KrzysztofC/server_config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Inicjalizacja repozytorium po uporządkowaniu Gitea; dodanie gitignore

Browse Source
This commit is contained in:
root
2026-03-17 23:41:37 +01:00
commit 5e72233730
22 changed files with 631 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.gitignore vendored Normal file
View File

@@ -0,0 +1,11 @@
# Omijamy ciężkie dane, żeby nie wrzucać do Gita baz danych, logów i plików wynikowych
*/data/
*/logs/
*/volumes/
*/certs/
*/letsencrypt/
*/media/
**/*.db
**/*.db.old
**/*.tar.gz
**/*.tar.gz.sig

8
authentik/.env Normal file
View File

@@ -0,0 +1,8 @@
PG_PASS=KmIN0VBVvwALVUh7q5ZsMSsi2Y8Cj3Kv
AUTHENTIK_SECRET_KEY=ffk6hAoOwp6VEFW2xWFcErP83Ch4uchm
COMPOSE_PORT_HTTP=9000
COMPOSE_PORT_HTTPS=9443
AUTHENTIK_ERROR_REPORTING__ENABLED=true
AUTHENTIK_POSTGRES__HOST=postgresql
AUTHENTIK_REDIS__HOST=redis

117
authentik/docker-compose.yml Normal file
View File

@@ -0,0 +1,117 @@
name: authentik
services:
postgresql:
image: postgres:16-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- database:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${PG_PASS}
POSTGRES_USER: authentik
POSTGRES_DB: authentik
env_file:
- .env
networks:
- default
redis:
image: redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- redis:/data
networks:
- default
server:
image: ghcr.io/goauthentik/server:2024.12
restart: unless-stopped
command: server
environment:
# WERSJA 1 (Standardowa)
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRES__HOST: postgresql
AUTHENTIK_POSTGRES__USER: authentik
AUTHENTIK_POSTGRES__NAME: authentik
AUTHENTIK_POSTGRES__PASSWORD: ${PG_PASS}
# WERSJA 2 (Alternatywna - z 'L' na końcu)
# Jeśli aplikacja ignoruje wersję wyżej, to ta zadziała
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_POSTGRESQL__PORT: 5432
volumes:
- ./media:/media
- ./custom-templates:/templates
env_file:
- .env
ports:
- "${COMPOSE_PORT_HTTP:-9000}:9000"
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
- central_dogma
- default
worker:
image: ghcr.io/goauthentik/server:2024.12
restart: unless-stopped
command: worker
environment:
# Podajemy oba warianty dla pewności
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRES__HOST: postgresql
AUTHENTIK_POSTGRES__USER: authentik
AUTHENTIK_POSTGRES__NAME: authentik
AUTHENTIK_POSTGRES__PASSWORD: ${PG_PASS}
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: authentik
AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_POSTGRESQL__PORT: 5432
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
env_file:
- .env
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
- central_dogma
- default
volumes:
database:
driver: local
redis:
driver: local
networks:
central_dogma:
external: true

18
filebrowser/compose.yaml Normal file
View File

@@ -0,0 +1,18 @@
services:
filebrowser:
image: filebrowser/filebrowser
container_name: filebrowser
user: 0:0
ports:
- "1234:80"
volumes:
- /mnt/second_disk:/srv
- ./filebrowser.db:/database.db
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- central_dogma
networks:
central_dogma:
external: true

4
gitea/.env Normal file
View File

@@ -0,0 +1,4 @@
DB_PASSWORD=899fa3aa3cf344b6659b256b1f16be8b
GITEA_DOMAIN=gitea.example.com
GITEA_URL=https://gitea.example.com/
RUNNER_TOKEN=4fLWQRGyi2Pv2VCrzFLWz6TFgElbrslz0hMjg4p5

25
gitea/compose-db.yml Normal file
View File

@@ -0,0 +1,25 @@
networks:
central_dogma:
external: true
volumes:
postgres-data:
services:
postgres:
image: postgres:15-alpine
container_name: gitea-db
restart: always
environment:
POSTGRES_USER: gitea
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_DB: gitea
networks:
- central_dogma
volumes:
- postgres-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U gitea"]
interval: 10s
timeout: 5s
retries: 5

