install forgejo-runner to use actions

use full storage path not path to volumes
use fully qualified domain names
2024-11-20 15:13:23 +01:00 · 2024-10-24 14:07:46 +00:00 · 2024-10-24 13:46:51 +00:00 · 2024-10-24 12:41:41 +00:00 · 2024-10-15 11:42:48 +00:00 · 2024-10-15 11:42:01 +00:00
16 changed files with 138 additions and 693 deletions
--- a/README.md
+++ b/README.md
@ -7,7 +7,6 @@ Hosting the following web services using docker-compose on a public root server:
 * [Wallabag](https://www.wallabag.it)
 * Small HTML-Site
 * Firefox-Sync
 * Monitoring-Stack with [Telegraf](https://github.com/influxdata/telegraf), [Influxdb](https://github.com/influxdata/influxdb) and [Grafana](https://github.com/grafana/grafana)
 As a reverse proxyy [Traefik](https://traefik.io/traefik/) is used. Traefik also secures all Services with TLS and redirects all HTTP requests to HTTPS. SSL certificates are automatically generated using [Let's Encrypt](https://letsencrypt.org/)
--- a/firefoxsync/docker-compose.yaml
+++ b/firefoxsync/docker-compose.yaml
@ -3,23 +3,22 @@ services:
  syncserver:
    image: mozilla/syncserver:latest
    volumes:
-      - ${VOLUMES_PATH}/firefoxsync/syncserver:/data
+      - ${STORAGE_PATH}/syncserver:/data
    user: ${UID}:${GID}
    networks:
      - web
      - firefoxsync
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.ffs.rule=Host(`firefoxsync.${DOMAIN}`)"
+      - "traefik.http.routers.ffs.rule=Host(`${FQDN_FIREFOXSYNC}`)"
      - "traefik.http.routers.ffs.entrypoints=websecure"
      - "traefik.http.routers.ffs.tls.certresolver=netcup"
      - "traefik.http.routers.ffs.tls.options=intermediate@file"
      - "traefik.http.services.ffs.loadbalancer.server.port=5000"
      - "docker.group=firefoxsync"
      - "diun.enable=true"
    restart: unless-stopped
    environment:
-      - SYNCSERVER_PUBLIC_URL=https://firefoxsync.${DOMAIN}
+      - SYNCSERVER_PUBLIC_URL=https://${FQDN_FIREFOXSYNC}
      - SYNCSERVER_SECRET=&{SECRET}
      - SYNCSERVER_SQLURI=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}
      - SYNCSERVER_BATCH_UPLOAD_ENABLED=true
@ -30,7 +29,7 @@ services:
  db:
-    image: postgres:13
+    image: postgres:${POSTGRES_VERSION}
    restart: unless-stopped
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
@ -39,15 +38,13 @@ services:
    networks:
      - firefoxsync
    volumes:
-      - ${VOLUMES_PATH}/firefoxsync/db:/var/lib/postgresql/data
+      - ${STORAGE_PATH}/db:/var/lib/postgresql/data
    user: ${UID}:${GID}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
    labels:
      - "docker.group=firefoxsync"
      - "diun.enable=true"
 networks:
--- a/git/docker-compose.yaml
+++ b/git/docker-compose.yaml
@ -3,7 +3,7 @@ services:
  forgejo:
    image: codeberg.org/forgejo/forgejo:${FORGEJO_VERSION}
    volumes:
-      - ${VOLUMES_PATH}/git/forgejo_data:/data
+      - ${STORAGE_PATH}/forgejo_data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
@ -29,17 +29,16 @@ services:
      timeout: 3s
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.forgejo.rule=Host(`gitea.${DOMAIN}`, `git.${DOMAIN}`)"
+      - "traefik.http.routers.forgejo.rule=Host(`${FQDN_GIT}`, `${FQDN_GIT_OLD}`)"
      - "traefik.http.routers.forgejo.entrypoints=websecure"
      - "traefik.http.routers.forgejo.tls.certresolver=netcup"
      - "traefik.http.routers.forgejo.tls.options=intermediate@file"
      - "traefik.http.routers.forgejo.middlewares=gitearedir"
-      - "traefik.http.middlewares.gitearedir.redirectregex.regex=^https://gitea.${DOMAIN}/(.*)"
+      - "traefik.http.middlewares.gitearedir.redirectregex.regex=^https://${FQDN_GIT_OLD}/(.*)"
-      - "traefik.http.middlewares.gitearedir.redirectregex.replacement=https://git.${DOMAIN}/$${1}"
+      - "traefik.http.middlewares.gitearedir.redirectregex.replacement=https://${FQDN_GIT}/$${1}"
      - "traefik.http.middlewares.gitearedir.redirectregex.permanent=true"
      - "traefik.http.services.forgejo.loadbalancer.server.port=3000"
      - "docker.group=git"
      - "diun.enable=true"
  db:
@ -52,18 +51,48 @@ services:
    networks:
      - git
    volumes:
-      - ${VOLUMES_PATH}/git/forgejo_db:/var/lib/postgresql/data
+      - ${STORAGE_PATH}/forgejo_db:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
    labels:
      - "docker.group=git"
-      - "diun.enable=true"
+
  docker-in-docker:
    image: docker:dind
    privileged: 'true'
    command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false']
    restart: 'unless-stopped'
    networks:
      - runner
  runner:
    image: code.forgejo.org/forgejo/runner:3.5.1
    links:
      - docker-in-docker
    depends_on:
      docker-in-docker:
        condition: service_started
    environment:
      DOCKER_HOST: tcp://docker-in-docker:2375
    user: 1002:1002
    volumes:
      - /var/dockervolumes/git/runner:/data
    restart: 'unless-stopped'
    # command: '/bin/sh -c "while : ; do sleep 1 ; done ;"' # for registration
    command: '/bin/sh -c "sleep 5; forgejo-runner daemon"'
    networks:
      - git
      - runner
 networks:
  git:
  web:
    external: true
  runner:
--- a/monitoring/docker-compose.yaml
+++ b/monitoring/docker-compose.yaml
@ -1,186 +0,0 @@
 services:
  grafana:
    image: grafana/grafana:${GRAFANA_VERSION}
    restart: unless-stopped
    networks:
      - web
      - grafana
      - monitoring
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grafana.rule=Host(`monitoring.${DOMAIN}`)"
