szmedia
/
my-runtipi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: szmedia:a5e497b2575aef14ea499101acbaaa66787c9a54
Branches Tags
szmedia:main
...
compare: szmedia:5d24c05f6a6c989209a679c314ba2dbcd76b1fa9
Branches Tags
szmedia:main

4 Commits
a5e497b257 ... 5d24c05f6a

Author SHA1 Message Date
Lockszmith (@avital) 5d24c05f6a =align to new env var names 2025-01-17 13:25:41 -08:00
Lockszmith (@avital) ebb66667ef =Improved template 2025-01-17 13:23:42 -08:00
Lockszmith (@avital) 872829fe6d Add _secrets to git 2025-01-17 13:21:37 -08:00
Lockszmith (@avital) b07ddc8596 Ready for TrueNAS+runtipi hosting 
- adapt secretes via tipi-compose
- add ix-dockge to runtipi-reverse-proxy as an example
- added rt.dockge.yml(.bobo) as an example
- bobo auth is now working
 2025-01-17 13:18:06 -08:00
25 changed files with 169 additions and 46 deletions
Show Stats Expand all files Collapse all files

20
.env.local.tmpl
View File

@ -1,10 +1,20 @@
ACME_EMAIL=<acme admin mail> # user-config/.env.<system name>.local.yml
CF_DNS_API_TOKEN=<Cloudflare DNS API Token> ACME_EMAIL="<acme admin mail>"
SZ_USER_UID=<USER's UID> HOST_UID="<USER's UID>"
SZ_USER_GID=<USER's GID> HOST_GID="<USER's GID>"
INTERNAL_IP="192.168.1.11"
# RUNTIPI's root on the docker host
# TIPI_VERSION="v3.8.0"
RUNTIPI_ROOT_FOLDER_HOST="/mnt/<pool>/data/apps/runtipi"
# ALT_ROOT_DOMAIN=<alt domain> # optional, alternative public domain
ROOT_DOMAIN=<root.fqdn> ROOT_DOMAIN=<root.fqdn>
LEGACY_ROOT_DOMAIN=<legacy domain> DOMAIN=<root.fqdn>
LOCAL_DOMAIN=tipi.local
TZ="America/New_York"
# vi: ft=sh # vi: ft=sh

2
.gitignore vendored
View File

@ -13,3 +13,5 @@ tmp.*
*.tmp *.tmp
*.off *.off
_secrets/*
!_secrets/README.md

16
_bin/rtpctl.d
View File

@ -15,7 +15,7 @@ BASE_NAME="$(basename -- "$0")"
BASE_BASE_NAME="${BASE_NAME%.*}" BASE_BASE_NAME="${BASE_NAME%.*}"
RUNTIPI_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)" RUNTIPI_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
RUNTIPI_CLI="${RUNTIPI_ROOT}/runtipi_cli" RUNTIPI_CLI="${RUNTIPI_ROOT}/runtipi-cli"
set -e set -e
cd "${RUNTIPI_ROOT}" > /dev/null cd "${RUNTIPI_ROOT}" > /dev/null
@ -46,6 +46,9 @@ runtipi-app-docker-compose() {
echo --file apps/${APP}/docker-compose.yml echo --file apps/${APP}/docker-compose.yml
append_file_param --file repos/29ca930bfdaffa1dfabf5726336380ede7066bc53297e3c0c868b27c97282903/apps/docker-compose.common.yml append_file_param --file repos/29ca930bfdaffa1dfabf5726336380ede7066bc53297e3c0c868b27c97282903/apps/docker-compose.common.yml
append_file_param --file "user-config/${APP}/docker-compose.yml" append_file_param --file "user-config/${APP}/docker-compose.yml"
else
append_file_param --file "docker-compose.yml"
append_file_param --file "user-config/tipi-compose.yml"
fi) \ fi) \
${@:2} ${@:2}
} }
@ -68,7 +71,11 @@ case "${1}" in
runtipi-cli start --env-file user-config/.env.local --no-permissions runtipi-cli start --env-file user-config/.env.local --no-permissions
;; ;;
update) update)
runtipi-cli update --env-file user-config/.env.local --no-permissions "${2:?Must supply version}" "${@:3}" if [ -z "${2}" ]; then
${SCRIPT_DIR}/checkver.sh
else
runtipi-cli update --env-file user-config/.env.local --no-permissions "${2:?Must supply version}" "${@:3}"
fi
;; ;;
docker) docker)
docker "${@:2}" docker "${@:2}"
@ -83,6 +90,9 @@ case "${1}" in
cd "${RUNTIPI_ROOT}/../dockge/stacks/${2:?Must supply stack name}" > /dev/null cd "${RUNTIPI_ROOT}/../dockge/stacks/${2:?Must supply stack name}" > /dev/null
docker compose "${@:3}" docker compose "${@:3}"
;; ;;
shell)
runtipi-app-docker-compose "${2:?}" exec ${5:+"${@:5}"} -it "${4:-${2}}" "${3:-bash}"
;;
setup) setup)
ln -s $2 "$(cd -- "${SCRIPT_DIR}" && pwd)/${BASE_NAME}" "${3:-$HOME/.local/bin/}" ln -s $2 "$(cd -- "${SCRIPT_DIR}" && pwd)/${BASE_NAME}" "${3:-$HOME/.local/bin/}"
;; ;;
@ -108,10 +118,10 @@ case "${1}" in
"" "dls" "stylized docker ls" \ "" "dls" "stylized docker ls" \
"" "docker" "docker" \ "" "docker" "docker" \
"" "dockge" "docker compose for dockge stacks" \ "" "dockge" "docker compose for dockge stacks" \
"" "shell" "enter an insteractive shell" \
"" "" "" \ "" "" "" \
"misc." "" ""\ "misc." "" ""\
"" "exec" "execute within the shell, START_DIR env applies" \ "" "exec" "execute within the shell, START_DIR env applies" \
"" "shell" "enter an insteractive shell" \
"" "" "" \ "" "" "" \
"" "setup" "setup runtipictl in user's .local/bin dir" \ "" "setup" "setup runtipictl in user's .local/bin dir" \
"" "" "${BASE_NAME} setup" \ "" "" "${BASE_NAME} setup" \