40
gitea/compose-gitea.yml Normal file
View File

@@ -0,0 +1,40 @@
networks:
central_dogma:
external: true
runner_net:
name: runner_net
volumes:
gitea-data:
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
restart: always
environment:
GITEA__database__DB_TYPE: postgres
GITEA__database__HOST: gitea-db:5432
GITEA__database__USER: gitea
GITEA__database__PASSWD: ${DB_PASSWORD}
GITEA__database__NAME: gitea
GITEA__database__SSL_MODE: disable
GITEA__security__INSTALL_LOCK: "false"
GITEA__actions__ENABLED: "true"
GITEA__server__DOMAIN: ${GITEA_DOMAIN}
GITEA__server__ROOT_URL: ${GITEA_URL}
GITEA__server__SSH_PORT: 22
GITEA__server__SSH_DOMAIN: ${GITEA_DOMAIN}
GITEA__repository__DEFAULT_BRANCH: main
GITEA__service__DISABLE_REGISTRATION: "false"
GITEA__service__REGISTER_EMAIL_CONFIRM_REQUIRED: "false"
networks:
- central_dogma
- runner_net
ports:
- "3000:3000"
- "222:22"
volumes:
- gitea-data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

22
gitea/compose-runner.yml Normal file
View File

@@ -0,0 +1,22 @@
networks:
runner_net:
external: true
volumes:
runner-data:
services:
runner:
image: gitea/act_runner:latest
container_name: gitea-runner
restart: always
environment:
GITEA_INSTANCE_URL: http://gitea:3000
GITEA_RUNNER_REGISTRATION_TOKEN: ${RUNNER_TOKEN}
GITEA_RUNNER_NAME: docker-runner
GITEA_RUNNER_LABELS: "docker:docker,ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
networks:
- runner_net
volumes:
- runner-data:/data
- /var/run/docker.sock:/var/run/docker.sock

11
gitea/init-env.sh Normal file
View File

@@ -0,0 +1,11 @@
#!/bin/bash
if [ ! -f .env ]; then
DB_PASS=$(openssl rand -hex 16)
echo "Creating .env..."
echo "DB_PASSWORD=$DB_PASS" > .env
echo "GITEA_DOMAIN=gitea.example.com" >> .env
echo "GITEA_URL=https://gitea.example.com/" >> .env
echo "RUNNER_TOKEN=" >> .env
echo "Update GITEA_DOMAIN and GITEA_URL in .env"
fi

15
gitea/init-runner-token.sh Normal file
View File

@@ -0,0 +1,15 @@
#!/bin/bash
echo "Generating runner token..."
TOKEN=$(openssl rand -hex 32)
if grep -q "RUNNER_TOKEN=" .env; then
sed -i "s/RUNNER_TOKEN=.*/RUNNER_TOKEN=$TOKEN/" .env
else
echo "RUNNER_TOKEN=$TOKEN" >> .env
fi
echo "Token: $TOKEN"
echo "Restarting runner..."
docker compose -f compose-runner.yml restart

75
gitea/justfile Normal file
View File

@@ -0,0 +1,75 @@
set shell := ["bash", "-c"]
default:
@just --list
init-env:
@bash init-env.sh
init-network:
@docker network inspect central_dogma >/dev/null 2>&1 || \
(docker network create central_dogma && echo "Network central_dogma created")
up: init-env init-network
@echo "Starting Gitea infrastructure..."
docker compose -f compose-db.yml up -d
@echo "Waiting for database..."
@for i in 1 2 3 4 5; do \
if docker exec gitea-db pg_isready -U gitea >/dev/null 2>&1; then \
break; \
fi; \
echo "Attempt $$i/5..."; \
sleep 2; \
done
docker compose -f compose-gitea.yml up -d
@echo "Waiting for Gitea to be ready..."
@until curl -sf http://localhost:3000 > /dev/null 2>&1; do \
echo "Waiting..."; \
sleep 5; \
done
@echo "Gitea is ready!"
@if ! grep -q "RUNNER_TOKEN=.\+" .env; then \
echo "RUNNER_TOKEN not set. Run: just init-runner-token"; \
else \
docker compose -f compose-runner.yml up -d; \
echo "Runner started"; \
fi
@echo ""
@echo "SETUP COMPLETE"
@echo "Gitea: http://localhost:3000"
@echo "SSH: localhost:222"
down:
docker compose -f compose-runner.yml down || true
docker compose -f compose-gitea.yml down || true
docker compose -f compose-db.yml down || true
stop:
docker compose -f compose-runner.yml stop || true
docker compose -f compose-gitea.yml stop || true
docker compose -f compose-db.yml stop || true
start:
docker compose -f compose-db.yml start
docker compose -f compose-gitea.yml start
docker compose -f compose-runner.yml start
logs-gitea:
docker compose -f compose-gitea.yml logs -f --tail=100 gitea
logs-runner:
docker compose -f compose-runner.yml logs -f --tail=100 runner
logs-db:
docker compose -f compose-db.yml logs -f --tail=100 postgres
init-runner-token:
@bash init-runner-token.sh
clean:
docker compose -f compose-runner.yml down -v || true
docker compose -f compose-gitea.yml down -v || true
docker compose -f compose-db.yml down -v || true
rm -f .env
echo "Cleaned up"

