rescla/qnap-containers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rescla:7ea67d2cf03169e2aee307d5c7ff6db9cb599fd4
Branches Tags
rescla:main
...
compare: rescla:main
Branches Tags
rescla:main

39 Commits
7ea67d2cf0 ... main

Author SHA1 Message Date
Rescla
30d3f07340 Updates 2025-12-04 09:37:03 +01:00
Rescla
bb82b4730e Updates 2025-11-25 10:37:17 +01:00
Rescla
b5945e7532 Get malla back on meshnet 2025-11-17 14:58:17 +01:00
Marc Fokkert
95e2febd70 Updates 2025-11-17 11:14:26 +01:00
Marc Fokkert
c179cb1245 Updates 
Add Yamtrack
 2025-11-15 13:55:52 +01:00
Marc Fokkert
0eed6b7f3f Update 2025-11-14 07:45:53 +01:00
Rescla
0c50dbd35a Updates 2025-11-13 13:30:22 +01:00
Marc Fokkert
d07b1ece64 Update 2025-11-06 21:11:45 +01:00
Rescla
7eab1f11f0 Add searxng 
Updates
 2025-11-05 16:42:56 +01:00
Marc Fokkert
7053059053 Update 2025-11-01 21:18:58 +01:00
Rescla
cebde1aa76 Updates 
Add ripe-atlas probe
 2025-10-29 13:45:43 +01:00
Marc Fokkert
c9817d5b20 Update 2025-10-26 08:29:44 +01:00
Rescla
693a57aa93 Add local Malla instance 2025-10-24 11:09:30 +02:00
Rescla
db50dda2f1 Updates 2025-10-20 16:42:00 +02:00
Rescla
e4f652b6e2 Update 2025-10-17 17:15:06 +02:00
Rescla
49c37db596 Update 2025-10-17 15:11:29 +02:00
Marc Fokkert
b4f22f54d0 Update 2025-10-17 14:59:25 +02:00
Marc Fokkert
8c149a4b38 WIP 2025-10-17 14:58:05 +02:00
Rescla
d1298973a2 Add synapse 2025-10-17 14:57:09 +02:00
Marc Fokkert
195a16cbe1 updates 2025-10-14 10:34:31 +02:00
Marc Fokkert
01f8549149 updates 2025-10-11 13:50:29 +02:00
Marc Fokkert
1f9026ef32 updates 2025-10-06 21:54:06 +02:00
Marc Fokkert
d0bc3c7af3 Updates, add meshtastic 2025-10-01 13:50:37 +02:00
Marc Fokkert
29a4cc4ee8 Updates 2025-09-30 13:13:17 +02:00
Marc Fokkert
6900f9ad0c Updates 2025-09-23 08:37:10 +02:00
Marc Fokkert
f69e1b60a6 Updates 2025-09-23 08:36:37 +02:00
Marc Fokkert
c4b51117c6 Updates 2025-09-16 11:00:13 +02:00
Marc Fokkert
9a5969e129 Updates, add piped 2025-09-15 10:58:33 +02:00
Marc Fokkert
8d2a5c5494 Updates 2025-09-11 08:26:07 +02:00
Marc Fokkert
995332e672 Updates 2025-09-07 11:30:11 +02:00
Marc Fokkert
c1bc782361 Updates 2025-09-02 10:04:07 +02:00
Marc Fokkert
ef08e991f2 Updates 2025-09-02 08:15:00 +02:00
Marc Fokkert
7b140dd002 Add some new services 2025-09-01 14:45:25 +02:00
Marc Fokkert
29cfb698d2 Add memos 2025-09-01 13:55:58 +02:00
Marc Fokkert
1c1aaa1d71 Move jellyseerr 2025-08-31 11:58:11 +02:00
Marc Fokkert
bbf82974ac Move arrs 2025-08-31 11:48:50 +02:00
Marc Fokkert
6fb5b7da0f Move unifi, uptime kuma and sabnzdb 2025-08-31 10:52:57 +02:00
Marc Fokkert
46a9677551 Disable some services 
Move vikunja, ofellia and nginx-lb to microos
 2025-08-31 08:45:51 +02:00
Marc Fokkert
5c7f056376 Disable some services 
Move deluge to microos
 2025-08-31 08:21:50 +02:00
53 changed files with 1045 additions and 85 deletions
Expand all files Collapse all files

