first commit
This commit is contained in:
root
parent
53783f238e
commit
6271c37603
|
|
@ -0,0 +1,19 @@
|
||||||
|
# woodpecker.yml
|
||||||
|
labels:
|
||||||
|
hostname: "macmini7"
|
||||||
|
clone:
|
||||||
|
git:
|
||||||
|
image: woodpeckerci/plugin-git
|
||||||
|
settings:
|
||||||
|
partial: false
|
||||||
|
depth: 1
|
||||||
|
steps:
|
||||||
|
deploy:
|
||||||
|
name: deploy
|
||||||
|
image: docker:latest
|
||||||
|
secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
commands:
|
||||||
|
# - docker login -u $${REGISTRY_USER} -p $${REGISTRY_PASSWORD} git.nixc.us
|
||||||
|
- docker stack deploy --with-registry-auth -c ./truenas.yml truenas
|
||||||
|
|
@ -4,7 +4,6 @@ FROM nginx:alpine
|
||||||
# Copy our custom Nginx configuration and script
|
# Copy our custom Nginx configuration and script
|
||||||
COPY nginx.conf /etc/nginx/nginx.conf.template
|
COPY nginx.conf /etc/nginx/nginx.conf.template
|
||||||
COPY docker-entrypoint.sh /docker-entrypoint.sh
|
COPY docker-entrypoint.sh /docker-entrypoint.sh
|
||||||
COPY matomo.js /matomo.js.template
|
|
||||||
# Make the script executable
|
# Make the script executable
|
||||||
RUN chmod +x /docker-entrypoint.sh
|
RUN chmod +x /docker-entrypoint.sh
|
||||||
|
|
||||||
|
|
|
||||||
12
nginx.conf
12
nginx.conf
|
|
@ -10,7 +10,9 @@ http {
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
|
|
||||||
|
add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src * data:;";
|
||||||
|
# add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://ack.nixc.us; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'self'; form-action 'self';";
|
||||||
# Define MIME type
|
# Define MIME type
|
||||||
types {
|
types {
|
||||||
text/html html htm shtml;
|
text/html html htm shtml;
|
||||||
|
|
@ -33,16 +35,10 @@ http {
|
||||||
sub_filter_once off;
|
sub_filter_once off;
|
||||||
|
|
||||||
# Inject the Matomo content just before </head>
|
# Inject the Matomo content just before </head>
|
||||||
# sub_filter '</head>' '<script src="/matomo.js"></script></head>';
|
sub_filter '</body>' '<script async src="https://ack.nixc.us/tracker.js" data-ackee-server="https://ack.nixc.us" data-ackee-domain-id="9608c1ff-b08c-4781-ae7e-cee6eb415bf3"></script></body>';
|
||||||
sub_filter '</head>' '<!-- Matomo --><script>var _paq = window._paq = window._paq || [];_paq.push(["setDocumentTitle", document.domain + "/" + document.title]);_paq.push(["setCookieDomain", "*.nixc.us"]);_paq.push(["setDomains", ["*.nixc.us"]]);_paq.push(["setDoNotTrack", true]);_paq.push(["disableCookies"]);_paq.push(["trackPageView"]);_paq.push(["enableLinkTracking"]);(function() {var u="//m.nixc.us/";_paq.push(["setTrackerUrl", u+"matomo.php"]);_paq.push(["setSiteId", "1"]);var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0];g.async=true; g.src=u+"matomo.js"; s.parentNode.insertBefore(g,s);})();</script><noscript><p><img src="//m.nixc.us/matomo.php?idsite=1&rec=1" style="border:0;" alt="" /></p></noscript><!-- End Matomo Code --></head>';
|
|
||||||
sub_filter_types application/xml application/json text/css text/javascript application/javascript text/plain;
|
sub_filter_types application/xml application/json text/css text/javascript application/javascript text/plain;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# location /matomo.js {
|
|
||||||
# alias /matomo.js;
|
|
||||||
# types { application/javascript js; } # Explicitly set the MIME type for .js files
|
|
||||||
# default_type application/javascript; # Setting default MIME type for this location block
|
|
||||||
# }
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
77
truenas.yml
77
truenas.yml
|
|
@ -23,11 +23,74 @@ services:
|
||||||
labels:
|
labels:
|
||||||
- "us.nixc.autodeploy=true"