26
gitlab/docker-compose.yml Normal file
View File

@@ -0,0 +1,26 @@
version: '3.8'
services:
gitlab:
image: gitlab/gitlab-ce:latest
container_name: gitlab
restart: unless-stopped
hostname: gitlab.archvium.eu
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://gitlab.archvium.eu:30230' # HTTP, SSL będzie przez NPM
gitlab_rails['gitlab_shell_ssh_port'] = 2224 # opcjonalny port SSH, jeśli chcesz
nginx['listen_port'] = 80
nginx['listen_https'] = false
networks:
- central_dogma
volumes:
- /srv/gitlab/config:/etc/gitlab
- /srv/gitlab/logs:/var/log/gitlab
- /srv/gitlab/data:/var/opt/gitlab
ports:
- '8929:80'
- '2224:22'
networks:
central_dogma:
external: true

45
mattermost/docker-compose.yml Normal file
View File

@@ -0,0 +1,45 @@
version: '3.8'
services:
# Baza danych dla Mattermosta
mattermost-db:
image: postgres:16-alpine
container_name: mattermost-db
restart: unless-stopped
volumes:
- ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=mmuser
- POSTGRES_PASSWORD=mmuser_password
- POSTGRES_DB=mattermost
networks:
- central_dogma
# Aplikacja Mattermost
mattermost-app:
image: mattermost/mattermost-team-edition:latest
container_name: mattermost-app
restart: unless-stopped
depends_on:
- mattermost-db
volumes:
- ./volumes/app/config:/mattermost/config
- ./volumes/app/data:/mattermost/data
- ./volumes/app/logs:/mattermost/logs
- ./volumes/app/plugins:/mattermost/plugins
- ./volumes/app/client/plugins:/mattermost/client/plugins
- /etc/localtime:/etc/localtime:ro
environment:
# Ustawienia połączenia z bazą (zwróć uwagę na hasło i nazwę hosta 'mattermost-db')
- MM_SQLSETTINGS_DRIVERNAME=postgres
- MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@mattermost-db:5432/mattermost?sslmode=disable&connect_timeout=10
# Adres strony (ważne dla linków w mailach/zaproszeniach)
- MM_SERVICESETTINGS_SITEURL=https://mattermost.archvium.eu
networks:
- central_dogma
# Używamy tej samej sieci co GitLab i Nginx Proxy Manager
networks:
central_dogma:
external: true

20
nginx/compose.yaml Normal file
View File

@@ -0,0 +1,20 @@
name: nginx-vpn
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# --- Wszystko dostępne TYLKO przez VPN ---
- '80:80'
- '443:443'
- '81:81'
- '30230:80'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
networks:
- central_dogma
networks:
central_dogma:
external: true

0
planka/Add Normal file
View File

84
planka/docker-compose.yml Normal file
View File

@@ -0,0 +1,84 @@
name: planka-v2
services:
planka:
image: ghcr.io/plankanban/planka:2.0.0-rc.4
restart: on-failure
volumes:
- favicons:/app/public/favicons
- user-avatars:/app/public/user-avatars
- background-images:/app/public/background-images
- attachments:/app/private/attachments
# ports:
# - 30230:1337
networks:
- central_dogma
- default
# TO JEST KLUCZ DO ROZWIĄZANIA PROBLEMU "ENOTFOUND"
extra_hosts:
- "auth.archvium.eu:host-gateway"
environment:
- BASE_URL=http://planka.archvium.eu:30230
- DATABASE_URL=postgresql://postgres@postgres/planka
- SECRET_KEY=secret
- TRUST_PROXY=true
# Wyłączenie sprawdzania certyfikatu (ważne przy self-hosted)
- NODE_TLS_REJECT_UNAUTHORIZED=0
# KONFIGURACJA AUTHENTIK OIDC
- OIDC_ISSUER=http://auth.archvium.eu:30230/application/o/planka/
- OIDC_CLIENT_ID=bSZdVk9TuhMXlpp5uy08zyZ0eUEfYP4M6p2yIXjC
- OIDC_CLIENT_SECRET=HqjwnU2oURfUo2VXFSZk9moPqRjYrxDjU2XnM8L4gH9NxpO82VUbtomg4vMGyAOPHrKbdGl5ARA2xPddCIYeSaaTkqhUpwVsvs26KktIxv9Y6PjQRClPMpKM6RryrmXL
# Standardowe ustawienia mapowania
- OIDC_SCOPES=openid email profile
- OIDC_ADMIN_ROLES=admin
- OIDC_EMAIL_ATTRIBUTE=email
- OIDC_NAME_ATTRIBUTE=name
- OIDC_USERNAME_ATTRIBUTE=preferred_username
- OIDC_ROLES_ATTRIBUTE=groups
- OIDC_IGNORE_USERNAME=true
# Na razie false, żebyś mógł się zalogować jak coś nie zadziała
- OIDC_ENFORCED=false
depends_on:
postgres:
condition: service_healthy
postgres:
image: postgres:16-alpine
restart: on-failure
volumes:
- db-data:/var/lib/postgresql/data
environment:
- POSTGRES_DB=planka
- POSTGRES_HOST_AUTH_METHOD=scram-sha-256
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres -d planka"]
interval: 10s
timeout: 5s
retries: 5
volumes:
favicons:
external: true
name: planka_favicons
user-avatars:
external: true
name: planka_user-avatars
background-images:
external: true
name: planka_background-images
attachments:
external: true
name: planka_attachments
db-data:
external: true
name: planka_db-data
networks:
central_dogma:
external: true