0
autobrr.tf → _disabled/autobrr.tf
View File

0
bazarr.tf → _disabled/bazarr.tf
View File

0
freshrss.tf → _disabled/freshrss.tf
View File

0
globalping.tf → _disabled/globalping.tf
View File

0
pihole.tf → _disabled/pihole.tf
View File

0
readarr.tf → _disabled/readarr.tf
View File

0
redis.tf → _disabled/redis.tf
View File

0
rssbridge.tf → _disabled/rssbridge.tf
View File

0
syncthing.tf → _disabled/syncthing.tf
View File

0
whisper-asr.tf → _disabled/whisper-asr.tf
View File

0
wireguard.tf → _disabled/wireguard.tf
View File

1
core-os-podman/.terraform.lock.hcl generated
View File

@@ -6,6 +6,7 @@ provider "registry.opentofu.org/kreuzwerker/docker" {
constraints = "3.6.2"
hashes = [
"h1:1K3j0xUY2D0+E+DBDQc6k1u6Al9MkuNWrIC9rnvwFSM=",
"h1:sbdKCURC0XeBU6kPVfj24w7mtZtKbuibaqxtZEZ4bjU=",
"zh:22b51a8fb63481d290bdad9a221bc8c9e45d66d1a0cd45beed3f3627bf1debd8",
"zh:2b902eb80a1ae033af1135cc165d192668820a7f8ea15beb5472f811c18bea1f",
"zh:57815dcea28aedb86ed33924cd186aaee8bd31670bd78437a2a2daf2b00ce2ae",

7
configarr.tf → core-os-podman/configarr.tf
View File

@@ -10,7 +10,6 @@ resource "docker_image" "configarr" {
resource "docker_container" "configarr" {
image = docker_image.configarr.image_id
name = "configarr"
# restart = "always"
log_driver = "local"
@@ -20,20 +19,20 @@ resource "docker_container" "configarr" {
mounts {
target = "/app/config"
source = "/share/appdata/configarr/config"
source = "/var/lib/containers/configarr/config"
type = "bind"
}
mounts {
target = "/app/cfs"
source = "/share/appdata/configarr/cfs"
source = "/var/lib/containers/configarr/cfs"
type = "bind"
}
mounts {
target = "/app/templates"
source = "/share/appdata/configarr/templates"
source = "/var/lib/containers/configarr/templates"
type = "bind"
}

16
deluge.tf → core-os-podman/deluge.tf
View File

@@ -12,6 +12,9 @@ resource "docker_container" "deluge" {
name = "deluge"
restart = "always"
memory = 1000
memory_swap = 1000
log_driver = "local"
env = [
@@ -20,26 +23,17 @@ resource "docker_container" "deluge" {
"UMASK=002"
]
# networks_advanced {
# name = docker_network.bridge.name
# ipv4_address = "192.168.2.137"
# }
#
# networks_advanced {
# name = docker_network.gluetun.name
# }
network_mode = "container:gluetun"
mounts {
target = "/config"
source = "/share/appdata/deluge"
source = "/var/lib/containers/deluge"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = "truenas-arr"
volume_name = docker_volume.truenas-arr.name
}
depends_on = [

48
core-os-podman/elasticsearch.tf Normal file
View File

@@ -0,0 +1,48 @@
data "docker_registry_image" "elasticsearch" {
name = "docker.elastic.co/elasticsearch/elasticsearch-wolfi:9.1.5"
}
resource "docker_image" "elasticsearch" {
name = data.docker_registry_image.elasticsearch.name
pull_triggers = [data.docker_registry_image.elasticsearch.sha256_digest]
}
resource "docker_container" "elasticsearch" {
image = docker_image.elasticsearch.image_id
name = "elasticsearch"
restart = "always"
memory = 5000
memory_swap = 5000
mounts {
target = "/usr/share/elasticsearch/data"
source = "/var/lib/containers/elasticsearch/data"
type = "bind"
}
# mounts {
# target = "/usr/share/elasticsearch/config"
# source = "/var/lib/containers/elasticsearch/config"
# type = "bind"
# }
mounts {
target = "/usr/share/elasticsearch/log"
source = "/var/lib/containers/elasticsearch/log"
type = "bind"
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.46"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

51
core-os-podman/fail2ban.tf Normal file
View File

@@ -0,0 +1,51 @@
data "docker_registry_image" "fail2ban" {
name = "linuxserver/fail2ban:latest"
}
resource "docker_image" "fail2ban" {
name = data.docker_registry_image.fail2ban.name
pull_triggers = [data.docker_registry_image.fail2ban.sha256_digest]
}
resource "docker_container" "fail2ban" {
image = docker_image.fail2ban.image_id
name = "fail2ban"
restart = "always"
capabilities {
add = ["CAP_NET_ADMIN", "CAP_NET_RAW"]
}
env = [
"TZ=Europe/Amsterdam",
"PUID=1000",
"PGID=1000"
]
mounts {
target = "/config"
source = "/var/lib/containers/fail2ban/config"
type = "bind"
}
mounts {
target = "/var/log"
source = "/var/log"
type = "bind"
read_only = true
}
mounts {
target = "/remotelogs/nginx"
source = "/var/lib/containers/nginx-lb/log"
type = "bind"
read_only = true
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

