changes

checking in
2025-03-03 04:39:37 +00:00 · 2025-03-02 23:39:09 +00:00
12 changed files with 258 additions and 23 deletions
--- a/authentik/.env
+++ b/authentik/.env
@ -0,0 +1,15 @@
 # SMTP Host Emails are sent to
 AUTHENTIK_EMAIL__HOST=smtp.gmail.com
 AUTHENTIK_EMAIL__PORT=25
 # Optionally authenticate (don't add quotation marks to your password)
 AUTHENTIK_EMAIL__USERNAME=gaxinto@theodorio.com
 AUTHENTIK_EMAIL__PASSWORD=svzd iksz qmlv psfm
 # Use StartTLS
 AUTHENTIK_EMAIL__USE_TLS=false
 # Use SSL
 AUTHENTIK_EMAIL__USE_SSL=false
 AUTHENTIK_EMAIL__TIMEOUT=10
 # Email address authentik will send from, should have a correct @domain
 AUTHENTIK_EMAIL__FROM=authentik@theodorio.com
 PG_PASS=gxZqyDGAaYgGPoXb2MUrVhDQDM9RjGPCNFigdQdt+McU5R2b
 AUTHENTIK_SECRET_KEY=foDL/hKQrsdjUQJj4wPg0gOqgHwPW1aeWrMRrgdOJz/k0JXwTnncnlCqirA65DJ06cXjQEbdXwt+TOHC
--- a/authentik/docker-compose.yml
+++ b/authentik/docker-compose.yml
@ -0,0 +1,93 @@
 ---
 services:
  postgresql:
    container_name: authentik-postgres
    image: docker.io/library/postgres:16-alpine
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - database:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${PG_PASS:-database password required}
      POSTGRES_USER: ${PG_USER:-authentik}
      POSTGRES_DB: ${PG_DB:-authentik}
    env_file:
      - .env
  redis:
    container_name: authentik-redis
    image: docker.io/library/redis:alpine
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - redis:/data
  server:
    container_name: authentik
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2.1}
    restart: unless-stopped
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
    env_file:
      - .env
    ports:
      - "${COMPOSE_PORT_HTTP:-9000}:9000"
      - "${COMPOSE_PORT_HTTPS:-9443}:9443"
    depends_on:
      postgresql:
        condition: service_healthy
      redis:
        condition: service_healthy
  worker:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2.1}
    restart: unless-stopped
    command: worker
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
    # `user: root` and the docker socket volume are optional.
    # See more for the docker socket integration here:
    # https://goauthentik.io/docs/outposts/integrations/docker
    # Removing `user: root` also prevents the worker from fixing the permissions
    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
    # (1000:1000 by default)
    user: root
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./media:/media
      - ./certs:/certs
      - ./custom-templates:/templates
    env_file:
      - .env
    depends_on:
      postgresql:
        condition: service_healthy
      redis:
        condition: service_healthy
 volumes:
  database:
    driver: local
  redis:
    driver: local
--- a/beaverhabits/docker-compose.yml
+++ b/beaverhabits/docker-compose.yml
@ -22,6 +22,7 @@ services:
      glance.hide: false
    networks:
      - tunnel
      - default
 networks:
  tunnel:
--- a/caddy/certs/theocorp+4-key.pem
