Merge pull request 'maintenance:repair --include-expensive' (#7) from ammar into main

Reviewed-on: #7

.gitignore

@@ -0,0 +1 @@
+*~

auth.resisttechmonopolies.online.env

@@ -0,0 +1,130 @@
+TYPE=authentik:6.11.0+2024.10.5
+TIMEOUT=900
+ENABLE_AUTO_UPDATE=true
+POST_DEPLOY_CMDS="worker set_admin_pass"
+# Example values for post deploy cmds: "worker set_admin_pass|worker apply_blueprints|worker add_applications"
+LETS_ENCRYPT_ENV=production
+ENABLE_BACKUPS=true
+
+DOMAIN=auth.resisttechmonopolies.online
+## Domain aliases
+#EXTRA_DOMAINS=', `www.auth.resisttechmonopolies.online`'
+COMPOSE_FILE="compose.yml"
+AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false
+AUTHENTIK_LOG_LEVEL=info
+# AUTHENTIK_IMPERSONATION=true
+# AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
+# WORKERS=1
+
+## Outpost Integration
+# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"
+# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.ldap.yml"
+# SECRET_LDAP_TOKEN_VERSION=v1
+
+## ADMIN
+AUTHENTIK_BOOTSTRAP_EMAIL=ammar@ammaratef45.ddns.net
+
+## EMAIL
+AUTHENTIK_EMAIL__HOST=smtp.protonmail.ch
+AUTHENTIK_EMAIL__PORT=587
+AUTHENTIK_EMAIL__USERNAME="ammar@ammaratef45.ddns.net"
+AUTHENTIK_EMAIL__USE_TLS=true
+AUTHENTIK_EMAIL__USE_SSL=false
+AUTHENTIK_EMAIL__TIMEOUT=10
+AUTHENTIK_EMAIL__FROM=ammar@ammaratef45.ddns.net
+
+## Secret Versions
+SECRET_SECRET_KEY_VERSION=v1
+SECRET_DB_PASSWORD_VERSION=v1
+SECRET_ADMIN_TOKEN_VERSION=v1
+SECRET_ADMIN_PASS_VERSION=v1
+SECRET_EMAIL_PASS_VERSION=v1
+
+# X_FRAME_OPTIONS_ALLOW_FROM=dashboard.example.org
+
+## FLOW OPTIONS
+# WELCOME_MESSAGE="Welcome to Authentik"
+# DEFAULT_LANGUAGE=en
+# LOGOUT_REDIRECT="https://$DOMAIN"
+# EMAIL_SUBJECT="Account Recovery"
+# EMAIL_TOKEN_EXPIRY_MINUTES=30
+
+COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/"
+COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/web/dist/assets/icons/"
+COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
+
+# Default CSS customisation
+# COMPOSE_FILE="$COMPOSE_FILE:compose.css.yml"
+# BACKGROUND_FONT_COLOR=white
+# BACKGROUND_BOX_COLOR='#eaeaeacf'
+# THEME_BACKGROUND="url('https://auth.resisttechmonopolies.online/static/dist/assets/images/flow_background.jpg'); background-position: center; background-repeat: no-repeat; background-size: cover;"
+
+COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud.yml"
+NEXTCLOUD_DOMAIN=nextcloud.resisttechmonopolies.online
+SECRET_NEXTCLOUD_ID_VERSION=v1
+SECRET_NEXTCLOUD_SECRET_VERSION=v1
+APP_ICONS="nextcloud:~/.abra/recipes/authentik/icons/nextcloud.png"
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.wordpress.yml"
+# WORDPRESS_DOMAIN=wordpress.example.com
+# WORDPRESS_GROUP='wordpress Admins'
+# SECRET_WORDPRESS_ID_VERSION=v1
+# SECRET_WORDPRESS_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS wordpress:~/.abra/recipes/authentik/icons/wordpress.png"
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
+# ELEMENT_DOMAIN=element-web.example.com
+# MATRIX_DOMAIN=matrix-synapse.example.com
+# SECRET_MATRIX_ID_VERSION=v1
+# SECRET_MATRIX_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS matrix:~/.abra/recipes/authentik/icons/matrix.svg"
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.wekan.yml"
+# WEKAN_DOMAIN=wekan.example.com
+# SECRET_WEKAN_ID_VERSION=v1
+# SECRET_WEKAN_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS wekan:~/.abra/recipes/authentik/icons/wekan.png"
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.vikunja.yml"
+# VIKUNJA_DOMAIN=vikunja.example.com
+# SECRET_VIKUNJA_ID_VERSION=v1
+# SECRET_VIKUNJA_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS vikunja:~/.abra/recipes/authentik/icons/vikunja.svg"
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.outline.yml"
+# OUTLINE_DOMAIN=outline.example.com
+# SECRET_OUTLINE_ID_VERSION=v1
+# SECRET_OUTLINE_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS outline:~/.abra/recipes/authentik/icons/outline.png"
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.kimai.yml"
+# KIMAI_DOMAIN=kimai.example.com
+# SECRET_KIMAI_ID_VERSION=v1
+# SECRET_KIMAI_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai_logo.png"
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.zammad.yml"
+# ZAMMAD_DOMAIN=zammad.example.com
+# APP_ICONS="$APP_ICONS zammad:~/.abra/recipes/authentik/icons/zammad.svg"
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml"
+# MONITORING_DOMAIN=monitoring.example.com
+# SECRET_MONITORING_ID_VERSION=v1
+# SECRET_MONITORING_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.svg"
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.rallly.yml"
+# RALLLY_DOMAIN=rallly.example.com
+# SECRET_RALLLY_ID_VERSION=v1
+# SECRET_RALLLY_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS rallly:~/.abra/recipes/authentik/icons/rallly.png"
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.hedgedoc.yml"
+# HEDGEDOC_DOMAIN=hedgedoc.example.com
+# SECRET_HEDGEDOC_ID_VERSION=v1
+# SECRET_HEDGEDOC_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS hedgedoc:~/.abra/recipes/authentik/icons/hedgedoc.png"
+
+# APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/"}'
+# APP_ICONS="$APP_ICONS Calendar:~/.abra/recipes/authentik/icons/calendar.svg"
+# APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.png"

calibre.resisttechmonopolies.online.env

@@ -0,0 +1,13 @@
+TYPE=calibre-web
+
+DOMAIN=calibre.resisttechmonopolies.online
+LETS_ENCRYPT_ENV=production
+
+DOCKER_MODS="linuxserver/calibre-web:calibre"
+OAUTHLIB_RELAX_TOKEN_SCOPE=1
+TZ="America/Los_Angeles"
+
+DEBUG=False
+
+# oauth2 support
+COMPOSE_FILE="compose.yml:compose.oauth2.yml"

collabora.resisttechmonopolies.online.env

@@ -0,0 +1,7 @@
+TYPE=collabora
+DOMAIN=collabora.resisttechmonopolies.online
+LETS_ENCRYPT_ENV=production
+NEXTCLOUD_DOMAIN=nextcloud.resisttechmonopolies.online
+ADMIN_USERNAME=admin
+SECRET_ADMIN_PASSWORD_VERSION=v1
+FRAME_ANCESTORS=

focalboard.resisttechmonopolies.online.env

@@ -0,0 +1,7 @@
+TYPE=focalboard
+
+DOMAIN=focalboard.resisttechmonopolies.online
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.focalboard.resisttechmonopolies.online`'
+LETS_ENCRYPT_ENV=production

loomio.resisttechmonopolies.online.env

@@ -0,0 +1,93 @@
+TYPE=loomio:4.0.2+v2.25.4
+COMPOSE_FILE="compose.yml"
+
+DOMAIN=loomio.resisttechmonopolies.online
+## Domain aliases
+#EXTRA_DOMAINS=', `www.loomio.resisttechmonopolies.online`'
+LETS_ENCRYPT_ENV=production
+
+# mail setup
+COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
+SUPPORT_EMAIL=besties@resisttechmonopolies.online
+SMTP_AUTH=plain
+SMTP_DOMAIN=smtp.protonmail.ch
+SMTP_SERVER=smtp.protonmail.ch
+SMTP_PORT=587
+SMTP_USERNAME=besties@resisttechmonopolies.online
+# SMTP_USE_SSL=1
+# to disable SSL comment out line rather than changing to 0
+SECRET_SMTP_PASSWORD_VERSION=v2
+
+
+# From field for notification e-mails
+NOTIFICATIONS_EMAIL_ADDRESS=besties@resisttechmonopolies.online
+
+# reply-to in email notifications
+REPLY_HOSTNAME=$DOMAIN
+
+RAILS_ENV=production
+
+# Number of webserver processes and threads
+# threads are per worker. See https://github.com/puma/puma
+PUMA_WORKERS=2
+MIN_THREADS=12
+MAX_THREADS=12
+
+# Force all connections to be https
+FORCE_SSL=1
+
+# Enable rate limiting on group creation, other POST actions
+USE_RACK_ATTACK=1
+
+SECRET_DEVISE_SECRET_VERSION=v1 #length=64
+SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64
+SECRET_DB_PASSWORD_VERSION=v1
+
+# Send catch up email (missed yesterday) weekly
+# EMAIL_CATCH_UP_WEEKLY=1
+
+# TODO 3wc: settings from here on aren't yet included in compose.yml
+
+# subscribe on participation default for new users
+# uncomment this to change "subscribe on participation" to be false for new users
+# EMAIL_ON_PARTICIPATION_DEFAULT_FALSE=1
+
+# Uncomment these to disable features
+# FEATURES_DISABLE_CREATE_USER=1     # users must be invited
+# FEATURES_DISABLE_CREATE_GROUP=1    # users cannot create groups
+# FEATURES_DISABLE_PUBLIC_GROUPS=1   # disable /explore
+# FEATURES_DISABLE_HELP_LINK=1       # disable the help link
+# MAX_PENDING_INVITATIONS=100        # maximum unaccepted invitations a group have have
+
+# Enable search engines to index public content
+# ALLOW_ROBOTS=1
+
+# Uncomment to enable SAML SSO
+# SAML_APP_KEY=1 # just a flag, keep value as 1
+# SAML_IDP_METADATA_URL=https://saml-metadata-url-provided-by-your-SSO-provider.com/12356
+#
+# Disable login via email (usually when you have enabled SSO of some kind)
+# FEATURES_DISABLE_EMAIL_LOGIN=1
+
+# oauth providers, to let your users login using external accounts
+# FACEBOOK_APP_KEY=REPLACE
+# FACEBOOK_APP_SECRET=REPLACE
+# TWITTER_APP_KEY=REPLACE
+# TWITTER_APP_SECRET=REPLACE
+# GOOGLE_APP_KEY=REPLACE
+# GOOGLE_APP_SECRET=REPLACE
+# SLACK_APP_KEY
+# SLACK_APP_SECRET
+
+# Theme images
+# images should be a multiple of 32px tall.
+# THEME_ICON_SRC=/files/icon.png
+# THEME_APP_LOGO_SRC=/files/logo.svg
+# THEME_EMAIL_HEADER_LOGO_SRC=/files/logo_128h.png
+# THEME_EMAIL_FOOTER_LOGO_SRC=/files/logo_64h.png
+
+# used in emails. use rgb or hsl values, not hex
+# THEME_PRIMARY_COLOR=rgb(255,167,38)
+# THEME_ACCENT_COLOR=rgb(0,188,212)
+# THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
+# THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)

nextcloud.resisttechmonopolies.online.env

@@ -1,4 +1,4 @@
-TYPE=nextcloud
+TYPE=nextcloud:11.0.0+30.0.4-fpm
 TIMEOUT=900
 ENABLE_AUTO_UPDATE=true
 ENABLE_BACKUPS=true
@@ -65,15 +65,15 @@ DEFAULT_QUOTA="10 GB"
 # BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
 # SECRET_BBB_SECRET_VERSION=v1
 
-# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
-# APPS="$APPS sociallogin"
-# AUTHENTIK_USER_PREFIX=authentik
-# AUTHENTIK_DOMAIN=authentik.example.com
-# SECRET_AUTHENTIK_SECRET_VERSION=v1
-# SECRET_AUTHENTIK_ID_VERSION=v1
-# OCC_CMDS="app:disable dashboard"
-# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1"
-# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1"
+COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
+APPS="$APPS sociallogin"
+AUTHENTIK_USER_PREFIX=ak
+AUTHENTIK_DOMAIN=auth.resisttechmonopolies.online
+SECRET_AUTHENTIK_SECRET_VERSION=v1
+SECRET_AUTHENTIK_ID_VERSION=v1
+OCC_CMDS="app:disable dashboard"
+OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1"
+OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1"
 
 #COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
-#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
+#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1

nextcloud.resisttechmonopolies.online.occ

@@ -0,0 +1,14 @@
+#!/bin/bash
+# This is a script to run after a clean installation to restore all settings done over time.
+# The script is not supposed to be needed since a fresh installation is unlikely (even if migrating,
+#  a backup will be used and should maintain it's configs).
+# This script is more of a living documentation of configuration and what commands has been used to set them.
+
+# See: https://docs.nextcloud.com/server/30/admin_manual/configuration_server/background_jobs_configuration.html
+abra app command nextcloud.resisttechmonopolies.online app run_occ "'config:system:set maintenance_window_start --type=integer --value=1'"
+
+# The paragraph below shows as a warning to an admin user sometimes.
+# "One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types.
+# Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades.
+# Use the command `occ maintenance:repair --include-expensive` to perform the migrations."
+abra app command nextcloud.resisttechmonopolies.online app run_occ "'maintenance:repair --include-expensive'"

radicale.resisttechmonopolies.online.env

@@ -0,0 +1,6 @@
+TYPE=radicale
+
+DOMAIN=radicale.resisttechmonopolies.online
+## Domain aliases
+#EXTRA_DOMAINS=', `www.radicale.resisttechmonopolies.online`'
+LETS_ENCRYPT_ENV=production

resisttechmonopolies.online.env

@@ -0,0 +1,8 @@
+TYPE=rtm-astro-recipe:02a95e68
+
+DOMAIN=resisttechmonopolies.online
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.resisttechmonopolies.online`'
+
+LETS_ENCRYPT_ENV=production

shlink.resisttechmonopolies.online.env

@@ -0,0 +1,8 @@
+TYPE=shlink
+
+DOMAIN=shlink.resisttechmonopolies.online
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.shlink.resisttechmonopolies.online`'
+
+LETS_ENCRYPT_ENV=production

traefik.resisttechmonopolies.online.env

@@ -18,7 +18,7 @@ COMPOSE_FILE="compose.yml"
 #####################################################################
 
 ## Host-mode networking
-#COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"
+COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"
 
 ## "Headless mode" (no domain configured)
 #COMPOSE_FILE="$COMPOSE_FILE:compose.headless.yml"
@@ -100,7 +100,7 @@ COMPOSE_FILE="compose.yml"
 # File provider directory configuration                             #
 # (Route bare metal and non-docker services on the machine!)        #
 #####################################################################
-#FILE_PROVIDER_DIRECTORY_ENABLED=1
+FILE_PROVIDER_DIRECTORY_ENABLED=1
 
 #####################################################################
 # Additional services                                               #