diff --git a/gitea/compose.yaml b/gitea/compose.yaml index 5bc7b59..12413ec 100644 --- a/gitea/compose.yaml +++ b/gitea/compose.yaml @@ -15,23 +15,18 @@ services: db: image: docker.io/postgres:15 restart: unless-stopped - volumes: - - db:/var/lib/postgresql/data/ environment: - POSTGRES_DB=$POSTGRES_DB - POSTGRES_USER=$POSTGRES_USER - POSTGRES_PASSWORD=$POSTGRES_PASSWORD + volumes: + - db:/var/lib/postgresql/data/ gitea: image: docker.io/gitea/gitea:1.21-rootless restart: unless-stopped ports: - "$SSH_PORT:2222" - volumes: - - data:/var/lib/gitea/ - - config:/etc/gitea/ - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro environment: - POSTGRES_HOST=db - GITEA__database__DB_TYPE=postgres @@ -39,6 +34,11 @@ services: - GITEA__database__NAME=$POSTGRES_DB - GITEA__database__USER=$POSTGRES_USER - GITEA__database__PASSWD=$POSTGRES_PASSWORD + volumes: + - data:/var/lib/gitea/ + - config:/etc/gitea/ + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro networks: - nginx - default diff --git a/matrix/compose.yaml b/matrix/compose.yaml index f2516e2..810a4fc 100644 --- a/matrix/compose.yaml +++ b/matrix/compose.yaml @@ -16,13 +16,13 @@ services: db: image: docker.io/postgres:15 restart: unless-stopped - volumes: - - db:/var/lib/postgresql/data/ environment: - POSTGRES_DB - POSTGRES_USER - POSTGRES_PASSWORD - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C + volumes: + - db:/var/lib/postgresql/data/ redis: image: docker.io/redis:latest @@ -41,9 +41,6 @@ services: synapse: image: docker.io/matrixdotorg/synapse:latest restart: unless-stopped - volumes: - - synapse_config:/config/ - - synapse_data:/data/ environment: - SYNAPSE_SERVER_NAME=$MATRIX_BASE_URL - SYNAPSE_CONFIG_DIR=/config @@ -52,6 +49,9 @@ services: - GID=$PGID - COTURN_BASE_URL - AUTH_SECRET + volumes: + - synapse_config:/config/ + - synapse_data:/data/ networks: - nginx - default diff --git a/nextcloud/compose.yaml b/nextcloud/compose.yaml index f0620a7..c939e77 100644 --- a/nextcloud/compose.yaml +++ b/nextcloud/compose.yaml @@ -15,12 +15,12 @@ services: db: image: docker.io/postgres:15 restart: unless-stopped - volumes: - - db:/var/lib/postgresql/data/ environment: - POSTGRES_DB - POSTGRES_USER - POSTGRES_PASSWORD + volumes: + - db:/var/lib/postgresql/data/ redis: image: docker.io/redis:latest @@ -31,12 +31,6 @@ services: nextcloud: build: . restart: unless-stopped - volumes: - - nextcloud:/var/www/html/ - - apps:/var/www/html/custom_apps/ - - config:/var/www/html/config/ - - data:/var/www/html/data/ - - $MEDIA_PATH:/media/ env_file: - .env environment: @@ -44,6 +38,12 @@ services: - REDIS_HOST=redis - TRUSTED_PROXIES=nextcloud - OVERWRITEPROTOCOL=https + volumes: + - nextcloud:/var/www/html/ + - apps:/var/www/html/custom_apps/ + - config:/var/www/html/config/ + - data:/var/www/html/data/ + - $MEDIA_PATH:/media/ networks: - nginx - default diff --git a/searxng/compose.yaml b/searxng/compose.yaml index c80a2f8..281043f 100644 --- a/searxng/compose.yaml +++ b/searxng/compose.yaml @@ -21,11 +21,12 @@ services: searxng: image: docker.io/searxng/searxng:latest restart: unless-stopped - volumes: - - ./config/:/etc/searxng/ environment: - SEARXNG_SECRET - SEARXNG_REDIS_URL=redis://redis + volumes: + - ./config/limiter.toml:/etc/searxng/limiter.toml:ro + - ./config/settings.yml:/etc/searxng/settings.yml:ro networks: - default - nginx diff --git a/searxng/config/settings.yml b/searxng/config/settings.yml index f6e5146..015a6d4 100644 --- a/searxng/config/settings.yml +++ b/searxng/config/settings.yml @@ -11,7 +11,7 @@ general: # mailto:contact@example.com contact_url: false # record stats - enable_metrics: false + enable_metrics: true brand: new_issue_url: https://github.com/searxng/searxng/issues/new @@ -19,6 +19,12 @@ brand: public_instances: https://searx.space wiki_url: https://github.com/searxng/searxng/wiki issue_url: https://github.com/searxng/searxng/issues + # custom: + # maintainer: "Jon Doe" + # # Custom entries in the footer: [title]: [link] + # links: + # Uptime: https://uptime.searxng.org/history/darmarit-org + # About: "https://searxng.org" search: # Filter results. 