cloud/dragonfruit-resources
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Matheus A.
2026-05-30 22:48:53 -03:00
commit eacdd18165
35 changed files with 828 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
services/copyparty/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,105 @@
services:
copyparty:
image: copyparty/ac
environment:
# - SERVICE_URL_COPYPARTY_3923
- LD_PRELOAD=/usr/lib/libmimalloc-secure.so.NOPE # enable mimalloc by replacing "NOPE" with "2" for a nice speed-boost (will use twice as much ram)
- PYTHONUNBUFFERED=1 # ensures log-messages are not delayed (but can reduce speed a tiny bit)
# container_name: idp_copyparty
# user: "1000:1000" # should match the user/group of your fileshare volumes
volumes:
- type: bind
source: /share/app/copyparty/files/public
target: /w:z
- cpp/:/cfg:z
# networks:
# - net
# expose:
# - 3923
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.copyparty.rule=Host(`files.cloud.velha.casa`)'
- 'traefik.http.routers.copyparty.entrypoints=https'
- 'traefik.http.routers.copyparty.tls=true'
- 'traefik.http.routers.copyparty.middlewares=authelia@docker'
stop_grace_period: 15s # thumbnailer is allowed to continue finishing up for 10s after the shutdown signal
authelia:
image: authelia/authelia:v4.38.0-beta3 # the config files in the authelia folder use the new syntax
environment:
# - SERVICE_URL_AUTHELIA_9091
# container_name: idp_authelia
volumes:
- authelia:/config:z
- TZ=America/Sao_Paulo
# networks:
# - net
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.authelia.rule=Host(`authelia.cloud.velha.casa`)'
- 'traefik.http.routers.authelia.entrypoints=https'
- 'traefik.http.routers.authelia.tls=true'
#- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt' # uncomment this to enable automatic certificate signing (1/2)
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia.cloud.velha.casa/api/authz/forward-auth?authelia_url=https://authelia.cloud.velha.casa'
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
# expose:
# - 9091
# restart: unless-stopped
# healthcheck:
# disable: true
redis:
image: redis:7.2.4-alpine3.19
environment:
# - SERVICE_URL_REDIS_6379
- TZ=America/Sao_Paulo
# container_name: idp_redis
volumes:
- redis:/data:z
# networks:
# - net
# expose:
# - 6379
# restart: unless-stopped
# traefik:
# image: traefik:2.11.0
# container_name: idp_traefik
# volumes:
# - ./traefik:/etc/traefik:z
# - /var/run/docker.sock:/var/run/docker.sock # WARNING: this gives traefik full root-access to the host OS, but is recommended/required(?) by traefik
# security_opt:
# - label:disable # disable selinux because it (rightly) blocks access to docker.sock
# networks:
# - net
# labels:
# - 'traefik.enable=true'
# - 'traefik.http.routers.api.rule=Host(`traefik.example.com`)'
# - 'traefik.http.routers.api.entrypoints=https'
# - 'traefik.http.routers.api.service=api@internal'
# - 'traefik.http.routers.api.tls=true'
# #- 'traefik.http.routers.api.tls.certresolver=letsencrypt' # uncomment this to enable automatic certificate signing (2/2)
# - 'traefik.http.routers.api.middlewares=authelia@docker'
# ports:
# - '80:80'
# - '443:443'
# command:
# - '--api'
# - '--providers.docker=true'
# - '--providers.docker.exposedByDefault=false'
# - '--entrypoints.http=true'
# - '--entrypoints.http.address=:80'
# - '--entrypoints.http.http.redirections.entrypoint.to=https'
# - '--entrypoints.http.http.redirections.entrypoint.scheme=https'
# - '--entrypoints.https=true'
# - '--entrypoints.https.address=:443'
# - '--certificatesResolvers.letsencrypt.acme.email=your-email@your-domain.com'
# - '--certificatesResolvers.letsencrypt.acme.storage=/etc/traefik/acme.json'
# - '--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http'
# - '--log=true'
# - '--log.level=WARNING' # DEBUG
# networks:
# net:
# driver: bridge

