vps/env.yml

173 lines
3.4 KiB
YAML
Raw Normal View History

2024-02-17 19:01:04 +01:00
domain: viyurz.fr
timezone: "Europe/Paris"
2024-10-16 18:48:51 +02:00
<%!
import os, subprocess
uid = os.getuid()
rootless = os.path.exists(f"/run/user/{uid}/podman/podman.sock")
%>
% if rootless:
rootless: true
podman_uid: ${uid}
uid_shift: ${int(subprocess.run(['sh', '-c', "grep " + os.getlogin() + " /etc/subuid | cut -d ':' -f 2"], capture_output=True, text=True).stdout.strip()) - 1}
socket: "/run/user/${uid}/podman/podman.sock"
% else:
rootless: false
podman_uid: 0
uid_shift: 0
socket: "/run/podman/podman.sock"
% endif
backup:
etebase:
- /mnt/etebasedata/media
hedgedoc:
- /mnt/hedgedocuploads
mailserver:
- /mnt/mailserver/etc/config.toml
synapse:
- /mnt/synapsedata
vaultwarden:
- /mnt/vwdata/attachments
backup_sqlite:
stump: /mnt/stump/config/stump.db
uptime: /mnt/uptimekumadata/kuma.db
borg_repo: /mnt/storagebox/backups/borg2
borg_prune_opts:
- "--keep-within=1d"
- "--keep-daily=7"
- "--keep-weekly=4"
- "--keep-monthly=12"
- "--keep-yearly=86"
certs:
coturn:
cert: "/etc/letsencrypt/live/turn.viyurz.fr/fullchain.pem"
pkey: "/etc/letsencrypt/live/turn.viyurz.fr/privkey.pem"
mailserver:
cert: "/etc/letsencrypt/live/mail.viyurz.fr/fullchain.pem"
pkey: "/etc/letsencrypt/live/mail.viyurz.fr/privkey.pem"
pasta:
coturn:
ipv4: 10.86.3.1
ipv6: fc86::3
etebase:
ipv4: 10.86.5.1
ipv6: fc86::5
2024-07-26 15:55:33 +02:00
fireshare:
2024-10-16 18:48:51 +02:00
ipv4: 10.86.6.1
ipv6: fc86::6
hedgedoc:
ipv4: 10.86.8.1
ipv6: fc86::8
keycloak:
ipv4: 10.86.11.1
ipv6: fc86::11
mailserver:
ipv4: 10.86.13.1
ipv6: fc86::13
postgres:
ipv4: 10.86.16.1
ipv6: fc86::16
stump:
ipv4: 10.86.18.1
ipv6: fc86::18
synapse:
ipv4: 10.86.19.1
ipv6: fc86::19
2024-02-17 19:01:04 +01:00
syncthing:
2024-10-16 18:48:51 +02:00
ipv4: 10.86.20.1
ipv6: fc86::20
syncthing_relaysrv:
ipv4: 10.86.21.1
ipv6: fc86::21
uptime:
ipv4: 10.86.22.1
ipv6: fc86::22
vaultwarden:
ipv4: 10.86.23.1
ipv6: fc86::23
2024-02-17 19:01:04 +01:00
# Ports exposed to host
ports:
coturn_listening: 3478
coturn_tls_listening: 5349
coturn_relay_min: 49152
coturn_relay_max: 49172
etebase: 3735
2024-07-26 15:55:33 +02:00
fireshare: 8085
2024-02-17 19:01:04 +01:00
hedgedoc: 8086
2024-07-02 16:25:11 +02:00
homepage: 8686
2024-07-06 10:29:57 +02:00
keycloak: 8444
2024-03-16 13:49:47 +01:00
mailserver_smtp: 1025
mailserver_smtps: 1465
mailserver_imaps: 1993
mailserver_https: 1443
2024-03-29 20:56:28 +01:00
postgres: 5432
2024-02-17 19:01:04 +01:00
searxng: 8083
2024-04-20 12:48:37 +02:00
stump: 10801
2024-02-17 19:01:04 +01:00
synapse: 8008
syncthing_discosrv: 8443
2024-10-16 18:48:51 +02:00
syncthing_relaysrv: 143 # Public port, forwarded to 22067 by nftables
2024-02-17 19:01:04 +01:00
syncthing_webui: 8384
2024-10-16 18:48:51 +02:00
syncthing_tcp: 9100
2024-02-17 19:01:04 +01:00
syncthing_udp: 22000
2024-10-16 18:48:51 +02:00
uptime: 3001
2024-02-17 19:01:04 +01:00
vaultwarden: 8081
# UID in containers
users:
coturn: 666
2024-10-16 18:48:51 +02:00
diun: 0
2024-02-17 19:01:04 +01:00
etebase: 373
2024-07-26 15:55:33 +02:00
fireshare: 1007
2024-02-17 19:01:04 +01:00
hedgedoc: 1004
2024-02-25 19:15:58 +01:00
homepage: 8686
2024-07-06 10:29:57 +02:00
keycloak: 1000
mailserver: 8
2024-03-29 20:56:28 +01:00
postgres: 70
2024-02-17 19:01:04 +01:00
searxng: 977
2024-08-07 12:49:57 +02:00
searxng_valkey: 999
2024-04-20 12:48:37 +02:00
stump: 1005
2024-02-17 19:01:04 +01:00
synapse: 991
syncthing: 1001
syncthing_discosrv: 1002
syncthing_relaysrv: 1003
2024-10-16 18:48:51 +02:00
uptime: 1006
2024-07-06 10:29:57 +02:00
vaultwarden: 1010
2024-02-17 19:01:04 +01:00
volumes:
2024-10-16 18:48:51 +02:00
etebase:
datadir: /mnt/etebasedata
fireshare:
datadir: /mnt/firesharedata
processeddir: /mnt/storagebox/fireshare/processed
videosdir: /mnt/storagebox/fireshare/videos
hedgedoc:
uploadsdir: /mnt/hedgedocuploads
mailserver:
datadir: /mnt/mailserver
postgres:
datadir: /mnt/postgresdata
stump:
configdir: /mnt/stump/config
datadir: /mnt/stump/data
synapse:
datadir: /mnt/synapsedata
syncthing:
datadir: /mnt/storagebox/syncthing
uptime:
datadir: /mnt/uptimekumadata
vaultwarden:
datadir: /mnt/vwdata