      - "traefik.http.routers.grafana.entrypoints=websecure"
      - "traefik.http.routers.grafana.tls.certresolver=netcup"
      - "traefik.http.routers.grafana.tls.options=intermediate@file"
      - "traefik.http.services.grafana.loadbalancer.server.port=3000"
      - "traefik.docker.network=web"
      - "docker.group=monitoring"
      - "diun.enable=true"
    environment:
      - GF_DEFAULT_INSTANCE_NAME=monitoring.${DOMAIN}
      - GF_SERVER_ROOT_URL=http://monitoring.${DOMAIN}
      - GF_SERVER_DOMAIN=monitoring.${DOMAIN}
      - GF_SERVER_SERVE_FROM_SUB_PATH=true
      - GF_SECURITY_DISABLE_GRAVATAR=true
      - GF_AUTH_ANONYMOUS_ENABLED=false
      - GF_AUTH_ANONYMOUS_ORG_ROLE=Viewer
      - GF_DATABASE_TYPE=postgres
      - GF_DATABASE_HOST=grafanadb:5432
      - GF_DATABASE_SSL_MODE=disable
      - GF_DATABASE_NAME=grafana
      - GF_DATABASE_USER=${POSTGRES_USER}
      - GF_DATABASE_PASSWORD=${POSTGRES_PASSWORD}
      - GF_INSTALL_PLUGINS=flant-statusmap-panel,redis-datasource
    depends_on:
      - influxdb
      - grafanadb
  grafanadb:
    image: postgres:${POSTGRES_VERSION}
    volumes:
      - ${VOLUMES_PATH}/monitoring/grafanadb:/var/lib/postgresql/data
    networks:
      - grafana
    restart: unless-stopped
    environment:
      - POSTGRES_DB=grafana
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
    labels:
      - "docker.group=monitoring"
      - "diun.enable=true"
  influxdb:
    image: influxdb:${INFLUXDB_VERSION}
    restart: unless-stopped
    networks:
      - web
      - monitoring
      - grafana
    environment:
      - INFLUXDB_MONITOR_STORE_ENABLED=false
    volumes:
      - ${VOLUMES_PATH}/monitoring/influxdb/:/var/lib/influxdb
      - ${PWD}/influxdb.conf:/etc/influxdb/influxdb.conf:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.influxdb.rule=Host(`influxdb.${DOMAIN}`)"
      - "traefik.http.routers.influxdb.entrypoints=websecure"
      - "traefik.http.routers.influxdb.tls.certresolver=netcup"
      - "traefik.http.routers.influxdb.tls.options=intermediate@file"
      - "traefik.http.services.influxdb.loadbalancer.server.port=8086"
      - "traefik.http.routers.influxdb.middlewares=influxauth"
      - "traefik.http.middlewares.influxauth.basicauth.users=${INFLUXDB_HTPASSWD}"
      - "docker.group=monitoring"
      - "diun.enable=true"
  prometheus:
    image: prom/prometheus
    restart: unless-stopped
    networks:
      - grafana
      - monitoring
      - web # also used to get traefik metrics
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - ${VOLUMES_PATH}/monitoring/prometheus:/prometheus
    labels:
      - "docker.group=monitoring"
      - "diun.enable=true"
  # https://github.com/xperimental/nextcloud-exporter
  nextcloud-exporter:
    image: ghcr.io/xperimental/nextcloud-exporter
    networks:
      - monitoring
    environment:
     - NEXTCLOUD_SERVER=${NEXTCLOUD_URL}
     - NEXTCLOUD_AUTH_TOKEN=${NEXTCLOUD_MONITORING_AUTH_TOKEN}
     - NEXTCLOUD_LISTEN_ADDRESS=:9205
    labels:
      - "docker.group=monitoring"
      - "diun.enable=true"
  diun:
    image: crazymax/diun:latest
    command: serve
    volumes:
      - "${VOLUMES_PATH}/monitoring/diun/data:/data"
    networks:
      - dockersocket
    hostname: ${HOSTNAME}
    environment:
      - "TZ=Europe/Berlin"
      - "DIUN_WATCH_WORKERS=10"
      - "DIUN_WATCH_SCHEDULE=0 */6 * * *"
      - "DIUN_WATCH_JITTER=30s"
      - "DIUN_PROVIDERS_DOCKER_ENDPOINT=tcp://docker-socket-proxy:2375"
      - "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=false"
      - "DIUN_NOTIF_NTFY_ENDPOINT=${NTFY_SERVER}"
      - "DIUN_NOTIF_NTFY_TOPIC=${NTFY_TOPIC}"
      - "DIUN_NOTIF_NTFY_TOKEN=${NTFY_TOKEN}"
    restart: always
    labels:
      - "diun.enable=true"
  ##################################################################
  # here starts data collection of local host
  telegraf_host:
    image: telegraf:${TELEGRAF_VERSION}
    restart: unless-stopped
    environment:
      - HOST_MOUNT_PREFIX=/hostfs
      - HOST_PROC=/hostfs/proc
      - HOST_SYS=/hostfs/sys
      - HOST_ETC=/hostfs/etc
      - HOST_VAR=/hostfs/var
      - HOST_RUN=/hostfs/run
    env_file:
      - ./.env # set environments into container
    volumes:
     - ./telegraf_host.conf:/etc/telegraf/telegraf.conf:ro
     - /var/run/utmp:/var/run/utmp:ro
     - /:/hostfs:ro
    network_mode: "host"
    labels:
      - "docker.group=monitoring"
      - "diun.enable=true"
    depends_on:
      - influxdb
  telegraf_net:
    image: telegraf:${TELEGRAF_VERSION}
    restart: unless-stopped
    volumes:
     - ./telegraf_net.conf:/etc/telegraf/telegraf.conf:ro
    networks:
      - monitoring
      - dockersocket
    labels:
      - "docker.group=monitoring"
      - "diun.enable=true"
    depends_on:
      - influxdb
 networks:
  grafana:
  monitoring:
    external: true
  web:
    external: true
  dockersocket:
    external: true
--- a/monitoring/influxdb.conf
+++ b/monitoring/influxdb.conf
@ -1,12 +0,0 @@
 [meta]
  dir = "/var/lib/influxdb/meta"
 [data]
  dir = "/var/lib/influxdb/data"
  wal-dir = "/var/lib/influxdb/wal"
  max-concurrent-compactions = 1
 [monitor]
  store-enabled = false
  store-database = "_internal"
  store-interval = "10s"
--- a/monitoring/prometheus.yml
+++ b/monitoring/prometheus.yml
@ -1,42 +0,0 @@
 # my global config
 global:
  scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).