12
services/copyparty/coolify.simple.docker-compose.yml Normal file
View File

@@ -0,0 +1,12 @@
services:
copyparty:
image: 'copyparty/ac'
environment:
- SERVICE_URL_COPYPARTY_3923
- LD_PRELOAD=/usr/lib/libmimalloc-secure.so.NOPE
volumes:
- 'copyparty-config:/cfg'
- type: bind
source: /share/app/copyparty/files
target: /share/files
is_directory: true

25
services/copyparty/resources/copyparty.conf Normal file
View File

@@ -0,0 +1,25 @@
[global]
e2dsa # enable file indexing and filesystem scanning
e2ts # enable multimedia indexing
ansi # enable colors in log messages
# p: 3939 # listen on another port
# ipa: 10.89. # only allow connections from 10.89.*
df: 4 # stop accepting uploads if less than 16 gb free disk space
ver # show copyparty version in the controlpanel
# grid # show thumbnails/grid-view by default
# theme: 2 # monokai
name: watermelon # change the server-name that's displayed in the browser
# stats, nos-dup # enable the prometheus endpoint, but disable the dupes counter (too slow)
no-robots, force-js # make it harder for search engines to read your server
[accounts]
$USER: $PASSWORD # username: password
[/] # create a volume at "/" (the webroot), which will
/w # share /w (the docker data volume)
accs:
rw: * # everyone gets read-write access, but
rwmda: ed # the user "ed" gets read-write-move-delete-admin

28
services/copyparty/resources/custom.copyparty.conf Normal file
View File

@@ -0,0 +1,28 @@
[global]
e2dsa
e2ts
ansi
df: 4
ver
name: dragonfruit
no-robots, force-js
[accounts]
cloud: (rE*b#cm-Fn'pI#};ty3/gHg
canto: dosilencio
[/]
/share/files/public
accs:
r: *
rwmda: cloud
[/canto]
/share/files/canto
accs:
r: canto
rwmda: cloud

23
services/copyparty/resources/example.copyparty.conf Normal file
View File

@@ -0,0 +1,23 @@
# append some arguments to the commandline;
# accepts anything listed in --help (leading dashes are optional)
# and inline comments are OK if there is 2 spaces before the '#'
[global]
e2dsa # enable file indexing and filesystem scanning
e2ts # and enable multimedia indexing
ansi # enable colors in log messages
df: 4 # stop accepting uploads if less than 16 gb free disk space
ver # show copyparty version in the controlpanel
name: watermelon # change the server-name that's displayed in the browser
z, qr # and zeroconf and qrcode (you can comma-separate arguments)
no-robots, force-js # make it harder for search engines to read your server
# create users:
[accounts]
admin: (fill) # username: password
# create volumes:
[/] # create a volume at "/" (the webroot), which will
/share/files/public # share the contents of "." (the current directory)
accs:
r: * # everyone gets read-access, but
rwmda: admin # the user "admin" gets read-write-move-delete-admin

19
services/fireshare/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,19 @@
services:
fireshare:
image: shaneisrael/fireshare:latest
volumes:
- ./dev_root/fireshare_data:/data
- ./dev_root/fireshare_processed:/processed
- type: bind
source: /shared/nextcloud/data/cloud/files/clips
target: /videos
environment:
- SERVICE_URL_FIRESHARE_80
- ADMIN_USERNAME=${SERVICE_USER_ADMIN:-admin}
- ADMIN_PASSWORD=${SERVICE_PASSWORD_ADMIN}
- SECRET_KEY=${SERVICE_BASE64_SECRETKEY}
- MINUTES_BETWEEN_VIDEO_SCANS=5
- THUMBNAIL_VIDEO_LOCATION=0
- DOMAIN=clips.cloud.velha.casa
- PUID=1000
- PGID=1000

3
services/gitea/README.md Normal file
View File

@@ -0,0 +1,3 @@
incus config device add coolify gitea-ssh proxy \
listen=tcp:0.0.0.0:22222 \
connect=tcp:<incus-container-ip>:22222