44
core-os-podman/freshrss.tf Normal file
View File

@@ -0,0 +1,44 @@
data "docker_registry_image" "freshrss" {
name = "freshrss/freshrss:latest"
}
resource "docker_image" "freshrss" {
name = data.docker_registry_image.freshrss.name
pull_triggers = [data.docker_registry_image.freshrss.sha256_digest]
}
resource "docker_container" "freshrss" {
image = docker_image.freshrss.image_id
name = "freshrss"
restart = "always"
env = [
"TZ=Europe/Amsterdam",
"CRON_MIN=1,31",
"OIDC_ENABLED=0",
"FRESHRSS_INSTALL=--api_enabled --base_url https://freshrss.rescla.me --db-base freshrss --db-host 192.168.3.24 --db-password utquCzXEnrjFU2BbDqYT --db-type mysql --db-user freshrss --default_user admin --language en",
"FRESHRSS_USER=--api_password CmZpTF3pUYz7rVtFrDTQ --email freshrss@xz1.nl --language en --password CmZpTF3pUYz7rVtFrDTQ --user admin"
]
mounts {
target = "/var/www/FreshRSS/data"
source = "/var/lib/containers/freshrss/data"
type = "bind"
}
mounts {
target = "/var/www/FreshRSS/extensions"
source = "/var/lib/containers/freshrss/extensions"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.45"
}
}

14
gluetun.tf → core-os-podman/gluetun.tf
View File

@@ -13,7 +13,7 @@ resource "docker_container" "gluetun" {
hostname = "proxy"
capabilities {
add = ["NET_ADMIN"]
add = ["CAP_NET_ADMIN"]
}
env = [
@@ -25,6 +25,8 @@ resource "docker_container" "gluetun" {
"WIREGUARD_ADDRESSES=10.159.242.252/32",
"FIREWALL_VPN_INPUT_PORTS=47836",
"SERVER_COUNTRIES=Netherlands",
# 8112 = Deluge
"FIREWALL_INPUT_PORTS=8112"
]
@@ -36,7 +38,7 @@ resource "docker_container" "gluetun" {
mounts {
target = "/gluetun/config"
source = "/share/appdata/gluetun"
source = "/var/lib/containers/gluetun"
type = "bind"
}
@@ -44,8 +46,12 @@ resource "docker_container" "gluetun" {
restart = "always"
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.137"
name = docker_network.container-public.name
ipv4_address = "192.168.3.27"
}
networks_advanced {
name = docker_network.piped.name
}
lifecycle {

52
core-os-podman/goaccess.tf_disabled Normal file
View File

@@ -0,0 +1,52 @@
data "docker_registry_image" "goaccess" {
name = "allinurl/goaccess:latest"
}
resource "docker_image" "goaccess" {
name = data.docker_registry_image.goaccess.name
pull_triggers = [data.docker_registry_image.goaccess.sha256_digest]
}
resource "docker_container" "goaccess" {
image = docker_image.goaccess.image_id
name = "goaccess"
restart = "always"
command = [
"srv/logs/nginx/access.log",
"-a",
"--real-time-html",
"-p /srv/config/goaccess.conf"
]
env = [
"TZ=Europe/Amsterdam",
"PUID=1000",
"PGID=1000"
]
mounts {
target = "/srv/config/goaccess.conf"
source = "/var/lib/containers/goaccess/goaccess.conf"
type = "bind"
}
mounts {
target = "/srv/logs/nginx"
source = "/var/lib/containers/nginx-lb/log"
type = "bind"
read_only = true
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.49"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

8
grafana.tf → core-os-podman/grafana.tf
View File

@@ -13,15 +13,17 @@ resource "docker_container" "grafana" {
restart = "always"
user = "1000:1000"
mounts {
target = "/var/lib/grafana"
source = "/share/appdata/grafana"
source = "/var/lib/containers/grafana"
type = "bind"
}
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.79"
name = docker_network.container-public.name
ipv4_address = "192.168.3.41"
}
lifecycle {

16
grocy.tf → core-os-podman/grocy.tf
View File

@@ -20,11 +20,10 @@ resource "docker_container" "grocy" {
mounts {
target = "/config"
source = "/share/appdata/grocy"
source = "/var/lib/containers/grocy"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
@@ -33,16 +32,7 @@ resource "docker_container" "grocy" {
}
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.142"
}
networks_advanced {
name = docker_network.grocy.name
name = docker_network.container-public.name
ipv4_address = "192.168.3.38"
}
}
resource "docker_network" "grocy" {
name = "grocy"
}

6
jellyseerr.tf → core-os-podman/jellyseerr.tf
View File

@@ -19,13 +19,13 @@ resource "docker_container" "jellyseerr" {
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.135"
name = docker_network.container-public.name
ipv4_address = "192.168.3.37"
}
mounts {
target = "/app/config"
source = "/share/appdata/jellyseerr"
source = "/var/lib/containers/jellyseerr"
type = "bind"
}