 # Alertmanager configuration
 alerting:
  alertmanagers:
    - static_configs:
        - targets:
          # - alertmanager:9093
 # Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
 rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"
 # A scrape configuration containing exactly one endpoint to scrape:
 # Here it's Prometheus itself.
 scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: "prometheus"
    # metrics_path defaults to '/metrics'
    # scheme defaults to 'http'.
    static_configs:
      - targets: ["localhost:9090"]
  - job_name: "traefik"
    scrape_interval: 5s
    static_configs:
      - targets: ["traefik:8080"]
  - job_name: "grafana"
    static_configs:
      - targets: ["grafana:3000"]
  - job_name: 'nextcloud'
    scrape_interval: 60s
    static_configs:
      - targets: ['nextcloud-exporter:9205']
--- a/monitoring/telegraf_host.conf
+++ b/monitoring/telegraf_host.conf
@ -1,204 +0,0 @@
 # Telegraf Configuration
 #
 # Telegraf is entirely plugin driven. All metrics are gathered from the
 # declared inputs, and sent to the declared outputs.
 #
 # Plugins must be declared in here to be active.
 # To deactivate a plugin, comment out the name and any variables.
 #
 # Use 'telegraf -config telegraf.conf -test' to see what metrics a config
 # file would generate.
 #
 # Environment variables can be used anywhere in this config file, simply surround
 # them with ${}. For strings the variable must be within quotes (ie, "${STR_VAR}"),
 # for numbers and booleans they should be plain (ie, ${INT_VAR}, ${BOOL_VAR})
 # Config Sample under https://github.com/influxdata/telegraf/blob/master/etc/telegraf.conf
 # Global tags can be specified here in key="value" format.
 [global_tags]
  # datacenter
  dc="florianzirker.de"
  source="telegraf_host"
 # Configuration for telegraf agent
 [agent]
  ## Default data collection interval for all inputs
  interval = "10s"
  ## Rounds collection interval to 'interval'
  ## ie, if interval="10s" then always collect on :00, :10, :20, etc.
  round_interval = true
  ## Telegraf will send metrics to outputs in batches of at most
  ## metric_batch_size metrics.
  ## This controls the size of writes that Telegraf sends to output plugins.
  metric_batch_size = 1000
  ## Maximum number of unwritten metrics per output.  Increasing this value
  ## allows for longer periods of output downtime without dropping metrics at the
  ## cost of higher maximum memory usage.
  metric_buffer_limit = 10000
  ## Collection jitter is used to jitter the collection by a random amount.
  ## Each plugin will sleep for a random time within jitter before collecting.
  ## This can be used to avoid many plugins querying things like sysfs at the
  ## same time, which can have a measurable effect on the system.
  collection_jitter = "0s"
  ## Default flushing interval for all outputs. Maximum flush_interval will be
  ## flush_interval + flush_jitter
  flush_interval = "10s"
  ## Jitter the flush interval by a random amount. This is primarily to avoid
  ## large write spikes for users running a large number of telegraf instances.
  ## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s
  flush_jitter = "0s"
  ## By default or when set to "0s", precision will be set to the same
  ## timestamp order as the collection interval, with the maximum being 1s.
  ##   ie, when interval = "10s", precision will be "1s"
  ##       when interval = "250ms", precision will be "1ms"
  ## Precision will NOT be used for service inputs. It is up to each individual
  ## service input to set the timestamp at the appropriate precision.
  ## Valid time units are "ns", "us" (or "µs"), "ms", "s".
  precision = ""
  ## Override default hostname, if empty use os.Hostname()
  hostname = "wong"
  ## If set to true, do no set the "host" tag in the telegraf agent.
  omit_hostname = false
 ###############################################################################
 #                            OUTPUT PLUGINS                                   #
 ###############################################################################
 # Configuration for sending metrics to InfluxDB
 [[outputs.influxdb]]
  ## The full HTTP or UDP URL for your InfluxDB instance.
  ##
  ## Multiple URLs can be specified for a single cluster, only ONE of the
  ## urls will be written to each interval.
  # urls = ["unix:///var/run/influxdb.sock"]
  # urls = ["udp://127.0.0.1:8089"]
  # urls = ["http://127.0.0.1:8086"]
  ## HTTP Basic Auth
  username = "${INFLUXDB_HTTP_BASIC_AUTH_USER}"
  password = "${INFLUXDB_HTTP_BASIC_AUTH_PASSWORD}"
  urls = ["https://influxdb.florianzirker.de"] # required
 ###############################################################################
 #                            INPUT PLUGINS                                    #
 ###############################################################################
 # Read metrics about cpu usage
 [[inputs.cpu]]
  ## Whether to report per-cpu stats or not
  percpu = true
  ## Whether to report total system cpu stats or not
  totalcpu = true
  ## If true, collect raw CPU time metrics.
  collect_cpu_time = false
  ## If true, compute and report the sum of all non-idle CPU states.
  report_active = false
 # Read metrics about disk usage by mount point
 [[inputs.disk]]
