e Add gluetun 
wip tidarr
 2025-03-27 20:57:38 +01:00
Marc Fokkert
c411963890 Update mariadb 
Remove brother-printer-webhook
wip tidarr
 2025-03-04 17:49:56 +01:00
Marc Fokkert
6f8c880f67 Update airsonic to use datarr 2025-03-04 16:57:19 +01:00
Marc Fokkert
b1e9cd43ee Add bazarr, homer, lidarr and whisper-asr 2025-03-04 11:18:53 +01:00
Marc Fokkert
86fb19f65c Update photoprism 2025-03-03 19:12:00 +01:00
Marc Fokkert
bcab1b0851 WIP authelia 
Move photoprism storage to truenas
 2025-02-25 15:48:42 +01:00
Marc Fokkert
8106122d0a WIP authelia 
Update everything
 2025-02-25 10:18:06 +01:00
Marc Fokkert
6fa1a1dbb2 Use volume for deluge 2025-02-24 20:46:55 +01:00
Marc Fokkert
9b78b43c7f Use volume for datarr 
Disable rutorrent and esphome
Updates
 2025-02-21 12:23:41 +01:00
Marc Fokkert
8cc469a091 Get volume to work 2025-02-20 23:25:40 +01:00
Marc Fokkert
5c66c7f8f4 Update 
Move zigbee2mqtt and mosquitto off qnap
Add truenass-arr volume (test)
 2025-02-20 11:24:08 +01:00
Marc Fokkert
89a9006126 Disable home assistant docker 2025-02-10 16:23:40 +01:00
Marc Fokkert
d830f849dd Run updates 2025-02-06 11:21:48 +01:00
Marc Fokkert
b403513b16 Updates 2025-02-04 12:28:55 +01:00
Marc Fokkert
627c917670 WIP barcode buddy and webhook 2025-01-28 22:05:07 +01:00
Marc Fokkert
1567dce7f3 Updates, and disable scholarsome 2025-01-25 16:53:50 +01:00
Marc Fokkert
7bce7bcc57 Update 2025-01-05 21:56:36 +01:00
Marc Fokkert
174c029a2b Update 2025-01-03 12:22:21 +01:00
Marc Fokkert
e2d4c0be16 Update 2025-01-01 16:39:11 +01:00
Marc Fokkert
cbac693e2a Update 2024-12-23 14:57:19 +01:00
Marc Fokkert
8ed3574bfe Update 2024-12-09 10:14:50 +01:00
Marc Fokkert
c9a9641bc7 Update 
Add scholarsome
 2024-11-29 11:16:23 +01:00
Marc Fokkert
77c93ae359 Update 2024-11-25 16:16:34 +01:00
Marc Fokkert
7a9865bcd3 Update 2024-11-23 10:21:41 +01:00
Marc Fokkert
da951d816d Add audiobookshelf and readarr 2024-11-13 15:25:20 +01:00
Marc Fokkert
0d1e403477 Updates 2024-11-08 17:04:55 +01:00
Marc Fokkert
cd79ca9d3e Updates 2024-10-30 20:48:33 +01:00
Marc Fokkert
0137fa0799 Updates 2024-10-16 09:52:01 +02:00
Marc Fokkert
6af9a5c695 Updates 2024-10-12 22:00:41 +02:00
Marc Fokkert
00697480ae Updates 2024-09-17 09:54:28 +02:00
Marc Fokkert
7faae7f17e Add dozzle 2024-09-11 13:22:56 +02:00
Marc Fokkert
22dee7fafc Update jellyfin to add hdd storage 
Add vikunja
 2024-09-10 09:21:50 +02:00
Marc Fokkert
256ff33140 Add grocy 
Fix prowlarr config directory
 2024-09-05 10:16:39 +02:00
Marc Fokkert
e02b5f9ac4 Updates 2024-09-01 22:02:22 +02:00
Marc Fokkert
c802d32909 Add prowlarr 2024-08-29 12:53:24 +02:00
Marc Fokkert
8385f55f10 Add probes 
Add arr stuff
 2024-08-28 21:41:29 +02:00
Marc Fokkert
cd0fa7b17d Updates 2024-08-21 10:07:10 +02:00
Marc Fokkert
3f9cfbdab2 Add esphome 2024-08-02 15:17:35 +02:00
Marc Fokkert
8940ad6a12 Minor smokeping update 2024-07-24 22:46:59 +02:00
Marc Fokkert
b7506d5209 Add uptime kuma 2024-07-23 22:06:33 +02:00
Marc Fokkert
00b369124d Work on nginx loadbalancer and photoprism 2024-07-18 22:37:45 +02:00
Marc Fokkert
cad0dc7f50 After update 2024-07-09 21:06:34 +02:00
Marc Fokkert
6b2855fb16 Try updating dns for smokeping 
Fix home assistant
 2024-03-14 12:03:43 +01:00
Marc Fokkert
abdfb084e9 Update for skutsje 2024-03-14 11:06:09 +01:00
Marc Fokkert
395a97f4e5 WIP update for pi 2023-11-24 15:33:06 +01:00
Marc Fokkert
d0bce81142 Perform apply 25-10-2023 2023-10-25 17:13:07 +02:00
119 changed files with 16996 additions and 9864 deletions
Expand all files Collapse all files

23
.docker-rp/ca.pem Normal file
View File

@@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIUKJbJAWzYj7wqvJqcTwD0fhyF4hMwDQYJKoZIhvcNAQEL
BQAwfjELMAkGA1UEBhMCTkwxETAPBgNVBAcMCERyYWNodGVuMRQwEgYDVQQKDAtS
YXNwYmVycnlQSTENMAsGA1UECwwEcm9vdDEUMBIGA1UEAwwLcmFzcGJlcnJ5cGkx
ITAfBgkqhkiG9w0BCQEWEm1hcmNmb2trZXJ0QHh6MS5ubDAeFw0yMzA4MjMxOTU5
NDFaFw0yMzA5MjIxOTU5NDFaMH4xCzAJBgNVBAYTAk5MMREwDwYDVQQHDAhEcmFj
aHRlbjEUMBIGA1UECgwLUmFzcGJlcnJ5UEkxDTALBgNVBAsMBHJvb3QxFDASBgNV
BAMMC3Jhc3BiZXJyeXBpMSEwHwYJKoZIhvcNAQkBFhJtYXJjZm9ra2VydEB4ejEu
bmwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTF9UBaZgeYfhlg52+
11TfqgLb4ffUYvnEiGxp4paZ3axCxgYBwX6SYkdwP4xcyNHlk/c2OICVNim0u4dd
IoIfQFHScIQt7/GeER5lK1rktjR1H8nu2/sY2Fm7ELNyq+iQHe2Gw8EOc6viBOLM
VUbBpDydbjcD/u+eRMoyvwq9nQzdM78aeTzE7kdQ+jF7dujrHJnmrQ8SvKR5fJzw
DEitEpQpaSqXUubtRTuEN6eSnmo766SgqX38ezbaGmdCjxtd8m8dD8wdX6Ww8PTn
H9LKUrRDMKjvJF8a314KnjL2Lr6wSnsV5U9A6wkEFM5jc1XYWUZnY6r+ELYvD7iS
Sm0zAgMBAAGjUzBRMB0GA1UdDgQWBBSllshx63k+1+QfMLSMKhxqDVIf4TAfBgNV
HSMEGDAWgBSllshx63k+1+QfMLSMKhxqDVIf4TAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBDmdN7tLv3A5uZFUh3v2M/JZbzv/8N+bDQrbYb4GHj
zbsiPF4I+jkvDummnu3qqq1viMbWIigQOn8bFsi9wlH1C+l6m5aMO112Ev+F4xeM
rM4A/x40cdGDJmlkU+w+yq28u6iCvQHYDC5mKmPc29BsvFR5AGSECwH6ui/iW44s
JqwDkKKeVatFN8GYfwMRKHAUT/dDwtOeFXC+0FBAdzf/VAtXe7Z+xFW5wmNF3Ffa
USRudab3gs5hxz9Y1ToV2MtgU8uJJCs2VTBFPfPpUi+x5q2Kq1ULOG+0Ik4oEp0t
CjTsuYLfg+mIYiFTO56NL8w/EWP5Zn+CzgD5Sf7ouu6U
-----END CERTIFICATE-----

31
.docker-rp/cert.pem Normal file
View File

@@ -0,0 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIUOisegVRNFCZqWGDpXswA23evPo4wDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCTkwxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzA4MjMxOTQ2NTJaFw0yMzA5
MjIxOTQ2NTJaMEUxCzAJBgNVBAYTAk5MMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQDbIYCVBBNaZOlCXmpZDB+boIeNVGH/6d5yLWmHdwt0
cW5K1SBpISOinyCHhMBwxyMNaBYTEM8BIXCa2leaa40a4iOLL5QL1CzYTgxeUgOh
WqN2XsvQDNyOAFGZ2om8CMLb9zxf282/WRjzG819NbAQ+c1y3PdEYEqyNIiNP73o
eKKSRbVEKETePG0emsuc2QaqGYPetvTng0mUlIwueaRcGapKywOLfU/z9URP5Ilv
fPPf6C3QpQVoIKHWHr0SF+PRtW2mrHtAsk01Ytr1Qm0sX4oXzClWW0XiMV44YNaR
TjSx8yx4Gn5uYmFnao0FXqfqR0r6Ud8Ba3lULwKCs+3HpUPyhNgjsfKiLNsgPx78
WaF2haHuo/wBFHkF8fVlWfJJp//vq9smLV6NLLCoRgif5DLntLzt5ZbBF041oZuK
SSZHi+6qK3jGPc8lWvWmRISo7mR39CCbZTrM9pS3a96SL8DaLBSFlbtDqxn3l4ll
4qGqrwgYmY7ypxGC78Q1wiN6X0pfNUCMXbDI7QjOPjf5qSDTF9wBxw4PCumZNlzg
d3DtVBa2igONA67YERZKNx4Jn9C/TODEblhMSEdw6I9sGL/ulHylT3+UPY3TlR3T
AJ9PjN8Quu5gkeeWx/dHSr3JOlrHJtFkhUb+ha7JZKsUE3LvHRAdVVEKUfMoxZ7S
7wIDAQABo1MwUTAdBgNVHQ4EFgQUfcPM/qY8Wh1pCBiIavPvLnFk3FYwHwYDVR0j
BBgwFoAUfcPM/qY8Wh1pCBiIavPvLnFk3FYwDwYDVR0TAQH/BAUwAwEB/zANBgkq
hkiG9w0BAQsFAAOCAgEAqHUuLkIqJraKZeXUuOcv6OU2nYfHA8FHtvz/JDrJI95Q
vGLDVgTWojUiOBneBkhCdXWr7tyjvlS56BpIK20EV2QyyQEa/9tYceJgZM/kg3Vv
677aL+u0AiIU1YOaWR9Sn5D+1sa7k6kkruTmfHNPPKXXYtHoWEIm5momJzUEeEbH
q9HKQOstPUJSNL0fgG5IteqoiphZX5XtDmeke/P5y5JyebG3LqyFjhY5A4yAI581
zu4o+OZ6bqvF6QoRX0vLHYK5VDx0AUFAtJWcnwuiV+LhBdxyrMJ2lbTHWzZXQ9Gw
xOzqEXI0FcqFsETBzchbuPhjAdekPgzUWnPGmdgnCOSG4MS6Nf2QQ72kmFTCrPHu
N+Zd6Gqp3wYyHW9AeE08FlTb/iLh20BU2mTjeJGkyfaMbDIch+HU/2qs9PAZ0a5V
Mrj4zXsdSC9soayldl0mb3YxsPSd05MWM9uWrrs2yFLrVezGqCGhEhiC19sT/8am
6n6QmllZWDZ4ODjKbmQgkrdelsqj3slPZP5EF8haDqzjo0Kj9AbWbAbwE5HFZweJ
uY8GvSIi7vAsJXBFzo9URYRbTYlKYvFGqbMC9QqKcKzXMXs2AZa5jtiMLWXKAhtB
ZXrGdk1VyEzFW2ehRYJYhcqt6/Q5WBoNkR4a2gz+0NmWXkyY2N2OVSdicyHIh9U=
-----END CERTIFICATE-----

51
.docker-rp/key.pem Normal file
View File

@@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA2yGAlQQTWmTpQl5qWQwfm6CHjVRh/+neci1ph3cLdHFuStUg
aSEjop8gh4TAcMcjDWgWExDPASFwmtpXmmuNGuIjiy+UC9Qs2E4MXlIDoVqjdl7L
0AzcjgBRmdqJvAjC2/c8X9vNv1kY8xvNfTWwEPnNctz3RGBKsjSIjT+96HiikkW1
RChE3jxtHprLnNkGqhmD3rb054NJlJSMLnmkXBmqSssDi31P8/VET+SJb3zz3+gt
0KUFaCCh1h69Ehfj0bVtpqx7QLJNNWLa9UJtLF+KF8wpVltF4jFeOGDWkU40sfMs
eBp+bmJhZ2qNBV6n6kdK+lHfAWt5VC8CgrPtx6VD8oTYI7HyoizbID8e/FmhdoWh
7qP8ARR5BfH1ZVnySaf/76vbJi1ejSywqEYIn+Qy57S87eWWwRdONaGbikkmR4vu
qit4xj3PJVr1pkSEqO5kd/Qgm2U6zPaUt2veki/A2iwUhZW7Q6sZ95eJZeKhqq8I
GJmO8qcRgu/ENcIjel9KXzVAjF2wyO0Izj43+akg0xfcAccODwrpmTZc4Hdw7VQW
tooDjQOu2BEWSjceCZ/Qv0zgxG5YTEhHcOiPbBi/7pR8pU9/lD2N05Ud0wCfT4zf
ELruYJHnlsf3R0q9yTpaxybRZIVG/oWuyWSrFBNy7x0QHVVRClHzKMWe0u8CAwEA
AQKCAgEAiPD65iVR4t/FVhCi7VtCNYOwsoXVaJTCyx/OHzYqFm78ug9O3eQz3OEM
9yPjD5ejNDGj+e47Lz2ynVNuA7bKy84e4FCveGT0UYkU+azPT/rQxJyhSjd/bc6N
MFT+VmAzRjvPoyg+ACKyENuDI4h1q2YxGmM0s6ppg8yIuZzoFWuuTTL7AMkZoLiq
iMG8FR0bqRmg64Hysuu9A/mBUVn7eQMhBPSyFm4NlSvlsPflW6L+1SLH3ugB5Pzf
pmw3RCNh4CA9kjegHuJOldpdc4A7sctTBWQ1QR5xIdYwR5NdBBmXnM2XMMd904Xv
0S0pS/3HegVruduIPd7oR8/JBd1j7oPHf5hbEe+qXAYXtF6RoZfMKaqqrqyDhOOo
uZ7rnTNeogajxEUyD+4B6Y841sykUhhXGi0Zpj8XhNCcTELqfSNU3qEF4EduZ60Z
A6qEXYKIqpfPcN/hh7lQ81auwj8g226yX3WeIOO0qEfhhQ9ykmnazZViNtfZ/OVU
+Psgx3uvfDqK6R1VZDC6Axvy5WDcsdyzipsB3Yf2FXCu3pFq2UgAZ/PMUSALuCxF
0tX5zVqxutEGrKi6k1PWQh1Z3Eji5L809gmOsshkGHsBR8d+b1VaASfiOMEL3fiX
sIxKPnMP9Zb4TFGOy6sYXLcTxI4AsTmLbZopZ7ktJrxNJbaPGwECggEBAPnugKnq
sYLv8Phi/juHOHDevaZusxf0LE3M37PrpmEymfrcMb0r+2vV9nHTZipqj5vDMiE2
H96QCMdBb8A1bpe0/5NZKfBLiS/xIFo1j34eNFYAPUeARmd0AnmbSnfyXcQeiiTn
euwD1pUSVKW+9hlkpeKLQXN6RLRkMY+npwL/uv0vidcWfgFUFgquS8Q4AWLtvndR
6wNOQb00p/7kXcrXvkvM0TSSRZYgYJVphBFO7o78/NP83cVKdJk71GdI6YQfm1VC
WRIj3Frwb5bEoJvGiFlK6uWM6BMikx/kIzia4Q4fy6n4AXaHcWWSrsyGKwat6bQV
OholVXuxU2MZp08CggEBAOBzjTVx2Dn8F+/qDbkMTPazdiXOChJ64jUfhxQ57MhR
8RmJ+9UXmF3DJa/SvpxcSkJtpLLH3X/Tty/Qli5DoSUQ9aBMFemggV0rsoXWkOTQ
iKTuFqACka3whBVmrjKIzdaVTECyVsivU04fwgqe2ITGKSBMDyqTdlJf671o3604
Jm48g47tqmmstSWsLzHnpoHr7Y6vSgiCIx6gEeSg+PfLkF2YZdGsoilv+CWczThk
PGBzXV23pXbDpegGrPbkXYOJ9xjk9lyrGHmrJkhd55aEreMf7rUseL4KVsPI927u
LDYLaDyZMrDp9OOZ0YavR1hZEOBSqM8uAdXbnGf3MmECggEBAJ5YJboBUD+FpuSn
Sy0JyY9w/zSfs+W8NAmCgEQsSzgPaBDQSs7wO5UhdMa+yV6cLqnfrDXwZZaLKJSc
96EN+Sgyay2+ctyj7qGqIfYlMukTV9MYybowIerPS/YhlbeSnSdwtdMVuQIomF3P
xENSTfbell6GHYx87WRgiinabOxwetaHtMvJm0FaNbDEpooFdZNozqAoDT4F6Y5m
+vx5UJb/wrehZvXoqh+oGajvtdWFbYy36bKg5RxmxKKEjlh1kES+BZqps2bTw3r2
E6ywnJS03pO77EBM2oetAwtUbaAiN+3L5SulTb/7pbNVkFtRsZbEvmjyfeIsvxDj
0tHZYe8CggEAQdajXUH/w0KHYwCs9dL94H/T8FL38WPKZvrQjMZRBpHCv1MSY/d/
4kEUFPckookP31x6K1clShG4cnYlF30PD+hhpJus8dL7H3Fp9Ih0CCqDap3MVTNr
uDINDJoKDxjCCGfS7kdh3YxQS2JVcPgXWxslhSvKZxrKYm9wnybcNdt6qmtly887
ZbQbjulrDqB83y9th6UzejtyQdGCbiYp4cX8mvfRJigViUIm8CGGsTv12fT9Njhg
eO37BIywv9tM8wDNUqgW/CfUDhx+JkwlWqmguDbttodNA7HUsamJqyiCH3hJIz1s
+SgnhXvhUjioHOpDYQneKqe8MhcxUe3ZAQKCAQBZqe3Ke92M4ycI6/ALbG+XCttO
p0r9d9S+4EP6HmDpzw2YCQdS/3I5sdkowXFlsloV2e8I2bwXYYfH8NOlMqBDydjF
4f/X5IUtF4Ojta0wHOWVm3oDlkMyOl/6ppOMsBT7L+2Es18aRezqQ9ywkF2dMray
UwnsdVKAJTH7RzYH2FRc8BicCp4IkjKbtKqGCezLTEBnsfXn2YP2VOxqNU5U7GiP
YnVt0sUisqZdjlsK59nnknncxaogLBlv5XPmEJNK19diFRuf3NNN0/gXf98PB6oo
omWZO1KXgSzZjxm3Ltht7rZDuHGkTa0PHuADDyXT1Y0nbalJL/2qc16HOJtG
-----END RSA PRIVATE KEY-----