49
services/gitea/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,49 @@
services:
gitea:
image: 'gitea/gitea:latest'
environment:
- SERVICE_FQDN_GITEA_3000
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=mysql
- GITEA__database__HOST=mariadb
- 'GITEA__database__NAME=${MYSQL_DATABASE-gitea}'
- GITEA__database__USER=$SERVICE_USER_MYSQL
- GITEA__database__PASSWD=$SERVICE_PASSWORD_MYSQL
volumes:
- 'gitea-data:/data'
- 'gitea-timezone:/etc/timezone:ro'
- 'gitea-localtime:/etc/localtime:ro'
ports:
- '22222:22'
depends_on:
mariadb:
condition: service_healthy
healthcheck:
test:
- CMD
- curl
- '-f'
- 'http://127.0.0.1:3000'
interval: 2s
timeout: 10s
retries: 15
mariadb:
image: 'mariadb:11'
volumes:
- 'gitea-mariadb-data:/var/lib/mysql'
environment:
- 'MYSQL_USER=${SERVICE_USER_MYSQL}'
- 'MYSQL_PASSWORD=${SERVICE_PASSWORD_MYSQL}'
- 'MYSQL_DATABASE=${MYSQL_DATABASE}'
- 'MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_MYSQLROOT}'
healthcheck:
test:
- CMD
- healthcheck.sh
- '--connect'
- '--innodb_initialized'
interval: 5s
timeout: 20s
retries: 10

32
services/gptwol/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,32 @@
services:
gptwol:
image: misterbabou/gptwol:latest
# network_mode: host
# restart: unless-stopped
environment:
- TZ=America/Sao_Paulo
#- PORT=5000 #Free Port on Your host; default is 5000
#- IP=0.0.0.0 #App listening IPV4 or IPV6 (ex [::]) address; default is 0.0.0.0
#- LOG_LEVEL=INFO #Can be DEBUG, INFO, WARN or ERROR
- ENABLE_LOGIN=true # Enable or disable local login; You would be able to access with USERNAME and PASSWORD; default is false
- USERNAME=cloud # Set a username; default is admin
- PASSWORD=${SERVICE_PASSWORD_64_ADMIN} # Set a password; default is admin
#- OIDC_ENABLED=false # Enable OIDC LOGIN; default is false
#- OIDC_ISSUER=https://auth.exemple.com # Base URL of the OIDC server - Should not include the `/.well-known/openid-configuration` part and no trailing `/`; default is not set
#- OIDC_CLIENT_ID=oidcclientid # Your OIDC client ID; default is not set
#- OIDC_CLIENT_SECRET=oidcclientsecret # Your OIDC Client Secret; default is not set
#- OIDC_REDIRECT_URI=http(s)://urlofyourgptwol(:port) # Base URL of your GPTWOL instance; default is not set
#- SCRIPT_NAME=/my-app # Uncomment this line to run the app under a prefix; default is not set
#- ENABLE_ADD_DEL=true # Enable or disable ADD computer and Delete computer buttons; default is true
#- ENABLE_REFRESH=true # Enable or disable automatic status refresh; default is true
#- REFRESH_INTERVAL=30 # Uncomment to change time between each status check for icmp, arp or tcp, can (in s); default value is 30 seconds
#- PING_TIMEOUT=300 #Uncomment to change the time to wait for a ping answer in (in ms); default value is 300 milliseconds
#- ARP_INTERFACE=eth0 #Uncomment this line to set an arp interface manually for scan and test; default is not set
#- ARP_TIMEOUT=300 #Uncomment to change the time to wait for a arp answer (in ms); default value is 300 milliseconds
#- TCP_TIMEOUT=1 #Uncomment to change the time to wait for a tcp check (in s); default value 1 second
#- ENABLE_L2_WOL_PACKET=false # Enable L2 WOL packet instead of L4, default is false
#- L2_INTERFACE=eth0 # Set the default interface for L2 WOL (set this only if you set ENABLE_L2_WOL_PACKET to true), default is eth0
- SERVICE_URL_GPTWOL_5000
volumes:
- 'db-data:/app/db'
- 'cron-data:/etc/cron.d'