  ## By default stats will be gathered for all mount points.
  ## Set mount_points will restrict the stats to only the specified mount points.
  mount_points = ["/hostfs", "/hostfs/boot"]
  ## Ignore mount points by filesystem type.
  ignore_fs = ["tmpfs", "devtmpfs", "devfs", "iso9660", "overlay", "aufs", "squashfs"]
 # Read metrics about disk IO by device
 [[inputs.diskio]]
  ## By default, telegraf will gather stats for all devices including
  ## disk partitions.
  ## Setting devices will restrict the stats to the specified devices.
  # devices = ["sda", "sdb", "vd*"]
  ## Uncomment the following line if you need disk serial numbers.
  # skip_serial_number = false
  #
  ## On systems which support it, device metadata can be added in the form of
  ## tags.
  ## Currently only Linux is supported via udev properties. You can view
  ## available properties for a device by running:
  ## 'udevadm info -q property -n /dev/sda'
  ## Note: Most, but not all, udev properties can be accessed this way. Properties
  ## that are currently inaccessible include DEVTYPE, DEVNAME, and DEVPATH.
  # device_tags = ["ID_FS_TYPE", "ID_FS_USAGE"]
  #
  ## Using the same metadata source as device_tags, you can also customize the
  ## name of the device via templates.
  ## The 'name_templates' parameter is a list of templates to try and apply to
  ## the device. The template may contain variables in the form of '$PROPERTY' or
  ## '${PROPERTY}'. The first template which does not contain any variables not
  ## present for the device is used as the device name tag.
  ## The typical use case is for LVM volumes, to get the VG/LV name instead of
  ## the near-meaningless DM-0 name.
  # name_templates = ["$ID_FS_LABEL","$DM_VG_NAME/$DM_LV_NAME"]
 # Get kernel statistics from /proc/stat
 [[inputs.kernel]]
  # no configuration
 # Read metrics about memory usage
 [[inputs.mem]]
  # no configuration
 # Get the number of processes and group them by status
 [[inputs.processes]]
  # no configuration
 # Read metrics about swap memory usage
 [[inputs.swap]]
  # no configuration
 # Read metrics about system load & uptime
 [[inputs.system]]
  ## Uncomment to remove deprecated metrics.
  # fielddrop = ["uptime_format"]
 # Gather metrics about network interfaces
 [[inputs.net]]
  ## By default, telegraf gathers stats from any up interface (excluding loopback)
  ## Setting interfaces will tell it to gather these explicit interfaces,
  ## regardless of status. When specifying an interface, glob-style
  ## patterns are also supported.
  ##
  interfaces = ["eth*"]
  ##
  ## On linux systems telegraf also collects protocol stats.
  ## Setting ignore_protocol_stats to true will skip reporting of protocol metrics.
  ##
  # ignore_protocol_stats = false
  ##
 # # Read TCP metrics such as established, time wait and sockets counts.
 [[inputs.netstat]]
  # no configuration
 # Collect kernel snmp counters and network interface statistics
 [[inputs.nstat]]
  ## file paths for proc files. If empty default paths will be used:
  ##    /proc/net/netstat, /proc/net/snmp, /proc/net/snmp6
  ## These can also be overridden with env variables, see README.
  proc_net_netstat = "/proc/net/netstat"
  proc_net_snmp = "/proc/net/snmp"
  proc_net_snmp6 = "/proc/net/snmp6"
  ## dump metrics with 0 values too
  dump_zeros       = true
--- a/monitoring/telegraf_net.conf
+++ b/monitoring/telegraf_net.conf
@ -1,175 +0,0 @@
 # Telegraf Configuration
 #
 # Telegraf is entirely plugin driven. All metrics are gathered from the
 # declared inputs, and sent to the declared outputs.
 #
 # Plugins must be declared in here to be active.
 # To deactivate a plugin, comment out the name and any variables.
 #
 # Use 'telegraf -config telegraf.conf -test' to see what metrics a config
 # file would generate.
 #
 # Environment variables can be used anywhere in this config file, simply surround
 # them with ${}. For strings the variable must be within quotes (ie, "${STR_VAR}"),
 # for numbers and booleans they should be plain (ie, ${INT_VAR}, ${BOOL_VAR})
 # Config Sample under https://github.com/influxdata/telegraf/blob/master/etc/telegraf.conf
 # Global tags can be specified here in key="value" format.
 [global_tags]
  # datacenter
  dc="florianzirker.de"
  source="telegraf_web"
 # Configuration for telegraf agent
 [agent]
  ## Default data collection interval for all inputs
  interval = "10s"
  ## Rounds collection interval to 'interval'
  ## ie, if interval="10s" then always collect on :00, :10, :20, etc.
  round_interval = true
  ## Telegraf will send metrics to outputs in batches of at most
  ## metric_batch_size metrics.
  ## This controls the size of writes that Telegraf sends to output plugins.
  metric_batch_size = 1000
  ## Maximum number of unwritten metrics per output.  Increasing this value
  ## allows for longer periods of output downtime without dropping metrics at the
  ## cost of higher maximum memory usage.
  metric_buffer_limit = 10000
  ## Collection jitter is used to jitter the collection by a random amount.
  ## Each plugin will sleep for a random time within jitter before collecting.
  ## This can be used to avoid many plugins querying things like sysfs at the
  ## same time, which can have a measurable effect on the system.
  collection_jitter = "0s"
  ## Default flushing interval for all outputs. Maximum flush_interval will be
  ## flush_interval + flush_jitter
  flush_interval = "10s"