+++ b/caddy/certs/theocorp+4-key.pem
@ -0,0 +1,28 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCaNazJUTUK1kA
 YctfzDp8qYp4ZIeUmzUFLoZPcf6FexL6nXcycZrsoVHjPqi+/j/EdOgnlU+iXRuI
 X4tRQex46d+ubMWjDqMGa/Iieg5Dsu9/oASsRXkP8ixkAxpSohjEHMXefFxdj2gw
 pdDwkUZ2S0/bJ5W3mgUV+rJbaKBNG3WWcafU4HqMd73Pz7IHBRQTRsjZn2iBP0Em
 XgjJXnO1aB6kayHEpPDPIp8Na553gnYp/I5ke+KXSEVqpamMoHYalj6xw4mOORnH
 uEMgPX0qzZ0VlAYqLrXljmfbmeZFCqZd06YnAQ2KjGnbtcIvHBHj0ltlJ8Dy9l55
 1lpb/GtbAgMBAAECggEBAJv1fN+kc03+JF0xFvUYIodlf2dLxpSJ2oP4qdjL61Jr
 xHL2pev6xT01wTqbRsZJsyBIZQF0P7lSFkdV1q7uQuVRQZdtPTOtB02chVfxMMZQ
 ot9woK8O4KrRLZlh/9jwnwucxYPRokuQQxZbv31uHefCTSLT48Cxt4jFYBYCni6c
 BacA1UzVlHEQwevUr9i/yzMfF7cXpyz8aoXQ7deMx4kQlWVRwYtqjQKwz/MOe6Uo
 1TUar/cndJpXvYDlCowHnW1sQemlRklDRTlza58qGFqw9rGLkbsgYNY3emEKFsFY
 C5Yw7TY8G1dwBI5mIvQ+OVuKACMwjdmma0dmBFhb4EkCgYEA2K7xYZkVlVX32TF5
 DkGZIveK5dUQRgbBDEFXvoLBpgL4udzLaI6TPdQ2JYBo+LODea5h8jd2fpRbOpC0
 4Iv4rwORci8qnvwWBUOnm1OMUI+bWdTuqR59LSUIyP4vPxwd2NIe9QkN6hc+2qFZ
 shUgdK99obvNnYBJqSnWTUPJT6UCgYEA5a9DkDGpB0tdAAtGXQsd42RhqSGmqBoO
 D5DhysILaaFQd4gb4ADpRw1q/m7Qab/JZMg6CwZWeq2/K4pPsvHQK67pQv+iLExL
 fg7SC+dAEbMrwCuV0cv6oZ3HR3+jQ4EGaRodI80g74lukCzpi+jgMoaIGOShtM7m
 yLFkp9jB3v8CgYBKbyZKQZ0xdJu0h5MvO4eQhHq5Ywy5EX7lZ9jtf9tn3ON2bYuO
 elPITIrhLRBiRsBmX2oUG8tfxjTklGseK9ccv9wJ3nwEq1IhMtFzwSqVTg+utz/Y
 5rlXdb5j1TWDt3PlVKD/ycF25c9YqU63pxxEGTjOA0ap0TT8oHuWhS+1ZQKBgAuK
 c+2h4Slhqwmeh2mTbmwHljSmYTZfIMe9cur6NxKWrXFkIGpwAUi1ruOb89LsdRUg
 TnJRXjUJ1+o7J+gI6HnZbxUTvTVWnBB4dCtu8jQxeYhNaFjDVBOc1u+LxUtWB1lu
 m3o6C2ad1DVgXFfQWruPMPV3P3zTTJtW9oTMimlHAoGBAJyrzDDE2vv1V5dWR9WL
 Sp2Arm7LepPr/rmrgERIn4hm9G3SdbYWsXx8rE2JC1r1sS8htHM7gA6XqySGed8k
 MG5i6yeOs6MqxSDZjoVAnyWbfZ30lAtEqx4stsLs//D1GdZAZ5HufwV3dxf1C3qL
 jKbPFLoqhFzl9HxfFgygENSj
 -----END PRIVATE KEY-----
--- a/caddy/certs/theocorp+4.pem
+++ b/caddy/certs/theocorp+4.pem
@ -0,0 +1,28 @@
 -----BEGIN CERTIFICATE-----
 MIIEuDCCAyCgAwIBAgIQC9fL+3ffRY72j0bufPWq7jANBgkqhkiG9w0BAQsFADCB
 sTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMUMwQQYDVQQLDDpnYXhp
 bnRvdGhlb2RvcmlvQGNyb3cudGFpbGJiNDRmLnRzLm5ldCAoR2F4aW50byBUaGVv
 ZG9yaW8pMUowSAYDVQQDDEFta2NlcnQgZ2F4aW50b3RoZW9kb3Jpb0Bjcm93LnRh
 aWxiYjQ0Zi50cy5uZXQgKEdheGludG8gVGhlb2RvcmlvKTAeFw0yNTAyMjcxODI4
 NDFaFw0yNzA1MjcxNzI4NDFaMG4xJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9wbWVu
 dCBjZXJ0aWZpY2F0ZTFDMEEGA1UECww6Z2F4aW50b3RoZW9kb3Jpb0Bjcm93LnRh
 aWxiYjQ0Zi50cy5uZXQgKEdheGludG8gVGhlb2RvcmlvKTCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBAMJo1rMlRNQrWQBhy1/MOnypinhkh5SbNQUuhk9x
 /oV7EvqddzJxmuyhUeM+qL7+P8R06CeVT6JdG4hfi1FB7Hjp365sxaMOowZr8iJ6
 DkOy73+gBKxFeQ/yLGQDGlKiGMQcxd58XF2PaDCl0PCRRnZLT9snlbeaBRX6slto
 oE0bdZZxp9Tgeox3vc/PsgcFFBNGyNmfaIE/QSZeCMlec7VoHqRrIcSk8M8inw1r
 nneCdin8jmR74pdIRWqlqYygdhqWPrHDiY45Gce4QyA9fSrNnRWUBiouteWOZ9uZ
 5kUKpl3TpicBDYqMadu1wi8cEePSW2UnwPL2XnnWWlv8a1sCAwEAAaOBjTCBijAO
 BgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0jBBgwFoAU
 SU4cKZp/2Dp8CcrYEybBQHtTgccwQgYDVR0RBDswOYIIdGhlb2NvcnCCCioudGhl