0: None, 1: Moderate, 2: Strict @@ -67,7 +73,7 @@ server: # public URL of the instance, to ensure correct inbound links. Is overwritten # by ${SEARXNG_URL}. base_url: false # "http://example.com/location" - limiter: false # rate limit the number of request on the instance, block some bots + limiter: true # rate limit the number of request on the instance, block some bots public_instance: false # enable features designed only for public instances # If your instance owns a /etc/searxng/settings.yml file, then set the following @@ -90,7 +96,7 @@ server: redis: # URL to connect redis database. Is overwritten by ${SEARXNG_REDIS_URL}. # https://docs.searxng.org/admin/settings/settings_redis.html#settings-redis - url: false + url: redis://redis ui: # Custom static path - leave it blank if you didn't change @@ -181,7 +187,7 @@ outgoing: # # Extra seconds to add in order to account for the time taken by the proxy # - # extra_proxy_timeout: 10.0 + # extra_proxy_timeout: 10 # # uncomment below section only if you have more than one network interface # which can be the source of outgoing search requests @@ -348,6 +354,11 @@ engines: shortcut: arx timeout: 4.0 + - name: ask + engine: ask + shortcut: ask + disabled: true + # tmp suspended: dh key too small # - name: base # engine: base @@ -1135,6 +1146,17 @@ engines: # collection: 'reviews' # name of the db collection # key: 'name' # key in the collection to search for + - name: mozhi + engine: mozhi + base_url: + - https://mozhi.aryak.me + - https://translate.bus-hit.me + - https://nyc1.mz.ggtyler.dev + # mozhi_engine: google - see https://mozhi.aryak.me for supported engines + timeout: 4.0 + shortcut: mz + disabled: true + - name: mwmbl engine: mwmbl # api_url: https://api.mwmbl.org @@ -1321,6 +1343,31 @@ engines: url: https://thepiratebay.org/ timeout: 3.0 + - name: pixiv + shortcut: pv + engine: pixiv + disabled: true + inactive: true + pixiv_image_proxies: + - pximg.example.org + # A proxy is required to load the images. Hosting an image proxy server + # for Pixiv: + # --> https://codeberg.org/VnPower/PixivFE/wiki/Hosting-an-image-proxy-server-for-Pixiv + # Proxies from public instances. Ask the public instances owners if they + # agree to receive traffic from SearXNG! + # --> https://codeberg.org/VnPower/PixivFE#instances + # --> https://github.com/searxng/searxng/pull/3192#issuecomment-1941095047 + # image proxy of https://pixiv.cat + # - https://i.pixiv.cat + # image proxy of https://www.pixiv.pics + # - https://pximg.cocomi.eu.org + # image proxy of https://pixivfe.exozy.me + # - https://pximg.exozy.me + # image proxy of https://pixivfe.ducks.party + # - https://pixiv.ducks.party + # image proxy of https://pixiv.perennialte.ch + # - https://pximg.perennialte.ch + - name: podcastindex engine: podcastindex shortcut: podcast @@ -1683,7 +1730,13 @@ engines: - name: unsplash engine: unsplash shortcut: us + + - name: yandex music + engine: yandex_music + shortcut: ydm disabled: true + # https://yandex.com/support/music/access.html + inactive: true - name: yahoo engine: yahoo @@ -2021,6 +2074,13 @@ engines: categories: videos disabled: true + - name: livespace + engine: livespace + shortcut: ls + categories: videos + disabled: true + timeout: 5.0 + - name: wordnik engine: wordnik shortcut: def diff --git a/vsftpd/.env b/vsftpd/.env new file mode 100644 index 0000000..a90dac2 --- /dev/null +++ b/vsftpd/.env @@ -0,0 +1,7 @@ +BASE_URL=ftp. +EMAIL= + +FILES=./files/ + +PUID=1000 +PGID=1000 diff --git a/vsftpd/Dockerfile b/vsftpd/Dockerfile new file mode 100644 index 0000000..5e1f146 --- /dev/null +++ b/vsftpd/Dockerfile @@ -0,0 +1,10 @@ +FROM docker.io/debian:12-slim +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + vsftpd \ + && rm -rf /var/lib/apt/lists/* +COPY entrypoint.sh /usr/local/bin/ +COPY vsftpd.conf /etc/ +VOLUME /files/ +ENTRYPOINT ["entrypoint.sh"] +CMD ["vsftpd"] diff --git a/vsftpd/compose.yaml b/vsftpd/compose.yaml new file mode 100644 index 