5
_secrets/README.md Normal file
View File

@ -0,0 +1,5 @@
# runtipi's user-config secrets
the text files in this directory are referenced in the compose yaml files in runtipi's user-config.
the files in this directory (except this README.md file) are all ignored by git

3
_template/app.env
View File

@ -1,2 +1,3 @@
# VARIABLE=value #comment # VARIABLE=value #comment
APP_ROUTE_OPTIONAL=${LEGACY_ROOT_DOMAIN:+ || Host(`example.${LEGACY_ROOT_DOMAIN}`)} APP_ROUTE_OPTIONAL=${ALT_ROOT_DOMAIN:+ || Host(`example.${ALT_ROOT_DOMAIN}`)}

4
_template/docker-compose.yml
View File

@ -2,8 +2,8 @@ services:
<service-name>: <service-name>:
hostname: <service-name>.docker hostname: <service-name>.docker
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
# RUNTIPI Environment # RUNTIPI Environment
RUNTIPI_APP_PORT: "${APP_PORT}" RUNTIPI_APP_PORT: "${APP_PORT}"
RUNTIPI_APP_ID: "${APP_ID}" RUNTIPI_APP_ID: "${APP_ID}"

19
_traefik/dynamic/_templates/mw.fwd-auth-sysmgr.yml.bobo Normal file
View File

@ -0,0 +1,19 @@
http:
middlewares:
authentik_sysmgr:
forwardAuth:
address: https://auth.avital14.com/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeadersRegex: "^[Xx]-[Aa]uthentik"
# authResponseHeaders:
# - X-authentik-username
# - X-authentik-groups
# - X-authentik-email
# - X-authentik-name
# - X-authentik-uid
# - X-authentik-jwt
# - X-authentik-meta-jwks
# - X-authentik-meta-outpost
# - X-authentik-meta-provider
# - X-authentik-meta-app
# - X-authentik-meta-version

23
_traefik/dynamic/_templates/rt.dockge.yml.bobo Normal file
View File

@ -0,0 +1,23 @@
# http routing section
http:
routers:
# Define a connection between requests and services
home-assistant:
rule: "Host(`dockge.toronto.avital14.com`)"
entrypoints:
- websecure
# # If the rule matches, applies the middleware
# middlewares:
# - test-user
# If the rule matches, forward to the whoami service (declared below)
service: home-assistant
tls:
certresolver: myresolver
services:
# Define how to reach an existing service on our infrastructure
home-assistant:
loadBalancer:
servers:
- url: "http://dockge:31014"
#- address: "ha.lan:8123"