 b2NvcnCCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG
 9w0BAQsFAAOCAYEAQH7eRfRObVI5hvu3AKaOWuHG92T+p3AqG4/2Wg9/yjryt7Yj
 JMqo0J18dlluQ7EMd8PAW546jbR7IZWU2tEprz462Yh8wJPsKUOcmnDxBV4vD4YS
 zKFbiiTxyEOmS1Dpn2x9ygTgZKwf6xY94wxSy1JLQNBR3DdQx5kiVMCeyTfQtLB9
 5P9YY1vasuu2Po32oM3lZdaFTxat9V7veNDqlOoWv28265tqsqNp3cW/b3irKIzv
 Osz98Kv+rMwM3NreMdHs2zBcMWgvlLaRoyHolx/8FI/pCL83hrHgZxw9dh1AKt5r
 1v+6TOgPBddghwfwMDDSqs5Goik5TK+ewsHmb4MuNa7wPRHP3bdfbYYrn2ZEnb1y
 ycHjl/lnZPXW+55FCsuEtNa2MaWSBZZ2eObhgHUO8cAt0ynxktoLIWiog2xzOEsJ
 j2AKpONBt9HsnWJKyR56g+8yix0Esp7C3IvvSYI5H8yMJQPjp2qDjfP99suSIVUN
 HmL1k2fAe9r1Qkox
 -----END CERTIFICATE-----
--- a/caddy/conf/Caddyfile
+++ b/caddy/conf/Caddyfile
@ -1,75 +1,75 @@
 gitea.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy gitea:3000
 }
 glance.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy glance:8080
 }
 hoarder.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy hoarder:3000
 }
 immich.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy immich:2283
 }
 n8n.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy n8n:5678
 }
 navidrome.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy navidrome:4533
 }
 olivetin.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy olivetin:1337
 }
 paperless-ai.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy paperless-ai:3000
 }
 paperless.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy paperless-ngx:8000
 }
 portainer.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy portainer:9000
 }
 vaultwarden.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy vaultwarden:80
 }
 beszel.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy beszel:8090
 }
 dozzle.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy dozzle:8080
 }
 hastebin.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy hastebin:7777
 }
 habits.theocorp {
-  tls internal
+  tls /certs/theocorp+4.pem /certs/theocorp+4-key.pem
  reverse_proxy beaverhabits:8080
 }
--- a/caddy/docker-compose.yml
+++ b/caddy/docker-compose.yml
@ -14,7 +14,7 @@ services:
      - $PWD/site:/srv
      - caddy_data:/data
      - caddy_config:/config
-      - $PWD/certificates:/data/caddy/certificates/local
+      - $PWD/certs:/certs
    networks:
      - portainer_default
      - glance_default
--- a/glance/config/glance.yml
+++ b/glance/config/glance.yml
@ -58,7 +58,8 @@ pages:
            repositories:
              - hoarder-app/hoarder
              - glanceapp/glance
-              - neosmemo/memos
+              - usememos/memos
              - aesameailabs/csm
          - type: hacker-news
            limit: 15
            collapse-after: 5
@ -78,7 +79,7 @@ pages:
                subreddit: selfhosted
                show-thumbnails: true
              - type: reddit
-                subreddit: sideproject
+                subreddit: localllama
                show-thumbnails: true
          - type: videos
@ -151,19 +152,19 @@ pages:
                style: horizontal-cards
                feeds:
                  - url: https://rss.app/feeds/zGtl0lQuVVN1ew1Y.xml
-                    title: Google News
+                    title: NY Times
              - type: rss
                title: US News
                style: horizontal-cards
                feeds:
-                  - url: https://rss.app/feeds/mG6VlfoOqmynqgbT.xml
+                  - url: https://rss.nytimes.com/services/xml/rss/nyt/US.xml
-                    title: Google News
+                    title: NY Times
              - type: rss
                title: World News
                style: horizontal-cards
                feeds:
-                  - url: https://rss.app/feeds/8l0pnQ0Vny9DxtaR.xml
+                  - url: https://rss.nytimes.com/services/xml/rss/nyt/Politics.xml
-                    title: Google News
+                    title: NY Times
          - type: videos
            style: grid-cards
--- a/netbird/docker-compose.yml
+++ b/netbird/docker-compose.yml
@ -0,0 +1,18 @@
 version: '3.8'
 services:
  netbird:
    image: netbirdio/netbird:latest
    container_name: netbird
    environment:
      - NB_SETUP_KEY=B28D6544-FBA2-4AAD-941E-DB7E5E2E1B8F
      - NB_MANAGEMENT_URL=https://netbird.geezo.site:33073
    volumes:
      - netbird-client:/etc/netbird
    cap_add:
      - NET_ADMIN
    restart: always
 volumes:
  netbird-client:
    external: true
--- a/newt/docker-compose.yml
+++ b/newt/docker-compose.yml
@ -0,0 +1,21 @@
 services:
    newt:
        image: fosrl/newt
        container_name: newt
        restart: unless-stopped
        environment:
            - PANGOLIN_ENDPOINT=https://pangolin.geezo.site
            - NEWT_ID=9x2gfxip3507m07
            - NEWT_SECRET=rz985r78yhi50gk5utxp33qz4sk8ijt5dyp788x9qd3oqk3k
        networks:
          - beaverhabits_default
          - authentik_default
        extra_hosts:
          - "pangolin.geezo.site:44.210.184.15"
 networks:
  beaverhabits_default:
    external: true
  authentik_default:
    external: true
--- a/open-web-ui/.env
+++ b/open-web-ui/.env
@ -0,0 +1,13 @@
 # Ollama URL for the backend to connect
 # The path '/ollama' will be redirected to the specified backend URL
 OLLAMA_BASE_URL='http://owl:11434'
 OPENAI_API_BASE_URL=''
 OPENAI_API_KEY=''
 # AUTOMATIC1111_BASE_URL="http://localhost:7860"
 # DO NOT TRACK
 SCARF_NO_ANALYTICS=true
 DO_NOT_TRACK=true
 ANONYMIZED_TELEMETRY=false
--- a/open-web-ui/docker-compose.yml
+++ b/open-web-ui/docker-compose.yml
@ -0,0 +1,17 @@
 services:
  open-webui:
    image: ghcr.io/open-webui/open-webui:${WEBUI_DOCKER_TAG-main}
    container_name: open-webui
    volumes:
      - open-webui:/app/backend/data
    ports: 
      - 1019:8080
    environment:
      - 'OLLAMA_BASE_URL=http://owl:11434'
      - 'WEBUI_SECRET_KEY='
    extra_hosts:
      - host.docker.internal:host-gateway
    restart: unless-stopped
 volumes:
  open-webui: {}
Author	SHA1	Message	Date
geezo	f3b498e1f4	changes	2025-03-03 04:39:37 +00:00
geezo	9374322ada	checking in	2025-03-02 23:39:09 +00:00