|
- "us.nixc.autodeploy=true"
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.truenas-proxy.tls=true"
|
- "traefik.http.routers.truenas-truenas.tls=true"
|
||||||
- "traefik.http.services.truenas-proxy.loadbalancer.server.port=80"
|
- "traefik.http.services.truenas-truenas.loadbalancer.server.port=80"
|
||||||
- "traefik.http.routers.truenas-proxy.rule=Host(`truenas.nixc.us`)"
|
- "traefik.http.routers.truenas-truenas.rule=Host(`truenas.nixc.us`)"
|
||||||
- "traefik.http.routers.truenas-proxy.entrypoints=websecure"
|
- "traefik.http.routers.truenas-truenas.entrypoints=websecure"
|
||||||
- "traefik.http.routers.truenas-proxy.tls.certresolver=letsencryptresolver"
|
- "traefik.http.routers.truenas-truenas.tls.certresolver=letsencryptresolver"
|
||||||
- "traefik.http.routers.truenas-proxy.service=truenas-proxy"
|
- "traefik.http.routers.truenas-truenas.service=truenas-truenas"
|
||||||
- "traefik.docker.network=traefik"
|
- "traefik.docker.network=traefik"
|
||||||
# - 'traefik.http.routers.truenas-proxy.middlewares=authelia_authelia@docker'
|
- 'traefik.http.routers.truenas-truenas.middlewares=authelia_authelia@docker'
|
||||||
|
logging:
|
||||||
|
driver: "gelf"
|
||||||
|
options:
|
||||||
|
gelf-address: "udp://log.nixc.us:15124"
|
||||||
|
tag: "truenas_truenas"
|
||||||
|
minio-api:
|
||||||
|
image: codeberg.org/iridium-net/lan-to-nginx:truenas
|
||||||
|
environment:
|
||||||
|
- BACKEND_ADDRESS=192.168.8.47
|
||||||
|
- BACKEND_PORT=9000
|
||||||
|
- PROTOCOL=http
|
||||||
|
networks:
|
||||||
|
- traefik
|
||||||
|
deploy:
|
||||||
|
replicas: 1
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
- node.hostname == macmini7
|
||||||
|
labels:
|
||||||
|
- "us.nixc.autodeploy=true"
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.truenas-minio-api.tls=true"
|
||||||
|
- "traefik.http.services.truenas-minio-api.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.truenas-minio.rule=Host(`minio.nixc.us`)"
|
||||||
|
- "traefik.http.routers.truenas-minio.entrypoints=websecure"
|
||||||
|
- "traefik.http.routers.truenas-minio.tls.certresolver=letsencryptresolver"
|
||||||
|
- "traefik.http.routers.truenas-minio.service=truenas-minio"
|
||||||
|
- "traefik.docker.network=traefik"
|
||||||
|
# - 'traefik.http.routers.truenas-minio.middlewares=authelia_authelia@docker'
|
||||||
|
logging:
|
||||||
|
driver: "gelf"
|
||||||
|
options:
|
||||||
|
gelf-address: "udp://log.nixc.us:15124"
|
||||||
|
tag: "truenas_minio"
|
||||||
|
minio-api:
|
||||||
|
image: codeberg.org/iridium-net/lan-to-nginx:truenas
|
||||||
|
environment:
|
||||||
|
- BACKEND_ADDRESS=192.168.8.47
|
||||||
|
- BACKEND_PORT=9002
|
||||||
|
- PROTOCOL=http
|
||||||
|
networks:
|
||||||
|
- traefik
|
||||||
|
deploy:
|
||||||
|
replicas: 1
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
- node.hostname == macmini7
|
||||||
|
labels:
|
||||||
|
- "us.nixc.autodeploy=true"
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.truenas-minio-api.tls=true"
|
||||||
|
- "traefik.http.services.truenas-minio-api.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.truenas-minio-api.rule=Host(`minio-api.nixc.us`)"
|
||||||
|
- "traefik.http.routers.truenas-minio-api.entrypoints=websecure"
|
||||||
|
- "traefik.http.routers.truenas-minio-api.tls.certresolver=letsencryptresolver"
|
||||||
|
- "traefik.http.routers.truenas-minio-api.service=truenas-minio-api"
|
||||||
|
- "traefik.docker.network=traefik"
|
||||||
|
# - 'traefik.http.routers.truenas-minio-api.middlewares=authelia_authelia@docker'
|
||||||
|
logging:
|
||||||
|
driver: "gelf"
|
||||||
|
options:
|
||||||
|
gelf-address: "udp://log.nixc.us:15124"
|
||||||
|
tag: "truenas_minio-api"
|
||||||
Loading…
Reference in New Issue