domain: viyurz.fr timezone: "Europe/Paris" <%! import os, subprocess uid = os.getuid() rootless = os.path.exists(f"/run/user/{uid}/podman/podman.sock") %> % if rootless: rootless: true podman_uid: ${uid} uid_shift: ${int(subprocess.run(['sh', '-c', "grep " + os.getlogin() + " /etc/subuid | cut -d ':' -f 2"], capture_output=True, text=True).stdout.strip()) - 1} socket: "/run/user/${uid}/podman/podman.sock" % else: rootless: false podman_uid: 0 uid_shift: 0 socket: "/run/podman/podman.sock" % endif backup: etebase: - /mnt/etebasedata/media hedgedoc: - /mnt/hedgedocuploads mailserver: - /mnt/mailserver/etc/config.toml synapse: - /mnt/synapsedata vaultwarden: - /mnt/vwdata/attachments backup_sqlite: stump: /mnt/stump/config/stump.db uptime: /mnt/uptimekumadata/kuma.db borg_repo: /mnt/storagebox/backups/borg2 borg_prune_opts: - "--keep-within=1d" - "--keep-daily=7" - "--keep-weekly=4" - "--keep-monthly=12" - "--keep-yearly=86" certs: coturn: cert: "/etc/letsencrypt/live/turn.viyurz.fr/fullchain.pem" pkey: "/etc/letsencrypt/live/turn.viyurz.fr/privkey.pem" mailserver: cert: "/etc/letsencrypt/live/mail.viyurz.fr/fullchain.pem" pkey: "/etc/letsencrypt/live/mail.viyurz.fr/privkey.pem" pasta: coturn: ipv4: 10.86.3.1 ipv6: fc86::3 etebase: ipv4: 10.86.5.1 ipv6: fc86::5 fireshare: ipv4: 10.86.6.1 ipv6: fc86::6 hedgedoc: ipv4: 10.86.8.1 ipv6: fc86::8 keycloak: ipv4: 10.86.11.1 ipv6: fc86::11 mailserver: ipv4: 10.86.13.1 ipv6: fc86::13 postgres: ipv4: 10.86.16.1 ipv6: fc86::16 stump: ipv4: 10.86.18.1 ipv6: fc86::18 synapse: ipv4: 10.86.19.1 ipv6: fc86::19 syncthing: ipv4: 10.86.20.1 ipv6: fc86::20 syncthing_relaysrv: ipv4: 10.86.21.1 ipv6: fc86::21 uptime: ipv4: 10.86.22.1 ipv6: fc86::22 vaultwarden: ipv4: 10.86.23.1 ipv6: fc86::23 # Ports exposed to host ports: coturn_listening: 3478 coturn_tls_listening: 5349 coturn_relay_min: 49152 coturn_relay_max: 49172 etebase: 3735 fireshare: 8085 hedgedoc: 8086 homepage: 8686 keycloak: 8444 mailserver_smtp: 1025 mailserver_smtps: 1465 mailserver_imaps: 1993 mailserver_https: 1443 postgres: 5432 searxng: 8083 stump: 10801 synapse: 8008 syncthing_discosrv: 8443 syncthing_relaysrv: 143 # Public port, forwarded to 22067 by nftables syncthing_webui: 8384 syncthing_tcp: 9100 syncthing_udp: 22000 uptime: 3001 vaultwarden: 8081 # UID in containers users: coturn: 666 diun: 0 etebase: 373 fireshare: 1007 hedgedoc: 1004 homepage: 8686 keycloak: 1000 mailserver: 8 postgres: 70 searxng: 977 searxng_valkey: 999 stump: 1005 synapse: 991 syncthing: 1001 syncthing_discosrv: 1002 syncthing_relaysrv: 1003 uptime: 1006 vaultwarden: 1010 volumes: etebase: datadir: /mnt/etebasedata fireshare: datadir: /mnt/firesharedata processeddir: /mnt/storagebox/fireshare/processed videosdir: /mnt/storagebox/fireshare/videos hedgedoc: uploadsdir: /mnt/hedgedocuploads mailserver: datadir: /mnt/mailserver postgres: datadir: /mnt/postgresdata stump: configdir: /mnt/stump/config datadir: /mnt/stump/data synapse: datadir: /mnt/synapsedata syncthing: datadir: /mnt/storagebox/syncthing uptime: datadir: /mnt/uptimekumadata vaultwarden: datadir: /mnt/vwdata