diff --git a/master_sync.toml b/master_sync.toml index 50a05ae..b1694b8 100644 --- a/master_sync.toml +++ b/master_sync.toml @@ -1,22 +1,17 @@ -# ============================================================================= -# SERVERS -# ============================================================================= - [[server]] name = "Unraid" [server.config] external_address = "http://172.24.3.12" enabled = true +## + [[server]] name = "synology" [server.config] enabled = true - -# ============================================================================= -# STACKS -# ============================================================================= +## [[stack]] name = "audiobookshelf" @@ -25,6 +20,8 @@ tags = ["Active"] server = "Unraid" linked_repo = "compose-audiobookshelf" +## + [[stack]] name = "changedetection_io" tags = ["Active"] @@ -34,6 +31,8 @@ auto_update = true linked_repo = "compose-changedetection_io" webhook_secret = "Limb-Crease-Unelected-Squeeze1" +## + [[stack]] name = "freshrss" tags = ["Active"] @@ -43,6 +42,99 @@ auto_update = true linked_repo = "compose-freshrss" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" +## + +[[stack]] +name = "gitlab" +[stack.config] +server = "Unraid" +file_contents = """ + + +networks: + Internal: + name: Internal_Network + external: true + External: + name: traefik_gateway_external + external: true + +services: + gitlab: + image: gitlab/gitlab-ce:latest + container_name: gitlab + restart: always + hostname: 'gitlab.andrewamason.tech' + deploy: + resources: + limits: + memory: 16G # + environment: + GITLAB_OMNIBUS_CONFIG: | + nginx['custom_gitlab_server_config'] = "listen 80;" + external_url 'https://gitlab.andrewamason.tech' + gitlab_rails['gitlab_shell_ssh_port'] = 2424 + registry_external_url 'http://registry.andrewamason.tech' + registry_nginx['listen_port'] = 5050 + registry_nginx['listen_https'] = true + registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem" + registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem" + gitlab_rails['smtp_enable'] = true + gitlab_rails['smtp_address'] = "smtp-relay.brevo.com" + gitlab_rails['smtp_port'] = 587 + gitlab_rails['smtp_user_name'] = "929a53001@smtp-brevo.com" + gitlab_rails['smtp_password'] = "xsmtpsib-9f7e1bc9517b887307058196de6aeff3ba10aa6792a99f3c7fd4a8282ce46622-O0rWTnaqPQfZHb2R" + gitlab_rails['smtp_domain'] = "andrewamason.tech" + gitlab_rails['smtp_authentication'] = "login" + gitlab_rails['smtp_enable_starttls_auto'] = true + gitlab_rails['smtp_openssl_verify_mode'] = 'peer' + gitlab_rails['gitlab_email_from'] = 'gitlab@andrewamason.tech' + gitlab_rails['gitlab_email_reply_to'] = 'noreply@andrewamason.tech' + networks: + - Internal + - External + expose: + - 8929 + - 80 + - 443 + - 22 + volumes: + - /mnt/user/docker/swag/etc/letsencrypt/live/andrewamason.tech/fullchain.pem:/etc/gitlab/ssl/fullchain.pem:ro + - /mnt/user/docker/swag/etc/letsencrypt/live/andrewamason.tech/privkey.pem:/etc/gitlab/ssl/privkey.pem:ro + - /mnt/user/docker/gitlab/config:/etc/gitlab + - /mnt/user/docker/gitlab/logs:/var/log/gitlab + - /mnt/user/docker/gitlab/data:/var/opt/gitlab + shm_size: '512m' + labels: + - traefik.enable=true + - traefik.http.routers.gitlab.rule=Host(`gitlab.andrewamason.tech`) + - traefik.http.routers.gitlab.entrypoints=https,http + - traefik.http.routers.gitlab.tls=true + - traefik.http.routers.gitlab.tls.certresolver=letsencrypt + - traefik.http.routers.gitlab.middlewares=https_redirect + - traefik.http.services.gitlab.loadbalancer.healthcheck.followredirects=true + - traefik.http.services.gitlab.loadbalancer.healthcheck.path=/ + - traefik.http.services.gitlab.loadbalancer.healthcheck.port=443 + - traefik.http.services.gitlab.loadbalancer.passhostheader=true + - traefik.http.services.gitlab.loadbalancer.server.scheme=https + - traefik.http.services.gitlab.loadbalancer.server.port=443 + - traefik.docker.network=traefik_gateway_external + gitlab-runner: + image: gitlab/gitlab-runner:latest + container_name: gitlab-runner + network_mode: host + volumes: + - /mnt/user/docker/swag/etc/letsencrypt/ca:/usr/share/ca-certificates + - /mnt/user/docker/gitlab/runner/config/:/etc/gitlab-runner + - /var/run/docker.sock:/var/run/docker.sock + environment: + GIT_SSL_NO_VERIFY: "true" + labels: + - traefik.enable=false +""" + +## + [[stack]] name = "glance" tags = ["Active"] @@ -55,6 +147,8 @@ additional_env_files = [ { path = "timezone.env", track = true } ] +## + [[stack]] name = "grimmory" tags = ["Testing"] @@ -83,6 +177,8 @@ MYSQL_ROOT_PASSWORD=ChangeMe_MariaDBRoot_2025! MYSQL_DATABASE=grimmory """ +## + [[stack]] name = "homeassistant_io" tags = ["Active"] @@ -102,6 +198,8 @@ INFLUX_ORG=home INFLUX_BUCKET=homeassistant """ +## + [[stack]] name = "homebox" tags = ["Active"] @@ -111,6 +209,8 @@ auto_update = true linked_repo = "compose-homebox" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" +## + [[stack]] name = "homepage" tags = ["Active"] @@ -140,14 +240,19 @@ services: - net.unraid.docker.icon=/mnt/user/docker/icons/homepage.png """ +## + [[stack]] name = "icloud_pd" +tags = ["Active"] [stack.config] server = "Unraid" auto_update = true linked_repo = "compose-icloudpd" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" +## + [[stack]] name = "immich" tags = ["Active"] @@ -157,10 +262,12 @@ auto_update = true linked_repo = "compose-immich" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" additional_env_files = [ - { path = "immich.env", track = true }, + { path = "immich.env", track = true }, { path = "immich-frame.env", track = true } ] +## + [[stack]] name = "jellyfin" tags = ["Active"] @@ -174,6 +281,8 @@ environment = """ # VARIABLE = value """ +## + [[stack]] name = "karakeep" tags = ["Active"] @@ -186,6 +295,8 @@ additional_env_files = [ { path = "karakeep.env", track = true } ] +## + [[stack]] name = "kavita" tags = ["Active"] @@ -193,6 +304,8 @@ tags = ["Active"] server = "Unraid" linked_repo = "compose-kavita" +## + [[stack]] name = "makemkv" tags = ["As_Needed"] @@ -202,6 +315,8 @@ auto_update = true linked_repo = "compose-makemkv" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" +## + [[stack]] name = "manyfold" tags = ["As_Needed"] @@ -212,6 +327,8 @@ linked_repo = "compose-manyfold" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" env_file_path = "manyfold.env" +## + [[stack]] name = "mealie" tags = ["Testing"] @@ -219,6 +336,8 @@ tags = ["Testing"] server = "Unraid" linked_repo = "compose-mealie" +## + [[stack]] name = "obsidian-sync" tags = ["Active"] @@ -231,6 +350,8 @@ additional_env_files = [ { path = "andrew-obsidian-vault.env", track = true } ] +## + [[stack]] name = "open-vscode" tags = ["As_Needed"] @@ -265,6 +386,8 @@ services: restart: unless-stopped """ +## + [[stack]] name = "ossint-web-check" tags = ["As_Needed"] @@ -274,6 +397,8 @@ poll_for_updates = true linked_repo = "compose-OSSINT-Webcheck" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" +## + [[stack]] name = "paperless-ngx" tags = ["As_Needed"] @@ -286,6 +411,8 @@ additional_env_files = [ { path = "stack.env", track = true } ] +## + [[stack]] name = "plex" tags = ["Active"] @@ -295,6 +422,8 @@ auto_update = true linked_repo = "compose-plex" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" +## + [[stack]] name = "resilio-sync" tags = ["Active"] @@ -304,6 +433,8 @@ auto_update = true linked_repo = "compose-resilio-sync" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" +## + [[stack]] name = "romm" [stack.config] @@ -312,6 +443,8 @@ auto_update = true linked_repo = "compose-romm" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" +## + [[stack]] name = "servarr" tags = ["As_Needed"] @@ -324,47 +457,87 @@ additional_env_files = [ { path = "timezone.env", track = true } ] +## + [[stack]] name = "sonarqube" +tags = ["Testing"] [stack.config] server = "Unraid" file_contents = """ services: sonarqube: - image: sonarqube:community + image: sonarqube:lts-community + hostname: sonarqube + container_name: sonarqube + read_only: true depends_on: - - sonar_db + db: + condition: service_healthy