67
services/immich/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,67 @@
services:
immich:
image: 'ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}'
volumes:
- 'immich-uploads:/usr/src/app/upload'
- type: bind
source: '/shared/nextcloud/data/cloud/files/home/pictures/DCIM'
target: '/libraries/DCIM'
is_directory: true
- '/etc/localtime:/etc/localtime:ro'
environment:
- SERVICE_URL_IMMICH_2283
- UPLOAD_LOCATION=./library
- DB_DATA_LOCATION=./postgres
- DB_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- DB_USERNAME=$SERVICE_USER_POSTGRES
- 'DB_DATABASE_NAME=${DB_DATABASE_NAME:-immich}'
- 'TZ=${TZ:-Etc/UTC}'
depends_on:
redis:
condition: service_healthy
database:
condition: service_healthy
healthcheck:
disable: false
immich-machine-learning:
container_name: immich_machine_learning
image: 'ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}'
volumes:
- 'immich-model-cache:/cache'
environment:
- UPLOAD_LOCATION=./library
- DB_DATA_LOCATION=./postgres
- DB_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- DB_USERNAME=$SERVICE_USER_POSTGRES
- 'DB_DATABASE_NAME=${DB_DATABASE_NAME:-immich}'
- 'TZ=${TZ:-Etc/UTC}'
healthcheck:
disable: false
redis:
image: 'redis:7.4-alpine'
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20
database:
image: 'ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0'
environment:
POSTGRES_PASSWORD: '${SERVICE_PASSWORD_POSTGRES}'
POSTGRES_USER: '${SERVICE_USER_POSTGRES}'
POSTGRES_DB: '${DB_DATABASE_NAME:-immich}'
POSTGRES_INITDB_ARGS: '--data-checksums'
DB_STORAGE_TYPE: '${DB_STORAGE_TYPE:-SSD}'
volumes:
- 'immich-postgres-data:/var/lib/postgresql/data'
healthcheck:
test:
- CMD-SHELL
- 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}'
interval: 5s
timeout: 20s
retries: 10

23
services/jellyfin/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,23 @@
services:
jellyfin:
image: 'lscr.io/linuxserver/jellyfin:latest'
environment:
- SERVICE_URL_JELLYFIN_8096
- PUID=1000
- PGID=1000
- 'TZ=${TZ:-Brazil/Sao_Paulo}'
- JELLYFIN_PublishedServerUrl=$SERVICE_URL_JELLYFIN
volumes:
- 'jellyfin-config:/config'
- type: bind
source: /shared/jellyfin/data
target: /data
healthcheck:
test:
- CMD
- curl
- '-f'
- 'http://127.0.0.1:8096'
interval: 2s
timeout: 10s
retries: 15

11
services/jenkins/README.md Normal file
View File

@@ -0,0 +1,11 @@
- don't create '/jenkins' folder. it will be created automatically
- 'https://adoptium.net/installation/linux/' steps is mandatory
- for bitwarden support in arm systems
```
apt install -y npm
npm install -g @bitwarden/cli
whereis bw
```

27
services/jenkins/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,27 @@
services:
jenkins:
image: 'jenkins/jenkins:latest'
environment:
- SERVICE_FQDN_JENKINS_8080
- 'CASC_JENKINS_CONFIG=/jenkins/casc/jenkins.yml'
volumes:
- 'jenkins-home:/var/jenkins_home'
# - type: bind
# source: '/shared/jenkins/home'
# target: '/var/jenkins_home'
# is_directory: true
- '/usr/local/bin/bw:/usr/local/bin/bw'
- '/var/run/docker.sock:/var/run/docker.sock'
- type: bind
source: '/shared/jenkins/jenkins.yml'
target: '/jenkins/jcasc/jenkins.yml'
healthcheck:
test:
- CMD
- curl
- '-f'
- 'http://localhost:8080/login'
interval: 30s
timeout: 10s
retries: 3
start_period: 40s