8
lidarr.tf → core-os-podman/lidarr.tf
View File

@@ -21,19 +21,19 @@ resource "docker_container" "lidarr" {
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.154"
name = docker_network.container-public.name
ipv4_address = "192.168.3.33"
}
mounts {
target = "/config"
source = "/share/appdata/lidarr"
source = "/var/lib/containers/lidarr"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = "truenas-arr"
volume_name = docker_volume.truenas-arr.name
}
lifecycle {

76
core-os-podman/malla.tf Normal file
View File

@@ -0,0 +1,76 @@
data "docker_registry_image" "malla" {
name = "ghcr.io/zenitram/malla:latest"
}
resource "docker_image" "malla" {
name = data.docker_registry_image.malla.name
pull_triggers = [data.docker_registry_image.malla.sha256_digest]
}
resource "docker_container" "malla-capture" {
image = docker_image.malla.image_id
name = "malla-capture"
restart = "always"
command = ["/app/.venv/bin/malla-capture"]
env = [
"MALLA_SECRET_KEY=GDESl5REQFGDGXCq7EDkwwwlGC5szJlvTMedTom6ILCuPX1Di6V3JUw8BHSZj6xM",
"MALLA_MQTT_BROKER_ADDRESS=mqtt.meshnet.nl",
# "MALLA_MQTT_BROKER_ADDRESS=mqtt.meshtastic.org",
"MALLA_MQTT_PORT=1883",
"MALLA_MQTT_USERNAME=downlink",
"MALLA_MQTT_PASSWORD=mq!Down!1nk",
"MALLA_DATABASE_FILE=/app/data/meshtastic_history.db"
]
mounts {
target = "/app/data"
source = "/var/lib/containers/malla"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}
resource "docker_container" "malla-web" {
image = docker_image.malla.image_id
name = "malla-web"
restart = "always"
env = [
"MALLA_SECRET_KEY=GDESl5REQFGDGXCq7EDkwwwlGC5szJlvTMedTom6ILCuPX1Di6V3JUw8BHSZj6xM",
"MALLA_MQTT_BROKER_ADDRESS=mqtt.meshnet.nl",
"MALLA_MQTT_PORT=8883",
"MALLA_MQTT_USERNAME=boreft",
"MALLA_MQTT_PASSWORD=meshboreft",
"MALLA_DATABASE_FILE=/app/data/meshtastic_history.db"
]
command = ["/app/.venv/bin/malla-web-gunicorn"]
mounts {
target = "/app/data"
source = "/var/lib/containers/malla"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.50"
}
}

3
core-os-podman/mariadb.tf
View File

@@ -11,6 +11,9 @@ resource "docker_container" "mariadb" {
image = docker_image.mariadb.image_id
name = "mariadb"
memory = 5000
memory_swap = 5000
mounts {
target = "/var/lib/mysql"
source = "/var/lib/containers/mariadb"

48
core-os-podman/mealie.tf Normal file
View File

@@ -0,0 +1,48 @@
data "docker_registry_image" "mealie" {
name = "ghcr.io/mealie-recipes/mealie:v3.1.2"
}
resource "docker_image" "mealie" {
name = data.docker_registry_image.mealie.name
pull_triggers = [data.docker_registry_image.mealie.sha256_digest]
}
resource "docker_container" "mealie" {
image = docker_image.mealie.image_id
name = "mealie"
restart = "always"
memory = 1000
memory_swap = 1000
env = [
"ALLOW_SIGNUP=false",
"TZ=Europe/Amsterdam",
"PUID=1000",
"PGID=1000",
"BASE_URL=https://mealie.rescla.me",
"SMTP_HOST=mail.smtp2go.com",
"SMTP_FROM_EMAIL=mealie@xz1.nl",
"SMTP_USER=mealie@xz1.nl",
"SMTP_PASSWORD=VDHnraVWlA2P1Hbu"
]
mounts {
target = "/app/data"
source = "/var/lib/containers/mealie"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.39"
}
}

39
core-os-podman/memos.tf Normal file
View File

@@ -0,0 +1,39 @@
data "docker_registry_image" "memos" {
name = "neosmemo/memos:stable"
}
resource "docker_image" "memos" {
name = data.docker_registry_image.memos.name
pull_triggers = [data.docker_registry_image.memos.sha256_digest]
}
resource "docker_container" "memos" {
image = docker_image.memos.image_id
name = "memos"
restart = "always"
log_driver = "local"
env = [
"MEMOS_MODE=prod",
"MEMOS_PORT=80"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.40"
}
mounts {
target = "/var/opt/memos"
source = "/var/lib/containers/memos"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