1
planka/secret Normal file
View File

@@ -0,0 +1 @@
d8d0f51904d21f9a2bd988d62bdc4eadf3f72a5a482c65f8a83b707a5491644c646ba15bf715f52e51a857c10f61380c41c0bc43d6d27211e2f5c4329fafd9aa

3
redmine/.env Normal file
View File

@@ -0,0 +1,3 @@
POSTGRES_PASSWORD=QmIY3kfvtUqodNtg
REDMINE_DB_PASSWORD=sB2wux8NAw6s5f1G
REDMINE_SECRET_KEY_BASE=biFeoX50LbQ4861rW8dPvfFzmsMRya1W

57
redmine/docker-compose.yml Normal file
View File

@@ -0,0 +1,57 @@
name: redmine-v1
services:
redmine:
image: redmine:5-alpine
restart: on-failure
volumes:
- files:/usr/src/redmine/files
- plugins:/usr/src/redmine/plugins
- themes:/usr/src/redmine/public/themes
ports:
- 8080:3000
networks:
- central_dogma
- default
environment:
- REDMINE_DB_POSTGRES=postgres
- REDMINE_DB_USERNAME=redmine
- REDMINE_DB_DATABASE=redmine
- REDMINE_DB_PASSWORD=${REDMINE_DB_PASSWORD}
- REDMINE_SECRET_KEY_BASE=${REDMINE_SECRET_KEY_BASE}
depends_on:
postgres:
condition: service_healthy
postgres:
image: postgres:16-alpine
restart: on-failure
volumes:
- db-data:/var/lib/postgresql/data
environment:
- POSTGRES_DB=redmine
- POSTGRES_USER=redmine
- POSTGRES_HOST_AUTH_METHOD=trust
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U redmine -d redmine"]
interval: 10s
timeout: 5s
retries: 5
volumes:
files:
external: true
name: redmine_files
plugins:
external: true
name: redmine_plugins
themes:
external: true
name: redmine_themes
db-data:
external: true
name: redmine_db-data
networks:
central_dogma:
external: true

1
runners/config/.runner_system_id Normal file
View File

@@ -0,0 +1 @@
r_rRFD45yY68Dv

32
runners/config/config.toml Normal file
View File

@@ -0,0 +1,32 @@
concurrent = 1
check_interval = 0
shutdown_timeout = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "local-debian"
url = "http://gitlab"
clone_url = "http://gitlab"
id = 1
token = "glrt-vshOpu3mA-hlD4fjG_8ay286MQp0OjEKdTp5Cw.01.121vgqu56"
token_obtained_at = 2025-12-16T00:10:11Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "docker"
[runners.cache]
MaxUploadedArchiveSize = 0
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "alpine:latest"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
network_mtu = 0
network_mode = "central_dogma"

16
runners/docker-compose.yml Normal file
View File

@@ -0,0 +1,16 @@
version: '3.8'
services:
gitlab-runner:
image: gitlab/gitlab-runner:alpine
container_name: gitlab-runner
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./config:/etc/gitlab-runner
networks:
- central_dogma
networks:
central_dogma:
external: true # <--- To mówi: "nie twórz nowej sieci, podepnij się pod tę, którą stworzył GitLab"