56
.docker/ca.pem
View File

@@ -1,35 +1,35 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIGDTCCA/WgAwIBAgIUDkIYxPkslQJuPwY9Z1fLA7yoh6AwDQYJKoZIhvcNAQEL MIIGDTCCA/WgAwIBAgIUdAhU4hnAkB2x7/pAxs4QqrlH13MwDQYJKoZIhvcNAQEL
BQAwWjEaMBgGA1UEAxMRQ29udGFpbmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAx BQAwWjEaMBgGA1UEAxMRQ29udGFpbmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAx
DzANBgNVBAgTBlRhaXBlaTEPMA0GA1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUVzAe DzANBgNVBAgTBlRhaXBlaTEPMA0GA1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUVzAe
Fw0yMjEyMDkxMTA3NTFaFw0yNTEyMDgxMTA3NTFaMFoxGjAYBgNVBAMTEUNvbnRh Fw0yNTA4MTMwMjM1MjRaFw0yODA4MTIwMjM1MjRaMFoxGjAYBgNVBAMTEUNvbnRh
aW5lciBTdGF0aW9uMQ0wCwYDVQQKEwRRTkFQMQ8wDQYDVQQIEwZUYWlwZWkxDzAN aW5lciBTdGF0aW9uMQ0wCwYDVQQKEwRRTkFQMQ8wDQYDVQQIEwZUYWlwZWkxDzAN
BgNVBAcTBlRhaXBlaTELMAkGA1UEBhMCVFcwggIiMA0GCSqGSIb3DQEBAQUAA4IC BgNVBAcTBlRhaXBlaTELMAkGA1UEBhMCVFcwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQC+A13Me+nQE/nMWrvN1He/NuYrshZW01tJ/smqSkVBj/VDvSEg DwAwggIKAoICAQCkQ3UfH4sIieOQvmnKIMW0gF+tGsnNUtdet7TyS7/PUZWLuRag
VyjWNFsAt/M/rqIRWmlqdiAKcaoUZsHNCfjZqZtB6n/WvqJvT7DGltzYDSJbdbkj /Jsxyehr4bOMDexrhYRGBe+DxkvqUby+oPQk2d07rYsd4zVWBcHdVHp/JDiAUr7g
4WD1ApNnTf4DGD4nTv2wEPREyXLja6vVNurc5SzCbad01y1/3yeIVbmYcXy7jLJn 7J7p/epDhzGE6siuYOwIf8fKSWxqxX7kEi8g7wxXaZTUi6Ub0I+2RS/95oCwFHqn
qUkojyp4W34g3jKGaTf2jvF2VBpY0HnAIqCa9zOzDtRfnXtCBStrp20GigxrRCGC nmaxEjr9YwmonColNa7YmYqEp6MBvd/a7Sls1GGezNZkBRJe0fQPdX96TKCPviWR
vXQ4vEl9R0OGcZjFxWtmxU6xzvRXm+27o01wx1FWcmjoLM2vyAle9waxYEPXoSg0 p5ogGOXHOdoruRKieiuqJGGvg+nLMKSMSZHDBUyiSuhGqOQEqQP7TEYLXsrQfpoY
h2MswJMidUYFU3p2eiEblnkDcRAXcIT2XWl/gCZhbNtWDuWF9JNbZDZyfv7WIxLy A0/BRyIkbTsB9EyhYMP18GS7vorKfJYe+76nvLzAqWYFCV4JpR/DBSKcUiLbRVy2
hI5nKdKaUctbrFwvjgCWu1fSji2OXwFD4XKmNtr4ezN4YGfpr78nsmMDuPjoakZn oQViaYGnk0W1WjpR9d9UvY+uDhNZJwI2gpWxOWBS0e+Hd0aRs/0erYZdYynnKqmU
GHUAIr/toJghUQZSNHNd+YLYdxzLWtlA4mNwaB3kO1NHXWPHqhvUIt7EoWwaAN5R 2PHNPcTjUAU5AbYUP86dYjSWTI7tkgvZVHloCWYUoCmKX/abzjrpvgHBIgmCi9Dt
a+vBXIkGVIlEgj7ESpOUEaOLhjdp6CfDkuivfyfWxix/UdlxuQzUnzfBzaziShXn 0J/OgfYUV5HpISX5pstOPbcnCmrnhhwTYZEmkibJN6QoNr4huB5ECbSQ0cxTdyF4
SBqCMTB1zceRjncvkx4CrZPQ4sAncbvIqUBcHisR6/cCf2mK1p9aq1paECDP7R5L ruBBMjOwEI8uCZ4WwajURIJOr8uPatD0+zPKMKYuphEqrnxIqRXbvZBalpia1o95
Be7HlF4npPBpoMUp4YC0V7rMNjwgrS3T8i3WsGAhJPiy1AwvB1tp9VAHGQIDAQAB YOtfR7RClvyQ58B4/CZPwug7FW4A5Vr8ylNYKl0fkPz7oiwxWkZBei11lQIDAQAB
o4HKMIHHMB0GA1UdDgQWBBRUlL80tcOmbhb7fSmErhjskLNCCzCBlwYDVR0jBIGP o4HKMIHHMB0GA1UdDgQWBBSVugZSd2jDJoE1oJh+IzJWtV60wzCBlwYDVR0jBIGP
MIGMgBRUlL80tcOmbhb7fSmErhjskLNCC6FepFwwWjEaMBgGA1UEAxMRQ29udGFp MIGMgBSVugZSd2jDJoE1oJh+IzJWtV60w6FepFwwWjEaMBgGA1UEAxMRQ29udGFp
bmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAxDzANBgNVBAgTBlRhaXBlaTEPMA0G bmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAxDzANBgNVBAgTBlRhaXBlaTEPMA0G
A1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUV4IUDkIYxPkslQJuPwY9Z1fLA7yoh6Aw A1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUV4IUdAhU4hnAkB2x7/pAxs4QqrlH13Mw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXiQHGSP2tghjzxTzrVhW DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAE/XMNmFNW1U0lu6rx4TZ
xpEKbdE7PbnjLj8P6HqX2ofnGoteFPLCVQ7IzxgNXj/JAi3uVXSYbbn2UtXEZdAA c9GM/Qal3poWcSEKhbH4hinyfGYLQ67hx9vtcBcbgNLqNjnZt0Tio9JnAcFEFFnT
eDpjOdBx8t1ITT8i8xykg2AfL1InZzVQaF71NuoWF8raN5e5F5JUSVJUzqRJp+Ek slCrpnQ9KrHUEDMPgStD2nvg33RkFK6OZdHSm0KxzX1HQFnFMc/HbBtvvx1rTLeC
14bIJ3kmLKVns4snowMVgABKm7SdNvbLQLvNJY2P7t55lumYpJSCJMb57MzRd9xI RHj4bpwoE00GtOKgvKUfahqRX0yOIsqwok5OBi+Z8BbiSZzLKAjVQ3C+yeu7xsVL
nHgXZu0mnJpXkl1DEwOz+gJe6HjbPp5VGdkj95VIMOk3aJayYxflj6KZDrO0GLs7 5kRAIWG3orFJObOP9j9LyRRnzn8v3yUZ48w38oF2PD2l0notCMPDgWfst0T6RdCO
ZOv5BiZlFGOZPSUwhys7Gc4Ffc3o8RkJLCFo6Ey1kwNVl77inYb/rAGvMF58Dlr3 lwrKqxTcC/4Y23Yz6LUJoWQH5W58cZo2KbH6X5PKbJYpuBxRQp1ShlQvnDxE8E/I
DuDi70plhiUaHTeK50ckxFgbkdN0Hw6MEvMoIisWoo+1ckTUa5YctJX5GH/T4HCO Z9C3X8drxIw1aqFOHqAfPafEmMkVT0HMA0w6AhX84R2NGhtVaU8Rp+7bMKoU8It0
4jde6D0rX/ng3EnFLlvDn+rfftHD/v+16k8QdhzXnuc2DhBXR+wTztHwBPfs8j4V +HpFVrTyo8DrYUMkDVH8OHM/CxPDNM20DA6g/+pHij/EiL+5WF4ZixhpHe415sBn
M/AqamN44otD/3N+3QtZz8HjQWxIOEMO+FQZipdWBHFT5WA0SP/2TIwvcy/KD/w2 2D43OwSuvmF5XS0kWeQrsfTteUjjyMQXJ82DHn5jUmtzoQSbPEAzJvNL8dxS4deh
BgsQhuC5uvCm3xi730T/gId6eZVr0exnZpQUWLo+1OzyDIJOK7Qz9REl/3q8ta1T kB/TzkEbCTbzZSPxZjWyf4x3ZwibHhxtz+21Vt1vUe+L6Dui6BBW28UEeLb4O04P
YgKP+NhMqvwZrqLj3qv2Id82gnAknoVHYWV8krk//Dh/P6/dIlY+Hdn8z4UEsoF7 zgHE8ULD/9Q3fivxABKSt2PgAz1fTD+ywFC4jbzbmI13BVbS6f3BcrL10Auy0KmP
7C91omWFHonwe1Um85K6uT0= etHm3Irulez4LlRQOaH8wAU=
-----END CERTIFICATE----- -----END CERTIFICATE-----

53
.docker/cert.pem
View File

@@ -1,30 +1,31 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIFHTCCAwWgAwIBAgIUY+qiNCXKlSWPUzSklKNgaqQxJy0wDQYJKoZIhvcNAQEL MIIFXTCCA0WgAwIBAgIUX1k7YkWIPXHhz1JzwppSwHo2vZMwDQYJKoZIhvcNAQEL
BQAwWjEaMBgGA1UEAxMRQ29udGFpbmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAx BQAwWjEaMBgGA1UEAxMRQ29udGFpbmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAx
DzANBgNVBAgTBlRhaXBlaTEPMA0GA1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUVzAe DzANBgNVBAgTBlRhaXBlaTEPMA0GA1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUVzAe
Fw0yMjEyMDkxMTA4MDNaFw0yMzEyMDkxMTA4MDNaMBExDzANBgNVBAMTBmNsaWVu Fw0yNTA4MTMwMjM1NDFaFw0yNjA4MTMwMjM1NDFaMBExDzANBgNVBAMTBmNsaWVu
dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALGbnInYbVxbv4j3Vl7/ dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ/Be4+vKxjdlM+CRtFv
Ezu3P97Sp3A3TXSJ2DnLW7dEjFdtmhSixPitsXFUGStkmu5R93VZiFQvD2mnAU5S rlQSEx8lKr943FOPktxtV84oXnm0w+KiKPHNnJDupqh2TBjWnMvMNNZrdkrG5Ryz
ccDVNFCwE9mlGqtwF3MVy0qpu8akb6f4Ix2B6ThbLAsPs0x6HWf9e4mdGJ5x1EP1 zhT3MjlAWAM9wfd20LSqxevLclFCZZEvyYjAKHFcw9Y7tGZeHvhCRZ08vIdTPwg8
hdWB8MQIaZqYjeFztTnDrN7eSXGuJMdBOmIWdtZi2bjwqpW866TNDsmD0yvF1CGC 0JqZyOQH7uERvUGPZfZJicNcU7z9cJZXteRhZTJexwKDwt3MbROo43HSYxUXK378
shUlWmo9yeAPDIk3y27fqCgAihItJDnENJAaG6qvn9TVS1xUEhhLnKM1jrKcXLnd wB+lvN/hZ5WGd8hF89O9CyF24irLXKJq5gPkLf5+amhM9raEGtH5YL7KsOCAkyE4
iZzrV4ipfxSDhmzy6/ouuzoYbDNau9E/YlaXzEym3726CFmeSvNLcFKgvGvqV4UM Rh3c9rmlxR9jQrpo0x6KA6qAXtM4A/FxTqWe5NSwKTeC+LCZgiNGLcj+wem2N9HI
rknGF1G2oq1lFxwgyKmGZlzT1VLFNour6c2EiEG6pQ1osoTMOj9+z4SqZY0QYdMy vyjmqEzYv5jmEp3eNXJhR+sKawitijdTouyb2aI5Q9kCtQXgAjYcI3bmfT0wFfE9
0/aGzULFuDdE7k0+S4F5h/dsnNigPNmMDGahCkNaVIKu6BvNN+bF0tgvrUDVi3CG Vb/RpJhf70QK3ZA8Ej1ZZngHEfyHUUDdxZvZeCzxv+8N4XeqThy878ljWl5kFeRT
GJnmzPDCL/D3mwXTh7JduxvGw/3bGagnJPY2a6EOlgA5SrIO/cDKx07PiG3Y4k7u a/YMfYlQxW7F4usxT6p2QWKb7oq0AsmyKWby75XyUQTiZDoxbZNh9HZRouKAvxhd
iTL4jPIXVqBGBatfSRCNPHIIYX1VLy0qDE+HRFqQK0Th7fzuhlUX7dQz4MS+WcPm n9v0OKyrVAMEIx3g3fPJ+zMt43pcZQS6BHv+SucXf443wm094P8VpsO4s99xWXQI
ro0POO62itnVgPTJp2f9eU+w/K/fwBNZMMC50OklCJ68RWBC2UpL7fB22P9iFCtw we4jF31jI4011HnOHJ/3p/c9aXco+2nEJN2MyV8tB0YO/v6aHjpsWdhJBVnybuf6
m5hSYLLP5i71O/FH7BKQ1zSZAgMBAAGjJDAiMBMGA1UdJQQMMAoGCCsGAQUFBwMC WpgbF75KSZX1r0leUzxRCpCrAgMBAAGjZDBiMBMGA1UdJQQMMAoGCCsGAQUFBwMC
MAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAROvoRhu6FOY4J2wUiKYQ MAsGA1UdDwQEAwIHgDAdBgNVHQ4EFgQU/9dtJ1ThWEBazrAYHropGKATowkwHwYD
+dm5pzw5/zTmvgrNdC0MXUJmye+hmcoJ6vUSjlqKZEnoLbb5wFECdUzzEcgirnFI VR0jBBgwFoAUlboGUndowyaBNaCYfiMyVrVetMMwDQYJKoZIhvcNAQELBQADggIB
3EiYQXq8mm3h6pqW0FpxGNf+eLqmDaN/6ZZapMNN8xjuP6u+FSFhrXemjXe2RXkA ABKl/jaCgvA++4XsIpdfUTj2zAKBtiENMTE/ih+oXq3j3Ks6FG+ok3kBBxfdW9Sw
H4aZ9lIEFSp1kOxAWP5FMHdI4V1A2QEReqzmCizIqvRUIjhU0Ix6sKqjOBuJRlgz eInm3YzQR8Yq6i/tkxQWRHo9nLxsSNOznlT5Mx8CkC7QNoOi6oLE/L+vRfM0XnhB
mEEL+DWpbAF18ILxmdAHtnbetsexifM+z/zlJjoOFdbZ9DP964xCxF+mPzEkr2fO 332immequMIgimnkNWZKb6AxItnCMuaNiaAYT1PXofcCdHQ+xXiIZksYqHv9eyyo
KPNxA5VDd5z+iABuDowZ9Lb44qUm2SNj6Aef0M92c0mnw1IIb/BgebUPKckw3xrq vAObguto3zAJ5JTqZkq+BuOw4gLl7IJkqOxHby5rha1iNNFw1RM6QVUsADo4h7r6
DW/L33v1EnvUCC/YlGqloABWNTHZ6ZUJYttNNwJMRnd+vratYVhYj3LL8R1s6a6G Ghh5lY6IBRy72TS6oIIz2FzdqW3QzSEWwy8uQ/DIAaCqcp8v9yPQBl4rqbziR8LW
7Up2o01CLG6iBL5Zdcb+ZL4sOCo+oTgcjijLyeqm/YF3GEDHEZlRZ+9kjKrg32e9 Jg1arhekJwivPgrvpGJyAAnsUYkaYiy4QtIq0XU/BauHpch3EEwbfajdjhiMtL0B
+Ott8p3xqTR0yBp/FbjVcN57ZERYpVfNoD2HMzQVTu7gX0l/TBvMaz8b6GYuE/0P fjfz8uc0HChzHlVYeGOHQqLAShjUNMPWFUxFg4uZV0Zr5JnaaWk5yR96zhKUa54Z
deHZtUa6IfJH6KDY5arWuAWYuPbh00Sz4xizBKVDXHXo414+sGpcDnR0cwyG2iRF SI4zAvmH1sB0zzSMwvNCfAdBxujVRjVZCy50l/OkAKZ+3twTtYRggr01Jbi7BVBH
waZJGE84kVbU8ZzcNCb4gPZGV9pP825yi2z1k1Ku+oG8jacL9mwtCxVi/msvecH5 CUP9wBahk+JfDu/TYrs9eSjXhEHH7B4zfWjaYlq2DToV/aIY6gyuAJmz4VSoCHOp
FnsblROOuUf2GeaPZlqb998= UqR51UzyWmaDW+Ktmj9HbhGk42dqrFwcPlmjlgOsXh6kCOP0mUBDY5Tp5TuqtCmI
Re94OL/qIBTWLETAJxo9RbmjFJG3OJuw9be5fqGuqpF6
-----END CERTIFICATE----- -----END CERTIFICATE-----

103
.docker/key.pem
View File

@@ -1,51 +1,52 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIJKAIBAAKCAgEAsZucidhtXFu/iPdWXv8TO7c/3tKncDdNdInYOctbt0SMV22a MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCfwXuPrysY3ZTP
FKLE+K2xcVQZK2Sa7lH3dVmIVC8PaacBTlJxwNU0ULAT2aUaq3AXcxXLSqm7xqRv gkbRb65UEhMfJSq/eNxTj5LcbVfOKF55tMPioijxzZyQ7qaodkwY1pzLzDTWa3ZK
p/gjHYHpOFssCw+zTHodZ/17iZ0YnnHUQ/WF1YHwxAhpmpiN4XO1OcOs3t5Jca4k xuUcs84U9zI5QFgDPcH3dtC0qsXry3JRQmWRL8mIwChxXMPWO7RmXh74QkWdPLyH
x0E6YhZ21mLZuPCqlbzrpM0OyYPTK8XUIYKyFSVaaj3J4A8MiTfLbt+oKACKEi0k Uz8IPNCamcjkB+7hEb1Bj2X2SYnDXFO8/XCWV7XkYWUyXscCg8LdzG0TqONx0mMV
OcQ0kBobqq+f1NVLXFQSGEucozWOspxcud2JnOtXiKl/FIOGbPLr+i67OhhsM1q7 Fyt+/MAfpbzf4WeVhnfIRfPTvQshduIqy1yiauYD5C3+fmpoTPa2hBrR+WC+yrDg
0T9iVpfMTKbfvboIWZ5K80twUqC8a+pXhQyuScYXUbairWUXHCDIqYZmXNPVUsU2 gJMhOEYd3Pa5pcUfY0K6aNMeigOqgF7TOAPxcU6lnuTUsCk3gviwmYIjRi3I/sHp
i6vpzYSIQbqlDWiyhMw6P37PhKpljRBh0zLT9obNQsW4N0TuTT5LgXmH92yc2KA8 tjfRyL8o5qhM2L+Y5hKd3jVyYUfrCmsIrYo3U6Lsm9miOUPZArUF4AI2HCN25n09
2YwMZqEKQ1pUgq7oG8035sXS2C+tQNWLcIYYmebM8MIv8PebBdOHsl27G8bD/dsZ MBXxPVW/0aSYX+9ECt2QPBI9WWZ4BxH8h1FA3cWb2Xgs8b/vDeF3qk4cvO/JY1pe
qCck9jZroQ6WADlKsg79wMrHTs+IbdjiTu6JMviM8hdWoEYFq19JEI08cghhfVUv ZBXkU2v2DH2JUMVuxeLrMU+qdkFim+6KtALJsilm8u+V8lEE4mQ6MW2TYfR2UaLi
LSoMT4dEWpArROHt/O6GVRft1DPgxL5Zw+aujQ847raK2dWA9MmnZ/15T7D8r9/A gL8YXZ/b9Disq1QDBCMd4N3zyfszLeN6XGUEugR7/krnF3+ON8JtPeD/FabDuLPf
E1kwwLnQ6SUInrxFYELZSkvt8HbY/2IUK3CbmFJgss/mLvU78UfsEpDXNJkCAwEA cVl0CMHuIxd9YyONNdR5zhyf96f3PWl3KPtpxCTdjMlfLQdGDv7+mh46bFnYSQVZ
AQKCAgEAnUhV7wiXiEPDsZJ/jW7L5IUabcQU/V4sHHj53+yD0x9EPSRVX9LpJeQD 8m7n+lqYGxe+SkmV9a9JXlM8UQqQqwIDAQABAoICABPVeSozFLYvGGEU6wbohyuv
kH3OMExOm6BAyU45WXu3ZXO8x1RhYkgspQvY+FOq84k3avYw6nS3UmlKa/BlgHsM 3Mjim+aOskf7jL+qIZsaPvR8QU+bU1sF7Hi/8Ff86+CvkGLq9OpkCBkrjVldZ2oJ
QpkSvtTvjllR80ZaAXr6U04wkOI72+DPi3p7sqlIdBAYvAfZ7h/h4Gc8MKxF/Jky 8KXT+7lXSwQWr72mcBEgvo4hIKwAU1STitHcMwIfgnutFso6rBrj5gIlDy/OIRX4
MhamAo42MpZ0A6SIZNJ1znzJp8dq1ykWEaGYRfBtxJKBeDVeX9Zib0hEnVdwyPAl nszUwU8XHTiM/ZswsRZcmZbenkJEHHSAtQgmZS3GPwS7cxVcQ/SnKp79M+y9o3qq
8hjHLR6aNzBIOfWzyCDktq2bvAlBFZKgGOkpHcx/3bmeWhbKPN9l6nB+hQZhmpeh YIMpIGubeLaYHLf+genDMTwf6F3PyMPV6fHtLvfJCl5Jk2zbOawmTQRqYhnfOzFM
F3xsBUNao6p3a08yMCoh0ltbl/qr2DUMPuonBJnih6YuyHbYctQ7TuJNgBecmbtw 9CLDVnBZqfirt/5UIzVhX6R4kWDB8QI18nIHdu6J56dBP7tyZI/ONTP3aAG3Gyhd
fQHh4hLRh22tdHUgt89bMYklsTZ53AKhpkrATvOgCtv+5zUDGG9gJZ6BgZBAm+Ft yc9X4RDz8KMuZZddX6C3OmIunAjL65jYMnf0UFbFUvRW/UNC/uWojSiJi6oKx3m1
cQ0Ie59AtwshIPEWf8aGjFfttoKTGq4bzULKZUoOBlsFdEbMOP31Htj6UvvpnsCV N0VlrPJMia7ueTSFPdtiBcyutTW5JoYZT9UiVcH9mHqYAW3EbCwngeiENryiwS5x
vmUJVorT16MnQmedQHVvoZU7N1/NSao7X57X2egOFMf+W26lKEFQJRluEcf9TXZs 5Sa39GMv70kCmwXP7HmWYGbnaNaW/k/Za+d1tQyIYBwzGMv5BPTPgJHApO0saYWq
+z05k6fu4xRF2+2cFXdaSvDwjwOCzPYXrOJc4MB1sD3TuJlVOCvnoAhHdJc+W7HL FPko/DXDkRsK+U9s7gY4z70Dg9y3UMy3oQcLSuvXd1x3dM78LwhrZ/0Wkr+UQY4f
hvykWhwQ8OaV8zjcF596FalZlRkRfkc0dAuTIUfc0MN6hU/2loECggEBAOBEKcJ/ Pp/QktQQCBjrGkboK/dFewhFRqPUqOY6KQns4+Em1FpoWHJz0jOGO4LN07ZeZX+C
N0Re5T945oWR8LYLntBbMmLwGdiXRhXdh0FED+bAVb4OWAKzkLDPKSf/N0PZum3u uoI/q+wX7k6NF2buy32NAoIBAQDhuohKX4+GUQOJCWI0HhXDdZguLOLgtRdnfJB0
KZlnAtadN5cf+Gq+ADUB4RGbi4DS8faGkXmMdH6WZOwZ5GCQ7URO7dbtOKF3TFQR 7Zy9SXlGI4jRVD3/wr0KjaKCWUbN5EmhYuPZQloH1kuTbIJDfCCfDwAfLfdJbS/a
TgRmn5R06Za8vYcViN4coCRMWXxTItYqWQ2Gk1AkzGBGw4HQnHj7iHiaR3FkB/ku WGhFOF4QmjqYyIu9PaqfVkUklk24CguHWf93O/JPIuozuj4qOokvaPBTCfk93drP
x/o7yBYQ3C68FwpxUHqWUX9KBLUsskxaspxO+bcNXz/tKIFBa2RUpo5/ahEUuR9u O0d9wvLxXCKDX5MdJ2D82kaMbBB0dvGGHqECu1n8S/i11k+lG/27zXTzBc5Z6fcL
SwZPZ808/G3ToUml29AXB7ZpLfxYv9WAv4eyBDMAsAa0KHm2/lSqcFsrpebnWnap pQnglNPinzcFUw+b/jebvqfyYVsgGL1IVFs/PXl5F87W4T/NvfymRlV3qInXPveq
rLzla7yBQjnWOYkCggEBAMq9Sn+qusfdPyFCke7HymysWg7ae4OGD+Vu3a7DDS8q buCJvZPngsGC0ZaCMG8gvs1oVGRXNPDV8PYaIPO0S++aXz+fAoIBAQC1Lgr7ASos
aWnoVkKt4G24xBeW0Voqphce80AEDyA+Njl/uJQLOhKZSMW/XId4WYEwppy/cwLw mCV2Mypm7hTugz8p20usEclxnMsTeSQiQMERUQWZ5yEh6p7lOyw/omTjUDduit3H
ZRX3ePT9PCUCNaimTAxw+atStRZ6vMdaj7a7GNyofMEZXwRHbDE2MU9TY3bgcuML i2cHqYvpvPb6p+mT6NIv9kq5i4Rwz3RuABr8OpWUjqxszMz/h4sgHZd+o+TTR7As
hMD6euqJZq0a5a7xU/pg+0J3rFdQwODqQZ5vRPRUt9LGZaJG59LMCv64gnCZp7vI lBiWCG3sJwmsdf+7AkZ9uUnQ9BCiep5vixAey8N3TlY0RBdeFdA/xgB2yRHwEkMZ
0v2hsL+EaJ45BZctDmZW+7+svPIG/Nb4+zJKpD8SmE3aeo3TTsAPVM8tsRfU8i8Y lsCCEE77vvmQTNlTVpE0C6/w78JeEWJtQkW/tc3CRCxZvDtI1/j4LyI9AWQ12PHI
0qBvKvbwMfOEp7FfWGqEn8SqScmuJjzqiKGIWuZaLpECggEAaqR/JxnPched87zO ZZsPxyofiZXd4C/q3nMyrbpK+3bp4RdD2/TUl5PF+VsrZw//d16bJxmQocDQ++z2
AZ4QVMDZ2EJFh36dC72DekpJUuPGm/fBzgqMF1zD5Q/dhkN6SC101Wl3JpcxZlSE dcs+xaapGGN1AoIBAQCagtBf+GGKE1JULzQlcKJ9FLWChf8WyV6n28AWCb/MYcq9
ZryxKDEJcCtglzrb73pfzNbYvm/nxXpGq270hmbkLKNLvfQ4Ba/w/9jqvHUAVVvy k/1HLF7z/xzfaGvgxbONo8Iy0jocsSpnSuyYkSHph8Hcnqv6q8AlZrPmxbU6DId2
59cAWQgIeXYrQJd9xfzSh/zDNAdWbbnR5cZAma5VecJCdvcGGglzMS7psThUQQnr 3dtWUZA1jUyJnMffb3LrkxSpJZWUzFfki4W8urNqvH7DERXQAXe2PXJVf8JD93nM
ad3PJwwTNPfd8SWFb5G9h0lpvaJgZIdbT866gBxXsPH/8artCQpNrYCI9Is11Qa3 dMC7JGTTA+2DpvW7kQ0Ca5iPsc+MyymhZW9tKLGD11EriEuRPlwtd9U/B01niPgw
EpKcE6VnDWCmLjt9vo2FS0VZznD8RjSBf+6TgK1f62rQ2sm6rj49akfs+DYwMQdW m8NRxbVdlfoChdL4OmPh6I1IQVXkR/QqS32t4KmH75BNUL+YFKmlyNhGtXbFUhs3
MqKH4QKCAQBw4qM3oM2teZCsKU/uX4pjpjfi6144po31VxzSMUMHDxtw3/Af4ocD 0W0cWtKncvfedjysOXglqXthNnt/DydCNuhfxusJAoIBACdvqzIxcbWdNGJDBtK6
MQzmgZCCHxsp5o7VBy2Q63Lv4yDYNcQZFQaDLQENYUKc/4TV5HfanBX8/DV6XAKA tdGovcHlmtYMVRWmtEk70BKol52mThrOxVZ1lDp/I8WCGoWj+zzTeyyo+jcfv3WU
LNHJ3QadKs6pyTyRjrfMXK2GtniqbJpCPqk8TbR9Vkpwe+L3DxSJPSGm/hEwxF7K DQpILD5mqgGIkYFLjftkHIqo+Ta3pcFdQMi511EzdqP57PTCxdb7PqylW6ikkxCY
Zh6boT38PMHKia4JVCqBUY5F9Hi1fvJ3xwZSLB7qrbg1inD+11+g3Lo2hTBQAx7p +rEQSiaxexh4kUmrJkfHet76nPqnDZfVdEwSGif/hYGsHoO8hmwD/Zj/SE3HMPn4
cqCdQ3YwH6C/YiQ2sxNXc30SzKLVh7oMJ2lzzMOdhyvWy/8+YNCUzsKAmEWZB7cY +qdfItrR9+8lMBm4hk0laZAwoa/16aCEaEbsAtd7MxUKZWB0AhT6cL5W52aKym9s
e7WPuqIVdVEshRDe3jvmUUTQhIbwmigxAoIBAHnknuvQxLomM6eIoFlej7Yqoihb 6jMOTj/IRbjdObSCgcKsnPzHTsZLa/3mpeKPn1rS58PLwfPKUYbrnwuSXjf+m6Uo
b8bvQ9d8LBKFUIra87o3Vq445/o+fESDnTzHyn+VA/0pwPraEE17NYpitjeZSJi9 ytUCggEAfGt5I3vGt9teDhBNgHwx87TP6LxMi0eiTdo+Tv7aIt+EJcsK+rdVzr3l
/FjLN6aNEcVS7re0vYtAtuuNyaPA31tvbG3TfVEMwRFjkaWOZ8mt/gGkjneHyul9 vTRemlbk3OOU2bat1i7IHuEFu9HIIw2S25sPTrFtHbR4Ux4i/wur3j69/3dOKmsZ
MiQccyMWagIEK7NHHAEnuN2GA/s7M4WF5NqzeN/xm3CpOn3WCy3g71zJgZfG4TGm V8hkZ4zJy5EarbwLg+tlGG8ikaEUuGgy1fxJ4OUOGiHDi+/GOR9Pox7T1oRwIjEI
gSmcqLgvhAfULdXnoW9zyvt7rbaAsr+LEDCpMSpAknbMP5Rr/m1ktNOLLmc7e7OU 5RQXbtR9xI1SL1USGPWsR3CsqI64VNZyNZfWmt/1t6SzTmmshceo7c/72kMHopP8
0qoMxBq0SSku9aR/e+goXwwReIdd0lx7H83mCOflI/+uJSCeAa8xvvut8Uc= PkatcTLiMuTeXCuL4UIWaBKw4Y/aaxJCDDXFUNTryDkuZIxVyhQgvLpzucfRUH+t
-----END RSA PRIVATE KEY----- rz9TdKIcHTWfelGC5dFiuBW2cPo35w==
-----END PRIVATE KEY-----

14
.idea/deployment.xml generated Normal file
View File

@@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="PublishConfigData" serverName="QNAP nginx-lb" remoteFilesAllowedToDisappearOnAutoupload="false">
<serverData>
<paths name="QNAP nginx-lb">
<serverdata>
<mappings>
<mapping local="$PROJECT_DIR$" web="/" />
</mappings>
</serverdata>
</paths>
</serverData>
</component>
</project>

6
.idea/git_toolbox_blame.xml generated Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="GitToolBoxBlameSettings">
<option name="version" value="2" />
</component>
</project>

6
.idea/terraform.xml generated Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="TerraformProjectSettings">
<option name="toolPath" value="c:\dev\tools\terraform.exe" />
</component>
</project>

14
.idea/webServers.xml generated Normal file
View File

@@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="WebServers">
<option name="servers">
<webServer id="d0836cab-307d-46fb-a18d-9b51387b1dc4" name="QNAP nginx-lb" url="http://192.168.2.64">
<fileTransfer rootFolder="/appdata/nginx-lb" host="192.168.2.64" port="21">
<advancedOptions>
<advancedOptions dataProtectionLevel="Private" passiveMode="true" shareSSLContext="true" />
</advancedOptions>
</fileTransfer>
</webServer>
</option>
</component>
</project>

5
.terraform.lock.hcl generated
View File

@@ -1,11 +1,12 @@
# This file is maintained automatically by "terraform init". # This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.terraform.io/kreuzwerker/docker" { provider "registry.opentofu.org/kreuzwerker/docker" {
version = "3.0.2" version = "3.0.2"
constraints = "3.0.2" constraints = "3.0.2"
hashes = [ hashes = [
"h1:DcRxJArfX6EiATluWeCBW7HoD6usz9fMoTK2U3dmyPk=", "h1:DcRxJArfX6EiATluWeCBW7HoD6usz9fMoTK2U3dmyPk=",
"h1:cT2ccWOtlfKYBUE60/v2/4Q6Stk1KYTNnhxSck+VPlU=",
"zh:15b0a2b2b563d8d40f62f83057d91acb02cd0096f207488d8b4298a59203d64f", "zh:15b0a2b2b563d8d40f62f83057d91acb02cd0096f207488d8b4298a59203d64f",
"zh:23d919de139f7cd5ebfd2ff1b94e6d9913f0977fcfc2ca02e1573be53e269f95", "zh:23d919de139f7cd5ebfd2ff1b94e6d9913f0977fcfc2ca02e1573be53e269f95",
"zh:38081b3fe317c7e9555b2aaad325ad3fa516a886d2dfa8605ae6a809c1072138", "zh:38081b3fe317c7e9555b2aaad325ad3fa516a886d2dfa8605ae6a809c1072138",

7
README.md
View File

@@ -7,15 +7,16 @@ Run `terraform init`
Terraform cannot create a qnet network, so we do it manually and then import into Terraform. Terraform cannot create a qnet network, so we do it manually and then import into Terraform.
``` ```
dockerx.bat network create -d qnet --ipam-driver=qnet --ipam-opt=iface=eth0 --subnet=192.168.2.0/24 --gateway=192.168.2.1 terraform-static-eth1-shared dockerx.bat network create -d qnet --ipam-driver=qnet --ipam-opt=iface=eth1 --subnet=192.168.2.0/24 --gateway=192.168.2.1 terraform-static-eth1-shared
``` ```
``` ```
terraform import docker_network.bridge f9cf6469837bece2c688b65787869af240fcffa95d9d5d3a71a0c4da119e5edc terraform import docker_network.bridge 2496ee986cdc
terraform import docker_network.host 193a71332c99
``` ```
## Run considerations ## Run considerations
If updating remotely using wireguard, note that it is also run on docker. If updating remotely using wireguard, note that it is also run on docker.
So it will cause the tunnel to disconnect. Not sure how to handle this, yet. So it will cause the tunnel to disconnect. Not sure how to handle this, yet.
Probably not run terraform apply locally and instead run it in a CI solution? Probably not run terraform apply locally and instead run it in a CI solution?

5
airsonic.tf → _disabled/airsonic.tf
View File

@@ -48,6 +48,11 @@ resource "docker_container" "airsonic" {
type = "bind" type = "bind"
} }
volumes {
container_path = "/data"
volume_name = "truenas-arr"
}
networks_advanced { networks_advanced {
name = docker_network.bridge.name name = docker_network.bridge.name
ipv4_address = "192.168.2.83" ipv4_address = "192.168.2.83"

47
_disabled/authelia.tf Normal file
View File

@@ -0,0 +1,47 @@
data "docker_registry_image" "authelia" {
name = "authelia/authelia:latest"
}
resource "docker_image" "authelia" {
name = data.docker_registry_image.authelia.name
pull_triggers = [data.docker_registry_image.authelia.sha256_digest]
}
resource "docker_container" "authelia" {
image = docker_image.authelia.image_id
name = "authelia"
restart = "always"
log_driver = "local"
env = [
"AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/secrets/JWT_SECRET",
"AUTHELIA_SESSION_SECRET_FILE=/secrets/SESSION_SECRET",
"AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE=/secrets/STORAGE_PASSWORD",
"AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/secrets/STORAGE_ENCRYPTION_KEY"
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.151"
}
mounts {
target = "/config"
source = "/share/appdata/authelia/config"
type = "bind"
}
mounts {
target = "/secrets"
source = "/share/appdata/authelia/secrets"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

40
_disabled/autobrr.tf Normal file
View File

@@ -0,0 +1,40 @@
data "docker_registry_image" "autobrr" {
name = "ghcr.io/autobrr/autobrr:latest"
}
resource "docker_image" "autobrr" {
name = data.docker_registry_image.autobrr.name
pull_triggers = [data.docker_registry_image.autobrr.sha256_digest]
}
resource "docker_container" "autobrr" {
image = docker_image.autobrr.image_id
name = "autobrr"
restart = "always"
log_driver = "local"
env = [
"PUID=999",
"PGID=321",
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.148"
}
mounts {
target = "/config"
source = "/share/appdata/autobrr"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

39
_disabled/barcode_buddy.tf Normal file
View File

@@ -0,0 +1,39 @@
data "docker_registry_image" "barcode_buddy" {
name = "f0rc3/barcodebuddy:latest"
}
resource "docker_image" "barcode_buddy" {
name = data.docker_registry_image.barcode_buddy.name
pull_triggers = [data.docker_registry_image.barcode_buddy.sha256_digest]
}
resource "docker_container" "barcode_buddy" {
image = docker_image.barcode_buddy.image_id
name = "barcode_buddy"
restart = "always"
env = [
"TZ=Europe/Amsterdam"
]
mounts {
target = "/config"
source = "/share/appdata/barcode-buddy"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.150"
}
}

49
_disabled/bazarr.tf Normal file
View File

@@ -0,0 +1,49 @@
data "docker_registry_image" "bazarr" {
name = "lscr.io/linuxserver/bazarr:latest"
}
resource "docker_image" "bazarr" {
name = data.docker_registry_image.bazarr.name
pull_triggers = [data.docker_registry_image.bazarr.sha256_digest]
}
resource "docker_container" "bazarr" {
image = docker_image.bazarr.image_id
name = "bazarr"
restart = "always"
log_driver = "local"
env = [
"PUID=1000",
"PGID=1000",
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.152"
}
networks_advanced {
name = docker_network.whisper-asr.name
}
mounts {
target = "/config"
source = "/share/appdata/bazarr"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = "truenas-arr"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

29
_disabled/brother-printer-webhook.tf Normal file
View File

@@ -0,0 +1,29 @@
data "docker_registry_image" "brother-printer-webhook" {
name = "gitea.rescla.me/rescla/brother-printer-webhook:latest"
}
resource "docker_image" "brother-printer-webhook" {
name = data.docker_registry_image.brother-printer-webhook.name
pull_triggers = [data.docker_registry_image.brother-printer-webhook.sha256_digest]
}
resource "docker_container" "brother-printer-webhook" {
image = docker_image.brother-printer-webhook.image_id
name = "brother-printer-webhook"
hostname = "brother-printer-webhook"
restart = "always"
networks_advanced {
name = docker_network.grocy.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

5
_disabled/docker-raspberrypi.tf Normal file
View File

@@ -0,0 +1,5 @@
provider "docker" {
alias = "docker-pi"
host = "tcp://192.168.178.159:2376"
cert_path = pathexpand(".docker-rp")
}

36
_disabled/esphome.tf Normal file
View File

@@ -0,0 +1,36 @@
data "docker_registry_image" "esphome" {
name = "esphome/esphome"
}
resource "docker_image" "esphome" {
name = data.docker_registry_image.esphome.name
pull_triggers = [data.docker_registry_image.esphome.sha256_digest]
}
resource "docker_container" "esphome" {
image = docker_image.esphome.image_id
name = "esphome"
mounts {
target = "/config"
source = "/share/appdata/esphome"
type = "bind"
}
restart = "always"
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.133"
}
dns = ["172.20.0.0"]
dns_search = ["internal"]
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

2
freshrss.tf → _disabled/freshrss.tf
View File

@@ -11,7 +11,7 @@ resource "docker_container" "freshrss" {
image = docker_image.freshrss.image_id image = docker_image.freshrss.image_id
name = "freshrss" name = "freshrss"
restart = "always" restart = "always"
env = ["TZ=Europe/Paris", "CRON_MIN=1,31", "OIDC_ENABLED=0", "FRESHRSS_INSTALL=--api_enabled --base_url https://freshrss.xz1.nl --db-base freshrss --db-host 192.168.2.127 --db-password utquCzXEnrjFU2BbDqYT --db-type mysql --db-user freshrss --default_user admin --language en", "FRESHRSS_USER=--api_password CmZpTF3pUYz7rVtFrDTQ --email freshrss@xz1.nl --language en --password CmZpTF3pUYz7rVtFrDTQ --user admin"] env = ["TZ=Europe/Paris", "CRON_MIN=1,31", "OIDC_ENABLED=0", "FRESHRSS_INSTALL=--api_enabled --base_url https://freshrss.xz1.nl --db-base freshrss --db-host 192.168.3.24 --db-password utquCzXEnrjFU2BbDqYT --db-type mysql --db-user freshrss --default_user admin --language en", "FRESHRSS_USER=--api_password CmZpTF3pUYz7rVtFrDTQ --email freshrss@xz1.nl --language en --password CmZpTF3pUYz7rVtFrDTQ --user admin"]
mounts { mounts {
target = "/var/www/FreshRSS/data" target = "/var/www/FreshRSS/data"
source = "/share/appdata/freshrss/data" source = "/share/appdata/freshrss/data"

24
_disabled/globalping.tf Normal file
View File

@@ -0,0 +1,24 @@
data "docker_registry_image" "globalping" {
name = "globalping/globalping-probe:latest"
}
resource "docker_image" "globalping" {
name = data.docker_registry_image.globalping.name
pull_triggers = [data.docker_registry_image.globalping.sha256_digest]
}
resource "docker_container" "globalping" {
image = docker_image.globalping.image_id
name = "globalping"
restart = "always"
log_driver = "local"
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

7
home-assistant.tf → _disabled/home-assistant.tf
View File

@@ -1,10 +1,15 @@
data "docker_registry_image" "home-assistant" { data "docker_registry_image" "home-assistant" {
name = "homeassistant/home-assistant" name = "homeassistant/home-assistant:latest"
} }
resource "docker_image" "home-assistant" { resource "docker_image" "home-assistant" {
name = data.docker_registry_image.home-assistant.name name = data.docker_registry_image.home-assistant.name
pull_triggers = [data.docker_registry_image.home-assistant.sha256_digest] pull_triggers = [data.docker_registry_image.home-assistant.sha256_digest]
# Try to preserve the docker image before removing the container
# lifecycle {
# create_before_destroy = true
# }
} }
resource "docker_container" "home-assistant" { resource "docker_container" "home-assistant" {

58
_disabled/jellyfin.tf Normal file
View File

@@ -0,0 +1,58 @@
data "docker_registry_image" "jellyfin" {
name = "jellyfin/jellyfin:latest"
}
resource "docker_image" "jellyfin" {
name = data.docker_registry_image.jellyfin.name
pull_triggers = [data.docker_registry_image.jellyfin.sha256_digest]
}
resource "docker_container" "jellyfin" {
image = docker_image.jellyfin.image_id
name = "jellyfin"
restart = "always"
log_driver = "local"
env = [
"PUID=444",
"PGID=321",
"UMASK=002"
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.134"
}
mounts {
target = "/config"
source = "/share/appdata/jellyfin/config"
type = "bind"
}
mounts {
target = "/cache"
source = "/share/appdata/jellyfin/cache"
type = "bind"
}
# https://wiki.servarr.com/docker-guide#Consistent_and_well_planned_paths
volumes {
container_path = "/datarr"
volume_name = "truenas-arr"
}
devices {
host_path = "/dev/dri/renderD128"
container_path = "/dev/dri/renderD128"
permissions = "rwm"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

45
_disabled/mosquitto-pi.tf Normal file
View File

@@ -0,0 +1,45 @@
resource "docker_image" "mosquitto-pi" {
name = data.docker_registry_image.mosquitto.name
pull_triggers = [data.docker_registry_image.mosquitto.sha256_digest]
provider = docker.docker-pi
}
resource "docker_network" "mosquitto-pi" {
name = "mosquitto"
provider = docker.docker-pi
}
resource "docker_container" "mosquitto-pi" {
image = docker_image.mosquitto.image_id
name = "mosquitto"
provider = docker.docker-pi
mounts {
target = "/mosquitto/config"
source = "/share/appdata/mosquitto/config"
type = "bind"
}
mounts {
target = "/mosquitto/data"
source = "/share/appdata/mosquitto/data"
type = "bind"
}
mounts {
target = "/mosquitto/log"
source = "/share/appdata/mosquitto/log"
type = "bind"
}
restart = "always"
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

0
mosquitto.tf → _disabled/mosquitto.tf
View File

0
mqtt-exporter.tf → _disabled/mqtt-exporter.tf
View File

5
nginx-lb-certbot.tf → _disabled/nginx-lb-certbot.tf
View File

@@ -27,6 +27,11 @@ resource "docker_container" "nginx-lb-certbot" {
type = "bind" type = "bind"
} }
mounts {
target = "/var/log/letsencrypt/letsencrypt.log"
source = "share/appdata/nginx-lb/"
}
# Triggered by ofelia # Triggered by ofelia
lifecycle { lifecycle {

0
nginx-lb.tf → _disabled/nginx-lb.tf
View File

0
pihole.tf → _disabled/pihole.tf
View File

45
_disabled/readarr.tf Normal file
View File

@@ -0,0 +1,45 @@
data "docker_registry_image" "readarr" {
name = "ghcr.io/hotio/readarr"
}
resource "docker_image" "readarr" {
name = data.docker_registry_image.readarr.name
pull_triggers = [data.docker_registry_image.readarr.sha256_digest]
}
resource "docker_container" "readarr" {
image = docker_image.readarr.image_id
name = "readarr"
restart = "always"
log_driver = "local"
env = [
"PUID=888",
"PGID=321",
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.147"
}
mounts {
target = "/config"
source = "/share/appdata/readarr"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = "truenas-arr"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

46
_disabled/redis.tf Normal file
View File

@@ -0,0 +1,46 @@
data "docker_registry_image" "redis" {
name = "redis:latest"
}
resource "docker_image" "redis" {
name = data.docker_registry_image.redis.name
pull_triggers = [data.docker_registry_image.redis.sha256_digest]
}
resource "docker_network" "redis" {
name = "redis"
}
resource "docker_container" "redis" {
image = docker_image.redis.image_id
name = "redis"
command = [
"redis-server",
"/data/redis.conf",
"--save 900 1",
"--appendonly yes",
"--appendfilename \"appendonly.aof\"",
"--dir \"/data\"",
"--requirepass uM7A2HCZTClCmHDQ3jJ"
]
mounts {
target = "/data"
source = "/share/appdata/redis"
type = "bind"
}
restart = "always"
networks_advanced {
name = docker_network.redis.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

44
_disabled/ripe-atlas.tf Normal file
View File

@@ -0,0 +1,44 @@
data "docker_registry_image" "ripe-atlas" {
name = "jamesits/ripe-atlas:latest"
}
resource "docker_image" "ripe-atlas" {
name = data.docker_registry_image.ripe-atlas.name
pull_triggers = [data.docker_registry_image.ripe-atlas.sha256_digest]
}
resource "docker_container" "ripe-atlas" {
image = docker_image.ripe-atlas.image_id
name = "ripe-atlas"
restart = "always"
log_driver = "local"
# env = [
# "RXTXRPT=yes",
# ]
mounts {
target = "/var/atlas-probe/etc"
source = "/share/appdata/atlas-probe/etc"
type = "bind"
}
mounts {
target = "/var/atlas-probe/status"
source = "/share/appdata/atlas-probe/status"
type = "bind"
}
capabilities {
drop = ["ALL"]
add = ["CHOWN", "SETUID", "SETGID", "DAC_OVERRIDE", "NET_RAW"]
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

0
rssbridge.tf → _disabled/rssbridge.tf
View File

13
ru-torrent.tf → _disabled/ru-torrent.tf
View File

@@ -15,6 +15,13 @@ resource "docker_container" "ru-torrent" {
image = docker_image.ru-torrent.image_id image = docker_image.ru-torrent.image_id
name = "ru-torrent" name = "ru-torrent"
env = [
"PUID=777",
"PGID=321",
"UMASK=002",
"TZ=Europe/Amsterdam"
]
mounts { mounts {
target = "/config" target = "/config"
source = "/share/appdata/ru-torrent" source = "/share/appdata/ru-torrent"
@@ -27,6 +34,12 @@ resource "docker_container" "ru-torrent" {
type = "bind" type = "bind"
} }
mounts {
target = "/data/torrents"
source = "/share/datarr/torrents"
type = "bind"
}
restart = "always" restart = "always"
networks_advanced { networks_advanced {

66
_disabled/scholarsome.tf Normal file
View File

@@ -0,0 +1,66 @@
data "docker_registry_image" "scholarsome" {
name = "hwgilbert16/scholarsome:latest"
}
resource "docker_image" "scholarsome" {
name = data.docker_registry_image.scholarsome.name
pull_triggers = [data.docker_registry_image.scholarsome.sha256_digest]
}
resource "docker_container" "scholarsome" {
image = docker_image.scholarsome.image_id
name = "scholarsome"
restart = "always"
log_driver = "local"
env = [
"NODE_ENV=production",
"DATABASE_URL=mysql://scholarsome:NJu2K9CtZvMEUSgq3RE@mariadb:3306/scholarsome",
"JWT_SECRET=S4BABnlPSHLppWp2QWR",
"REDIS_HOST=redis",
"REDIS_PORT=6379",
"REDIS_USERNAME=scholarsome",
"REDIS_PASSWORD=VHSppvx8oDChknLbpBh",
"STORAGE_TYPE=local",
"STORAGE_LOCAL_DIR=/data",
"SMTP_HOST=mail.smtp2go.com",
"SMTP_PORT=2525",
"SMTP_USERNAME=scholarsome@xz1.nl",
"SMTP_PASSWORD=FhZ3nX5bJWcYH7Tq",
"HOST=scholarsome.rescla.me",
"HTTP_PORT=3333"
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.149"
}
networks_advanced {
name = docker_network.mariadb.name
}
networks_advanced {
name = docker_network.redis.name
}
mounts {
target = "/data"
source = "/share/appdata/scholarsome"
type = "bind"
}
// Untested
depends_on = [
docker_container.mariadb,
docker_container.redis
]
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

0
syncthing.tf → _disabled/syncthing.tf
View File

58
_disabled/tdarr.tf Normal file
View File

@@ -0,0 +1,58 @@
data "docker_registry_image" "tdarr" {
name = "tdarr/tdarr:latest"
}
resource "docker_image" "tdarr" {
name = data.docker_registry_image.tdarr.name
pull_triggers = [data.docker_registry_image.tdarr.sha256_digest]
}
resource "docker_container" "tdarr" {
image = docker_image.tdarr.image_id
name = "tdarr"
restart = "always"
log_driver = "local"
env = [
"PUID=444",
"PGID=321",
"UMASK=002"
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.134"
}
mounts {
target = "/config"
source = "/share/appdata/tdarr/config"
type = "bind"
}
mounts {
target = "/cache"
source = "/share/appdata/tdarr/cache"
type = "bind"
}
# https://wiki.servarr.com/docker-guide#Consistent_and_well_planned_paths
volumes {
container_path = "/datarr"
volume_name = "truenas-arr"
}
devices {
host_path = "/dev/dri/renderD128"
container_path = "/dev/dri/renderD128"
permissions = "rwm"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

36
_disabled/whisper-asr.tf Normal file
View File

@@ -0,0 +1,36 @@
data "docker_registry_image" "whisper-asr" {
name = "onerahmet/openai-whisper-asr-webservice:latest"
}
resource "docker_image" "whisper-asr" {
name = data.docker_registry_image.whisper-asr.name
pull_triggers = [data.docker_registry_image.whisper-asr.sha256_digest]
}
resource "docker_network" "whisper-asr" {
name = "whisper-asr"
}
resource "docker_container" "whisper-asr" {
image = docker_image.whisper-asr.image_id
name = "whisper-asr"
restart = "always"
log_driver = "local"
env = [
"ASR_MODEL=base",
"ASR_ENGINE=openai_whisper",
]
networks_advanced {
name = docker_network.whisper-asr.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

0
wireguard.tf → _disabled/wireguard.tf
View File

0
youless-exporter.tf → _disabled/youless-exporter.tf
View File

6
zigbee2mqtt.tf → _disabled/zigbee2mqtt.tf
View File

@@ -37,12 +37,6 @@ resource "docker_container" "zigbee-2-mqtt" {
ipv4_address = "192.168.2.117" ipv4_address = "192.168.2.117"
} }
devices {
container_path = "/dev/ttyACM0"
host_path = "/dev/ttyACM0"
permissions = "rwm"
}
lifecycle { lifecycle {
ignore_changes = [ ignore_changes = [
ulimit, ulimit,

18
core-os-podman/.docker/ca.pem Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC+DCCAeCgAwIBAgIUQifQlQiFfb3+C9S/ioDdmLqzpykwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJRG9ja2VyLUNBMB4XDTI1MDQyMDEzNDIwM1oXDTI2MDQy
MDEzNDIwM1owFDESMBAGA1UEAwwJRG9ja2VyLUNBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0M5kRHJlQvXRnsCEbd0wH45phnJUwK6MB+Osg5smx8I/
nCMKPVIMPfMGkQiA4uGPLiArfdxM8EDSpuxNRq4AoHnsCmVkHb2z0Jr0NG8Ojo/H
/zb2EbA2s6ULoVVVHl+YqvWdyxocbvO8k06B8JWo8O5t9jdD3VJnd10m3Q/3U9Ms
yLe+XSm2w1mBwYy6+5sRgDPsptTxa7k4lZIH2H6Xb7rPgIQxgPabIDXASBPdHD5x
tsBRTQvc/n1iCo33aFBH6GHIMINSKtJLPAXG9uHqaYQzCkrBEIpLT+wNJ9DV22kI
PCgk4JHj1W2tnE7gTui8I4z8UGtpgK9V+SCTDPC7VQIDAQABo0IwQDAPBgNVHRMB
Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUJI5YNo15YDQyLGX8
TY3za1cMrhcwDQYJKoZIhvcNAQELBQADggEBAA+Xmoc5q/iGcQZvKijqweWh2wFG
uRH7ITi/lIBVqR+TGzr4p/q/NsW9qZPuLmrcFocIuR0XgMSAuyrfyFK/G+9ReF4g
YVnzsYJDgCEkxQTQXfcnhj3ZqANFIqjFzn9Txw+7bysdY98gxQ3oD5omk7qdE04D
idmGol6GY/PRhncAeU23cKAC6/QcrK3CJtArq0ZGiI3BWuCKOMPuYxvyAMdcsEh0
MKV3fSesgvW1n/hlwbT/QnXJeAUzbxOl7yE7oI5reDS2Ay9S93R/cM4n84c6FeTw
b1qq0x9Jqy7L7p5QwP9OpBQhfcu1q2wQ4OpIb4fkoNpTKAtrnOGdxJh/iOU=
-----END CERTIFICATE-----

19
core-os-podman/.docker/cert.pem Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDDzCCAfegAwIBAgIUM96AXB5F2mKW3i5msm8VwLKYgBQwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJRG9ja2VyLUNBMB4XDTI1MDQyMDEzNDIwM1oXDTI2MDQy
MDEzNDIwM1owFDESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAoLAdb+g4mMvUZfZ9PHcd4Z6yiaUdi+TPKphQov+NtnU9
qAqoYOWTLhYW6P1OeSMwaKnYdRVvafajk2mXFPbcgpMnd1eE+jutrAgE+9a9zqfS
nSFFloqlHA75GpAbS5cB5Xvaj5mBMItMdfi34t/j4V8VHpLqV7obVHoMHtQwf0aY
LLuCADMtW3XnWyNzL/yKN+HpyCDMIhm98csC6HTi1gHrSCkDlV5hhwQ6QyQ1gPbu
3/XxGTyYTgjFGfY8PsMBzR8+VZDTR1edu/2+ofBgjy7FR8njcxwa4l2FrhRr3bLx
o8mtbxUY1QJE11BwpEBApXtobIptkt6b1aEjpc14nwIDAQABo1kwVzAVBgNVHREE
DjAMhwR/AAABhwSsFADPMB0GA1UdDgQWBBRKx6l7qTFRQTzjcOXH+p3ao/2vnzAf
BgNVHSMEGDAWgBQkjlg2jXlgNDIsZfxNjfNrVwyuFzANBgkqhkiG9w0BAQsFAAOC
AQEALHEYeN128jMCm02Xwig8kOJmFOs9Ih0nS5aJXyX8ClzLGPA1HLN9ljOVX9y0
dcP2VwNkenNTBJsmU1YvTedBwWGVzJ1/7fZoNQwPzjMM4cvnygvZRy73ck8b2zLg
oL+4cfNOcsdg+AWKJAcCwWU1ZzHgr5F7Ky9OKS1VfAanG0uRdCahuZoJqB05wdUH
I2PxKEcgj55DS35tVEHxvlSsn+qft85+iRdWwgwJEsnFnjI7qNlrEl9m6ZUjSX1Z
rxxn4L0SW2586BcIlj27CRvzm9n2BC51paoqvJ3u5VYQztGf/IQWdyIpjSeEZ2sN
pI7c2e0HUIu9kXg1y1Nah4AF2g==
-----END CERTIFICATE-----

28
core-os-podman/.docker/key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCgsB1v6DiYy9Rl
9n08dx3hnrKJpR2L5M8qmFCi/422dT2oCqhg5ZMuFhbo/U55IzBoqdh1FW9p9qOT
aZcU9tyCkyd3V4T6O62sCAT71r3Op9KdIUWWiqUcDvkakBtLlwHle9qPmYEwi0x1
+Lfi3+PhXxUekupXuhtUegwe1DB/Rpgsu4IAMy1bdedbI3Mv/Io34enIIMwiGb3x
ywLodOLWAetIKQOVXmGHBDpDJDWA9u7f9fEZPJhOCMUZ9jw+wwHNHz5VkNNHV527
/b6h8GCPLsVHyeNzHBriXYWuFGvdsvGjya1vFRjVAkTXUHCkQECle2hsim2S3pvV
oSOlzXifAgMBAAECggEAIjsCOlmk3N/nAkWNDjlt0ydkbzAOaEO44iEKZH6+KJU3
KjoC/olJXjL0dHOpqOKXKGSuKNsFHfSdigSfW6bu+J3ydVjeihP2fkRDE4b+biyQ
EEsLMPOeEqkZ5c+3ENY9YC6PM7IGtFmoUyVFvv3k5JjFvfqcE04hDlDljhezsRj4
2fTG5vHOC/rtVRxov5Fy2rL33+bRBKkZ3CTku2H306/3A0Qgml1/4HwzrMD9FpSM
K27tHGKKb4u4iXxpSAMvHt2uZR/DFe8n4MnIvWFTeIaYRnXwHLUAMSKhhKFOA4BU
6juksZ9quU5awKI1l0k+j+7zJP9v+HGULiK52v5XmQKBgQDiPqEQu4nP35HrslNY
hUWRZfkcqfKaT45iSeNLrB2LcWNobE52pWdhb6UUvnrzcBZGL4EKgt+wxg/idPJU
FUYgGS0tGRgsSbJ5HURpoaTz1LMgPpDYbWegZgfcbnluhrWDQ3AAUtkh53B+K/ZM
M4GaxY98C1/1Lq2ZgI9p3U11ywKBgQC10kZcluOfD23L8kZcWYQK/S/+FFuLAP1B
tG8GdsSIfKmcRPUo3UvNuGwblJodYcSSUZlAq5pyLI93L+rc81Sqp6ne3l0uELFN
xNDP0Wf/BamjEq5CerER1cjlWggxFvz7wtO1fD5g8CdLD6xlp8IUZ9fFEQFOBGiF
gCmVATZN/QKBgDDXXGYEVmft186OHLgLbU1KOlEZzynI6vAFC3CWo3oq7E7qsrWi
V4MNWxHzXQ+YrvZP4wel4SyEVYGJxZapUQ404S/PLwzAjCrhSpeTMc0BqfnYB+Tx
GWHjJOdNYiGeKyk/MbqgKAfNstdKHk2tANmstKEOw5Rmk0uEGXG9OK+pAoGAfbJX
2EysIdttwW/FerSb12j/07xJKQjPDKxrkOFsrxrXuuPlRJHwhND5U/vgq21akvj8
ZLv9su7hY7lpucQzBSOSCTRa4KzDlor4/KK9LY3Bn64bcHQXk8fi8cPTI/TLglVH
PREeoq+Dyp2URla6kpbTkTZXW5MqmxhmJs/GthUCgYA8sqcJ3wrEyUreAkFRPmHg
0g5T+TAn36bMotOVo1bcssGZ5lPdL9ovkGdCnihaA2JM2ARNr7mAjBBRnZqGMJmJ
+yQKv9crpXpgXek6T7fJL9rB1QHfNs5B5ML3zEaXXQEdVNZ2d+kVWIK0vahEKCzI
+KbMyrLmU3OK5Uw8j1BYyg==
-----END PRIVATE KEY-----

24
core-os-podman/.terraform.lock.hcl generated Normal file
View File

@@ -0,0 +1,24 @@
# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/kreuzwerker/docker" {
version = "3.6.2"
constraints = "3.6.2"
hashes = [
"h1:1K3j0xUY2D0+E+DBDQc6k1u6Al9MkuNWrIC9rnvwFSM=",
"h1:sbdKCURC0XeBU6kPVfj24w7mtZtKbuibaqxtZEZ4bjU=",
"zh:22b51a8fb63481d290bdad9a221bc8c9e45d66d1a0cd45beed3f3627bf1debd8",
"zh:2b902eb80a1ae033af1135cc165d192668820a7f8ea15beb5472f811c18bea1f",
"zh:57815dcea28aedb86ed33924cd186aaee8bd31670bd78437a2a2daf2b00ce2ae",
"zh:583af9c6fe7e3bfc04f50aec046a9b4f98b7eddd6d1e143454e5d06a66afcf87",
"zh:80f8cba54f639a53c4d7714edb7246064b7f4f48ba93a70f18c914d656d799db",
"zh:894709f0c393c4ee91fdb849128e7f0bce688f293cd1643a6d4e39c842367278",
"zh:a91b41dbcb203d6dae2bb72b98c4c21c41255026b35df01895882784c4650071",
"zh:aec40a8157aae093412a1fb9a71ab2bea370db152e285c2d81e37ed378444b9c",
"zh:b87d7def2485dde6e57723c1265158f371440a8a84954c9fdb0580cf89de66bf",
"zh:b9dc243200ad9cd00250cb8c793ecea4ee3c57a121faf8efdb289f30008b5778",
"zh:dcb103831db6d3ef95468685cd104be3928793996542a1f675dc34a2ce67951d",
"zh:e59b4a0f2b5881016896d4417b1ab2fb87f34450663efeb01f3bcf7c3606fbbb",
"zh:fbd068c01114f0712578cf02f363b5521338ab1befedddf7090da532298b43d0",
]
}

36
core-os-podman/_disabled/haproxy.tf Normal file
View File

@@ -0,0 +1,36 @@
data "docker_registry_image" "haproxy" {
name = "haproxy:latest"
}
resource "docker_image" "haproxy" {
name = data.docker_registry_image.haproxy.name
pull_triggers = [data.docker_registry_image.haproxy.sha256_digest]
}
resource "docker_container" "haproxy" {
image = docker_image.haproxy.image_id
name = "haproxy"
restart = "always"
mounts {
target = "/usr/local/etc/haproxy/haproxy.cfg"
source = "/mnt/appdata/haproxy/haproxy.cfg"
type = "bind"
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.19"
}
networks_advanced {
name = docker_network.ip6net.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

0
core-os-podman/_disabled/invidious.tf Normal file
View File

52
core-os-podman/_disabled/resilio.tf Normal file
View File

@@ -0,0 +1,52 @@
data "docker_registry_image" "resilio-sync" {
name = "lscr.io/linuxserver/resilio-sync:latest"
}
resource "docker_image" "resilio-sync" {
name = data.docker_registry_image.resilio-sync.name
pull_triggers = [data.docker_registry_image.resilio-sync.sha256_digest]
}
resource "docker_container" "resilio-sync" {
image = docker_image.resilio-sync.image_id
name = "resilio-sync"
restart = "always"
log_driver = "local"
env = [
"PUID=556",
"PGID=321",
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.18"
}
mounts {
target = "/config"
source = "/var/lib/containers/resilio"
type = "bind"
}
mounts {
target = "/sync"
source = "/mnt/datarr/resilio/sync"
type = "bind"
}
mounts {
target = "/downloads"
source = "/mnt/datarr/resilio/downloads"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

90
core-os-podman/_disabled/solidtime.tf Normal file
View File

@@ -0,0 +1,90 @@
data "docker_registry_image" "solidtime" {
name = "solidtime/solidtime:latest"
}
resource "docker_image" "solidtime" {
name = data.docker_registry_image.solidtime.name
pull_triggers = [data.docker_registry_image.solidtime.sha256_digest]
}
resource "docker_network" "solidtime" {
name = "solidtime"
}
resource "docker_container" "solidtime-app" {
image = docker_image.solidtime.image_id
name = "solidtime-app"
hostname = "solidtime"
env = [
"CONTAINER_MODE=http",
"APP_URL=https://solidtime.rescla.me",
"APP_FORCE_HTTPS=true",
"CONTAINER_MODE=worker",
"SUPER_ADMINS=solidtime@xz1.nl",
"DB_HOST=192.168.2.127",
"DB_PORT=5432",
"DB_DATABASE=solidtime",
"DB_USERNAME=solidtime",
"DB_USERNAME=solidtime",
]
mounts {
target = "app-storage:/var/www/html/storage"
source = "/var/lib/containers/solidtime"
type = "bind"
}
restart = "always"
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.17"
}
networks_advanced {
name = docker_network.solidtime.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}
resource "docker_container" "solidtime-queue" {
image = docker_image.solidtime.image_id
name = "solidtime-queue"
env = [
"WORKER_COMMAND=php /var/www/html/artisan queue:work"
]
mounts {
target = "app-storage:/var/www/html/storage"
source = "/var/lib/containers/solidtime"
type = "bind"
}
restart = "always"
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.17"
}
networks_advanced {
name = docker_network.solidtime.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

35
core-os-podman/_ollama_test/ollama.tf Normal file
View File

@@ -0,0 +1,35 @@
data "docker_registry_image" "ollama" {
name = "ollama/ollama"
}
resource "docker_image" "ollama" {
name = data.docker_registry_image.ollama.name
pull_triggers = [data.docker_registry_image.ollama.sha256_digest]
}
resource "docker_network" "ollama" {
name = "ollama"
}
resource "docker_container" "ollama" {
image = docker_image.ollama.image_id
name = "ollama"
restart = "always"
mounts {
target = "/root/.ollama"
source = "/mnt/appdata/ollama"
type = "bind"
}
networks_advanced {
name = docker_network.ollama.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

41
core-os-podman/_ollama_test/open-webui.tf Normal file
View File

@@ -0,0 +1,41 @@
data "docker_registry_image" "open-webui" {
name = "ghcr.io/open-webui/open-webui:main"
}
resource "docker_image" "open-webui" {
name = data.docker_registry_image.open-webui.name
pull_triggers = [data.docker_registry_image.open-webui.sha256_digest]
}
resource "docker_container" "open-webui" {
image = docker_image.open-webui.image_id
name = "open-webui"
restart = "always"
env = [
"OLLAMA_BASE_URL=http://ollama:11434"
]
mounts {
target = "/app/backend/data"
source = "/var/lib/containers/open-webui"
type = "bind"
}
networks_advanced {
name = docker_network.ollama.name
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.14"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

49
core-os-podman/audiobookshelf.tf Normal file
View File

@@ -0,0 +1,49 @@
data "docker_registry_image" "audiobookshelf" {
name = "ghcr.io/advplyr/audiobookshelf:latest"
}
resource "docker_image" "audiobookshelf" {
name = data.docker_registry_image.audiobookshelf.name
pull_triggers = [data.docker_registry_image.audiobookshelf.sha256_digest]
}
resource "docker_container" "audiobookshelf" {
image = docker_image.audiobookshelf.image_id
name = "audiobookshelf"
restart = "always"
log_driver = "local"
env = [
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.20"
}
mounts {
target = "/config"
source = "/var/lib/containers/audiobookshelf/config"
type = "bind"
}
mounts {
target = "/metadata"
source = "/var/lib/containers/audiobookshelf/metadata"
type = "bind"
}
volumes {
container_path = "/truenas-arr"
volume_name = docker_volume.truenas-arr.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

45
core-os-podman/configarr.tf Normal file
View File

@@ -0,0 +1,45 @@
data "docker_registry_image" "configarr" {
name = "ghcr.io/raydak-labs/configarr:latest"
}
resource "docker_image" "configarr" {
name = data.docker_registry_image.configarr.name
pull_triggers = [data.docker_registry_image.configarr.sha256_digest]
}
resource "docker_container" "configarr" {
image = docker_image.configarr.image_id
name = "configarr"
log_driver = "local"
env = [
"TZ=Europe/Amsterdam"
]
mounts {
target = "/app/config"
source = "/var/lib/containers/configarr/config"
type = "bind"
}
mounts {
target = "/app/cfs"
source = "/var/lib/containers/configarr/cfs"
type = "bind"
}
mounts {
target = "/app/templates"
source = "/var/lib/containers/configarr/templates"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

49
core-os-podman/deluge.tf Normal file
View File

@@ -0,0 +1,49 @@
data "docker_registry_image" "deluge" {
name = "linuxserver/deluge:latest"
}
resource "docker_image" "deluge" {
name = data.docker_registry_image.deluge.name
pull_triggers = [data.docker_registry_image.deluge.sha256_digest]
}
resource "docker_container" "deluge" {
image = docker_image.deluge.image_id
name = "deluge"
restart = "always"
memory = 1000
memory_swap = 1000
log_driver = "local"
env = [
"PUID=222",
"PGID=321",
"UMASK=002"
]
network_mode = "container:gluetun"
mounts {
target = "/config"
source = "/var/lib/containers/deluge"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = docker_volume.truenas-arr.name
}
depends_on = [
docker_container.gluetun
]
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

6
core-os-podman/dockerx-proxmox.bat Normal file
View File

@@ -0,0 +1,6 @@
docker ^
--tlsverify ^
-H=172.20.0.207:2375 ^
--tlscacert=.docker\ca.pem ^
--tlscert=.docker\cert.pem ^
--tlskey=.docker\key.pem %*

6
core-os-podman/dockerx-proxmox.sh Executable file
View File

@@ -0,0 +1,6 @@
docker ^
--tlsverify ^
-H=172.20.0.207:2375 ^
--tlscacert=.docker\ca.pem ^
--tlscert=.docker\cert.pem ^
--tlskey=.docker\key.pem %*

33
core-os-podman/dozzle-podman.tf Normal file
View File

@@ -0,0 +1,33 @@
data "docker_registry_image" "dozzle" {
name = "amir20/dozzle:latest"
}
resource "docker_image" "dozzle" {
name = data.docker_registry_image.dozzle.name
pull_triggers = [data.docker_registry_image.dozzle.sha256_digest]
}
resource "docker_container" "dozzle" {
image = docker_image.dozzle.image_id
name = "dozzle"
restart = "always"
mounts {
target = "/var/run/docker.sock"
source = "/var/run/docker.sock"
type = "bind"
read_only = true
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.10"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

48
core-os-podman/elasticsearch.tf Normal file
View File

@@ -0,0 +1,48 @@
data "docker_registry_image" "elasticsearch" {
name = "docker.elastic.co/elasticsearch/elasticsearch-wolfi:9.1.5"
}
resource "docker_image" "elasticsearch" {
name = data.docker_registry_image.elasticsearch.name
pull_triggers = [data.docker_registry_image.elasticsearch.sha256_digest]
}
resource "docker_container" "elasticsearch" {
image = docker_image.elasticsearch.image_id
name = "elasticsearch"
restart = "always"
memory = 5000
memory_swap = 5000
mounts {
target = "/usr/share/elasticsearch/data"
source = "/var/lib/containers/elasticsearch/data"
type = "bind"
}
# mounts {
# target = "/usr/share/elasticsearch/config"
# source = "/var/lib/containers/elasticsearch/config"
# type = "bind"
# }
mounts {
target = "/usr/share/elasticsearch/log"
source = "/var/lib/containers/elasticsearch/log"
type = "bind"
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.46"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

51
core-os-podman/fail2ban.tf Normal file
View File

@@ -0,0 +1,51 @@
data "docker_registry_image" "fail2ban" {
name = "linuxserver/fail2ban:latest"
}
resource "docker_image" "fail2ban" {
name = data.docker_registry_image.fail2ban.name
pull_triggers = [data.docker_registry_image.fail2ban.sha256_digest]
}
resource "docker_container" "fail2ban" {
image = docker_image.fail2ban.image_id
name = "fail2ban"
restart = "always"
capabilities {
add = ["CAP_NET_ADMIN", "CAP_NET_RAW"]
}
env = [
"TZ=Europe/Amsterdam",
"PUID=1000",
"PGID=1000"
]
mounts {
target = "/config"
source = "/var/lib/containers/fail2ban/config"
type = "bind"
}
mounts {
target = "/var/log"
source = "/var/log"
type = "bind"
read_only = true
}
mounts {
target = "/remotelogs/nginx"
source = "/var/lib/containers/nginx-lb/log"
type = "bind"
read_only = true
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

44
core-os-podman/freshrss.tf Normal file
View File

@@ -0,0 +1,44 @@
data "docker_registry_image" "freshrss" {
name = "freshrss/freshrss:latest"
}
resource "docker_image" "freshrss" {
name = data.docker_registry_image.freshrss.name
pull_triggers = [data.docker_registry_image.freshrss.sha256_digest]
}
resource "docker_container" "freshrss" {
image = docker_image.freshrss.image_id
name = "freshrss"
restart = "always"
env = [
"TZ=Europe/Amsterdam",
"CRON_MIN=1,31",
"OIDC_ENABLED=0",
"FRESHRSS_INSTALL=--api_enabled --base_url https://freshrss.rescla.me --db-base freshrss --db-host 192.168.3.24 --db-password utquCzXEnrjFU2BbDqYT --db-type mysql --db-user freshrss --default_user admin --language en",
"FRESHRSS_USER=--api_password CmZpTF3pUYz7rVtFrDTQ --email freshrss@xz1.nl --language en --password CmZpTF3pUYz7rVtFrDTQ --user admin"
]
mounts {
target = "/var/www/FreshRSS/data"
source = "/var/lib/containers/freshrss/data"
type = "bind"
}
mounts {
target = "/var/www/FreshRSS/extensions"
source = "/var/lib/containers/freshrss/extensions"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.45"
}
}

10
gitea.tf → core-os-podman/gitea.tf
View File

@@ -17,7 +17,7 @@ resource "docker_container" "gitea" {
env = [ env = [
"GITEA__database__DB_TYPE=mysql", "GITEA__database__DB_TYPE=mysql",
"GITEA__database__HOST=192.168.2.127:3306", "GITEA__database__HOST=192.168.3.24:3306",
"GITEA__database__NAME=gitea", "GITEA__database__NAME=gitea",
"GITEA__database__USER=gitea", "GITEA__database__USER=gitea",
"GITEA__database__PASSWD=3uM4kBGaNQDo3tsRa9Nh", "GITEA__database__PASSWD=3uM4kBGaNQDo3tsRa9Nh",
@@ -27,13 +27,13 @@ resource "docker_container" "gitea" {
mounts { mounts {
target = "/var/lib/gitea" target = "/var/lib/gitea"
source = "/share/appdata/gitea/data" source = "/var/lib/containers/gitea/data"
type = "bind" type = "bind"
} }
mounts { mounts {
target = "/etc/gitea" target = "/etc/gitea"
source = "/share/appdata/gitea/config" source = "/var/lib/containers/gitea/config"
type = "bind" type = "bind"
} }
@@ -52,7 +52,7 @@ resource "docker_container" "gitea" {
} }
networks_advanced { networks_advanced {
name = docker_network.bridge.name name = docker_network.container-public.name
ipv4_address = "192.168.2.131" ipv4_address = "192.168.3.25"
} }
} }

63
core-os-podman/gluetun.tf Normal file
View File

@@ -0,0 +1,63 @@
data "docker_registry_image" "gluetun" {
name = "qmcgaw/gluetun:latest"
}
resource "docker_image" "gluetun" {
name = data.docker_registry_image.gluetun.name
pull_triggers = [data.docker_registry_image.gluetun.sha256_digest]
}
resource "docker_container" "gluetun" {
image = docker_image.gluetun.image_id
name = "gluetun"
hostname = "proxy"
capabilities {
add = ["CAP_NET_ADMIN"]
}
env = [
"TZ=Europe/Amsterdam",
"VPN_SERVICE_PROVIDER=airvpn",
"VPN_TYPE=wireguard",
"WIREGUARD_PRIVATE_KEY=AMh4GiVDxxCv0xqUeNHW+koQAGAsC2ZrMkTc/aQJLWM=",
"WIREGUARD_PRESHARED_KEY=PI5KBRmurT3M+s9jrKQGxQXk8dMmmqLFhCFCH19ttBo=",
"WIREGUARD_ADDRESSES=10.159.242.252/32",
"FIREWALL_VPN_INPUT_PORTS=47836",
"SERVER_COUNTRIES=Netherlands",
# 8112 = Deluge
"FIREWALL_INPUT_PORTS=8112"
]
devices {
host_path = "/dev/net/tun"
container_path = "/dev/net/tun"
permissions = "rwm"
}
mounts {
target = "/gluetun/config"
source = "/var/lib/containers/gluetun"
type = "bind"
}
privileged = true
restart = "always"
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.27"
}
networks_advanced {
name = docker_network.piped.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

52
core-os-podman/goaccess.tf_disabled Normal file
View File

@@ -0,0 +1,52 @@
data "docker_registry_image" "goaccess" {
name = "allinurl/goaccess:latest"
}
resource "docker_image" "goaccess" {
name = data.docker_registry_image.goaccess.name
pull_triggers = [data.docker_registry_image.goaccess.sha256_digest]
}
resource "docker_container" "goaccess" {
image = docker_image.goaccess.image_id
name = "goaccess"
restart = "always"
command = [
"srv/logs/nginx/access.log",
"-a",
"--real-time-html",
"-p /srv/config/goaccess.conf"
]
env = [
"TZ=Europe/Amsterdam",
"PUID=1000",
"PGID=1000"
]
mounts {
target = "/srv/config/goaccess.conf"
source = "/var/lib/containers/goaccess/goaccess.conf"
type = "bind"
}
mounts {
target = "/srv/logs/nginx"
source = "/var/lib/containers/nginx-lb/log"
type = "bind"
read_only = true
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.49"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

8
grafana.tf → core-os-podman/grafana.tf
View File

@@ -13,15 +13,17 @@ resource "docker_container" "grafana" {
restart = "always" restart = "always"
user = "1000:1000"
mounts { mounts {
target = "/var/lib/grafana" target = "/var/lib/grafana"
source = "/share/appdata/grafana" source = "/var/lib/containers/grafana"
type = "bind" type = "bind"
} }
networks_advanced { networks_advanced {
name = docker_network.bridge.name name = docker_network.container-public.name
ipv4_address = "192.168.2.79" ipv4_address = "192.168.3.41"
} }
lifecycle { lifecycle {

38
core-os-podman/grocy.tf Normal file
View File

@@ -0,0 +1,38 @@
data "docker_registry_image" "grocy" {
name = "linuxserver/grocy:latest"
}
resource "docker_image" "grocy" {
name = data.docker_registry_image.grocy.name
pull_triggers = [data.docker_registry_image.grocy.sha256_digest]
}
resource "docker_container" "grocy" {
image = docker_image.grocy.image_id
name = "grocy"
restart = "always"
env = [
"TZ=Europe/Amsterdam"
]
mounts {
target = "/config"
source = "/var/lib/containers/grocy"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.38"
}
}

138
core-os-podman/hoarder.tf Normal file
View File

@@ -0,0 +1,138 @@
data "docker_registry_image" "hoarder" {
name = "ghcr.io/hoarder-app/hoarder"
}
resource "docker_image" "hoarder" {
name = data.docker_registry_image.hoarder.name
pull_triggers = [data.docker_registry_image.hoarder.sha256_digest]
}
data "docker_registry_image" "hoarder-chrome" {
name = "gcr.io/zenika-hub/alpine-chrome:latest"
}
resource "docker_image" "hoarder-chrome" {
name = data.docker_registry_image.hoarder-chrome.name
pull_triggers = [data.docker_registry_image.hoarder-chrome.sha256_digest]
}
data "docker_registry_image" "hoarder-meilisearch" {
name = "getmeili/meilisearch:v1.6"
}
resource "docker_image" "hoarder-meilisearch" {
name = data.docker_registry_image.hoarder-meilisearch.name
pull_triggers = [data.docker_registry_image.hoarder-meilisearch.sha256_digest]
}
resource "docker_network" "hoarder" {
name = "hoarder"
}
resource "docker_container" "hoarder" {
image = docker_image.hoarder.image_id
name = "hoarder"
hostname = "hoarder"
env = [
"MEILI_ADDR=http://meilisearch:7700",
"BROWSER_WEB_URL=http://chrome:9222",
"HOARDER_VERSION=release",
"NEXTAUTH_SECRET=j&natTM8L8u$&z",
"MEILI_MASTER_KEY=GM4ysMegcCoZUOrVxglbWzGJeN9O7CMWnZIaG9c_MSQ",
"NEXTAUTH_URL=https://hoarder.rescla.me",
"DATA_DIR=/data",
"ASSETS_DIR=/assets",
"DISABLE_SIGNUPS=true",
"OPENAI_API_KEY=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"
]
mounts {
target = "/data"
source = "/var/lib/containers/karakeep/data"
type = "bind"
}
mounts {
target = "/assets"
source = "/mnt/appdata/karakeep"
type = "bind"
}
restart = "always"
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.15"
}
networks_advanced {
name = docker_network.hoarder.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}
resource "docker_container" "hoarder-chrome" {
image = docker_image.hoarder-chrome.image_id
name = "hoarder-chrome"
hostname = "chrome"
command = [
"--no-sandbox",
"--disable-gpu",
"--disable-dev-shm-usage",
"--remote-debugging-address=0.0.0.0",
"--remote-debugging-port=9222",
"--hide-scrollbars"
]
restart = "always"
networks_advanced {
name = docker_network.hoarder.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}
resource "docker_container" "hoarder-meilisearch" {
image = docker_image.hoarder-meilisearch.image_id
name = "hoarder-meilisearch"
hostname = "meilisearch"
env = [
"MEILI_ADDR=http://meilisearch:7700",
"HOARDER_VERSION=release",
"NEXTAUTH_SECRET=j&natTM8L8u$&z",
"MEILI_MASTER_KEY=GM4ysMegcCoZUOrVxglbWzGJeN9O7CMWnZIaG9c_MSQ",
"NEXTAUTH_URL=https://hoarder.rescla.me",
"MEILI_NO_ANALYTICS=true"
]
restart = "always"
mounts {
target = "/meili_data"
source = "/var/lib/containers/karakeep/data-meilisearch"
type = "bind"
}
networks_advanced {
name = docker_network.hoarder.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

