diff --git a/manage.py b/manage.py index 9a0e2e1..20a2258 100755 --- a/manage.py +++ b/manage.py @@ -166,6 +166,11 @@ def setupProj(project): setPerms(renderedFilename, 640) setOwner(renderedFilename, os.getuid(), getUid(project)) + if project in env['volumes']: + for volume in env['volumes'][project].values(): + setPerms(volume, 750) + setOwner(volume, getUid(project), getUid(project)) + upProj(project) diff --git a/projects/coturn/compose.yaml.mako b/projects/coturn/compose.yaml.mako index 485d04b..0c4a779 100644 --- a/projects/coturn/compose.yaml.mako +++ b/projects/coturn/compose.yaml.mako @@ -17,4 +17,6 @@ services: - ${env['certs']['coturn']['cert']}:/etc/coturn/cert.pem:ro - ${env['certs']['coturn']['pkey']}:/etc/coturn/pkey.pem:ro -${env['networks_attr']} +networks: + default: + enable_ipv6: true diff --git a/projects/diun/compose.yaml.mako b/projects/diun/compose.yaml.mako index fe27375..d72087f 100644 --- a/projects/diun/compose.yaml.mako +++ b/projects/diun/compose.yaml.mako @@ -11,7 +11,9 @@ services: - ./images.yml:/etc/diun/images.yml:ro - data:/data -${env['networks_attr']} +networks: + default: + enable_ipv6: true volumes: data: diff --git a/projects/searxng/compose.yaml.mako b/projects/searxng/compose.yaml.mako index 60cafdc..978990c 100644 --- a/projects/searxng/compose.yaml.mako +++ b/projects/searxng/compose.yaml.mako @@ -22,7 +22,9 @@ services: volumes: - valkey:/data -${env['networks_attr']} +networks: + default: + enable_ipv6: true volumes: valkey: diff --git a/projects/syncthing/compose.yaml.mako b/projects/syncthing/compose.yaml.mako new file mode 100644 index 0000000..8290cc5 --- /dev/null +++ b/projects/syncthing/compose.yaml.mako @@ -0,0 +1,57 @@ +services: + syncthing: + container_name: syncthing + image: docker.io/syncthing/syncthing:1 + restart: always + user: ${env['users']['syncthing']}:${env['users']['syncthing']} + environment: + - PUID=${env['users']['syncthing']} + - PGID=${env['users']['syncthing']} + ports: + - 127.0.0.1:${env['ports']['syncthing_webui']}:8384 # Web UI + - ${env['ports']['syncthing_tcp']}:22000/tcp # TCP file transfers + - ${env['ports']['syncthing_udp']}:22000/udp # QUIC file transfers + volumes: + - ${env['volumes']['syncthing']['datadir']}:/var/syncthing + + stdiscosrv: + container_name: syncthing-discosrv + image: docker.io/syncthing/discosrv:1 + restart: always + command: + - "-http" + environment: + - PUID=${env['users']['syncthing_discosrv']} + - PGID=${env['users']['syncthing_discosrv']} + networks: + - discosrv + ports: + - 127.0.0.1:${env['ports']['syncthing_discosrv']}:8443 + + strelaysrv: + container_name: syncthing-relaysrv + image: docker.io/syncthing/relaysrv:1 + restart: always + command: + - '-ext-address=:${env['ports']["syncthing_relaysrv"]}' + - '-pools=' + environment: + - PUID=${env['users']['syncthing_relaysrv']} + - PGID=${env['users']['syncthing_relaysrv']} + networks: + - relaysrv + ports: + - 22067:22067 + volumes: + - strelaysrv:/var/strelaysrv + +networks: + default: + enable_ipv6: true + discosrv: + enable_ipv6: true + relaysrv: + enable_ipv6: true + +volumes: + strelaysrv: diff --git a/pyenv.yml b/pyenv.yml index 40c1640..263a474 100644 --- a/pyenv.yml +++ b/pyenv.yml @@ -69,12 +69,6 @@ certs: pkey: "/etc/letsencrypt/live/mail.viyurz.fr/privkey.pem" -networks_attr: | - networks: - default: - enable_ipv6: true - - # Ports exposed to host ports: coturn_listening: 3478 @@ -96,8 +90,7 @@ ports: stump: 10801 synapse: 8008 syncthing_discosrv: 8443 - # Public port, forwarded to 22067 by nftables - syncthing_relaysrv: 143 + syncthing_relaysrv: 143 # Public port, forwarded to 22067 by nftables syncthing_webui: 8384 syncthing_tcp: 18880 syncthing_udp: 22000 @@ -128,16 +121,26 @@ users: volumes: - etebase_datadir: /mnt/etebasedata - fireshare_datadir: /mnt/firesharedata - fireshare_processeddir: /mnt/storagebox/fireshare/processed - fireshare_videosdir: /mnt/storagebox/fireshare/videos - hedgedoc_uploadsdir: /mnt/hedgedocuploads - mailserver_datadir: /mnt/mailserver - postgres_datadir: /mnt/postgresdata - stump_configdir: /mnt/stump/config - stump_datadir: /mnt/stump/data - synapse_datadir: /mnt/synapsedata - syncthing_datadir: "{env['cifs_mounts']['syncthing']['path']}" - uptime_kuma_datadir: /mnt/uptimekumadata - vaultwarden_datadir: /mnt/vwdata + etebase: + datadir: /mnt/etebasedata + fireshare: + datadir: /mnt/firesharedata + processeddir: /mnt/storagebox/fireshare/processed + videosdir: /mnt/storagebox/fireshare/videos + hedgedoc: + uploadsdir: /mnt/hedgedocuploads + mailserver: + datadir: /mnt/mailserver + postgres: + datadir: /mnt/postgresdata + stump: + configdir: /mnt/stump/config + datadir: /mnt/stump/data + synapse: + datadir: /mnt/synapsedata + syncthing: + datadir: /mnt/storagebox/syncthing + uptimekuma: + datadir: /mnt/uptimekumadata + vaultwarden: + datadir: /mnt/vwdata diff --git a/setup.sh b/setup.sh index 18bcef5..3445ba5 100755 --- a/setup.sh +++ b/setup.sh @@ -31,8 +31,8 @@ fi declare -A sysctl_vars=( [vm.overcommit_memory]=1 - [net.core.wmem_max]=2500000 - [net.core.rmem_max]=2500000 + [net.core.wmem_max]=7500000 + [net.core.rmem_max]=7500000 ) echo -n "" | sudo tee /etc/sysctl.d/podman.conf @@ -40,7 +40,7 @@ for key in "${!sysctl_vars[@]}"; do value="${sysctl_vars[$key]}" echo "$key = $value" | sudo tee -a /etc/sysctl.d/podman.conf done -sudo sysctl -p +sudo sysctl -p /etc/sysctl.d/podman.conf sudo systemctl enable --now nftables