0000000..1bfde20 --- /dev/null +++ b/vsftpd/compose.yaml @@ -0,0 +1,30 @@ +--- +services: + install_site: + build: install_site + environment: + - BASE_URL + - EMAIL + volumes: + - certs:/etc/letsencrypt/ + - certbotroot:/var/www/certbot/ + - /var/run/docker.sock:/var/run/docker.sock + + vsftpd: + build: . + restart: unless-stopped + ports: + - "20:20" + - "21:21" + - "989:989" + - "990:990" + user: "$PUID:$PGID" + volumes: + - "$FILES:/files/" + - certs:/etc/letsencrypt/:ro + +volumes: + certs: + external: true + certbotroot: + external: true diff --git a/vsftpd/entrypoint.sh b/vsftpd/entrypoint.sh new file mode 100755 index 0000000..6458ce8 --- /dev/null +++ b/vsftpd/entrypoint.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +sed -i "s \$BASE_URL $BASE_URL " /etc/vsftpd.conf +exec "$@" diff --git a/vsftpd/files/.gitkeep b/vsftpd/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/vsftpd/install_site b/vsftpd/install_site new file mode 120000 index 0000000..846f55c --- /dev/null +++ b/vsftpd/install_site @@ -0,0 +1 @@ +../_nginx/install_site \ No newline at end of file diff --git a/vsftpd/vsftpd.conf b/vsftpd/vsftpd.conf new file mode 100644 index 0000000..86871bf --- /dev/null +++ b/vsftpd/vsftpd.conf @@ -0,0 +1,155 @@ +# Example config file /etc/vsftpd.conf +# +# The default compiled in settings are fairly paranoid. This sample file +# loosens things up a bit, to make the ftp daemon more usable. +# Please see vsftpd.conf.5 for all compiled in defaults. +# +# READ THIS: This example file is NOT an exhaustive list of vsftpd options. +# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's +# capabilities. +# +# +# Run standalone? vsftpd can run either from an inetd or as a standalone +# daemon started from an initscript. +listen=YES +# +# This directive enables listening on IPv6 sockets. By default, listening +# on the IPv6 "any" address (::) will accept connections from both IPv6 +# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6 +# sockets. If you want that (perhaps because you want to listen on specific +# addresses) then you must run two copies of vsftpd with two configuration +# files. +listen_ipv6=YES +# +# Allow anonymous FTP? (Disabled by default). +anonymous_enable=NO +# +# Uncomment this to allow local users to log in. +local_enable=YES +# +# Uncomment this to enable any form of FTP write command. +#write_enable=YES +# +# Default umask for local users is 077. You may wish to change this to 022, +# if your users expect that (022 is used by most other ftpd's) +#local_umask=022 +# +# Uncomment this to allow the anonymous FTP user to upload files. This only +# has an effect if the above global write enable is activated. Also, you will +# obviously need to create a directory writable by the FTP user. +#anon_upload_enable=YES +# +# Uncomment this if you want the anonymous FTP user to be able to create +# new directories. +#anon_mkdir_write_enable=YES +# +# Activate directory messages - messages given to remote users when they +# go into a certain directory. +dirmessage_enable=YES +# +# If enabled, vsftpd will display directory listings with the time +# in your local time zone. The default is to display GMT. The +# times returned by the MDTM FTP command are also affected by this +# option. +use_localtime=NO +# +# Activate logging of uploads/downloads. +xferlog_enable=YES +# +# Make sure PORT transfer connections originate from port 20 (ftp-data). +connect_from_port_20=YES +# +# If you want, you can arrange for uploaded anonymous files to be owned by +# a different user. Note! Using "root" for uploaded files is not +# recommended! +#chown_uploads=YES +#chown_username=whoever +# +# You may override where the log file goes if you like. The default is shown +# below. +#xferlog_file=/var/log/vsftpd.log +# +# If you want, you can have your log file in standard ftpd xferlog format. +# Note that the default log file location is /var/log/xferlog in this case. +#xferlog_std_format=YES +# +# You may change the default value for timing out an idle