  ## Jitter the flush interval by a random amount. This is primarily to avoid
  ## large write spikes for users running a large number of telegraf instances.
  ## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s
  flush_jitter = "0s"
  ## By default or when set to "0s", precision will be set to the same
  ## timestamp order as the collection interval, with the maximum being 1s.
  ##   ie, when interval = "10s", precision will be "1s"
  ##       when interval = "250ms", precision will be "1ms"
  ## Precision will NOT be used for service inputs. It is up to each individual
  ## service input to set the timestamp at the appropriate precision.
  ## Valid time units are "ns", "us" (or "µs"), "ms", "s".
  precision = ""
  ## Override default hostname, if empty use os.Hostname()
  hostname = "wong"
  ## If set to true, do no set the "host" tag in the telegraf agent.
  omit_hostname = false
 ###############################################################################
 #                            OUTPUT PLUGINS                                   #
 ###############################################################################
 # Configuration for sending metrics to InfluxDB
 [[outputs.influxdb]]
  ## The full HTTP or UDP URL for your InfluxDB instance.
  ##
  ## Multiple URLs can be specified for a single cluster, only ONE of the
  ## urls will be written to each interval.
  # urls = ["unix:///var/run/influxdb.sock"]
  # urls = ["udp://127.0.0.1:8089"]
  # urls = ["http://127.0.0.1:8086"]
  urls = ["http://influxdb:8086"] 
 ###############################################################################
 #                            INPUT PLUGINS                                    #
 ###############################################################################
 [[inputs.http]]  
    name_override = "jitsi_stats"  
    urls = [  
      "http://jvb:8080/colibri/stats"  
    ]  
    data_format = "json"  
 # Read metrics about docker containers
 [[inputs.docker]]
  ## Docker Endpoint
  ##   To use TCP, set endpoint = "tcp://[ip]:[port]"
  ##   To use environment variables (ie, docker-machine), set endpoint = "ENV"
  endpoint = "tcp://docker-socket-proxy:2375"
  #  endpoint = "unix:///var/run/docker.sock"
  ## Set to true to collect Swarm metrics(desired_replicas, running_replicas)
  ## Note: configure this in one of the manager nodes in a Swarm cluster.
  ## configuring in multiple Swarm managers results in duplication of metrics.
  gather_services = false
  ## Only collect metrics for these containers. Values will be appended to
  ## container_name_include.
  ## Deprecated (1.4.0), use container_name_include
  container_names = []
  ## Set the source tag for the metrics to the container ID hostname, eg first 12 chars
  source_tag = false
  ## Containers to include and exclude. Collect all if empty. Globs accepted.
  container_name_include = []
  container_name_exclude = []
  ## Container states to include and exclude. Globs accepted.
  ## When empty only containers in the "running" state will be captured.
  ## example: container_state_include = ["created", "restarting", "running", "removing", "paused", "exited", "dead"]
  ## example: container_state_exclude = ["created", "restarting", "running", "removing", "paused", "exited", "dead"]
  # container_state_include = []
  # container_state_exclude = []
  ## Timeout for docker list, info, and stats commands
  timeout = "5s"
  ## Whether to report for each container per-device blkio (8:0, 8:1...),
  ## network (eth0, eth1, ...) and cpu (cpu0, cpu1, ...) stats or not.
  ## Usage of this setting is discouraged since it will be deprecated in favor of 'perdevice_include'.
  ## Default value is 'true' for backwards compatibility, please set it to 'false' so that 'perdevice_include' setting
  ## is honored.
  perdevice = false
  ## Specifies for which classes a per-device metric should be issued
  ## Possible values are 'cpu' (cpu0, cpu1, ...), 'blkio' (8:0, 8:1, ...) and 'network' (eth0, eth1, ...)
  ## Please note that this setting has no effect if 'perdevice' is set to 'true'
  perdevice_include = ["cpu", "blkio", "network"]
  ## Whether to report for each container total blkio and network stats or not.
  ## Usage of this setting is discouraged since it will be deprecated in favor of 'total_include'.
  ## Default value is 'false' for backwards compatibility, please set it to 'true' so that 'total_include' setting
  ## is honored.
  total = true
  ## Specifies for which classes a total metric should be issued. Total is an aggregated of the 'perdevice' values.
  ## Possible values are 'cpu', 'blkio' and 'network'
  ## Total 'cpu' is reported directly by Docker daemon, and 'network' and 'blkio' totals are aggregated by this plugin.
  ## Please note that this setting has no effect if 'total' is set to 'false'
  total_include = ["cpu", "blkio", "network"]