28
core-os-podman/meshtastic.tf Normal file
View File

@@ -0,0 +1,28 @@
data "docker_registry_image" "meshtastic" {
name = "ghcr.io/meshtastic/web:latest"
}
resource "docker_image" "meshtastic" {
name = data.docker_registry_image.meshtastic.name
pull_triggers = [data.docker_registry_image.meshtastic.sha256_digest]
}
resource "docker_container" "meshtastic" {
image = docker_image.meshtastic.image_id
name = "meshtastic"
restart = "always"
log_driver = "local"
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.44"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

25
nginx-lb.tf → core-os-podman/nginx-lb.tf
View File

@@ -21,34 +21,43 @@ resource "docker_container" "nginx-lb" {
mounts {
target = "/etc/nginx/nginx.conf"
source = "/share/appdata/nginx-lb/nginx.conf"
source = "/var/lib/containers/nginx-lb/nginx.conf"
type = "bind"
}
mounts {
target = "/etc/nginx/config"
source = "/share/appdata/nginx-lb/conf"
source = "/var/lib/containers/nginx-lb/conf"
type = "bind"
}
mounts {
target = "/etc/nginx/user_conf.d"
source = "/share/appdata/nginx-lb/user_conf.d"
source = "/var/lib/containers/nginx-lb/user_conf.d"
type = "bind"
}
mounts {
target = "/etc/letsencrypt"
source = "/var/lib/containers/nginx-lb/secrets"
type = "bind"
}
mounts {
target = "/etc/letsencrypt"
source = "/share/appdata/nginx-lb/secrets"
target = "/var/log/nginx"
source = "/var/lib/containers/nginx-lb/log"
type = "bind"
}
restart = "always"
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.115"
name = docker_network.container-public.name
ipv4_address = "192.168.3.29"
}
networks_advanced {
name = docker_network.nginx-lb.name
}
lifecycle {

3
core-os-podman/node-red.tf
View File

@@ -11,6 +11,9 @@ resource "docker_container" "node-red" {
image = docker_image.node-red.image_id
name = "node-red"
memory = 1000
memory_swap = 1000
mounts {
target = "/data"
source = "/var/lib/containers/node-red"

61
core-os-podman/ntfy.tf Normal file
View File

@@ -0,0 +1,61 @@
data "docker_registry_image" "ntfy" {
name = "binwiederhier/ntfy"
}
resource "docker_image" "ntfy" {
name = data.docker_registry_image.ntfy.name
pull_triggers = [data.docker_registry_image.ntfy.sha256_digest]
}
resource "docker_container" "ntfy" {
image = docker_image.ntfy.image_id
name = "ntfy"
restart = "always"
env = [
"TZ=Europe/Amsterdam"
]
user = "1000:1000"
command = ["serve"]
mounts {
target = "/etc/ntfy/server.yml"
source = "/var/lib/containers/ntfy/server.yml"
type = "bind"
read_only = true
}
mounts {
target = "/etc/ntfy/templates"
source = "/var/lib/containers/ntfy/templates"
type = "bind"
read_only = true
}
mounts {
target = "/var/cache/ntfy"
source = "/var/lib/containers/ntfy/cache"
type = "bind"
}
mounts {
target = "/var/lib/ntfy/auth"
source = "/var/lib/containers/ntfy/auth"
type = "bind"
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.51"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

2
ofelia.tf → core-os-podman/ofelia.tf
View File

@@ -23,7 +23,7 @@ resource "docker_container" "ofelia" {
mounts {
target = "/etc/ofelia"
source = "/share/appdata/ofelia"
source = "/var/lib/containers/ofelia"
type = "bind"
}

3
core-os-podman/photoprism-tineke.tf
View File

@@ -4,6 +4,9 @@ resource "docker_container" "photoprism-tineke" {
restart = "always"
memory = 10000
memory_swap = 10000
env = [
"PHOTOPRISM_UPLOAD_NSFW=true",
"PHOTOPRISM_ADMIN_PASSWORD=pyjm73tM%UPa8B5t5zhWX*F",

3
core-os-podman/photoprism.tf
View File

@@ -13,6 +13,9 @@ resource "docker_container" "photoprism" {
restart = "always"
memory = 10000
memory_swap = 10000
env = [
"PHOTOPRISM_UPLOAD_NSFW=true",
"PHOTOPRISM_ADMIN_PASSWORD=UAmpojHADcS5aB",