session. +#idle_session_timeout=600 +# +# You may change the default value for timing out a data connection. +#data_connection_timeout=120 +# +# It is recommended that you define on your system a unique user which the +# ftp server can use as a totally isolated and unprivileged user. +#nopriv_user=ftpsecure +# +# Enable this and the server will recognise asynchronous ABOR requests. Not +# recommended for security (the code is non-trivial). Not enabling it, +# however, may confuse older FTP clients. +#async_abor_enable=YES +# +# By default the server will pretend to allow ASCII mode but in fact ignore +# the request. Turn on the below options to have the server actually do ASCII +# mangling on files when in ASCII mode. +# Beware that on some FTP servers, ASCII support allows a denial of service +# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd +# predicted this attack and has always been safe, reporting the size of the +# raw file. +# ASCII mangling is a horrible feature of the protocol. +#ascii_upload_enable=YES +#ascii_download_enable=YES +# +# You may fully customise the login banner string: +#ftpd_banner=Welcome to blah FTP service. +# +# You may specify a file of disallowed anonymous e-mail addresses. Apparently +# useful for combatting certain DoS attacks. +#deny_email_enable=YES +# (default follows) +#banned_email_file=/etc/vsftpd.banned_emails +# +# You may restrict local users to their home directories. See the FAQ for +# the possible risks in this before using chroot_local_user or +# chroot_list_enable below. +#chroot_local_user=YES +# +# You may specify an explicit list of local users to chroot() to their home +# directory. If chroot_local_user is YES, then this list becomes a list of +# users to NOT chroot(). +# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that +# the user does not have write access to the top level directory within the +# chroot) +#chroot_local_user=YES +#chroot_list_enable=YES +# (default follows) +#chroot_list_file=/etc/vsftpd.chroot_list +# +# You may activate the "-R" option to the builtin ls. This is disabled by +# default to avoid remote users being able to cause excessive I/O on large +# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume +# the presence of the "-R" option, so there is a strong case for enabling it. +#ls_recurse_enable=YES +# +# Customization +# +# Some of vsftpd's settings don't fit the filesystem layout by +# default. +# +# This option should be the name of a directory which is empty. Also, the +# directory should not be writable by the ftp user. This directory is used +# as a secure chroot() jail at times vsftpd does not require filesystem +# access. +secure_chroot_dir=/var/run/vsftpd/empty +# +# This string is the name of the PAM service vsftpd will use. +pam_service_name=vsftpd +# +# This option specifies the location of the RSA certificate to use for SSL +# encrypted connections. +rsa_cert_file=/etc/letsencrypt/live/$BASE_URL/fullchain.pem +rsa_private_key_file=/etc/letsencrypt/live/$BASE_URL/privkey.pem +ssl_enable=YES + +# +# Uncomment this to indicate that vsftpd use a utf8 filesystem. +utf8_filesystem=YES diff --git a/woodpecker/compose.yaml b/woodpecker/compose.yaml index 11da7d9..18b9267 100644 --- a/woodpecker/compose.yaml +++ b/woodpecker/compose.yaml @@ -15,13 +15,13 @@ services: woodpecker-server: image: docker.io/woodpeckerci/woodpecker-server:v2.0.0 restart: unless-stopped - volumes: - - server-data:/var/lib/woodpecker/ env_file: - .env environment: - WOODPECKER_OPEN=true - WOODPECKER_HOST=https://$BASE_URL + volumes: + - server-data:/var/lib/woodpecker/ networks: - nginx - default @@ -30,12 +30,12 @@ services: image: docker.io/woodpeckerci/woodpecker-agent:v2.0.0 restart: unless-stopped command: agent - volumes: - - agent-config:/etc/woodpecker/ - - /var/run/docker.sock:/var/run/docker.sock environment: - WOODPECKER_SERVER=woodpecker-server:9000 - WOODPECKER_AGENT_SECRET + volumes: + - agent-config:/etc/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock depends_on: - woodpecker-server