  ## docker labels to include and exclude as tags.  Globs accepted.
  ## Note that an empty array for both will include all labels as tags
  docker_label_include = []
  docker_label_exclude = []
  ## Which environment variables should we use as a tag
  tag_env = ["JAVA_HOME", "HEAP_SIZE"]
  ## Optional TLS Config
  # tls_ca = "/etc/telegraf/ca.pem"
  # tls_cert = "/etc/telegraf/cert.pem"
  # tls_key = "/etc/telegraf/key.pem"
  ## Use TLS but skip chain & host verification
  # insecure_skip_verify = false
--- a/news/docker-compose.yaml
+++ b/news/docker-compose.yaml
@ -0,0 +1,56 @@
 services:
  miniflux:
    image: miniflux/miniflux:${MINIFLUX_VERSION}
    restart: unless-stopped
    depends_on:
      db:
        condition: service_healthy
    networks:
      - news
      - web
    environment:
      - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}?sslmode=disable
      - RUN_MIGRATIONS=1
      - CREATE_ADMIN=1
      - ADMIN_USERNAME=${ADMIN_USER}
      - ADMIN_PASSWORD=${ADMIN_PASSWORD}
      - BASE_URL=https://${FQDN_NEWS}
      - POLLING_FREQUENCY=15 # minutes
      # - LOG_LEVEL=debug
    healthcheck:
      test: ["CMD", "/usr/bin/miniflux", "-healthcheck", "auto"]
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.news.rule=Host(`${FQDN_NEWS}`)"
      - "traefik.http.routers.news.entrypoints=websecure"
      - "traefik.http.routers.news.tls.certresolver=netcup"
      - "traefik.http.routers.news.tls.options=intermediate@file"
      - "traefik.http.services.news.loadbalancer.server.port=8080"
      - "docker.group=news"
  db:
    image: postgres:${POSTGRES_VERSION}
    restart: unless-stopped
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=${POSTGRES_DB}
    networks:
      - news
    volumes:
      - ${STORAGE_PATH}/db:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "miniflux"]
      interval: 10s
      start_period: 30s
    labels:
      - "docker.group=news"
 networks:
  news:
  web:
    external: true
--- a/nextcloud/docker-compose.yaml
+++ b/nextcloud/docker-compose.yaml
@ -5,7 +5,7 @@ services:
    depends_on:
      - app
    volumes:
-      - ${VOLUMES_PATH}/nextcloud/html:/var/www/html:ro
+      - ${STORAGE_PATH}/html:/var/www/html:ro
      - $PWD/nginx.conf:/etc/nginx/nginx.conf:ro
    restart: unless-stopped
    networks:
@ -17,7 +17,7 @@ services:
 #      timeout: 3s
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.nextcloud.rule=Host(`cloud.${DOMAIN}`)"
+      - "traefik.http.routers.nextcloud.rule=Host(`${FQDN_NEXTCLOUD}`)"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.tls.certresolver=netcup"
      - "traefik.http.routers.nextcloud.tls.options=intermediate@file"
@ -29,7 +29,6 @@ services:
      - "traefik.http.middlewares.nextcloudHeader.headers.customResponseHeaders.X-Robots-Tag=noindex,nofollow"
      - "traefik.http.routers.nextcloud.middlewares=nextcloudHeader"
      - "docker.group=netxtcloud"
      - "diun.enable=true"
  app:
@ -39,15 +38,15 @@ services:
      args:
        - NC_MAIN_VERSION=${NC_MAIN_VERSION}
    volumes:
-      - ${VOLUMES_PATH}/nextcloud/html:/var/www/html
+      - ${STORAGE_PATH}/html:/var/www/html
-      - ${VOLUMES_PATH}/nextcloud/data:/var/www/html/data
+      - ${STORAGE_PATH}/data:/var/www/html/data
      - type: tmpfs
        target: /tmp
    restart: unless-stopped
    networks:
      - nextcloud
    environment:
-      - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS}
+      - NEXTCLOUD_TRUSTED_TLDS=${FQDN_NEXTCLOUD}
      - MYSQL_HOST=db
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=${MYSQL_DATABASE}
@ -71,8 +70,8 @@ services:
    networks:
      - nextcloud
    volumes:
-      - ${VOLUMES_PATH}/nextcloud/html:/var/www/html
+      - ${STORAGE_PATH}/html:/var/www/html
-      - ${VOLUMES_PATH}/nextcloud/data:/var/www/html/data
+      - ${STORAGE_PATH}/data:/var/www/html/data
    entrypoint: /cron.sh
    depends_on:
      - db
@ -90,15 +89,15 @@ services:
      - web
      - nextcloud
    volumes:
-      - ${VOLUMES_PATH}/nextcloud/html:/var/www/html:ro
+      - ${STORAGE_PATH}/html:/var/www/html:ro
-      - ${VOLUMES_PATH}/nextcloud/data:/var/www/html/data:ro
+      - ${STORAGE_PATH}/data:/var/www/html/data:ro
    environment:
      - PORT=7867
      - NEXTCLOUD_URL=http://web
    entrypoint: /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.ncpush.rule=Host(`cloud.${DOMAIN}`) && PathPrefix(`/push`)"
+      - "traefik.http.routers.ncpush.rule=Host(`${FQDN_NEXTCLOUD}`) && PathPrefix(`/push`)"
      - "traefik.http.routers.ncpush.entrypoints=websecure"
      - "traefik.http.routers.ncpush.tls.certresolver=netcup"
      - "traefik.http.routers.ncpush.tls.options=intermediate@file"
@ -106,14 +105,13 @@ services:
      - "traefik.http.routers.ncpush.middlewares=ncpushstrip"
      - "traefik.http.middlewares.ncpushstrip.stripprefix.prefixes=/push"
      - "docker.group=proxy"
      - "diun.enable=true"
  db:
    image: mariadb:${MARIADB_VERSION}
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
    volumes:
-      - ${VOLUMES_PATH}/nextcloud/db:/var/lib/mysql
+      - ${STORAGE_PATH}/db:/var/lib/mysql
    restart: unless-stopped
    environment:
      - PUID=1000
@ -138,7 +136,6 @@ services:
      timeout: 3s
    labels:
      - "docker.group=netxtcloud"