4
code-server/docker-compose.yml
View File

@ -1,8 +1,8 @@
services: services:
code-server: code-server:
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- /:/mnt/runtipi.host - /:/mnt/runtipi.host

4
ddns-updater/docker-compose.yml
View File

@ -1,8 +1,8 @@
services: services:
ddns-updater: ddns-updater:
environment: environment:
USER_UID: "${SZ_USER_UID}" USER_UID: "${HOST_UID}"
USER_GID: "${SZ_USER_GID}" USER_GID: "${HOST_GID}"
### Configuration ### Configuration
# DATADIR: "/updater/data" # DATADIR: "/updater/data"

4
ddns-updater/local.app.env
View File

@ -1,2 +1,2 @@
SZ_USER_UID=<UID> HOST_UID=<UID>
SZ_USER_GID=<GID> HOST_GID=<GID>

8
dockge/docker-compose.yml
View File

@ -16,10 +16,10 @@ services:
RUNTIPI_LOCAL_DOMAIN: "${LOCAL_DOMAIN}" RUNTIPI_LOCAL_DOMAIN: "${LOCAL_DOMAIN}"
RUNTIPI_DOMAIN: "${DOMAIN}" RUNTIPI_DOMAIN: "${DOMAIN}"
RUNTIPI_ROOT_DOMAIN: "${ROOT_DOMAIN}" RUNTIPI_ROOT_DOMAIN: "${ROOT_DOMAIN}"
SZ_USER_UID: "${SZ_USER_UID}" HOST_UID: "${HOST_UID}"
SZ_USER_GID: "${SZ_USER_GID}" HOST_GID: "${HOST_GID}"
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
TZ: "${TZ:?Did you forget to define TZ in the root RunTipi .env.local?}" TZ: "${TZ:?Did you forget to define TZ in the root RunTipi .env.local?}"
labels: labels:
traefik.http.routers.dockge.rule: Host(`dockge.${ROOT_DOMAIN}`)${APP_ROUTE_OPTIONAL:-} traefik.http.routers.dockge.rule: Host(`dockge.${ROOT_DOMAIN}`)${APP_ROUTE_OPTIONAL:-}

4
dozzle/docker-compose.yml
View File

@ -2,8 +2,8 @@ services:
dozzle: dozzle:
hostname: dozzle.docker hostname: dozzle.docker
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
# RUNTIPI Environment # RUNTIPI Environment
RUNTIPI_APP_PORT: "${APP_PORT}" RUNTIPI_APP_PORT: "${APP_PORT}"
RUNTIPI_APP_ID: "${APP_ID}" RUNTIPI_APP_ID: "${APP_ID}"

4
forgejo/docker-compose.yml
View File

@ -1,8 +1,8 @@
services: services:
forgejo: forgejo:
environment: environment:
USER_UID: "${SZ_USER_UID}" USER_UID: "${HOST_UID}"
USER_GID: "${SZ_USER_GID}" USER_GID: "${HOST_GID}"
FORGEJO__server__DOMAIN: "code.${ALT_ROOT_DOMAIN}" FORGEJO__server__DOMAIN: "code.${ALT_ROOT_DOMAIN}"
FORGEJO__server__ROOT_URL: "https://code.${ALT_ROOT_DOMAIN}" FORGEJO__server__ROOT_URL: "https://code.${ALT_ROOT_DOMAIN}"

6
homepage/docker-compose.yml
View File

@ -1,8 +1,8 @@
services: services:
homepage: homepage:
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
# RUNTIPI Environment # RUNTIPI Environment
RUNTIPI_APP_PORT: "${APP_PORT}" RUNTIPI_APP_PORT: "${APP_PORT}"
RUNTIPI_APP_ID: "${APP_ID}" RUNTIPI_APP_ID: "${APP_ID}"
@ -18,7 +18,7 @@ services:
# Websecure # Websecure
traefik.http.routers.homepage.middlewares: authentik_sysmgr@file traefik.http.routers.homepage.middlewares: authentik_sysmgr@file
traefik.http.routers.homepage.rule: Host(`www.${ROOT_DOMAIN}`)${APP_ROUTE_OPTIONAL:-} traefik.http.routers.homepage.rule: Host(`www.${ROOT_DOMAIN}`)${APP_ROUTE_OPTIONAL:-}
# #traefik.http.routers.homepage-more.rule: Host(`www.${LEGACY_ROOT_DOMAIN}`) # #traefik.http.routers.homepage-more.rule: Host(`www.${ALT_ROOT_DOMAIN}`)
# traefik.http.routers.homepage-more.entrypoints: websecure # traefik.http.routers.homepage-more.entrypoints: websecure
# traefik.http.routers.homepage-more.service: homepage # traefik.http.routers.homepage-more.service: homepage
# traefik.http.routers.homepage-more.middlewares: authentik_sysmgr@file # traefik.http.routers.homepage-more.middlewares: authentik_sysmgr@file