environment: - SONAR_JDBC_URL: jdbc:postgresql://sonar_db:5432/sonar + SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar SONAR_JDBC_USERNAME: sonar SONAR_JDBC_PASSWORD: sonar - ports: - - "9001:9000" volumes: - - sonarqube_conf:/opt/sonarqube/conf - sonarqube_data:/opt/sonarqube/data - sonarqube_extensions:/opt/sonarqube/extensions - sonarqube_logs:/opt/sonarqube/logs - sonarqube_temp:/opt/sonarqube/temp - sonar_db: - image: postgres:13 + tmpfs: + - /tmp:size=256M,mode=1777 + ports: + - "9000:9000" + networks: + - Internal + ulimits: + nofile: + soft: "65536" + hard: "65536" + db: + image: postgres:17 + healthcheck: + test: [ "CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ] + interval: 10s + timeout: 5s + retries: 5 + hostname: postgresql + container_name: postgresql environment: POSTGRES_USER: sonar POSTGRES_PASSWORD: sonar POSTGRES_DB: sonar volumes: - - sonar_db:/var/lib/postgresql - - sonar_db_data:/var/lib/postgresql/data + - /mnt/user/docker/sonarqube/postgres:/var/lib/postgresql + networks: + - Internal + volumes: - sonarqube_conf: sonarqube_data: + sonarqube_temp: sonarqube_extensions: sonarqube_logs: - sonarqube_temp: - sonar_db: - sonar_db_data: + postgresql: + +networks: + Internal: + external: true + name: Internal_Network + ipv4: + driver: bridge + enable_ipv6: false + dual: + driver: bridge + enable_ipv6: true + ipam: + config: + - subnet: "192.168.2.0/24" + gateway: "192.168.2.1" + - subnet: "2001:db8:2::/64" + gateway: "2001:db8:2::1" """ +## + [[stack]] name = "swag" tags = ["Active"] @@ -374,6 +547,8 @@ auto_update = true linked_repo = "compose-swag" webhook_secret = "Spotting-Drainpipe-Freely-Outwit-Opponent7" +## + [[stack]] name = "traefik" tags = ["Active"] @@ -389,6 +564,8 @@ CF_API_EMAIL=andrew_amason@live.com CLOUDFLARE_DNS_API_TOKEN=YrGr8Q2iLJ-Ui_bpSxreYJ7D6T8YJOFOj7A4eYDq """ +## + [[stack]] name = "uptime-kuma" tags = ["Decom"] @@ -403,6 +580,8 @@ additional_env_files = [ ] ignore_services = ["signal-cli-rest-api"] +## + [[stack]] name = "wallos" tags = ["Active"] @@ -411,10 +590,7 @@ server = "Unraid" auto_update = true linked_repo = "compose-wallos" - -# ============================================================================= -# DEPLOYMENTS -# ============================================================================= +## [[deployment]] name = "Technitium_2" @@ -434,10 +610,7 @@ environment = """ TZ=America/New_York """ - -# ============================================================================= -# BUILDS -# ============================================================================= +## [[build]] name = "audiobookshelf" @@ -448,6 +621,8 @@ image_registry = [ { domain = "gitea.andrewamason.tech", account = "andrewamason", organization = "docker" } ] +## + [[build]] name = "grimmory" [build.config] @@ -458,6 +633,8 @@ image_registry = [ { domain = "gitea.andrewamason.tech", account = "andrewamason", organization = "docker" } ] +## + [[build]] name = "icloudpd" [build.config] @@ -468,6 +645,8 @@ image_registry = [ { domain = "gitea.andrewamason.tech", account = "andrewamason", organization = "docker" } ] +## + [[build]] name = "swag" [build.config] @@ -477,6 +656,8 @@ image_registry = [ { domain = "gitea.andrewamason.tech", account = "andrewamason", organization = "docker" } ] +## + [[build]] name = "web-check" [build.config] @@ -486,10 +667,7 @@ image_registry = [ { domain = "gitea.andrewamason.tech", account = "andrewamason", organization = "docker" } ] - -# ============================================================================= -# REPOS -# ============================================================================= +## [[repo]] name = "Master_Resource_Sync" @@ -500,14 +678,7 @@ git_https = false git_account = "andrewamason" repo = "andrewamason/resources" -[[repo]] -name = "master-config" -[repo.config] -server = "Unraid" -git_provider = "gitea:3000" -git_https = false -git_account = "andrewamason" -repo = "andrewamason/resources" +## [[repo]] name = "compose-OSSINT-Webcheck" @@ -517,6 +688,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/OSSINT-Webcheck" +## + [[repo]] name = "compose-audiobookshelf" [repo.config] @@ -526,6 +699,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/audiobookshelf" +## + [[repo]] name = "compose-automation" [repo.config] @@ -534,6 +709,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/automation" +## + [[repo]] name = "compose-changedetection_io" [repo.config] @@ -543,6 +720,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/changedetection_io" +## + [[repo]] name = "compose-freshrss" [repo.config] @@ -552,6 +731,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/freshrss" +## + [[repo]] name = "compose-glance" [repo.config] @@ -560,6 +741,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/Dashboards" +## + [[repo]] name = "compose-grimmory" [repo.config] @@ -569,6 +752,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/grimmory" +## + [[repo]] name = "compose-homeassistant_io" [repo.config] @@ -578,6 +763,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/HomeAssistant" +## + [[repo]] name = "compose-homebox" [repo.config] @@ -586,6 +773,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/HomeBox" +## + [[repo]] name = "compose-icloudpd" [repo.config] @@ -594,6 +783,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/iCloud_PD" +## + [[repo]] name = "compose-immich" [repo.config] @@ -602,6 +793,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/immich" +## + [[repo]] name = "compose-jellyfin" [repo.config] @@ -611,6 +804,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/Media_Apps" +## + [[repo]] name = "compose-karakeep" [repo.config] @@ -620,6 +815,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/karakeep" +## + [[repo]] name = "compose-kavita" [repo.config] @@ -629,6 +826,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/kavita" +## + [[repo]] name = "compose-makemkv" [repo.config] @@ -637,6 +836,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/makemkv" +## + [[repo]] name = "compose-manyfold" [repo.config] @@ -646,6 +847,8 @@ git_account = "andrewamason" repo = "HomeLab/manyfold" env_file_path = "manyfold.env" +## + [[repo]] name = "compose-mealie" [repo.config] @@ -655,6 +858,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/Mealie" +## + [[repo]] name = "compose-obsidian-sync" [repo.config] @@ -663,6 +868,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/obsidian-sync" +## + [[repo]] name = "compose-paperless-ngx" [repo.config] @@ -671,6 +878,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/paperless-ngx" +## + [[repo]] name = "compose-plex" [repo.config] @@ -679,6 +888,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/Media-Streaming" +## + [[repo]] name = "compose-repoflow" [repo.config] @@ -687,6 +898,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/RepoFlow" +## + [[repo]] name = "compose-resilio-sync" [repo.config] @@ -696,6 +909,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/Resilio-Sync" +## + [[repo]] name = "compose-reverseproxy" [repo.config] @@ -704,6 +919,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/reverse-proxy" +## + [[repo]] name = "compose-romm" [repo.config] @@ -712,6 +929,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/Romm" +## + [[repo]] name = "compose-rustdesk" [repo.config] @@ -720,6 +939,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/RustDesk" +## + [[repo]] name = "compose-servarr" [repo.config] @@ -729,6 +950,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/servarr" +## + [[repo]] name = "compose-swag" [repo.config] @@ -738,6 +961,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/swag" +## + [[repo]] name = "compose-uptime-kuma" [repo.config] @@ -746,6 +971,8 @@ git_provider = "gitea:3000" git_account = "andrewamason" repo = "HomeLab/uptime-kuma" +## + [[repo]] name = "compose-wallos" [repo.config] @@ -755,7 +982,8 @@ git_https = false git_account = "andrewamason" repo = "HomeLab/WallOS" -# Source repos (used by builds) +## + [[repo]] name = "icloudpd" [repo.config] @@ -765,6 +993,19 @@ git_account = "andrewamason" repo = "boredazfcuk/docker-icloudpd" branch = "master" +## + +[[repo]] +name = "master-config" +[repo.config] +server = "Unraid" +git_provider = "gitea:3000" +git_https = false +git_account = "andrewamason" +repo = "andrewamason/resources" + +## + [[repo]] name = "source-audiobookshelf" [repo.config] @@ -774,6 +1015,8 @@ git_account = "andrewamason" repo = "advplyr/audiobookshelf" branch = "master" +## + [[repo]] name = "swag" [repo.config] @@ -783,6 +1026,8 @@ git_account = "andrewamason" repo = "linuxserver/docker-swag" branch = "master" +## + [[repo]] name = "web-check" [repo.config] @@ -792,16 +1037,14 @@ git_account = "andrewamason" repo = "lissy93/web-check" branch = "master" - -# ============================================================================= -# PROCEDURES -# ============================================================================= +## [[procedure]] name = "Backup Core Database" description = "Triggers the Core database backup at the scheduled time." tags = ["system"] config.schedule = "Every day at 01:00" + [[procedure.config.stage]] name = "Stage 1" enabled = true @@ -809,11 +1052,14 @@ executions = [ { execution.type = "BackupCoreDatabase", execution.params = {}, enabled = true } ] +## + [[procedure]] name = "Global Auto Update" description = "Pulls and auto updates Stacks and Deployments using 'poll_for_updates' or 'auto_update'." tags = ["system"] config.schedule = "Every day at 03:00" + [[procedure.config.stage]] name = "Stage 1" enabled = true @@ -821,11 +1067,14 @@ executions = [ { execution.type = "GlobalAutoUpdate", execution.params.skip_auto_update = false, enabled = true } ] +## + [[procedure]] name = "Rotate Server Keys" description = "Rotates all currently connected Server keys." tags = ["system"] config.schedule = "Every day at 06:00" + [[procedure.config.stage]] name = "Stage 1" enabled = true @@ -833,10 +1082,52 @@ executions = [ { execution.type = "RotateAllServerKeys", execution.params = {}, enabled = true } ] +## -# ============================================================================= -# BUILDERS -# ============================================================================= +[[action]] +name = "sonarqube-analysis" +[action.config] +file_contents = """ +on: + push: + branches: + - main + pull_request: + types: [opened, synchronize, reopened] + +name: SonarQube Scan +jobs: + sonarqube: + name: SonarQube Trigger + runs-on: ubuntu-latest + steps: + - name: Checking out + uses: actions/checkout@v4 + with: + # Disabling shallow clone is recommended for improving relevancy of reporting + fetch-depth: 0 + - name: SonarQube Scan + uses: kitabisa/sonarqube-action@v1.2.0 + with: + host: ${{ secrets.SONARQUBE_HOST }} + login: ${{ secrets.SONARQUBE_TOKEN }} +""" + +## + +[[action]] +name = "text" +[action.config] +file_contents = """ +// Run actions using the pre initialized 'komodo' client. +const version: Types.GetVersionResponse = await komodo.read('GetVersion', {}); +console.log('🦎 Komodo version:', version.version, '🦎\n'); + +// Access arguments using the 'ARGS' object. +console.log(ARGS); +""" + +## [[builder]] name = "local" @@ -844,16 +1135,15 @@ name = "local" type = "Server" params.server_id = "Unraid" +## + [[builder]] name = "synology" [builder.config] type = "Server" params = {} - -# ============================================================================= -# RESOURCE SYNC -# ============================================================================= +## [[resource_sync]] name = "master-sync" @@ -862,4 +1152,18 @@ linked_repo = "Master_Resource_Sync" resource_path = ["master_sync.toml"] managed = true include_variables = true -include_user_groups = true \ No newline at end of file +include_user_groups = true + +## + +[[variable]] +name = "SONARQUBE_HOST" +value = "sqa_35f53592be1dfce277bc27d51ee0a4e32a858604" +is_secret = true + +## + +[[variable]] +name = "SONARQUBE_TOKEN" +value = "http://172.24.3.12:9001" +is_secret = true \ No newline at end of file