diff --git a/.env.example b/.env.example index 77ba772..2e8936d 100644 --- a/.env.example +++ b/.env.example @@ -1,16 +1,16 @@ # Environment variables for docker-compose.yml - +PUID=1000 +PGID=1000 LOG_LEVEL="DEBUG" NETWORK="web" TZ="Asia/Singapore" ## dashboard configs HOST="furyhawk.lol" +HOSTNAME="node00" +DATADIR="/home/furyhawk/media" # subdomain for dashboard. DASHBOARD_HOST="dashboard.furyhawk.lol" -# log file path on host machine -LOG_PATH=./logs - ## TLS configs CERT_PATH=./certs ACME_PATH=./acme.json @@ -26,8 +26,8 @@ OSRM_ALGORITHM="mld" OSRM_THREADS=2 OSRM_PORT=5000 OSRM_PROFILE="/opt/car.lua" -OSRM_MAP_NAME=${OSRM_MAP_NAME} -OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH} +OSRM_MAP_NAME="" +OSRM_GEOFABRIK_PATH="" # Notify OSRM Manager to restart without stopping container OSRM_NOTIFY_FILEPATH="/data/osrm_notify.txt" diff --git a/LibreChat b/LibreChat index 9c57a04..db5c80a 160000 --- a/LibreChat +++ b/LibreChat @@ -1 +1 @@ -Subproject commit 9c57a0465d1116f2534da746f6e452f0d311c007 +Subproject commit db5c80aa5a114e14ede9b9d56f4a39fb56d04696 diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..fcadef5 --- /dev/null +++ b/compose.yml @@ -0,0 +1,22 @@ +x-environment: &default-environment + LOG_LEVEL: "DEBUG" + ACME_PATH: "./acme.json" + NETWORK: "${NETWORK:-host}" + FIN_LOCATION: "" + STREAMLIT_FIN_SERVER_PORT: "8501" + GROQ_API_KEY: "${GROQ_API_KEY}" + BAI_LOCATION: "" + STREAMLIT_BAI_SERVER_PORT: "8502" + +networks: + net: + external: true + name: ${NETWORK:-web} + +include: + - compose/base.yml + - compose/services.yml + - compose/apps.yml + - emqx-docker/docker-compose.yml + - LibreChat/docker-compose.yml + - LibreChat/docker-compose.override.yml diff --git a/compose/apps.yml b/compose/apps.yml new file mode 100644 index 0000000..4968ece --- /dev/null +++ b/compose/apps.yml @@ -0,0 +1,195 @@ +volumes: + bai_cache: {} + ghost_content: {} + ghost_mysql: {} + jellyfin_config: {} + jellyfin_cache: {} + pgadmin: {} + privatebin_data: {} + thelounge_data: {} + +services: + + adminer: + image: adminer + environment: + PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL} + PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD} + PGID: 1000 + PUID: 1000 + PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + PYTHONPATH: "/pgadmin4" + TZ: Asia/Singapore + user: "1000:1000" + volumes: + - pgadmin:/var/lib/pgadmin + restart: unless-stopped + depends_on: + - postgres + expose: + - 80 + networks: + - net + + cheatsheets-app: + image: furyhawk/cheatsheets:${CHEATSHEETSTAG:-latest} + restart: unless-stopped + expose: + - 80 + networks: + - net + + ghost-db: + image: mysql:8 + container_name: ghost-db + security_opt: + - seccomp:unconfined + restart: always + command: --mysql-native-password=ON + environment: + MYSQL_ROOT_PASSWORD: ${POSTGRES_PASSWORD} + volumes: + - ghost_mysql:/var/lib/mysql + expose: + - 3306 + networks: + - net + + ghost-server: + image: ghost + container_name: ghost_server + cap_add: + - CAP_SYS_NICE + security_opt: + - seccomp:unconfined + restart: always + depends_on: + - ghost-db + environment: + url: https://ghost.furyhawk.lol + database__client: mysql + database__connection__host: ghost-db + database__connection__user: root + database__connection__password: ${POSTGRES_PASSWORD} + database__connection__database: ghost + volumes: + - ghost_content:/var/lib/ghost/content + expose: + - 2368 + networks: + - net + + heynote-app: + image: furyhawk/heynote:${HEYNOTETAG:-latest} + restart: unless-stopped + environment: + NODE_ENV: production + expose: + - 5173 + networks: + - net + + jellyfin: + image: jellyfin/jellyfin + user: 1000:1000 + volumes: + - jellyfin_config:/config + - jellyfin_cache:/cache + - type: bind + source: ~/media + target: /media + read_only: false + restart: 'unless-stopped' + # Optional - alternative address used for autodiscovery + environment: + - JELLYFIN_PublishedServerUrl=https://media.furyhawk.lol + expose: + - 8096 + networks: + - net + + meshtastic_web: + image: ghcr.io/meshtastic/web + restart: unless-stopped + expose: + - 8080 + - 8443 + networks: + - net + + privatebin: + image: privatebin/nginx-fpm-alpine:latest + read_only: true + user: "1000:1000" + volumes: + - privatebin_data:/srv/data # data volume for pastes allows pastes + # to persist after container stop or restart + - './config/conf.php:/srv/cfg/conf.php:ro' # second volume for custom configuration file + expose: + - 8080 + restart: unless-stopped + networks: + - net + + redlib: + image: quay.io/redlib/redlib:latest-arm + restart: unless-stopped + user: nobody + read_only: true + security_opt: + - no-new-privileges:true + # - seccomp=seccomp-redlib.json + cap_drop: + - ALL + env_file: .env + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://127.0.0.1:3080/settings"] + interval: 5m + timeout: 3s + expose: + - 3080 # Specify `127.0.0.1:8080:3080` instead if using a reverse proxy + networks: + - net + + thelounge: + image: ghcr.io/thelounge/thelounge:latest + restart: unless-stopped + volumes: + - thelounge_data:/var/opt/thelounge # bind lounge config from the host's file system + expose: + - 9000 + networks: + - net + + streamlit-bai: + environment: + <<: *default-environment + image: furyhawk/beyondallinfo:latest + restart: unless-stopped + command: streamlit run --server.port=$STREAMLIT_BAI_SERVER_PORT --server.address=0.0.0.0 --server.baseUrlPath=$BAI_LOCATION src/app.py + volumes: + - bai_cache:/app/cache + expose: + - ${STREAMLIT_BAI_SERVER_PORT} + networks: + - net + + streamlit-fin: + environment: + <<: *default-environment + image: furyhawk/llama3toolsfin:main + restart: unless-stopped + expose: + - ${STREAMLIT_FIN_SERVER_PORT} + networks: + - net + + site_server: + image: nginx:alpine + restart: unless-stopped + volumes: + - ./site:/usr/share/nginx/html:ro + expose: + - 80 + networks: + - net \ No newline at end of file diff --git a/compose/base.yml b/compose/base.yml new file mode 100644 index 0000000..85ece81 --- /dev/null +++ b/compose/base.yml @@ -0,0 +1,48 @@ + +volumes: + logs: {} + production_traefik: {} + portainer_data: {} + +services: + + portainer: + image: portainer/portainer-ce:sts + command: -H unix:///var/run/docker.sock + container_name: portainer + restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + expose: + - 8000 + - 9000 + networks: + - net + + traefik: + environment: + <<: *default-environment + build: + context: . + dockerfile: ./compose/traefik/Dockerfile + image: traefik_production + container_name: traefik + restart: always + volumes: + - logs:/logs + - production_traefik:/etc/traefik/acme:z + - "/var/run/docker.sock:/var/run/docker.sock:ro" + extra_hosts: + - "host.docker.internal:host-gateway" + ports: + - "80:80" + - "443:443" + - "7687:7687" + - "8083:8083" + - "8084:8084" + - "8883:8883" + # - "1883:1883" + # - 18083:18083 + networks: + - net \ No newline at end of file diff --git a/compose/services.yml b/compose/services.yml new file mode 100644 index 0000000..28fd3fc --- /dev/null +++ b/compose/services.yml @@ -0,0 +1,137 @@ +volumes: + minio_data: {} + neo4j_data: {} + neo4j_logs: {} + postgres_data: {} + +services: + api_server: + image: furyhawk/listen:latest + container_name: api_server + restart: always + depends_on: + - postgres + environment: + DATABASE__HOSTNAME: ${DATABASE__HOSTNAME} + DATABASE__USERNAME: ${POSTGRES_USER} + DATABASE__PASSWORD: ${POSTGRES_PASSWORD} + DATABASE__PORT: ${DATABASE__PORT} + DATABASE__DB: ${DATABASE__DB} + SECURITY__JWT_SECRET_KEY: ${SECURITY__JWT_SECRET_KEY} + SECURITY__BACKEND_CORS_ORIGINS: ${SECURITY__BACKEND_CORS_ORIGINS} + SECURITY__ALLOWED_HOSTS: ${SECURITY__ALLOWED_HOSTS} + ports: + - "8000:8000" + networks: + - net + + postgres: + image: postgres + container_name: postgres + environment: + POSTGRES_DB: ${POSTGRES_DB} + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + PGDATA: "/var/lib/postgresql/data" + LANG: en_US.utf8 + TZ: Asia/Singapore + volumes: + - postgres_data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + interval: 30s + timeout: 10s + retries: 10 + ports: + - "5432:5432" + networks: + - net + + osrm-backend: + environment: + # OSRM manager setup + - OSRM_ALGORITHM=mld + - OSRM_THREADS=2 + - OSRM_PORT=${OSRM_PORT:-5000} + - OSRM_PROFILE=/opt/car.lua + - OSRM_MAP_NAME=${OSRM_MAP_NAME} + - OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH} + # Notify OSRM Manager to restart without stopping container + - OSRM_NOTIFY_FILEPATH=/data/osrm_notify.txt + image: furyhawk/osrm-backend:${OSRM_VERSION:-latest} + container_name: osrm_backend + restart: unless-stopped + expose: + - ${OSRM_PORT:-5000} + networks: + - net + + minio-common: + image: minio/minio:latest + container_name: minio_server + environment: + MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}" + MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:-minioadmin}" + MINIO_OPTS: "--console-address :9001" + MINIO_SERVER_URL: https://drive.furyhawk.lol + # user: "1000:1000" + restart: unless-stopped + command: server /data --address :9000 --console-address :9001 + healthcheck: + test: ["CMD", "mc", "ready", "local"] + interval: 65s + timeout: 5s + retries: 5 + volumes: + - minio_data:/data + expose: + - 9000 + - 9001 + networks: + - net + + neo4j_server: + # Docker image to be used + image: ${NEO4J_DOCKER_IMAGE:-neo4j:latest} + container_name: neo4j_server + restart: unless-stopped + # Environment variables + environment: + NEO4J_AUTH: neo4j/${NEO4J_PASSWORD:-12345678} + NEO4J_dbms.default_listen_address: "0.0.0.0" + NEO4J_dbms.default_advertised_address: "neo4j.furyhawk.lol" + NEO4J_dbms.connector.bolt.advertised_address: ":443" + NEO4J_PLUGINS: '["apoc"]' + NEO4J_dbms_security_procedures_unrestricted: "apoc.*" + NEO4J_dbms_security_procedures_allowlist: "apoc.*" + NEO4J_server_memory_pagecache_size: 512M + NEO4J_server_memory_heap_max__size: 2G + user: "1000:1000" + depends_on: + - traefik + volumes: + - neo4j_data:/data + - neo4j_logs:/logs + # Expose ports + expose: + - 7474 + - 7687 + networks: + - net + + syncthing: + image: syncthing/syncthing + container_name: syncthing + environment: + - PUID=1000 + - PGID=1000 + restart: unless-stopped + volumes: + - ~/st-sync:/var/syncthing + ports: + - "8384:8384" # Web UI + - "22000:22000/tcp" # TCP file transfers + - "22000:22000/udp" # QUIC file transfers + - "21027:21027/udp" # Receive local discovery broadcasts + networks: + - net \ No newline at end of file diff --git a/makefile b/makefile index 92514d8..68e8a5f 100644 --- a/makefile +++ b/makefile @@ -5,10 +5,10 @@ # Commands serve: down @echo "Serving the project..." - docker compose -f docker-compose.yml -f ./emqx-docker/docker-compose.yml -f ./LibreChat/docker-compose.yml -f ./LibreChat/docker-compose.override.yml up --build -d + docker compose -f compose.yml up --build -d down: pull @echo "Stopping the project..." - docker compose -f docker-compose.yml -f ./emqx-docker/docker-compose.yml -f ./LibreChat/docker-compose.yml -f ./LibreChat/docker-compose.override.yml down --remove-orphans + docker compose -f compose.yml down --remove-orphans pull: @echo "Pulling the project..."