4
overseerr/docker-compose.yml
View File

@ -2,8 +2,8 @@ services:
overseerr: overseerr:
hostname: overseerr.docker hostname: overseerr.docker
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
# RUNTIPI Environment # RUNTIPI Environment
RUNTIPI_APP_PORT: "${APP_PORT}" RUNTIPI_APP_PORT: "${APP_PORT}"
RUNTIPI_APP_ID: "${APP_ID}" RUNTIPI_APP_ID: "${APP_ID}"

4
plex/docker-compose.yml
View File

@ -1,8 +1,8 @@
services: services:
plex: plex:
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
network_mode: "container:net-plex" network_mode: "container:net-plex"
#networks: [] #networks: []
volumes_from: volumes_from:

4
prowlarr/docker-compose.yml
View File

@ -2,8 +2,8 @@ services:
prowlarr: prowlarr:
hostname: prowlarr.docker hostname: prowlarr.docker
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
# RUNTIPI Environment # RUNTIPI Environment
RUNTIPI_APP_PORT: "${APP_PORT}" RUNTIPI_APP_PORT: "${APP_PORT}"
RUNTIPI_APP_ID: "${APP_ID}" RUNTIPI_APP_ID: "${APP_ID}"

4
radarr/docker-compose.yml
View File

@ -2,8 +2,8 @@ services:
radarr: radarr:
hostname: radarr.docker hostname: radarr.docker
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
# RUNTIPI Environment # RUNTIPI Environment
RUNTIPI_APP_PORT: "${APP_PORT}" RUNTIPI_APP_PORT: "${APP_PORT}"
RUNTIPI_APP_ID: "${APP_ID}" RUNTIPI_APP_ID: "${APP_ID}"

4
sabnzbd/docker-compose.yml
View File

@ -2,8 +2,8 @@ services:
sabnzbd: sabnzbd:
hostname: nzb.docker hostname: nzb.docker
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
# RUNTIPI Environment # RUNTIPI Environment
RUNTIPI_APP_PORT: "${APP_PORT}" RUNTIPI_APP_PORT: "${APP_PORT}"
RUNTIPI_APP_ID: "${APP_ID}" RUNTIPI_APP_ID: "${APP_ID}"

4
sonarr/docker-compose.yml
View File

@ -2,8 +2,8 @@ services:
sonarr: sonarr:
hostname: sonarr.docker hostname: sonarr.docker
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
# RUNTIPI Environment # RUNTIPI Environment
RUNTIPI_APP_PORT: "${APP_PORT}" RUNTIPI_APP_PORT: "${APP_PORT}"
RUNTIPI_APP_ID: "${APP_ID}" RUNTIPI_APP_ID: "${APP_ID}"

4
syncthing/docker-compose.yml
View File

@ -2,8 +2,8 @@ services:
syncthing: syncthing:
hostname: syncthing.docker hostname: syncthing.docker
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
# RUNTIPI Environment # RUNTIPI Environment
RUNTIPI_APP_PORT: "${APP_PORT}" RUNTIPI_APP_PORT: "${APP_PORT}"
RUNTIPI_APP_ID: "${APP_ID}" RUNTIPI_APP_ID: "${APP_ID}"

