authentik/docker-compose.yml

@@ -32,7 +32,7 @@ services:
     volumes:
       - redis:/data
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.4.0}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.2}
     restart: unless-stopped
     command: server
     environment:
@@ -50,7 +50,7 @@ services:
       caddy: sso.dmeiburg.de
       caddy.reverse_proxy: "{{upstreams 9000}}"
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.4.0}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.2}
     restart: unless-stopped
     command: worker
     environment:

forgejo/docker-compose.yml

@@ -1,58 +0,0 @@
-version: "2"
-
-volumes:
-  server:
-  db:
-
-services:
-  server:
-    image: codeberg.org/forgejo/forgejo:1.21
-    restart: always
-    volumes:
-      - server:/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-    environment:
-      VIRTUAL_PORT: 3000 
-      HTTP_PORT: 3000
-      ROOT_URL: "https://git.dmeiburg.de"
-      RUN_MODE: prod
-      SSH_DOMAIN: dmeiburg.de
-      SSH_PORT: 2222      
-      SSH_LISTEN_PORT: 22
-      USER_UID: 1000 
-      USER_GID: 1000
-      DB_TYPE: postgres
-      DB_HOST: db:5432
-      DB_NAME: server
-      DB_USER: server
-      DB_PASSWD: ${DB_PW} 
-      FORGEJO__service__SHOW_REGISTRATION_BUTTON: false
-      FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: true
-      FORGEJO__openid__ENABLE_OPENID_SIGNIN: false
-      FORGEJO__openid__ENABLE_OPENID_SIGNUP: false
-      FORGEJO__ui__DEFAULT_THEME: arc-green
-      FORGEJO__server__LFS_START_SERVER: true
-    labels: 
-      caddy: git.dmeiburg.de
-      caddy.reverse_proxy: "{{upstreams 3000}}"
-      caddy.rewrite: /user/login /user/oauth2/sso.dmeiburg.de
-    ports: 
-        - "2222:22"
-    depends_on:
-        - db
-
-  db:
-    image: postgres:15-alpine
-    restart: always
-    environment:
-      POSTGRES_USER: server
-      POSTGRES_PASSWORD: ${DB_PW}
-      POSTGRES_DB: server
-    volumes:
-       - db:/var/lib/postgresql/data
-
-networks:
-    default:
-      name: caddy
-      external: true

grist/docker-compose.yml

@@ -8,21 +8,26 @@ services:
       - grist:/persist
       - certs:/certs
     environment:
+      VIRTUAL_HOST: grist.dmeiburg.de
+      LETSENCRYPT_EMAIL: ${EMAIL}
+      LETSENCRYPT_HOST: grist.dmeiburg.de
       APP_HOME_URL: https://grist.dmeiburg.de
       GRIST_SESSION_SECRET: ${SECRET}
       GRIST_SANDBOX_FLAVOR: gvisor
+      GRIST_SAML_IDP_UNENCRYPTED: 1
+      GRIST_SAML_SP_HOST: https://grist.dmeiburg.de
+      GRIST_SAML_IDP_LOGIN: https://sso.dmeiburg.de/application/saml/grist/sso/binding/redirect/
+      GRIST_SAML_IDP_LOGOUT: https://sso.dmeiburg.de/if/session-end/grist/
+      GRIST_SAML_IDP_CERTS: /certs/authentik.pem
+      GRIST_SAML_SP_KEY: /certs/grist_private_key.pem
+      GRIST_SAML_SP_CERT: /certs/grist_certificate.pem
       GRIST_FORCE_LOGIN: true
-      GRIST_OIDC_IDP_ISSUER: https://sso.dmeiburg.de/application/o/grist/.well-known/openid-configuration
+    expose: 
-      GRIST_OIDC_IDP_CLIENT_ID: ${OIDC_ID}
+        - 8484
-      GRIST_OIDC_IDP_CLIENT_SECRET: ${OIDC_SECRET}
-    labels: 
-      caddy: grist.dmeiburg.de
-      caddy.reverse_proxy: "{{upstreams 8484}}"
-
 networks:
   default:
-    name: caddy
+      name: nginx-proxy
-    external: true
+      external: true
 
 volumes:
   grist:

nextcloud/docker-compose.yml

@@ -15,6 +15,8 @@ services:
 
   app:
     image: nextcloud
+    expose:
+      - 80
     links:
       - db
     volumes:
@@ -22,15 +24,14 @@ services:
     hostname: cloud.dmeiburg.de
     restart: always
     environment:
+      VIRTUAL_HOST: cloud.dmeiburg.de
+      LETSENCRYPT_HOST: cloud.dmeiburg.de
       OVERWRITEPROTOCOL: https
       POSTGRES_HOST: db
     env_file: 
       - .env
-    labels: 
-      caddy: cloud.dmeiburg.de
-      caddy.reverse_proxy: "{{upstreams 80}}"
 
 networks:
   default:
-    name: caddy
+    name: nginx-proxy
     external: true

seafile/.env.gpg

@@ -1 +0,0 @@
-„^Âÿ7¤ûÀÊ
@°öj²­åر°‚¶‘‡Ärg‚L³<HP	"'w#0R‹{]<5D>Ÿ^5Òð½
hpÑ­´åH®£µŸ‡}ÝêG:Tw|/	ø?´´þ†Ìo<C38C>A„^ý*ÝX3"
@Ô¦ªlyÇ—gÑ‹I—ŹôÀäG†ƒïÿh<C3BF>cuíYÃy0f*äã¾îjš`ˆ¨<CB86>¢ËŽ\f„§¾O>-_s|ÁÉ ©ŸR
†Zv3=“F)eOŒÒ…
Jä5ÙÇ°„­î;“®Ývò
ÂLUAR<41>©ŠçªØá‹??[6£28,çƒéÆí÷O
yÆ<79>ÀÒ~Dª2¬°…LÌž[÷F,Ùši´âñóåT¬ø‚匰ž¤d±]Χ¤sw³æ<C2B3>Œvò%ØRÑ<\‘	´CÚÎáz£´ÿ‹¼·>ÕÌ<C395>Ñ

seafile/docker-compose.yml

@@ -1,38 +0,0 @@
-services:
-  db:
-    image: mariadb:10.11
-    container_name: seafile-mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=db_dev  # Requested, set the root's password of MySQL service.
-      - MYSQL_LOG_CONSOLE=true
-      - MARIADB_AUTO_UPGRADE=1
-    volumes:
-      - /opt/seafile-mysql/db:/var/lib/mysql  # Requested, specifies the path to MySQL data persistent store.
-
-  memcached:
-    image: memcached:1.6.18
-    container_name: seafile-memcached
-    entrypoint: memcached -m 256
-
-  seafile:
-    image: seafileltd/seafile-mc:latest
-    container_name: seafile
-    volumes:
-      - /opt/seafile-data:/shared   # Requested, specifies the path to Seafile data persistent store.
-    environment:
-      - DB_HOST=db
-      - DB_ROOT_PASSWD=db_dev  # Requested, the value should be root's password of MySQL service.
-      - TIME_ZONE=Etc/UTC  # Optional, default is UTC. Should be uncomment and set to your local time zone.
-      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not.
-      - SEAFILE_SERVER_HOSTNAME=cloud.dmeiburg.de # Specifies your host name if https is enabled.
-    depends_on:
-      - db
-      - memcached
-    labels: 
-      caddy: cloud.dmeiburg.de
-      caddy.reverse_proxy: "{{upstreams 80}}"
-
-networks:
-  default:
-    name: caddy
-    external: true