0
services/jenkins/resources/jenkins.yml Normal file
View File

23
services/nextcloud/README.md Normal file
View File

@@ -0,0 +1,23 @@
- if needed, restart server proxy in coolify
- in coolify, make the database's service port publicly available (5432)
<!-- - in coolify, make the redis's service port publicly available (6379) -->
- in start page, set database to "postgres" and use credentials provided by coolify dashboard
-- postgres host+port is likely "10.100.0.2:6379"
```
```
- in `/config/www/nextcloud/config/config.php`, add:
```
'overwriteprotocol' => 'https',
'filesystem_check_changes' => 1,
```
```
```
- in admin panel, configure:
-- timezone
<!-- -- add localhost (10.100.0.1) to whitelisted domains -->

69
services/nextcloud/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,69 @@
services:
nextcloud:
image: 'lscr.io/linuxserver/nextcloud:latest'
environment:
- SERVICE_URL_NEXTCLOUD_80
- PUID=1000
- PGID=1000
- 'TZ=${TZ:-Brazil/Sao_Paulo}'
- 'POSTGRES_DB=${POSTGRES_DB:-nextcloud}'
- 'POSTGRES_USER=${SERVICE_USER_POSTGRES}'
- 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}'
- POSTGRES_HOST=nextcloud-db
- REDIS_HOST=redis
- REDIS_PORT=6379
- 'NEXTCLOUD_ADMIN_USER=${SERVICE_USER_ADMIN}'
- 'NEXTCLOUD_ADMIN_PASSWORD=${SERVICE_PASSWORD_ADMIN}'
# - NEXTCLOUD_TRUSTED_DOMAINS=10.100.0.1
# - OVERWRITEHOST=https://nextcloud.cloud.velha.casa
- OVERWRITEPROTOCOL=https
volumes:
- 'nextcloud-config:/config'
- 'nextcloud-data:/data'
- type: bind
source: /shared/app/nextcloud/data
target: /data
is_directory: true
depends_on:
nextcloud-db:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test:
- CMD
- curl
- '-f'
- 'http://127.0.0.1:80'
interval: 2s
timeout: 10s
retries: 15
nextcloud-db:
image: 'postgres:16-alpine'
ports:
- "5432:5432"
volumes:
- 'nextcloud-postgresql-data:/var/lib/postgresql/data'
environment:
- 'POSTGRES_USER=${SERVICE_USER_POSTGRES}'
- 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}'
- 'POSTGRES_DB=${POSTGRES_DB:-nextcloud}'
healthcheck:
test:
- CMD-SHELL
- 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}'
interval: 5s
timeout: 20s
retries: 10
redis:
image: 'redis:7.4-alpine'
volumes:
- 'nextcloud-redis-data:/data'
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20

64
services/nextcloud/coolify.mariadb.docker-compose.yml Normal file
View File

@@ -0,0 +1,64 @@
services:
nextcloud:
image: 'lscr.io/linuxserver/nextcloud:latest'
environment:
- SERVICE_URL_NEXTCLOUD_80
- PUID=1000
- PGID=1000
- 'TZ=${TZ:-America/Sao_Paulo}'
- 'MYSQL_DATABASE=${MARIADB_DATABASE:-nextcloud}'
- 'MYSQL_USER=${SERVICE_USER_MARIADB}'
- 'MYSQL_PASSWORD=${SERVICE_PASSWORD_MARIADB}'
- MYSQL_HOST=nextcloud-db
- REDIS_HOST=redis
- REDIS_PORT=6379
volumes:
- 'nextcloud-config:/config'
- type: bind
source: /shared/nextcloud/data
target: /data
is_directory: true
depends_on:
nextcloud-db:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test:
- CMD
- curl
- '-f'
- 'http://127.0.0.1:80'
interval: 2s
timeout: 10s
retries: 15
nextcloud-db:
image: 'mariadb:11'
volumes:
- 'nextcloud-mariadb-data:/var/lib/mysql'
environment:
- 'MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}'
- 'MYSQL_DATABASE=${MARIADB_DATABASE:-nextcloud}'
- 'MYSQL_USER=${SERVICE_USER_MARIADB}'
- 'MYSQL_PASSWORD=${SERVICE_PASSWORD_MARIADB}'
healthcheck:
test:
- CMD
- healthcheck.sh
- '--connect'
- '--innodb_initialized'
interval: 5s
timeout: 20s
retries: 10
redis:
image: 'redis:7.4-alpine'
volumes:
- 'nextcloud-redis-data:/data'
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20

18
services/pigallery2/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,18 @@
services:
pigallery2:
image: 'bpatrik/pigallery2:latest'
environment:
- SERVICE_URL_PIGALLERY2_80
- NODE_ENV=production
volumes:
- 'pigallery2-config:/app/data/config'
- 'db-data:/app/data/db'
- type: bind
# source: '/shared/data-hoarding'
source: '/shared/nextcloud/data/cloud/files/data-hoarding'
target: '/app/data/images/data-hoarding'
is_directory: true
- type: bind
source: '/shared/pigallery2'
target: '/app/data/images/my-stuff'
is_directory: true

0
services/pterodactyl/coolify.docker-compose.yml Normal file
View File

3
services/soju/README.md Normal file
View File

@@ -0,0 +1,3 @@
incus profile device add default proxy proxy \
listen=tcp:0.0.0.0:6668 \
connect=tcp:127.0.0.1:6667

20
services/soju/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,20 @@
services:
soju:
image: 'codeberg.org/emersion/soju:latest'
environment:
- SERVICE_URL_SOJU_80
volumes:
- 'soju-db:/db'
- 'soju-uploads:/uploads'
- 'soju-run:/run/soju'
-
type: bind
source: ./soju/config
target: /soju-config
ports:
- 6667:6667
volumes:
soju-db: null
soju-uploads: null
soju-run: null

24
services/vault/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,24 @@
services:
vault:
image: hashicorp/vault:latest
environment:
- 'SERVICE_URL_VAULT_8200'
- 'VAULT_ADDR=${SERVICE_URL_VAULT_8200}'
- 'VAULT_API_ADDR=${SERVICE_URL_VAULT_8200}'
- 'VAULT_ADDRESS=${SERVICE_URL_VAULT_8200}'
- 'VAULT_UI=true'
- 'VAULT_TOKEN=${SERVICE_PASSWORD_64_VAULTTOKEN}'
volumes:
- 'vault-data:/vault'
# - type: bind
# source: '/shared/vault'
# target: '/vault'
# is_directory: true
# - ./logs:/vault/logs/:rw
# - ./data:/vault/data/:rw
# - ./config:/vault/config/:rw
# - ./certs:/certs/:rw
# - ./file:/vault/file/:rw
# cap_add:
# - IPC_LOCK
# entrypoint: vault server -config /vault/config/config.hcl

8
services/vaultwarden/README.md Normal file
View File

@@ -0,0 +1,8 @@
- https://plugins.jenkins.io/bitwarden-credentials-provider/#plugin-content-getting-started
- after setting things up, it's possible that jenkins shows this in the logs:
```
java.lang.IllegalStateException: Bitwarden CLI is not installed and could not be downloaded automatically. If on an unsupported architecture, please install it manually and set the path in the Jenkins configuration.
```

25
services/vaultwarden/coolify.docker-compose.yml Normal file
View File

@@ -0,0 +1,25 @@
services:
vaultwarden:
image: 'vaultwarden/server:latest'
environment:
- SERVICE_URL_VAULTWARDEN
- 'DOMAIN=${SERVICE_URL_VAULTWARDEN}'
- 'DATABASE_URL=${VAULTWARDEN_DB_URL:-data/db.sqlite3}'
- 'SIGNUPS_ALLOWED=true' # change to 'false' eventually
- 'INVITATIONS_ALLOWED=false'
- 'ADMIN_TOKEN=${SERVICE_PASSWORD_64_ADMIN}'
- IP_HEADER=X-Forwarded-For
- 'PUSH_ENABLED=${PUSH_ENABLED:-false}'
- 'PUSH_INSTALLATION_ID=${PUSH_SERVICE_ID}'
- 'PUSH_INSTALLATION_KEY=${PUSH_SERVICE_KEY}'
volumes:
- 'vaultwarden-data:/data'
healthcheck:
test:
- CMD
- curl
- '-f'
- 'http://127.0.0.1:80'
interval: 2s
timeout: 10s
retries: 15