36
szetup.sh
View File

@ -24,7 +24,6 @@ else
echo "No matching symbolic links found to delete." echo "No matching symbolic links found to delete."
fi fi
find "$TOP_DIR/_templates" -maxdepth 1 -mindepth 1 -type f -name "*.${SYS_NAME}" -print0 \ find "$TOP_DIR/_templates" -maxdepth 1 -mindepth 1 -type f -name "*.${SYS_NAME}" -print0 \
| while IFS= read -r -d '' file; do | while IFS= read -r -d '' file; do
base=$(basename "$file" ".${SYS_NAME}") base=$(basename "$file" ".${SYS_NAME}")
@ -33,3 +32,38 @@ find "$TOP_DIR/_templates" -maxdepth 1 -mindepth 1 -type f -name "*.${SYS_NAME}"
ln -vrs "${file}" "${TOP_DIR}/${base%${ext}}local.$ext" ln -vrs "${file}" "${TOP_DIR}/${base%${ext}}local.$ext"
done done
SECRET_BASE="${SCRIPT_DIR}/_secrets"
SECRETS=(
"tipi_jwt_secret"
"tipi_postgres_password"
"tipi_redis_password"
)
for file in "${SECRETS[@]}"; do
secret="${SECRET_BASE}/${file}.txt"
printf '%s secret ' "${file}"
if [ -s "${secret}" ]; then
printf 'exists.'
else
printf 'generating... '
curl -s "https://makemeapassword.ligos.net/api/v1/passphrase/plain?pc=1&wc=6&sp=y&maxCh=64" \
| sed -Ee 's/ /-/g;' > "${secret}"
printf 'ready.'
fi
printf '\n'
done
SECRETS=(
"traefik_cf_dns_api_token"
)
for file in "${SECRETS[@]}"; do
secret="${SECRET_BASE}/${file}.txt"
printf '%s secret ' "${file}"
if [ -s "${secret}" ]; then
printf 'exists.'
else
printf 'missing!'
fi
printf '\n'
done
# vim: set ft=sh expandtab tabstop=4 shiftwidth=4:

4
tautulli/docker-compose.yml
View File

@ -2,8 +2,8 @@ services:
tautulli: tautulli:
hostname: tautulli.docker hostname: tautulli.docker
environment: environment:
PUID: "${SZ_USER_UID}" PUID: "${HOST_UID}"
PGID: "${SZ_USER_GID}" PGID: "${HOST_GID}"
# RUNTIPI Environment # RUNTIPI Environment
RUNTIPI_APP_PORT: "${APP_PORT}" RUNTIPI_APP_PORT: "${APP_PORT}"
RUNTIPI_APP_ID: "${APP_ID}" RUNTIPI_APP_ID: "${APP_ID}"

21
tipi-compose.yml
View File

@ -1,5 +1,19 @@
secrets:
# tipi_jwt_secret:
# file: ${RUNTIPI_ROOT_FOLDER_HOST}/user-config/_secrets/tipi_jwt_secret.txt
# # JWT_SECRET: /run/secrets/tipi_jwt_secret
# tipi_postgres_password:
# file: ${RUNTIPI_ROOT_FOLDER_HOST}/user-config/_secrets/tipi_postgres_password.txt
# # POSTGRES_PASSWORD: /run/secrets/tipi_postgres_password
# tipi_redis_password:
# file: ${RUNTIPI_ROOT_FOLDER_HOST}/user-config/_secrets/tipi_redis_password.txt
# # REDIS_PASSWORD: /run/secrets/tipi_redis_password
traefik_cf_dns_api_token:
file: ${RUNTIPI_ROOT_FOLDER_HOST}/user-config/_secrets/traefik_cf_dns_api_token.txt
services: services:
runtipi-reverse-proxy: runtipi-reverse-proxy:
secrets:
- traefik_cf_dns_api_token
volumes: volumes:
- type: bind - type: bind
source: ./traefik/shared source: ./traefik/shared
@ -30,15 +44,20 @@ services:
- '--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}' - '--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}'
environment: environment:
CF_API_EMAIL: "${ACME_EMAIL:?}" CF_API_EMAIL: "${ACME_EMAIL:?}"
CF_DNS_API_TOKEN: "${CF_DNS_API_TOKEN:?}" CF_DNS_API_TOKEN_FILE: /run/secrets/traefik_cf_dns_api_token
TRAEFIK_API_DISABLEDASHBOARDAD: "true" TRAEFIK_API_DISABLEDASHBOARDAD: "true"
networks: networks:
- tipi_main_network - tipi_main_network
- tipi_internal_network - tipi_internal_network
- ix-dockge
networks: networks:
tipi_internal_network: tipi_internal_network:
internal: true internal: true
attachable: true attachable: true
name: runtipi_internal_network name: runtipi_internal_network
ix-dockge:
external: true
name: ix-dockge_default
# vim: set ft=yaml expandtab tabstop=2 shiftwidth=2: