Compare commits
23 Commits
Author | SHA1 | Date | |
---|---|---|---|
74355d4276 | |||
0ed7fb459f | |||
ec61474031 | |||
125fdbfc2d | |||
fdaff599f2 | |||
9b4c642eeb | |||
d20db90af5 | |||
2c16a516f9 | |||
a13fe0ae2c | |||
b4eaadec56 | |||
e3692dc0d4 | |||
2fd32525a7 | |||
ad3591ff3f | |||
d9cbfaedf1 | |||
33a92a08fc | |||
7271576c9f | |||
b8653d3155 | |||
dd118d726f | |||
7d72756260 | |||
25d554e672 | |||
3003ca2c44 | |||
018153e06b | |||
375b02a713 |
.gitignoreauth.resisttechmonopolies.online.envcalibre.resisttechmonopolies.online.envcollabora.resisttechmonopolies.online.envfocalboard.resisttechmonopolies.online.envloomio.resisttechmonopolies.online.envnextcloud.resisttechmonopolies.online.envnextcloud.resisttechmonopolies.online.occradicale.resisttechmonopolies.online.envresisttechmonopolies.online.envshlink.resisttechmonopolies.online.env
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
*~
|
130
auth.resisttechmonopolies.online.env
Normal file
130
auth.resisttechmonopolies.online.env
Normal file
@ -0,0 +1,130 @@
|
||||
TYPE=authentik:7.4.0+2025.6.3
|
||||
TIMEOUT=900
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
POST_DEPLOY_CMDS="worker set_admin_pass"
|
||||
# Example values for post deploy cmds: "worker set_admin_pass|worker apply_blueprints|worker add_applications"
|
||||
LETS_ENCRYPT_ENV=production
|
||||
ENABLE_BACKUPS=true
|
||||
|
||||
DOMAIN=auth.resisttechmonopolies.online
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.auth.resisttechmonopolies.online`'
|
||||
COMPOSE_FILE="compose.yml"
|
||||
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME=false
|
||||
AUTHENTIK_LOG_LEVEL=info
|
||||
# AUTHENTIK_IMPERSONATION=true
|
||||
# AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
|
||||
# WORKERS=1
|
||||
|
||||
## Outpost Integration
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.ldap.yml"
|
||||
# SECRET_LDAP_TOKEN_VERSION=v1
|
||||
|
||||
## ADMIN
|
||||
AUTHENTIK_BOOTSTRAP_EMAIL=ammar@ammaratef45.ddns.net
|
||||
|
||||
## EMAIL
|
||||
AUTHENTIK_EMAIL__HOST=smtp.protonmail.ch
|
||||
AUTHENTIK_EMAIL__PORT=587
|
||||
AUTHENTIK_EMAIL__USERNAME="besties@resisttechmonopolies.online"
|
||||
AUTHENTIK_EMAIL__USE_TLS=true
|
||||
AUTHENTIK_EMAIL__USE_SSL=false
|
||||
AUTHENTIK_EMAIL__TIMEOUT=10
|
||||
AUTHENTIK_EMAIL__FROM=besties@resisttechmonopolies.online
|
||||
|
||||
## Secret Versions
|
||||
SECRET_SECRET_KEY_VERSION=v1
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_ADMIN_TOKEN_VERSION=v1
|
||||
SECRET_ADMIN_PASS_VERSION=v1
|
||||
SECRET_EMAIL_PASS_VERSION=v2
|
||||
|
||||
# X_FRAME_OPTIONS_ALLOW_FROM=dashboard.example.org
|
||||
|
||||
## FLOW OPTIONS
|
||||
# WELCOME_MESSAGE="Welcome to Authentik"
|
||||
# DEFAULT_LANGUAGE=en
|
||||
# LOGOUT_REDIRECT="https://$DOMAIN"
|
||||
# EMAIL_SUBJECT="Account Recovery"
|
||||
# EMAIL_TOKEN_EXPIRY_MINUTES=30
|
||||
|
||||
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/"
|
||||
COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/web/dist/assets/icons/"
|
||||
COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
|
||||
|
||||
# Default CSS customisation
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.css.yml"
|
||||
# BACKGROUND_FONT_COLOR=white
|
||||
# BACKGROUND_BOX_COLOR='#eaeaeacf'
|
||||
# THEME_BACKGROUND="url('https://auth.resisttechmonopolies.online/static/dist/assets/images/flow_background.jpg'); background-position: center; background-repeat: no-repeat; background-size: cover;"
|
||||
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud.yml"
|
||||
NEXTCLOUD_DOMAIN=nextcloud.resisttechmonopolies.online
|
||||
SECRET_NEXTCLOUD_ID_VERSION=v1
|
||||
SECRET_NEXTCLOUD_SECRET_VERSION=v1
|
||||
APP_ICONS="nextcloud:~/.abra/recipes/authentik/icons/nextcloud.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.wordpress.yml"
|
||||
# WORDPRESS_DOMAIN=wordpress.example.com
|
||||
# WORDPRESS_GROUP='wordpress Admins'
|
||||
# SECRET_WORDPRESS_ID_VERSION=v1
|
||||
# SECRET_WORDPRESS_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS wordpress:~/.abra/recipes/authentik/icons/wordpress.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
|
||||
# ELEMENT_DOMAIN=element-web.example.com
|
||||
# MATRIX_DOMAIN=matrix-synapse.example.com
|
||||
# SECRET_MATRIX_ID_VERSION=v1
|
||||
# SECRET_MATRIX_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS matrix:~/.abra/recipes/authentik/icons/matrix.svg"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.wekan.yml"
|
||||
# WEKAN_DOMAIN=wekan.example.com
|
||||
# SECRET_WEKAN_ID_VERSION=v1
|
||||
# SECRET_WEKAN_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS wekan:~/.abra/recipes/authentik/icons/wekan.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.vikunja.yml"
|
||||
# VIKUNJA_DOMAIN=vikunja.example.com
|
||||
# SECRET_VIKUNJA_ID_VERSION=v1
|
||||
# SECRET_VIKUNJA_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS vikunja:~/.abra/recipes/authentik/icons/vikunja.svg"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.outline.yml"
|
||||
# OUTLINE_DOMAIN=outline.example.com
|
||||
# SECRET_OUTLINE_ID_VERSION=v1
|
||||
# SECRET_OUTLINE_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS outline:~/.abra/recipes/authentik/icons/outline.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.kimai.yml"
|
||||
# KIMAI_DOMAIN=kimai.example.com
|
||||
# SECRET_KIMAI_ID_VERSION=v1
|
||||
# SECRET_KIMAI_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai_logo.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.zammad.yml"
|
||||
# ZAMMAD_DOMAIN=zammad.example.com
|
||||
# APP_ICONS="$APP_ICONS zammad:~/.abra/recipes/authentik/icons/zammad.svg"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml"
|
||||
# MONITORING_DOMAIN=monitoring.example.com
|
||||
# SECRET_MONITORING_ID_VERSION=v1
|
||||
# SECRET_MONITORING_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.svg"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.rallly.yml"
|
||||
# RALLLY_DOMAIN=rallly.example.com
|
||||
# SECRET_RALLLY_ID_VERSION=v1
|
||||
# SECRET_RALLLY_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS rallly:~/.abra/recipes/authentik/icons/rallly.png"
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.hedgedoc.yml"
|
||||
# HEDGEDOC_DOMAIN=hedgedoc.example.com
|
||||
# SECRET_HEDGEDOC_ID_VERSION=v1
|
||||
# SECRET_HEDGEDOC_SECRET_VERSION=v1
|
||||
# APP_ICONS="$APP_ICONS hedgedoc:~/.abra/recipes/authentik/icons/hedgedoc.png"
|
||||
|
||||
# APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/"}'
|
||||
# APP_ICONS="$APP_ICONS Calendar:~/.abra/recipes/authentik/icons/calendar.svg"
|
||||
# APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.png"
|
13
calibre.resisttechmonopolies.online.env
Normal file
13
calibre.resisttechmonopolies.online.env
Normal file
@ -0,0 +1,13 @@
|
||||
TYPE=calibre-web
|
||||
|
||||
DOMAIN=calibre.resisttechmonopolies.online
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
DOCKER_MODS="linuxserver/calibre-web:calibre"
|
||||
OAUTHLIB_RELAX_TOKEN_SCOPE=1
|
||||
TZ="America/Los_Angeles"
|
||||
|
||||
DEBUG=False
|
||||
|
||||
# oauth2 support
|
||||
COMPOSE_FILE="compose.yml:compose.oauth2.yml"
|
7
collabora.resisttechmonopolies.online.env
Normal file
7
collabora.resisttechmonopolies.online.env
Normal file
@ -0,0 +1,7 @@
|
||||
TYPE=collabora
|
||||
DOMAIN=collabora.resisttechmonopolies.online
|
||||
LETS_ENCRYPT_ENV=production
|
||||
NEXTCLOUD_DOMAIN=nextcloud.resisttechmonopolies.online
|
||||
ADMIN_USERNAME=admin
|
||||
SECRET_ADMIN_PASSWORD_VERSION=v1
|
||||
FRAME_ANCESTORS=
|
7
focalboard.resisttechmonopolies.online.env
Normal file
7
focalboard.resisttechmonopolies.online.env
Normal file
@ -0,0 +1,7 @@
|
||||
TYPE=focalboard
|
||||
|
||||
DOMAIN=focalboard.resisttechmonopolies.online
|
||||
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.focalboard.resisttechmonopolies.online`'
|
||||
LETS_ENCRYPT_ENV=production
|
93
loomio.resisttechmonopolies.online.env
Normal file
93
loomio.resisttechmonopolies.online.env
Normal file
@ -0,0 +1,93 @@
|
||||
TYPE=loomio:4.0.2+v2.25.4
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
DOMAIN=loomio.resisttechmonopolies.online
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.loomio.resisttechmonopolies.online`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
# mail setup
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
||||
SUPPORT_EMAIL=besties@resisttechmonopolies.online
|
||||
SMTP_AUTH=plain
|
||||
SMTP_DOMAIN=smtp.protonmail.ch
|
||||
SMTP_SERVER=smtp.protonmail.ch
|
||||
SMTP_PORT=587
|
||||
SMTP_USERNAME=besties@resisttechmonopolies.online
|
||||
# SMTP_USE_SSL=1
|
||||
# to disable SSL comment out line rather than changing to 0
|
||||
SECRET_SMTP_PASSWORD_VERSION=v2
|
||||
|
||||
|
||||
# From field for notification e-mails
|
||||
NOTIFICATIONS_EMAIL_ADDRESS=besties@resisttechmonopolies.online
|
||||
|
||||
# reply-to in email notifications
|
||||
REPLY_HOSTNAME=$DOMAIN
|
||||
|
||||
RAILS_ENV=production
|
||||
|
||||
# Number of webserver processes and threads
|
||||
# threads are per worker. See https://github.com/puma/puma
|
||||
PUMA_WORKERS=2
|
||||
MIN_THREADS=12
|
||||
MAX_THREADS=12
|
||||
|
||||
# Force all connections to be https
|
||||
FORCE_SSL=1
|
||||
|
||||
# Enable rate limiting on group creation, other POST actions
|
||||
USE_RACK_ATTACK=1
|
||||
|
||||
SECRET_DEVISE_SECRET_VERSION=v1 #length=64
|
||||
SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
|
||||
# Send catch up email (missed yesterday) weekly
|
||||
# EMAIL_CATCH_UP_WEEKLY=1
|
||||
|
||||
# TODO 3wc: settings from here on aren't yet included in compose.yml
|
||||
|
||||
# subscribe on participation default for new users
|
||||
# uncomment this to change "subscribe on participation" to be false for new users
|
||||
# EMAIL_ON_PARTICIPATION_DEFAULT_FALSE=1
|
||||
|
||||
# Uncomment these to disable features
|
||||
# FEATURES_DISABLE_CREATE_USER=1 # users must be invited
|
||||
# FEATURES_DISABLE_CREATE_GROUP=1 # users cannot create groups
|
||||
# FEATURES_DISABLE_PUBLIC_GROUPS=1 # disable /explore
|
||||
# FEATURES_DISABLE_HELP_LINK=1 # disable the help link
|
||||
# MAX_PENDING_INVITATIONS=100 # maximum unaccepted invitations a group have have
|
||||
|
||||
# Enable search engines to index public content
|
||||
# ALLOW_ROBOTS=1
|
||||
|
||||
# Uncomment to enable SAML SSO
|
||||
# SAML_APP_KEY=1 # just a flag, keep value as 1
|
||||
# SAML_IDP_METADATA_URL=https://saml-metadata-url-provided-by-your-SSO-provider.com/12356
|
||||
#
|
||||
# Disable login via email (usually when you have enabled SSO of some kind)
|
||||
# FEATURES_DISABLE_EMAIL_LOGIN=1
|
||||
|
||||
# oauth providers, to let your users login using external accounts
|
||||
# FACEBOOK_APP_KEY=REPLACE
|
||||
# FACEBOOK_APP_SECRET=REPLACE
|
||||
# TWITTER_APP_KEY=REPLACE
|
||||
# TWITTER_APP_SECRET=REPLACE
|
||||
# GOOGLE_APP_KEY=REPLACE
|
||||
# GOOGLE_APP_SECRET=REPLACE
|
||||
# SLACK_APP_KEY
|
||||
# SLACK_APP_SECRET
|
||||
|
||||
# Theme images
|
||||
# images should be a multiple of 32px tall.
|
||||
# THEME_ICON_SRC=/files/icon.png
|
||||
# THEME_APP_LOGO_SRC=/files/logo.svg
|
||||
# THEME_EMAIL_HEADER_LOGO_SRC=/files/logo_128h.png
|
||||
# THEME_EMAIL_FOOTER_LOGO_SRC=/files/logo_64h.png
|
||||
|
||||
# used in emails. use rgb or hsl values, not hex
|
||||
# THEME_PRIMARY_COLOR=rgb(255,167,38)
|
||||
# THEME_ACCENT_COLOR=rgb(0,188,212)
|
||||
# THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
|
||||
# THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)
|
@ -1,4 +1,4 @@
|
||||
TYPE=nextcloud
|
||||
TYPE=nextcloud:12.0.1+31.0.6-fpm
|
||||
TIMEOUT=900
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
ENABLE_BACKUPS=true
|
||||
@ -65,15 +65,20 @@ DEFAULT_QUOTA="10 GB"
|
||||
# BBB_URL=https://talk.example.org/bigbluebutton/ # trailing slash!
|
||||
# SECRET_BBB_SECRET_VERSION=v1
|
||||
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
|
||||
# APPS="$APPS sociallogin"
|
||||
# AUTHENTIK_USER_PREFIX=authentik
|
||||
# AUTHENTIK_DOMAIN=authentik.example.com
|
||||
# SECRET_AUTHENTIK_SECRET_VERSION=v1
|
||||
# SECRET_AUTHENTIK_ID_VERSION=v1
|
||||
# OCC_CMDS="app:disable dashboard"
|
||||
# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1"
|
||||
# OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1"
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
|
||||
APPS="$APPS sociallogin"
|
||||
AUTHENTIK_USER_PREFIX=ak
|
||||
AUTHENTIK_DOMAIN=auth.resisttechmonopolies.online
|
||||
SECRET_AUTHENTIK_SECRET_VERSION=v1
|
||||
SECRET_AUTHENTIK_ID_VERSION=v1
|
||||
OCC_CMDS="app:disable dashboard"
|
||||
OCC_CMDS="$OCC_CMDS|config:app:set sociallogin auto_create_groups --value 1"
|
||||
OCC_CMDS="$OCC_CMDS|config:app:set sociallogin hide_default_login --value 1"
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
|
||||
#SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
|
||||
|
||||
# This will change the nginx configuration to add the header Strict-Transport-Security.
|
||||
# You can read more about it here: https://docs.nextcloud.com/server/30/admin_manual/installation/harden_server.html#enable-http-strict-transport-security
|
||||
# And you can check out the changes made to the recipe to allow for this here: https://git.coopcloud.tech/coop-cloud/nextcloud/pulls/48
|
||||
HSTS_ENABLED=1
|
21
nextcloud.resisttechmonopolies.online.occ
Normal file
21
nextcloud.resisttechmonopolies.online.occ
Normal file
@ -0,0 +1,21 @@
|
||||
#!/bin/bash
|
||||
# This is a script to run after a clean installation to restore all settings done over time.
|
||||
# The script is not supposed to be needed since a fresh installation is unlikely (even if migrating,
|
||||
# a backup will be used and should maintain it's configs).
|
||||
# This script is more of a living documentation of configuration and what commands has been used to set them.
|
||||
|
||||
# See: https://docs.nextcloud.com/server/30/admin_manual/configuration_server/background_jobs_configuration.html
|
||||
abra app command nextcloud.resisttechmonopolies.online app run_occ "'config:system:set maintenance_window_start --type=integer --value=1'"
|
||||
|
||||
# The paragraph below shows as a warning to an admin user sometimes.
|
||||
# "One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types.
|
||||
# Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades.
|
||||
# Use the command `occ maintenance:repair --include-expensive` to perform the migrations."
|
||||
abra app command nextcloud.resisttechmonopolies.online app run_occ "'maintenance:repair --include-expensive'"
|
||||
|
||||
# Detected some missing optional indices. Occasionally new indices are added (by Nextcloud or installed applications) to improve database performance. Adding indices can sometimes take awhile and temporarily hurt performance so this is not done automatically during upgrades. Once the indices are added, queries to those tables should be faster. Use the command `occ db:add-missing-indices` to add them.
|
||||
abra app command nextcloud.resisttechmonopolies.online app run_occ "'db:add-missing-indices'"
|
||||
|
||||
# Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add "default_phone_region" with the respective ISO 3166-1 code of the region to your config file.
|
||||
# Solution found at: https://help.nextcloud.com/t/your-installation-has-no-default-phone-region-set/153632/3
|
||||
abra app command nextcloud.resisttechmonopolies.online app run_occ "'config:system:set default_phone_region --value=\"us\"'"
|
6
radicale.resisttechmonopolies.online.env
Normal file
6
radicale.resisttechmonopolies.online.env
Normal file
@ -0,0 +1,6 @@
|
||||
TYPE=radicale
|
||||
|
||||
DOMAIN=radicale.resisttechmonopolies.online
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.radicale.resisttechmonopolies.online`'
|
||||
LETS_ENCRYPT_ENV=production
|
8
resisttechmonopolies.online.env
Normal file
8
resisttechmonopolies.online.env
Normal file
@ -0,0 +1,8 @@
|
||||
TYPE=rtm-astro-recipe:02a95e68
|
||||
|
||||
DOMAIN=resisttechmonopolies.online
|
||||
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.resisttechmonopolies.online`'
|
||||
|
||||
LETS_ENCRYPT_ENV=production
|
8
shlink.resisttechmonopolies.online.env
Normal file
8
shlink.resisttechmonopolies.online.env
Normal file
@ -0,0 +1,8 @@
|
||||
TYPE=shlink
|
||||
|
||||
DOMAIN=shlink.resisttechmonopolies.online
|
||||
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.shlink.resisttechmonopolies.online`'
|
||||
|
||||
LETS_ENCRYPT_ENV=production
|
Reference in New Issue
Block a user