144
core-os-podman/piped.tf Normal file
View File

@@ -0,0 +1,144 @@
data "docker_registry_image" "piped-backend" {
name = "1337kavin/piped:latest"
}
data "docker_registry_image" "piped-frontend" {
name = "1337kavin/piped-frontend:latest"
}
data "docker_registry_image" "piped-proxy" {
name = "1337kavin/piped-proxy:latest"
}
data "docker_registry_image" "piped-bg-helper" {
name = "1337kavin/bg-helper-server:latest"
}
resource "docker_image" "piped-backend" {
name = data.docker_registry_image.piped-backend.name
pull_triggers = [data.docker_registry_image.piped-backend.sha256_digest]
}
resource "docker_image" "piped-frontend" {
name = data.docker_registry_image.piped-frontend.name
pull_triggers = [data.docker_registry_image.piped-frontend.sha256_digest]
}
resource "docker_image" "piped-proxy" {
name = data.docker_registry_image.piped-proxy.name
pull_triggers = [data.docker_registry_image.piped-proxy.sha256_digest]
}
resource "docker_image" "piped-bg-helper" {
name = data.docker_registry_image.piped-bg-helper.name
pull_triggers = [data.docker_registry_image.piped-bg-helper.sha256_digest]
}
resource "docker_network" "piped" {
name = "piped"
}
resource "docker_container" "piped-backend" {
image = docker_image.piped-backend.image_id
name = "piped-backend"
hostname = "piped-backend"
restart = "always"
memory = 1000
memory_swap = 1000
log_driver = "local"
networks_advanced {
name = docker_network.nginx-lb.name
}
networks_advanced {
name = docker_network.piped.name
}
depends_on = [
docker_container.gluetun,
docker_container.postgres
]
mounts {
target = "/app/config.properties"
source = "/var/lib/containers/piped/config.properties"
type = "bind"
read_only = true
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}
resource "docker_container" "piped-frontend" {
image = docker_image.piped-frontend.image_id
name = "piped-frontend"
hostname = "piped-frontend"
restart = "always"
log_driver = "local"
env = [
"BACKEND_HOSTNAME=piped-api.rescla.me"
]
networks_advanced {
name = docker_network.nginx-lb.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}
resource "docker_container" "piped-proxy" {
image = docker_image.piped-proxy.image_id
name = "piped-proxy"
hostname = "piped-proxy"
restart = "always"
log_driver = "local"
networks_advanced {
name = docker_network.nginx-lb.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}
resource "docker_container" "piped-bg-helper" {
image = docker_image.piped-bg-helper.image_id
name = "piped-bg-helper"
restart = "always"
log_driver = "local"
networks_advanced {
name = docker_network.piped.name
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

49
core-os-podman/postgres.tf Normal file
View File

@@ -0,0 +1,49 @@
data "docker_registry_image" "postgres" {
name = "pgautoupgrade/pgautoupgrade:16-alpine"
}
resource "docker_image" "postgres" {
name = data.docker_registry_image.postgres.name
pull_triggers = [data.docker_registry_image.postgres.sha256_digest]
}
resource "docker_container" "postgres" {
image = docker_image.postgres.image_id
name = "postgres"
hostname = "postgres"
restart = "always"
memory = 1000
memory_swap = 1000
log_driver = "local"
env = [
"POSTGRES_DB=piped",
"POSTGRES_USER=piped",
"POSTGRES_PASSWORD=YDoVrAXCxim%lOK8^"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.43"
}
networks_advanced {
name = docker_network.piped.name
}
mounts {
target = "/var/lib/postgresql/data"
source = "/var/lib/containers/postgres/data"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

20
prometheus.tf → core-os-podman/prometheus.tf
View File

@@ -11,25 +11,33 @@ resource "docker_container" "prometheus" {
image = docker_image.prometheus.image_id
name = "prometheus"
command = ["--config.file=/etc/prometheus/prometheus.yml","--storage.tsdb.path=/prometheus", "--web.console.libraries=/usr/share/prometheus/console_libraries","--web.console.templates=/usr/share/prometheus/consoles", "--storage.tsdb.retention.time=2y"]
command = [
"--config.file=/etc/prometheus/prometheus.yml",
"--storage.tsdb.path=/prometheus",
"--web.console.libraries=/usr/share/prometheus/console_libraries",
"--web.console.templates=/usr/share/prometheus/consoles",
"--storage.tsdb.retention.time=5y"
]
user = "1000:1000"
mounts {
target = "/etc/prometheus"
source = "/share/appdata/prometheus/config"
target = "/etc/prometheus/prometheus.yml"
source = "/var/lib/containers/prometheus/config/prometheus.yml"
type = "bind"
}
mounts {
target = "/prometheus"
source = "/share/appdata/prometheus/data"
source = "/var/lib/containers/prometheus/data"
type = "bind"
}
restart = "always"
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.80"
name = docker_network.container-public.name
ipv4_address = "192.168.3.42"
}
lifecycle {

6
prowlarr.tf → core-os-podman/prowlarr.tf
View File

@@ -22,13 +22,13 @@ resource "docker_container" "prowlarr" {
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.141"
name = docker_network.container-public.name
ipv4_address = "192.168.3.34"
}
mounts {
target = "/config"
source = "/share/appdata/prowlarr"
source = "/var/lib/containers/prowlarr"
type = "bind"
}