      - "diun.enable=true"
 #  adminer:
@ -154,14 +151,13 @@ services:
 #      - db
 #    labels:
 #      - "traefik.enable=true"
-#      - "traefik.http.routers.adminer.rule=Host(`adminer.${DOMAIN}`)"
+#      - "traefik.http.routers.adminer.rule=Host(`${FQDN_ADMINER}`)"
 #      - "traefik.http.routers.adminer.entrypoints=websecure"
 #      - "traefik.http.routers.adminer.tls.certresolver=netcup"
 #      - "traefik.http.routers.adminer.tls.options=intermediate@file"
 #      - "traefik.http.routers.adminer.middlewares=adminerauth"
 #      - "traefik.http.middlewares.adminerauth.basicauth.users=${HTPASSWD_ADMINER}"
 #      - "docker.group=netxtcloud"
 #      - "diun.enable=true"
  redis:
@ -170,16 +166,14 @@ services:
    command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
    networks:
      - nextcloud
      - monitoring
    volumes:
-      - ${VOLUMES_PATH}/nextcloud/redis:/data
+      - ${STORAGE_PATH}/redis:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 3s
    labels:
      - "docker.group=netxtcloud"
      - "diun.enable=true"
  collabora:
@ -195,20 +189,20 @@ services:
    expose:
      - 9980
    environment:
-      - domain=cloud.${DOMAIN}
+      - domain=${FQDN_NEXTCLOUD}
      - aliasgroup1=https://${FQDN_NEXTCLOUD}
      - username=${COLLABORA_ADMIN_USER}
      - password=${COLLABORA_ADMIN_PASSWORD}
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.collabora.rule=Host(`collabora.${DOMAIN}`)"
+      - "traefik.http.routers.collabora.rule=Host(`${FQDN_OFFICE}`)"
      - "traefik.http.routers.collabora.entrypoints=websecure"
      - "traefik.http.routers.collabora.tls.certresolver=netcup"
      - "traefik.http.routers.collabora.tls.options=intermediate@file"
      - "traefik.http.services.collabora.loadbalancer.server.port=9980"
      - "docker.group=netxtcloud"
      - "diun.enable=true"
  drawio-export:
@ -218,11 +212,10 @@ services:
    networks:
      - nextcloud
    volumes:
-      - ${VOLUMES_PATH}/nextcloud/fonts:/usr/share/fonts/drawio
+      - ${STORAGE_PATH}/fonts:/usr/share/fonts/drawio
    restart: unless-stopped
    labels:
      - "docker.group=netxtcloud"
      - "diun.enable=false"  # not enabled becaus of spamming :)
  drawio:
@ -233,7 +226,7 @@ services:
    depends_on:
      - drawio-export
    environment:
-      - VIRTUAL_HOST=drawio.${DOMAIN}
+      - VIRTUAL_HOST=${FQDN_DRAWIO}
      - VIRTUAL_PORT=8080
      - LETS_ENCRYPT_ENABLED=false
      - EXPORT_URL=http://drawio-export:8000/
@ -246,13 +239,12 @@ services:
      start_period: 20s
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.drawio.rule=Host(`drawio.${DOMAIN}`)"
+      - "traefik.http.routers.drawio.rule=Host(`${FQDN_DRAWIO}`)"
      - "traefik.http.routers.drawio.entrypoints=websecure"
      - "traefik.http.routers.drawio.tls.certresolver=netcup"
      - "traefik.http.routers.drawio.tls.options=intermediate@file"
      - "traefik.http.services.drawio.loadbalancer.server.port=8080"
      - "docker.group=netxtcloud"
      - "diun.enable=false"  # not enabled becaus of spamming :)
 networks:
  web:
@ -262,5 +254,3 @@ networks:
      config:
        - subnet: 172.153.0.0/16 # necessary for the notify_push <-> nextcloud traffic
  mariadb:
  monitoring:
    external: true
--- a/proxy/docker-compose.yaml
+++ b/proxy/docker-compose.yaml
@ -41,7 +41,7 @@ services:
      - web
      - dockersocket
    volumes:
-      - ${VOLUMES_PATH}/proxy/letsencrypt:/letsencrypt
+      - ${STORAGE_PATH}/letsencrypt:/letsencrypt
      - $PWD/tls.toml:/etc/traefik/tls.toml
    healthcheck:
      test: traefik healthcheck --ping
@ -49,7 +49,7 @@ services:
      timeout: 1s
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"
+      - "traefik.http.routers.dashboard.rule=Host(`${FQDN_TRAEFIK}`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.routers.dashboard.tls.certresolver=netcup"
@ -59,7 +59,7 @@ services:
      - "traefik.http.routers.dashboard.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=${HTPASSWD}"
      - "docker.group=proxy"
-      - "diun.enable=true"
+
  docker-socket-proxy:
    image: tecnativa/docker-socket-proxy
@ -71,7 +71,6 @@ services:
      - LOG_LEVEL=warning
      - CONTAINERS=1
      - INFO=1
      - IMAGES=1 # for diun
    networks:
      - dockersocket
    healthcheck:
@ -81,7 +80,6 @@ services:
    privileged: true
    labels:
      - "docker.group=proxy"
      - "diun.enable=true"
 #  whoami:
@ -90,7 +88,7 @@ services:
 #      - web
 #    labels:
 #      - "traefik.enable=true"
-#      - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
+#      - "traefik.http.routers.whoami.rule=Host(`${FQDN_WHOAMI}`)"
 #      - "traefik.http.routers.whoami.entrypoints=websecure"
 #      - "traefik.http.routers.whoami.tls.certresolver=netcup"
 #      - "docker.group=proxy"
--- a/push/docker-compose.yaml
+++ b/push/docker-compose.yaml
@ -3,13 +3,13 @@ services:
  ntfy:
    image: binwiederhier/ntfy:${NTFY_VERSION}
    restart: unless-stopped
-    networks: 
+    networks:
      - web
    command:
      - serve
    environment:
      - TZ=UTC
-      - NTFY_BASE_URL=https://push.florianzirker.de
+      - NTFY_BASE_URL=https://${FQDN_PUSH}
      - NTFY_LISTEN_HTTP=0.0.0.0:80
      - NTFY_CACHE_FILE=/var/cache/ntfy/cache.db
