ffc30ff582
This commit improves configuration management by: ## Changes ### Environment Variable Management - Moved ALL environment blocks from compose.yaml files to .env files - Added comprehensive .env files for all 20 services - Included example secret formats with generation commands - Added detailed comments explaining what each secret should look like ### Example Secret Formats All .env files now include examples for: - **JWT Secrets**: 64-character hex strings - Example format: `a1b2c3d4e5f67890abcdef1234567890...` - Generate with: `openssl rand -hex 32` - **Passwords**: Strong alphanumeric passwords - Example format: `MyS3cur3P@ssw0rd!2024#HomeL@b` - Generate with: `openssl rand -base64 32 | tr -d /=+ | cut -c1-32` - **Session Secrets**: Random hex strings - Example format: `b2c3d4e5f67890abcdef1234567890a1b2...` - Generate with: `openssl rand -hex 32` - **API Keys**: Service-specific formats - Meili: 32-character hex (`openssl rand -hex 16`) - NextAuth: 64-character hex (`openssl rand -hex 32`) ### GPU Support Documentation - Added NVIDIA GPU (GTX 1070) configuration for Jellyfin - Added NVIDIA GPU configuration for Immich (ML inference & transcoding) - Included setup instructions for NVIDIA Container Toolkit - Documented how to enable GPU acceleration in each service ### Services Updated **Core Infrastructure:** - lldap: Added JWT secret and password examples - tinyauth: Added session secret examples - traefik: No environment variables needed **Media Services:** - jellyfin: Added .env with GPU configuration docs - jellyseer: Created .env with logging and timezone settings - immich: Added database password examples and GPU docs - sonarr: Created .env for PUID/PGID/TZ - radarr: Created .env for PUID/PGID/TZ - sabnzbd: Created .env for PUID/PGID/TZ - qbittorrent: Created .env for PUID/PGID/TZ/WEBUI_PORT **Utility Services:** - homarr: Created .env for port and timezone - backrest: Added environment variables to .env - linkwarden: Rewrote .env with NextAuth, Postgres, Meili examples - vikunja: Created .env with JWT secret and database password - FreshRSS: Created .env for PUID/PGID/TZ - booklore: Created .env for PUID/PGID/TZ - calibre-web: Created .env for PUID/PGID/TZ - filebrowser: Created .env for PUID/PGID/TZ - lubelogger: Created .env with locale settings - rsshub: Created .env with cache and logging config - microbin: Updated existing .env, removed environment block ### Benefits 1. **Security**: - Clear examples show what strong secrets look like - Generation commands prevent weak passwords - All secrets in one place per service 2. **Consistency**: - All services follow the same pattern (env_file: .env) - No more environment blocks in compose files - Easier to template new services 3. **Usability**: - Users know exactly what to change (look for `changeme_*`) - Example formats prevent configuration errors - Commands provided to generate secure values 4. **Maintainability**: - Compose files are cleaner and more readable - Environment changes don't require compose file edits - Version control friendly (.env files can be .gitignored) ### Files Changed - Modified: 24 compose.yaml files - Created: 14 new .env files - Updated: 6 existing .env files - Total .env files: 20 across all services All compose.yaml files now use `env_file: .env` exclusively. No environment blocks remain in any compose files.
21 lines
726 B
YAML
21 lines
726 B
YAML
# MicroBin - Encrypted pastebin with file upload support
|
|
# Docs: https://github.com/szabodanika/microbin
|
|
|
|
services:
|
|
microbin:
|
|
container_name: microbin
|
|
image: danielszabo99/microbin:latest
|
|
env_file: .env
|
|
- homelab
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.http.routers.microbin.rule: Host(`paste.fig.systems`) || Host(`paste.edfig.dev`)
|
|
traefik.http.routers.microbin.entrypoints: websecure
|
|
traefik.http.routers.microbin.tls.certresolver: letsencrypt
|
|
traefik.http.services.microbin.loadbalancer.server.port: 8080
|
|
# Note: MicroBin has its own auth, SSO disabled by default
|
|
# traefik.http.routers.microbin.middlewares: tinyauth
|
|
|
|
networks:
|
|
homelab:
|
|
external: true
|