8
radarr.tf → core-os-podman/radarr.tf
View File

@@ -21,19 +21,19 @@ resource "docker_container" "radarr" {
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.138"
name = docker_network.container-public.name
ipv4_address = "192.168.3.35"
}
mounts {
target = "/config"
source = "/share/appdata/radarr"
source = "/var/lib/containers/radarr"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = "truenas-arr"
volume_name = docker_volume.truenas-arr.name
}
lifecycle {

46
core-os-podman/ripe-atlas.tf Normal file
View File

@@ -0,0 +1,46 @@
data "docker_registry_image" "ripe-atlas" {
name = "jamesits/ripe-atlas:latest"
}
resource "docker_image" "ripe-atlas" {
name = data.docker_registry_image.ripe-atlas.name
pull_triggers = [data.docker_registry_image.ripe-atlas.sha256_digest]
}
resource "docker_container" "ripe-atlas" {
image = docker_image.ripe-atlas.image_id
name = "ripe-atlas"
restart = "always"
log_driver = "local"
mounts {
target = "/etc/ripe-atlas"
source = "/var/lib/containers/atlas-probe/etc"
type = "bind"
}
mounts {
target = "/run/ripe-atlas"
source = "/var/lib/containers/atlas-probe/run"
type = "bind"
}
mounts {
target = "/var/spool/ripe-atlas"
source = "/var/lib/containers/atlas-probe/spool"
type = "bind"
}
capabilities {
drop = ["ALL"]
add = ["CAP_CHOWN", "CAP_SETUID", "CAP_SETGID", "CAP_DAC_OVERRIDE", "CAP_NET_RAW", "CAP_KILL", "CAP_FOWNER"]
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

36
core-os-podman/rssbridge.tf Normal file
View File

@@ -0,0 +1,36 @@
data "docker_registry_image" "rssbridge" {
name = "rssbridge/rss-bridge:latest"
}
resource "docker_image" "rssbridge" {
name = data.docker_registry_image.rssbridge.name
pull_triggers = [data.docker_registry_image.rssbridge.sha256_digest]
}
resource "docker_container" "rssbridge" {
image = docker_image.rssbridge.image_id
name = "rssbridge"
restart = "always"
env = [
"TZ=Europe/Amsterdam"
]
mounts {
target = "/config"
source = "/var/lib/containers/rssbridge"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.47"
}
}

8
sabnzdb.tf → core-os-podman/sabnzdb.tf
View File

@@ -22,19 +22,19 @@ resource "docker_container" "sabnzdb" {
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.140"
name = docker_network.container-public.name
ipv4_address = "192.168.3.32"
}
mounts {
target = "/config"
source = "/share/appdata/sabnzdb"
source = "/var/lib/containers/sabnzdb"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = "truenas-arr"
volume_name = docker_volume.truenas-arr.name
}
lifecycle {

87
core-os-podman/searxng.tf Normal file
View File

@@ -0,0 +1,87 @@
data "docker_registry_image" "searxng" {
name = "searxng/searxng:latest"
}
data "docker_registry_image" "searxng-valkey" {
name = "valkey/valkey:9"
}
resource "docker_image" "searxng" {
name = data.docker_registry_image.searxng.name
pull_triggers = [data.docker_registry_image.searxng.sha256_digest]
}
resource "docker_image" "searxng-valkey" {
name = data.docker_registry_image.searxng-valkey.name
pull_triggers = [data.docker_registry_image.searxng-valkey.sha256_digest]
}
resource "docker_network" "searxng" {
name = "searxng"
}
resource "docker_container" "searxng-valkey" {
image = docker_image.searxng-valkey.image_id
name = "searxng-valkey"
restart = "always"
hostname = "valkey"
command = ["valkey-server", "--save 30 1", "--loglevel warning"]
mounts {
target = "/data"
source = "/var/lib/containers/searxng/valkey-data"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.searxng.name
}
}
resource "docker_container" "searxng" {
image = docker_image.searxng.image_id
name = "searxng"
restart = "always"
env = [
"TZ=Europe/Amsterdam",
"SEARXNG_HOSTNAME=search.rescla.me"
]
mounts {
target = "/var/cache/searxng"
source = "/var/lib/containers/searxng/searxng-data"
type = "bind"
}
mounts {
target = "/etc/searxng"
source = "/var/lib/containers/searxng/data"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.52"
}
networks_advanced {
name = docker_network.searxng.name
}
}

8
sonarr.tf → core-os-podman/sonarr.tf
View File

@@ -21,19 +21,19 @@ resource "docker_container" "sonarr" {
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.136"
name = docker_network.container-public.name
ipv4_address = "192.168.3.36"
}
mounts {
target = "/config"
source = "/share/appdata/sonarr"
source = "/var/lib/containers/sonarr"
type = "bind"
}
volumes {
container_path = "/data"
volume_name = "truenas-arr"
volume_name = docker_volume.truenas-arr.name
}
lifecycle {