      - NTFY_CACHE_DURATION=24h
@ -22,20 +22,19 @@ services:
      - NTFY_ENABLE_LOGIN=true
      - NTFY_ENABLE_RESERVATIONS=false
    volumes:
-      - ${VOLUMES_PATH}/push/ntfy/cache/:/var/cache/ntfy
+      - ${STORAGE_PATH}/ntfy/cache/:/var/cache/ntfy
-      - ${VOLUMES_PATH}/push/ntfy/varlib/:/var/lib/ntfy/
+      - ${STORAGE_PATH}/ntfy/varlib/:/var/lib/ntfy/
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.push.rule=Host(`push.${DOMAIN}`)"
+      - "traefik.http.routers.push.rule=Host(`${FQDN_PUSH}`)"
      - "traefik.http.routers.push.entrypoints=websecure"
      - "traefik.http.routers.push.tls.certresolver=netcup"
      - "traefik.http.routers.push.tls.options=intermediate@file"
      - "traefik.http.services.push.loadbalancer.server.port=80"
      - "docker.group=push"
-      - "diun.enable=true"
+
 networks:
  push:
  web:
    external: true
--- a/rustdesk/docker-compose.yml
+++ b/rustdesk/docker-compose.yml
@ -9,7 +9,7 @@ services:
    image: rustdesk/rustdesk-server:${RUSTDESK_VERSION}
    command: hbbs -r ${DOMAIN}:21117 -k _
    volumes:
-      - ${VOLUMES_PATH}/rustdesk:/root
+      - ${STORAGE_PATH}:/root
    networks:
      - rustdesk
    depends_on:
@ -17,7 +17,7 @@ services:
    restart: unless-stopped
    labels:
      - "docker.group=rustdesk"
-      - "diun.enable=true"
+
  hbbr:
    ports:
@ -26,13 +26,13 @@ services:
    image: rustdesk/rustdesk-server:latest
    command: hbbr -k _
    volumes:
-      - ${VOLUMES_PATH}/rustdesk:/root
+      - ${STORAGE_PATH}:/root
    networks:
      - rustdesk
    restart: unless-stopped
    labels:
      - "docker.group=rustdesk"
-      - "diun.enable=true"
+
 networks:
  rustdesk:
--- a/start-all.sh
+++ b/start-all.sh
@ -6,7 +6,6 @@ function up {
 #up proxy --scale whoami=3;
 up proxy;
 up monitoring;
 up nextcloud;
 up git;
 up wallabag;
@ -14,3 +13,4 @@ up www;
 up firefoxsync;
 up push;
 up rustdesk;
 up news;
--- a/wallabag/docker-compose.yaml
+++ b/wallabag/docker-compose.yaml
@ -15,24 +15,23 @@ services:
      - SYMFONY__ENV__MAILER_USER=~
      - SYMFONY__ENV__MAILER_PASSWORD=~
      - SYMFONY__ENV__FROM_EMAIL=wallabag@${DOMAIN}
-      - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.${DOMAIN}
+      - SYMFONY__ENV__DOMAIN_NAME=https://${FQDN_WALLABAG}
    networks:
      - web
      - wallabag
    volumes:
-      - ${VOLUMES_PATH}/wallabag/images:/var/www/wallabag/web/assets/images
+      - ${STORAGE_PATH}/images:/var/www/wallabag/web/assets/images
    healthcheck:
      test: ["CMD", "curl" ,"--fail", "http://localhost/api/info"]
      interval: 10s
      timeout: 3s
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.wallabag.rule=Host(`wallabag.${DOMAIN}`)"
+      - "traefik.http.routers.wallabag.rule=Host(`${FQDN_WALLABAG}`)"
      - "traefik.http.routers.wallabag.entrypoints=websecure"
      - "traefik.http.routers.wallabag.tls.certresolver=netcup"
      - "traefik.http.routers.wallabag.tls.options=intermediate@file"
      - "docker.group=wallabag"
      - "diun.enable=true"
    depends_on:
      - db
      - redis
@ -45,10 +44,9 @@ services:
    networks:
      - wallabag
    volumes:
-      - /var/dockervolumes/wallabag/db:/var/lib/mysql
+      - ${STORAGE_PATH}/db:/var/lib/mysql
    labels:
      - "docker.group=wallabag"
      - "diun.enable=true"
  redis:
    image: redis:7.2.4
@ -61,7 +59,6 @@ services:
      timeout: 3s
    labels:
      - "docker.group=wallabag"
      - "diun.enable=true"
 networks:
--- a/www/docker-compose.yaml
+++ b/www/docker-compose.yaml
@ -19,15 +19,14 @@ services:
      - "traefik.http.routers.webroot.tls.certresolver=netcup"
      - "traefik.http.routers.webroot.tls.options=intermediate@file"
      - "traefik.http.routers.webroot.middlewares=redirect-to-www"
-      - "traefik.http.middlewares.redirect-to-www.redirectregex.regex=^https?://florianzirker.de/(.*)"
+      - "traefik.http.middlewares.redirect-to-www.redirectregex.regex=^https?://${DOMAIN}/(.*)"
-      - "traefik.http.middlewares.redirect-to-www.redirectregex.replacement=https://www.florianzirker.de/$${1}"
+      - "traefik.http.middlewares.redirect-to-www.redirectregex.replacement=https://${FQDN_WWW}/$${1}"
      - "traefik.http.middlewares.redirect-to-www.redirectregex.permanent=true"
      - "traefik.http.routers.www-secure.entrypoints=websecure"
-      - "traefik.http.routers.www-secure.rule=Host(`www.${DOMAIN}`)"
+      - "traefik.http.routers.www-secure.rule=Host(`${FQDN_WWW}`)"
      - "traefik.http.routers.www-secure.tls.certresolver=netcup"
      - "traefik.http.routers.www-secure.tls.options=intermediate@file"
      - "docker.group=www"
      - "diun.enable=true"
 networks:
  web:
Author	SHA1	Message	Date
Florian Zirker	d3add91d87	install forgejo-runner to use actions	2024-11-20 15:13:23 +01:00
Florian Zirker	c6bf4e3fa0	use full storage path not path to volumes	2024-10-24 14:07:46 +00:00
Florian Zirker	a69a5991b3	use fully qualified domain names	2024-10-24 13:46:51 +00:00
Florian Zirker	6a732a3e2b	Add News	2024-10-24 12:41:41 +00:00
Florian Zirker	113cb283b7	remove monitoring stack	2024-10-15 11:42:48 +00:00
Florian Zirker	c298155ceb	Set DOMAIN correctly	2024-10-15 11:42:01 +00:00
Florian Zirker	80e0bd3041	Upgrade postgres dbs	2024-10-15 11:16:14 +00:00