40
core-os-podman/homer.tf Normal file
View File

@@ -0,0 +1,40 @@
data "docker_registry_image" "homer" {
name = "b4bz/homer:latest"
}
resource "docker_image" "homer" {
name = data.docker_registry_image.homer.name
pull_triggers = [data.docker_registry_image.homer.sha256_digest]
}
resource "docker_container" "homer" {
image = docker_image.homer.image_id
name = "homer"
restart = "always"
log_driver = "local"
env = [
"PUID=1000",
"PGID=1000",
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.22"
}
mounts {
target = "/www/assets"
source = "/var/lib/containers/homer"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

64
core-os-podman/jellyfin.tf Normal file
View File

@@ -0,0 +1,64 @@
data "docker_registry_image" "jellyfin" {
name = "jellyfin/jellyfin:latest"
}
resource "docker_image" "jellyfin" {
name = data.docker_registry_image.jellyfin.name
pull_triggers = [data.docker_registry_image.jellyfin.sha256_digest]
}
resource "docker_container" "jellyfin" {
image = docker_image.jellyfin.image_id
name = "jellyfin"
restart = "always"
log_driver = "local"
env = [
"PUID=444",
"PGID=321",
"UMASK=002"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.13"
}
mounts {
target = "/config"
source = "/var/lib/containers/jellyfin/config"
type = "bind"
}
mounts {
target = "/cache"
source = "/var/lib/containers/jellyfin/cache"
type = "bind"
}
# https://wiki.servarr.com/docker-guide#Consistent_and_well_planned_paths
volumes {
container_path = "/datarr"
volume_name = docker_volume.truenas-arr.name
}
devices {
host_path = "/dev/dri/renderD128"
container_path = "/dev/dri/renderD128"
permissions = "rwm"
}
devices {
host_path = "/dev/dri/renderD129"
container_path = "/dev/dri/renderD129"
permissions = "rwm"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

38
core-os-podman/jellyseerr.tf Normal file
View File

@@ -0,0 +1,38 @@
data "docker_registry_image" "jellyseerr" {
name = "fallenbagel/jellyseerr:latest"
}
resource "docker_image" "jellyseerr" {
name = data.docker_registry_image.jellyseerr.name
pull_triggers = [data.docker_registry_image.jellyseerr.sha256_digest]
}
resource "docker_container" "jellyseerr" {
image = docker_image.jellyseerr.image_id
name = "jellyseerr"
restart = "always"
log_driver = "local"
env = [
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.37"
}
mounts {
target = "/app/config"
source = "/var/lib/containers/jellyseerr"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

45
core-os-podman/lidarr.tf Normal file
View File

@@ -0,0 +1,45 @@
data "docker_registry_image" "lidarr" {
name = "lscr.io/linuxserver/lidarr:latest"
}
resource "docker_image" "lidarr" {
name = data.docker_registry_image.lidarr.name
pull_triggers = [data.docker_registry_image.lidarr.sha256_digest]
}
resource "docker_container" "lidarr" {
image = docker_image.lidarr.image_id
name = "lidarr"
restart = "always"
log_driver = "local"
env = [
"PUID=1000",
"PGID=1000",
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.33"
}
mounts {
target = "/config"
source = "/var/lib/containers/lidarr"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = docker_volume.truenas-arr.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

76
core-os-podman/malla.tf Normal file
View File

@@ -0,0 +1,76 @@
data "docker_registry_image" "malla" {
name = "ghcr.io/zenitram/malla:latest"
}
resource "docker_image" "malla" {
name = data.docker_registry_image.malla.name
pull_triggers = [data.docker_registry_image.malla.sha256_digest]
}
resource "docker_container" "malla-capture" {
image = docker_image.malla.image_id
name = "malla-capture"
restart = "always"
command = ["/app/.venv/bin/malla-capture"]
env = [
"MALLA_SECRET_KEY=GDESl5REQFGDGXCq7EDkwwwlGC5szJlvTMedTom6ILCuPX1Di6V3JUw8BHSZj6xM",
"MALLA_MQTT_BROKER_ADDRESS=mqtt.meshnet.nl",
# "MALLA_MQTT_BROKER_ADDRESS=mqtt.meshtastic.org",
"MALLA_MQTT_PORT=1883",
"MALLA_MQTT_USERNAME=downlink",
"MALLA_MQTT_PASSWORD=mq!Down!1nk",
"MALLA_DATABASE_FILE=/app/data/meshtastic_history.db"
]
mounts {
target = "/app/data"
source = "/var/lib/containers/malla"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}
resource "docker_container" "malla-web" {
image = docker_image.malla.image_id
name = "malla-web"
restart = "always"
env = [
"MALLA_SECRET_KEY=GDESl5REQFGDGXCq7EDkwwwlGC5szJlvTMedTom6ILCuPX1Di6V3JUw8BHSZj6xM",
"MALLA_MQTT_BROKER_ADDRESS=mqtt.meshnet.nl",
"MALLA_MQTT_PORT=8883",
"MALLA_MQTT_USERNAME=boreft",
"MALLA_MQTT_PASSWORD=meshboreft",
"MALLA_DATABASE_FILE=/app/data/meshtastic_history.db"
]
command = ["/app/.venv/bin/malla-web-gunicorn"]
mounts {
target = "/app/data"
source = "/var/lib/containers/malla"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.50"
}
}

23
mariadb.tf → core-os-podman/mariadb.tf
View File

@@ -1,5 +1,5 @@
data "docker_registry_image" "mariadb" { data "docker_registry_image" "mariadb" {
name = "mariadb:10.6" name = "mariadb:11.4"
} }
resource "docker_image" "mariadb" { resource "docker_image" "mariadb" {
@@ -7,29 +7,28 @@ resource "docker_image" "mariadb" {
pull_triggers = [data.docker_registry_image.mariadb.sha256_digest] pull_triggers = [data.docker_registry_image.mariadb.sha256_digest]
} }
resource "docker_network" "mariadb" {
name = "mariadb"
}
resource "docker_container" "mariadb" { resource "docker_container" "mariadb" {
image = docker_image.mariadb.image_id image = docker_image.mariadb.image_id
name = "mariadb" name = "mariadb"
memory = 5000
memory_swap = 5000
mounts { mounts {
target = "/var/lib/mysql" target = "/var/lib/mysql"
source = "/share/appdata/mariadb" source = "/var/lib/containers/mariadb"
type = "bind" type = "bind"
} }
env = [
"MARIADB_AUTO_UPGRADE=true"
]
restart = "always" restart = "always"
networks_advanced { networks_advanced {
name = docker_network.mariadb.name name = docker_network.container-public.name
} ipv4_address = "192.168.3.24"
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.127"
} }
lifecycle { lifecycle {

48
core-os-podman/mealie.tf Normal file
View File

@@ -0,0 +1,48 @@
data "docker_registry_image" "mealie" {
name = "ghcr.io/mealie-recipes/mealie:v3.1.2"
}
resource "docker_image" "mealie" {
name = data.docker_registry_image.mealie.name
pull_triggers = [data.docker_registry_image.mealie.sha256_digest]
}
resource "docker_container" "mealie" {
image = docker_image.mealie.image_id
name = "mealie"
restart = "always"
memory = 1000
memory_swap = 1000
env = [
"ALLOW_SIGNUP=false",
"TZ=Europe/Amsterdam",
"PUID=1000",
"PGID=1000",
"BASE_URL=https://mealie.rescla.me",
"SMTP_HOST=mail.smtp2go.com",
"SMTP_FROM_EMAIL=mealie@xz1.nl",
"SMTP_USER=mealie@xz1.nl",
"SMTP_PASSWORD=VDHnraVWlA2P1Hbu"
]
mounts {
target = "/app/data"
source = "/var/lib/containers/mealie"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.39"
}
}

39
core-os-podman/memos.tf Normal file
View File

@@ -0,0 +1,39 @@
data "docker_registry_image" "memos" {
name = "neosmemo/memos:stable"
}
resource "docker_image" "memos" {
name = data.docker_registry_image.memos.name
pull_triggers = [data.docker_registry_image.memos.sha256_digest]
}
resource "docker_container" "memos" {
image = docker_image.memos.image_id
name = "memos"
restart = "always"
log_driver = "local"
env = [
"MEMOS_MODE=prod",
"MEMOS_PORT=80"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.40"
}
mounts {
target = "/var/opt/memos"
source = "/var/lib/containers/memos"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

28
core-os-podman/meshtastic.tf Normal file
View File

@@ -0,0 +1,28 @@
data "docker_registry_image" "meshtastic" {
name = "ghcr.io/meshtastic/web:latest"
}
resource "docker_image" "meshtastic" {
name = data.docker_registry_image.meshtastic.name
pull_triggers = [data.docker_registry_image.meshtastic.sha256_digest]
}
resource "docker_container" "meshtastic" {
image = docker_image.meshtastic.image_id
name = "meshtastic"
restart = "always"
log_driver = "local"
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.44"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

47
core-os-podman/navidrome.tf Normal file
View File

@@ -0,0 +1,47 @@
data "docker_registry_image" "navidrome" {
name = "deluan/navidrome:latest"
}
resource "docker_image" "navidrome" {
name = data.docker_registry_image.navidrome.name
pull_triggers = [data.docker_registry_image.navidrome.sha256_digest]
}
resource "docker_container" "navidrome" {
image = docker_image.navidrome.image_id
name = "navidrome"
restart = "always"
log_driver = "local"
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.16"
}
mounts {
target = "/data"
source = "/var/lib/containers/navidrome"
type = "bind"
}
mounts {
target = "/music/datarr"
source = "/mnt/datarr/media/music"
type = "bind"
}
mounts {
target = "/music/appdata"
source = "/mnt/appdata/navidrome/music"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

69
core-os-podman/nginx-lb.tf Normal file
View File

@@ -0,0 +1,69 @@
data "docker_registry_image" "nginx-lb" {
name = "jonasal/nginx-certbot:latest"
}
resource "docker_image" "nginx-lb" {
name = data.docker_registry_image.nginx-lb.name
pull_triggers = [data.docker_registry_image.nginx-lb.sha256_digest]
}
resource "docker_network" "nginx-lb" {
name = "nginx-lb"
}
resource "docker_container" "nginx-lb" {
image = docker_image.nginx-lb.image_id
name = "nginx-lb"
env = [
"CERTBOT_EMAIL=letsencrypt@xz1.nl"
]
mounts {
target = "/etc/nginx/nginx.conf"
source = "/var/lib/containers/nginx-lb/nginx.conf"
type = "bind"
}
mounts {
target = "/etc/nginx/config"
source = "/var/lib/containers/nginx-lb/conf"
type = "bind"
}
mounts {
target = "/etc/nginx/user_conf.d"
source = "/var/lib/containers/nginx-lb/user_conf.d"
type = "bind"
}
mounts {
target = "/etc/letsencrypt"
source = "/var/lib/containers/nginx-lb/secrets"
type = "bind"
}
mounts {
target = "/var/log/nginx"
source = "/var/lib/containers/nginx-lb/log"
type = "bind"
}
restart = "always"
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.29"
}
networks_advanced {
name = docker_network.nginx-lb.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

9
node-red.tf → core-os-podman/node-red.tf
View File

@@ -11,9 +11,12 @@ resource "docker_container" "node-red" {
image = docker_image.node-red.image_id image = docker_image.node-red.image_id
name = "node-red" name = "node-red"
memory = 1000
memory_swap = 1000
mounts { mounts {
target = "/data" target = "/data"
source = "/share/appdata/node-red" source = "/var/lib/containers/node-red"
type = "bind" type = "bind"
} }
@@ -24,8 +27,8 @@ resource "docker_container" "node-red" {
restart = "always" restart = "always"
networks_advanced { networks_advanced {
name = docker_network.bridge.name name = docker_network.container-public.name
ipv4_address = "192.168.2.124" ipv4_address = "192.168.3.21"
} }
lifecycle { lifecycle {

61
core-os-podman/ntfy.tf Normal file
View File

@@ -0,0 +1,61 @@
data "docker_registry_image" "ntfy" {
name = "binwiederhier/ntfy"
}
resource "docker_image" "ntfy" {
name = data.docker_registry_image.ntfy.name
pull_triggers = [data.docker_registry_image.ntfy.sha256_digest]
}
resource "docker_container" "ntfy" {
image = docker_image.ntfy.image_id
name = "ntfy"
restart = "always"
env = [
"TZ=Europe/Amsterdam"
]
user = "1000:1000"
command = ["serve"]
mounts {
target = "/etc/ntfy/server.yml"
source = "/var/lib/containers/ntfy/server.yml"
type = "bind"
read_only = true
}
mounts {
target = "/etc/ntfy/templates"
source = "/var/lib/containers/ntfy/templates"
type = "bind"
read_only = true
}
mounts {
target = "/var/cache/ntfy"
source = "/var/lib/containers/ntfy/cache"
type = "bind"
}
mounts {
target = "/var/lib/ntfy/auth"
source = "/var/lib/containers/ntfy/auth"
type = "bind"
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.51"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

2
ofelia.tf → core-os-podman/ofelia.tf
View File

@@ -23,7 +23,7 @@ resource "docker_container" "ofelia" {
mounts { mounts {
target = "/etc/ofelia" target = "/etc/ofelia"
source = "/share/appdata/ofelia" source = "/var/lib/containers/ofelia"
type = "bind" type = "bind"
} }

50
core-os-podman/photoprism-tineke.tf Normal file
View File

@@ -0,0 +1,50 @@
resource "docker_container" "photoprism-tineke" {
image = docker_image.photoprism.image_id
name = "photoprism-tineke"
restart = "always"
memory = 10000
memory_swap = 10000
env = [
"PHOTOPRISM_UPLOAD_NSFW=true",
"PHOTOPRISM_ADMIN_PASSWORD=pyjm73tM%UPa8B5t5zhWX*F",
"PHOTOPRISM_HTTP_HOSTNAME=photoprism-tineke.rescla.me",
"PHOTOPRISM_HTTP_HOST=192.168.3.11",
"PHOTOPRISM_DISABLE_TLS=true",
"PHOTOPRISM_DATABASE_DRIVER=mysql",
"PHOTOPRISM_DATABASE_SERVER=192.168.3.24",
"PHOTOPRISM_DATABASE_NAME=photoprism_tineke",
"PHOTOPRISM_DATABASE_USER=photoprism",
"PHOTOPRISM_DATABASE_PASSWORD=YL43KVRekqUjbgPLGzz",
"PHOTOPRISM_AUTO_IMPORT=60"
]
volumes {
container_path = "/photoprism/originals"
volume_name = "truenas-photoprism-tineke-originals"
}
volumes {
container_path = "/photoprism/import"
volume_name = "truenas-photoprism-tineke-import"
}
volumes {
container_path = "/photoprism/storage"
volume_name = "truenas-photoprism-tineke-data"
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.11"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

59
core-os-podman/photoprism.tf Normal file
View File

@@ -0,0 +1,59 @@
data "docker_registry_image" "photoprism" {
name = "photoprism/photoprism:latest"
}
resource "docker_image" "photoprism" {
name = data.docker_registry_image.photoprism.name
pull_triggers = [data.docker_registry_image.photoprism.sha256_digest]
}
resource "docker_container" "photoprism" {
image = docker_image.photoprism.image_id
name = "photoprism"
restart = "always"
memory = 10000
memory_swap = 10000
env = [
"PHOTOPRISM_UPLOAD_NSFW=true",
"PHOTOPRISM_ADMIN_PASSWORD=UAmpojHADcS5aB",
"PHOTOPRISM_HTTP_HOSTNAME=photoprism.rescla.me",
"PHOTOPRISM_HTTP_HOST=192.168.3.12",
"PHOTOPRISM_DISABLE_TLS=true",
"PHOTOPRISM_DATABASE_DRIVER=mysql",
"PHOTOPRISM_DATABASE_SERVER=192.168.3.24",
"PHOTOPRISM_DATABASE_NAME=photoprism",
"PHOTOPRISM_DATABASE_USER=photoprism",
"PHOTOPRISM_DATABASE_PASSWORD=YL43KVRekqUjbgPLGzz",
"PHOTOPRISM_AUTO_IMPORT=60"
]
volumes {
container_path = "/photoprism/originals"
volume_name = "truenas-photoprism-originals"
}
volumes {
container_path = "/photoprism/import"
volume_name = "truenas-photoprism-import"
}
volumes {
container_path = "/photoprism/storage"
volume_name = "truenas-photoprism-data"
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.12"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

