vps/env.yml
2024-10-16 18:48:51 +02:00

172 lines
3.4 KiB
YAML

domain: viyurz.fr
timezone: "Europe/Paris"
<%!
import os, subprocess
uid = os.getuid()
rootless = os.path.exists(f"/run/user/{uid}/podman/podman.sock")
%>
% if rootless:
rootless: true
podman_uid: ${uid}
uid_shift: ${int(subprocess.run(['sh', '-c', "grep " + os.getlogin() + " /etc/subuid | cut -d ':' -f 2"], capture_output=True, text=True).stdout.strip()) - 1}
socket: "/run/user/${uid}/podman/podman.sock"
% else:
rootless: false
podman_uid: 0
uid_shift: 0
socket: "/run/podman/podman.sock"
% endif
backup:
etebase:
- /mnt/etebasedata/media
hedgedoc:
- /mnt/hedgedocuploads
mailserver:
- /mnt/mailserver/etc/config.toml
synapse:
- /mnt/synapsedata
vaultwarden:
- /mnt/vwdata/attachments
backup_sqlite:
stump: /mnt/stump/config/stump.db
uptime: /mnt/uptimekumadata/kuma.db
borg_repo: /mnt/storagebox/backups/borg2
borg_prune_opts:
- "--keep-within=1d"
- "--keep-daily=7"
- "--keep-weekly=4"
- "--keep-monthly=12"
- "--keep-yearly=86"
certs:
coturn:
cert: "/etc/letsencrypt/live/turn.viyurz.fr/fullchain.pem"
pkey: "/etc/letsencrypt/live/turn.viyurz.fr/privkey.pem"
mailserver:
cert: "/etc/letsencrypt/live/mail.viyurz.fr/fullchain.pem"
pkey: "/etc/letsencrypt/live/mail.viyurz.fr/privkey.pem"
pasta:
coturn:
ipv4: 10.86.3.1
ipv6: fc86::3
etebase:
ipv4: 10.86.5.1
ipv6: fc86::5
fireshare:
ipv4: 10.86.6.1
ipv6: fc86::6
hedgedoc:
ipv4: 10.86.8.1
ipv6: fc86::8
keycloak:
ipv4: 10.86.11.1
ipv6: fc86::11
mailserver:
ipv4: 10.86.13.1
ipv6: fc86::13
postgres:
ipv4: 10.86.16.1
ipv6: fc86::16
stump:
ipv4: 10.86.18.1
ipv6: fc86::18
synapse:
ipv4: 10.86.19.1
ipv6: fc86::19
syncthing:
ipv4: 10.86.20.1
ipv6: fc86::20
syncthing_relaysrv:
ipv4: 10.86.21.1
ipv6: fc86::21
uptime:
ipv4: 10.86.22.1
ipv6: fc86::22
vaultwarden:
ipv4: 10.86.23.1
ipv6: fc86::23
# Ports exposed to host
ports:
coturn_listening: 3478
coturn_tls_listening: 5349
coturn_relay_min: 49152
coturn_relay_max: 49172
etebase: 3735
fireshare: 8085
hedgedoc: 8086
homepage: 8686
keycloak: 8444
mailserver_smtp: 1025
mailserver_smtps: 1465
mailserver_imaps: 1993
mailserver_https: 1443
postgres: 5432
searxng: 8083
stump: 10801
synapse: 8008
syncthing_discosrv: 8443
syncthing_relaysrv: 143 # Public port, forwarded to 22067 by nftables
syncthing_webui: 8384
syncthing_tcp: 9100
syncthing_udp: 22000
uptime: 3001
vaultwarden: 8081
# UID in containers
users:
coturn: 666
diun: 0
etebase: 373
fireshare: 1007
hedgedoc: 1004
homepage: 8686
keycloak: 1000
mailserver: 8
postgres: 70
searxng: 977
searxng_valkey: 999
stump: 1005
synapse: 991
syncthing: 1001
syncthing_discosrv: 1002
syncthing_relaysrv: 1003
uptime: 1006
vaultwarden: 1010
volumes:
etebase:
datadir: /mnt/etebasedata
fireshare:
datadir: /mnt/firesharedata
processeddir: /mnt/storagebox/fireshare/processed
videosdir: /mnt/storagebox/fireshare/videos
hedgedoc:
uploadsdir: /mnt/hedgedocuploads
mailserver:
datadir: /mnt/mailserver
postgres:
datadir: /mnt/postgresdata
stump:
configdir: /mnt/stump/config
datadir: /mnt/stump/data
synapse:
datadir: /mnt/synapsedata
syncthing:
datadir: /mnt/storagebox/syncthing
uptime:
datadir: /mnt/uptimekumadata
vaultwarden:
datadir: /mnt/vwdata