50
core-os-podman/synapse.tf Normal file
View File

@@ -0,0 +1,50 @@
/**
Running for the first time:
docker run -it --rm \
--mount type=bind,src=/var/lib/containers/synapse,dst=/data \
-e SYNAPSE_SERVER_NAME=matrix.rescla.me \
-e SYNAPSE_REPORT_STATS=no \
ghcr.io/element-hq/synapse:latest generate
*/
data "docker_registry_image" "synapse" {
name = "ghcr.io/element-hq/synapse:latest"
}
resource "docker_image" "synapse" {
name = data.docker_registry_image.synapse.name
pull_triggers = [data.docker_registry_image.synapse.sha256_digest]
}
resource "docker_container" "synapse" {
image = docker_image.synapse.image_id
name = "synapse"
restart = "always"
depends_on = [docker_container.postgres]
env = [
"TZ=Europe/Amsterdam"
]
mounts {
target = "/data"
source = "/var/lib/containers/synapse"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.48"
}
}

2
core-os-podman/terraform.tfstate
View File

File diff suppressed because one or more lines are too long

2
core-os-podman/terraform.tfstate.backup
View File

File diff suppressed because one or more lines are too long

9
unifi.tf → core-os-podman/unifi.tf
View File

@@ -11,17 +11,20 @@ resource "docker_container" "unifi" {
image = docker_image.unifi.image_id
name = "unifi"
memory = 3000
memory_swap = 3000
mounts {
target = "/unifi"
source = "/share/appdata/unifi"
source = "/var/lib/containers/unifi"
type = "bind"
}
restart = "always"
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.67"
name = docker_network.container-public.name
ipv4_address = "192.168.3.30"
}
lifecycle {

6
uptime-kuma.tf → core-os-podman/uptime-kuma.tf
View File

@@ -15,13 +15,13 @@ resource "docker_container" "uptime-kuma" {
mounts {
target = "/app/data"
source = "/share/appdata/uptime-kuma"
source = "/var/lib/containers/uptime-kuma"
type = "bind"
}
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.133"
name = docker_network.container-public.name
ipv4_address = "192.168.3.31"
}
lifecycle {

6
vikunja.tf → core-os-podman/vikunja.tf
View File

@@ -33,13 +33,13 @@ resource "docker_container" "vikunja" {
]
networks_advanced {
name = docker_network.bridge.name
ipv4_address = "192.168.2.143"
name = docker_network.container-public.name
ipv4_address = "192.168.3.28"
}
mounts {
target = "/files"
source = "/share/appdata/vikunja"
source = "/var/lib/containers/vikunja"
type = "bind"
}

77
core-os-podman/yamtrack.tf Normal file
View File

@@ -0,0 +1,77 @@
data "docker_registry_image" "yamtrack" {
name = "ghcr.io/fuzzygrim/yamtrack"
}
data "docker_registry_image" "yamtrack-redis" {
name = "redis:7-alpine"
}
resource "docker_image" "yamtrack" {
name = data.docker_registry_image.yamtrack.name
pull_triggers = [data.docker_registry_image.yamtrack.sha256_digest]
}
resource "docker_image" "yamtrack-redis" {
name = data.docker_registry_image.yamtrack-redis.name
pull_triggers = [data.docker_registry_image.yamtrack-redis.sha256_digest]
}
resource "docker_network" "yamtrack" {
name = "yamtrack"
}
resource "docker_container" "yamtrack-redis" {
image = docker_image.yamtrack-redis.image_id
name = "yamtrack-redis"
restart = "always"
hostname = "redis"
log_driver = "local"
mounts {
target = "/data"
source = "/var/lib/containers/yamtrack/data"
type = "bind"
}
networks_advanced {
name = docker_network.yamtrack.name
}
}
resource "docker_container" "yamtrack" {
image = docker_image.yamtrack.image_id
name = "yamtrack"
restart = "always"
log_driver = "local"
env = [
"TZ=Europe/Amsterdam",
"SECRET=dx43FYAAD1ZULJ1G0&8*hP6A5!rzXSB7Z0B9DdRlBwlgsv2W2CToekYP6UNdnUv2",
"REDIS_URL=redis://redis:6379"
]
networks_advanced {
name = docker_network.container-public.name
ipv4_address = "192.168.3.53"
}
networks_advanced {
name = docker_network.yamtrack.name
}
mounts {
target = "/yamtrack/db"
source = "/var/lib/containers/yamtrack/db"
type = "bind"
}
lifecycle {
ignore_changes = [
ulimit,
log_opts
]
}
}

2
terraform.tfstate
View File

File diff suppressed because one or more lines are too long

2
terraform.tfstate.backup
View File

File diff suppressed because one or more lines are too long