144
core-os-podman/piped.tf Normal file
View File

@@ -0,0 +1,144 @@
data "docker_registry_image" "piped-backend" {
name = "1337kavin/piped:latest"
}
data "docker_registry_image" "piped-frontend" {
name = "1337kavin/piped-frontend:latest"
}
data "docker_registry_image" "piped-proxy" {
name = "1337kavin/piped-proxy:latest"
}
data "docker_registry_image" "piped-bg-helper" {
name = "1337kavin/bg-helper-server:latest"
}
resource "docker_image" "piped-backend" {
name = data.docker_registry_image.piped-backend.name
pull_triggers = [data.docker_registry_image.piped-backend.sha256_digest]
}
resource "docker_image" "piped-frontend" {
name = data.docker_registry_image.piped-frontend.name
pull_triggers = [data.docker_registry_image.piped-frontend.sha256_digest]
}
resource "docker_image" "piped-proxy" {
name = data.docker_registry_image.piped-proxy.name
pull_triggers = [data.docker_registry_image.piped-proxy.sha256_digest]
}
resource "docker_image" "piped-bg-helper" {
name = data.docker_registry_image.piped-bg-helper.name
pull_triggers = [data.docker_registry_image.piped-bg-helper.sha256_digest]
}
resource "docker_network" "piped" {
name = "piped"
}
resource "docker_container" "piped-backend" {
image = docker_image.piped-backend.image_id
name = "piped-backend"
hostname = "piped-backend"
restart = "always"
memory = 1000
memory_swap = 1000
log_driver = "local"
networks_advanced {
name = docker_network.nginx-lb.name
}
networks_advanced {
name = docker_network.piped.name
}
depends_on = [
docker_container.gluetun,
docker_container.postgres
]
mounts {
target = "/app/config.properties"
source = "/var/lib/containers/piped/config.properties"
type = "bind"
read_only = true
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}
resource "docker_container" "piped-frontend" {
image = docker_image.piped-frontend.image_id
name = "piped-frontend"
hostname = "piped-frontend"
restart = "always"
log_driver = "local"
env = [
"BACKEND_HOSTNAME=piped-api.rescla.me"
]
networks_advanced {
name = docker_network.nginx-lb.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}
resource "docker_container" "piped-proxy" {
image = docker_image.piped-proxy.image_id
name = "piped-proxy"
hostname = "piped-proxy"
restart = "always"
log_driver = "local"
networks_advanced {
name = docker_network.nginx-lb.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}
resource "docker_container" "piped-bg-helper" {
image = docker_image.piped-bg-helper.image_id
name = "piped-bg-helper"
restart = "always"
log_driver = "local"
networks_advanced {
name = docker_network.piped.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

49
core-os-podman/postgres.tf Normal file
View File

@@ -0,0 +1,49 @@
data "docker_registry_image" "postgres" {
name = "pgautoupgrade/pgautoupgrade:16-alpine"
}
resource "docker_image" "postgres" {
name = data.docker_registry_image.postgres.name
pull_triggers = [data.docker_registry_image.postgres.sha256_digest]
}
resource "docker_container" "postgres" {
image = docker_image.postgres.image_id
name = "postgres"
hostname = "postgres"
restart = "always"
memory = 1000
memory_swap = 1000
log_driver = "local"
env = [
"POSTGRES_DB=piped",
"POSTGRES_USER=piped",
"POSTGRES_PASSWORD=YDoVrAXCxim%lOK8^"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.43"
}
networks_advanced {
name = docker_network.piped.name
}
mounts {
target = "/var/lib/postgresql/data"
source = "/var/lib/containers/postgres/data"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

20
prometheus.tf → core-os-podman/prometheus.tf
View File

@@ -11,25 +11,33 @@ resource "docker_container" "prometheus" {
image = docker_image.prometheus.image_id image = docker_image.prometheus.image_id
name = "prometheus" name = "prometheus"
command = ["--config.file=/etc/prometheus/prometheus.yml","--storage.tsdb.path=/prometheus", "--web.console.libraries=/usr/share/prometheus/console_libraries","--web.console.templates=/usr/share/prometheus/consoles", "--storage.tsdb.retention.time=2y"] command = [
"--config.file=/etc/prometheus/prometheus.yml",
"--storage.tsdb.path=/prometheus",
"--web.console.libraries=/usr/share/prometheus/console_libraries",
"--web.console.templates=/usr/share/prometheus/consoles",
"--storage.tsdb.retention.time=5y"
]
user = "1000:1000"
mounts { mounts {
target = "/etc/prometheus" target = "/etc/prometheus/prometheus.yml"
source = "/share/appdata/prometheus/config" source = "/var/lib/containers/prometheus/config/prometheus.yml"
type = "bind" type = "bind"
} }
mounts { mounts {
target = "/prometheus" target = "/prometheus"
source = "/share/appdata/prometheus/data" source = "/var/lib/containers/prometheus/data"
type = "bind" type = "bind"
} }
restart = "always" restart = "always"
networks_advanced { networks_advanced {
name = docker_network.bridge.name name = docker_network.container-public.name
ipv4_address = "192.168.2.80" ipv4_address = "192.168.3.42"
} }
lifecycle { lifecycle {

41
core-os-podman/prowlarr.tf Normal file
View File

@@ -0,0 +1,41 @@
data "docker_registry_image" "prowlarr" {
name = "ghcr.io/hotio/prowlarr:latest"
}
resource "docker_image" "prowlarr" {
name = data.docker_registry_image.prowlarr.name
pull_triggers = [data.docker_registry_image.prowlarr.sha256_digest]
}
resource "docker_container" "prowlarr" {
image = docker_image.prowlarr.image_id
name = "prowlarr"
restart = "always"
log_driver = "local"
env = [
"PUID=666",
"PGID=321",
"UMASK=002",
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.34"
}
mounts {
target = "/config"
source = "/var/lib/containers/prowlarr"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

127
core-os-podman/proxmox_100_podman.tf Normal file
View File

@@ -0,0 +1,127 @@
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "3.6.2"
}
}
}
provider "docker" {
# host = "tcp://127.0.0.1:3000"
host = "tcp://172.20.0.207:2375"
cert_path = pathexpand(".docker")
registry_auth {
address = "gitea.rescla.me"
username = "rescla"
password = "9c84612c4b053e2ec663cde03da730b6a01304e8"
}
}
resource "docker_network" "container-public" {
name = "container-public"
ipam_config {
subnet = "192.168.3.0/24"
gateway = "192.168.3.1"
ip_range = "192.168.3.128/25"
}
}
resource "docker_network" "ipv6-slaac" {
name = "ipv6-slaac"
ipv6 = true
ipam_config {
aux_address = {}
gateway = "192.168.48.1"
subnet = "192.168.48.0/20"
}
ipam_config {
aux_address = {}
subnet = "2a02:a470:b12a:2::/64"
gateway = "2a02:a470:b12a:2::1"
}
}
resource "docker_network" "ip6net" {
name = "ipv6net"
ipv6 = true
ipam_config {
aux_address = {}
gateway = "192.168.64.1"
subnet = "192.168.64.0/20"
}
ipam_config {
aux_address = {}
subnet = "2001:db8::/64"
gateway = "2001:db8::1"
}
}
resource "docker_volume" "truenas-photoprism-originals" {
name = "truenas-photoprism-originals"
driver_opts = {
type = "cifs",
device = "//172.20.0.188/photoprism-originals"
o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
}
}
resource "docker_volume" "truenas-photoprism-import" {
name = "truenas-photoprism-import"
driver_opts = {
type = "cifs",
device = "//172.20.0.188/photoprism-import"
o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
}
}
resource "docker_volume" "truenas-photoprism-data" {
name = "truenas-photoprism-data"
driver_opts = {
type = "cifs",
device = "//172.20.0.188/photoprism-data"
o = "username=photoprism,password=V3i77MWeoM^XpugwG%6,uid=2000,gid=2000"
}
}
resource "docker_volume" "truenas-photoprism-timeke-originals" {
name = "truenas-photoprism-tineke-originals"
driver_opts = {
type = "cifs",
device = "//172.20.0.188/photoprism-tineke-originals"
o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
}
}
resource "docker_volume" "truenas-photoprism-tineke-import" {
name = "truenas-photoprism-tineke-import"
driver_opts = {
type = "cifs",
device = "//172.20.0.188/photoprism-tineke-import"
o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
}
}
resource "docker_volume" "truenas-photoprism-tineke-data" {
name = "truenas-photoprism-tineke-data"
driver_opts = {
type = "cifs",
device = "//172.20.0.188/photoprism-tineke-data"
o = "username=photoprism,password=V3i77MWeoM^XpugwG%6,uid=2000,gid=2000"
}
}
resource "docker_volume" "truenas-arr" {
name = "truenas-arr"
driver_opts = {
type = "cifs",
device = "//172.20.0.188/arr-media"
o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
}
}

45
core-os-podman/radarr.tf Normal file
View File

@@ -0,0 +1,45 @@
data "docker_registry_image" "radarr" {
name = "ghcr.io/hotio/radarr:latest"
}
resource "docker_image" "radarr" {
name = data.docker_registry_image.radarr.name
pull_triggers = [data.docker_registry_image.radarr.sha256_digest]
}
resource "docker_container" "radarr" {
image = docker_image.radarr.image_id
name = "radarr"
restart = "always"
log_driver = "local"
env = [
"PUID=333",
"PGID=321",
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.35"
}
mounts {
target = "/config"
source = "/var/lib/containers/radarr"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = docker_volume.truenas-arr.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

48
core-os-podman/readme.md Normal file
View File

@@ -0,0 +1,48 @@
# Update docker ipv4 network
Stop all pods
```
docker stop $(docker ps -a -q)
```
Remove network
`docker network rm container-public`
create new network
```
docker network create -d macvlan \
--subnet=192.168.3.0/24 \
--gateway=192.168.3.1 \
--ip-range=192.168.3.128/25 \
-o parent=ens19 \
container-public
```
Rest tofu
```
tofu state rm docker_network.container-public
tofu import docker_network.container-public 276dec3b3e8d82e465c2e47b5c8d8ccb439c608c5665094a3735849e7b8b9742
```
# Update docker ipv6 network
Cleanup
```
docker stop $(docker ps -a -q)
docker network rm ipv6-slaac
```
Initialize
```
docker network create -d ipvlan \
--subnet=2a02:a470:b12a:2::/64 \
--ipv6 \
-o parent=ens19 \
-o ipvlan_mode=l2 \
ipv6-slaac
```
Tofu
```
tofu state rm docker_network.ipv6-slaac
tofu import docker_network.ipv6-slaac d3b368472fb140224858725c8b5ba88ede8f6666464d3b05ffc957415404b3a3
```

46
core-os-podman/ripe-atlas.tf Normal file
View File

@@ -0,0 +1,46 @@
data "docker_registry_image" "ripe-atlas" {
name = "jamesits/ripe-atlas:latest"
}
resource "docker_image" "ripe-atlas" {
name = data.docker_registry_image.ripe-atlas.name
pull_triggers = [data.docker_registry_image.ripe-atlas.sha256_digest]
}
resource "docker_container" "ripe-atlas" {
image = docker_image.ripe-atlas.image_id
name = "ripe-atlas"
restart = "always"
log_driver = "local"
mounts {
target = "/etc/ripe-atlas"
source = "/var/lib/containers/atlas-probe/etc"
type = "bind"
}
mounts {
target = "/run/ripe-atlas"
source = "/var/lib/containers/atlas-probe/run"
type = "bind"
}
mounts {
target = "/var/spool/ripe-atlas"
source = "/var/lib/containers/atlas-probe/spool"
type = "bind"
}
capabilities {
drop = ["ALL"]
add = ["CAP_CHOWN", "CAP_SETUID", "CAP_SETGID", "CAP_DAC_OVERRIDE", "CAP_NET_RAW", "CAP_KILL", "CAP_FOWNER"]
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

36
core-os-podman/rssbridge.tf Normal file
View File

@@ -0,0 +1,36 @@
data "docker_registry_image" "rssbridge" {
name = "rssbridge/rss-bridge:latest"
}
resource "docker_image" "rssbridge" {
name = data.docker_registry_image.rssbridge.name
pull_triggers = [data.docker_registry_image.rssbridge.sha256_digest]
}
resource "docker_container" "rssbridge" {
image = docker_image.rssbridge.image_id
name = "rssbridge"
restart = "always"
env = [
"TZ=Europe/Amsterdam"
]
mounts {
target = "/config"
source = "/var/lib/containers/rssbridge"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.47"
}
}

48
core-os-podman/sabnzdb.tf Normal file
View File

@@ -0,0 +1,48 @@
data "docker_registry_image" "sabnzdb" {
name = "ghcr.io/hotio/sabnzbd:latest"
}
resource "docker_image" "sabnzdb" {
name = data.docker_registry_image.sabnzdb.name
pull_triggers = [data.docker_registry_image.sabnzdb.sha256_digest]
}
resource "docker_container" "sabnzdb" {
image = docker_image.sabnzdb.image_id
name = "sabnzdb"
restart = "always"
log_driver = "local"
env = [
"PUID=555",
"PGID=321",
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.32"
}
mounts {
target = "/config"
source = "/var/lib/containers/sabnzdb"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = docker_volume.truenas-arr.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

87
core-os-podman/searxng.tf Normal file
View File

@@ -0,0 +1,87 @@
data "docker_registry_image" "searxng" {
name = "searxng/searxng:latest"
}
data "docker_registry_image" "searxng-valkey" {
name = "valkey/valkey:9"
}
resource "docker_image" "searxng" {
name = data.docker_registry_image.searxng.name
pull_triggers = [data.docker_registry_image.searxng.sha256_digest]
}
resource "docker_image" "searxng-valkey" {
name = data.docker_registry_image.searxng-valkey.name
pull_triggers = [data.docker_registry_image.searxng-valkey.sha256_digest]
}
resource "docker_network" "searxng" {
name = "searxng"
}
resource "docker_container" "searxng-valkey" {
image = docker_image.searxng-valkey.image_id
name = "searxng-valkey"
restart = "always"
hostname = "valkey"
command = ["valkey-server", "--save 30 1", "--loglevel warning"]
mounts {
target = "/data"
source = "/var/lib/containers/searxng/valkey-data"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.searxng.name
}
}
resource "docker_container" "searxng" {
image = docker_image.searxng.image_id
name = "searxng"
restart = "always"
env = [
"TZ=Europe/Amsterdam",
"SEARXNG_HOSTNAME=search.rescla.me"
]
mounts {
target = "/var/cache/searxng"
source = "/var/lib/containers/searxng/searxng-data"
type = "bind"
}
mounts {
target = "/etc/searxng"
source = "/var/lib/containers/searxng/data"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.52"
}
networks_advanced {
name = docker_network.searxng.name
}
}

10
smokeping.tf → core-os-podman/smokeping.tf
View File

@@ -20,23 +20,25 @@ resource "docker_container" "smokeping" {
mounts { mounts {
target = "/config" target = "/config"
source = "/share/appdata/smokeping/config" source = "/var/lib/containers/smokeping/config"
type = "bind" type = "bind"
} }
mounts { mounts {
target = "/data" target = "/data"
source = "/share/appdata/smokeping/data" source = "/var/lib/containers/smokeping/data"
type = "bind" type = "bind"
} }
restart = "always" restart = "always"
networks_advanced { networks_advanced {
name = docker_network.bridge.name name = docker_network.container-public.name
ipv4_address = "192.168.2.126" ipv4_address = "192.168.3.26"
} }
dns = ["172.20.0.0"]
lifecycle { lifecycle {
ignore_changes = [ ignore_changes = [
ulimit, ulimit,

45
core-os-podman/sonarr.tf Normal file
View File

@@ -0,0 +1,45 @@
data "docker_registry_image" "sonarr" {
name = "ghcr.io/hotio/sonarr:latest"
}
resource "docker_image" "sonarr" {
name = data.docker_registry_image.sonarr.name
pull_triggers = [data.docker_registry_image.sonarr.sha256_digest]
}
resource "docker_container" "sonarr" {
image = docker_image.sonarr.image_id
name = "sonarr"
restart = "always"
log_driver = "local"
env = [
"PUID=111",
"PGID=321",
"TZ=Europe/Amsterdam"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.36"
}
mounts {
target = "/config"
source = "/var/lib/containers/sonarr"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = docker_volume.truenas-arr.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

50
core-os-podman/synapse.tf Normal file
View File

@@ -0,0 +1,50 @@
/**
Running for the first time:
docker run -it --rm \
--mount type=bind,src=/var/lib/containers/synapse,dst=/data \
-e SYNAPSE_SERVER_NAME=matrix.rescla.me \
-e SYNAPSE_REPORT_STATS=no \
ghcr.io/element-hq/synapse:latest generate
*/
data "docker_registry_image" "synapse" {
name = "ghcr.io/element-hq/synapse:latest"
}
resource "docker_image" "synapse" {
name = data.docker_registry_image.synapse.name
pull_triggers = [data.docker_registry_image.synapse.sha256_digest]
}
resource "docker_container" "synapse" {
image = docker_image.synapse.image_id
name = "synapse"
restart = "always"
depends_on = [docker_container.postgres]
env = [
"TZ=Europe/Amsterdam"
]
mounts {
target = "/data"
source = "/var/lib/containers/synapse"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.48"
}
}

1
core-os-podman/terraform.tfstate Normal file
View File

File diff suppressed because one or more lines are too long

1
core-os-podman/terraform.tfstate.1745528648.backup Normal file
View File

File diff suppressed because one or more lines are too long

1
core-os-podman/terraform.tfstate.1745529679.backup Normal file
View File

File diff suppressed because one or more lines are too long

Some files were not shown because too many files have changed in this diff Show More