bump gitea to v1.24.3

blinko/docker-compose.yml

@@ -8,7 +8,7 @@ networks:
 
 services:
     blinko-website:
-        image: blinkospace/blinko:0.52.3
+        image: blinkospace/blinko:1.1.2
         container_name: blinko-website
         environment:
             NODE_ENV: production
@@ -24,12 +24,6 @@ services:
             options:
                 max-size: "10m"
                 max-file: "3"
-        healthcheck:
-            test: ["CMD", "curl", "-f", "http://blinko-website:1111/"]
-            interval: 30s
-            timeout: 10s
-            retries: 5
-            start_period: 30s
         networks:
             - blinko
             - caddy

caddy/.env.example

@@ -35,8 +35,6 @@ SFTPGO_DOMAIN=
 GLANCE_DOMAIN=
 GLANCE_CRT=
 GLANCE_KEY=
-GLANCE_USERNAME=
-GLANCE_PASSWORD=
 
 ############# Ghost #############
 GHOST_DOMAIN=

caddy/Caddyfile

@@ -123,10 +123,6 @@
 {$GLANCE_DOMAIN} {
     tls /etc/ssl/custom/{$GLANCE_CRT} /etc/ssl/custom/{$GLANCE_KEY}
 
-    basic_auth {
-        {$GLANCE_USERNAME} {$GLANCE_PASSWORD}
-    }
-
     request_body {
         max_size 64MB
     }

gitea/docker-compose.yml

@@ -8,7 +8,7 @@ networks:
 
 services:
   server:
-    image: gitea/gitea:1.23.7
+    image: gitea/gitea:1.24.3
     container_name: gitea
     environment:
       - USER_UID=${USER_UID}
@@ -21,7 +21,10 @@ services:
       - ./data:/data
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
-    mem_limit: 512m
+    deploy:
+        resources:
+            limits:
+                memory: 1G
 
   act:
     image: gitea/act_runner:0.2.11

glance/.env.example

@@ -1,5 +1,3 @@
-# Variables defined here will be available to use anywhere in the config with the syntax ${MY_SECRET_TOKEN}
-# Note: making changes to this file requires re-running docker compose up
-MY_SECRET_TOKEN=
 GITHUB_TOKEN=
-SERADAR_TOKEN=
+SECRET_KEY=
+ADMIN_PASSWORD=

glance/config/glance.yml

@@ -1,16 +1,46 @@
 server:
-  assets-path: /app/assets
+    assets-path: /app/assets
+
+auth:
+  secret-key: ${SECRET_KEY}
+  users:
+    admin:
+      password: ${ADMIN_PASSWORD}
 
 theme:
-  # Note: assets are cached by the browser, changes to the CSS file
+    background-color: 240 13 14
-  # will not be reflected until the browser cache is cleared (Ctrl+F5)
+    primary-color: 51 33 68
-  custom-css-file: /assets/user.css
+    negative-color: 358 100 68
-  background-color: 240 13 14
+    contrast-multiplier: 1.2
-  primary-color: 51 33 68
+
-  negative-color: 358 100 68
+    presets:
-  contrast-multiplier: 1.2
+        neon-focus:
+            background-color: 255 14 6
+            primary-color: 156 50 65
+            negative-color: 342 65 65
+            contrast-multiplier: 0.9
+            text-saturation-multiplier: 0.8
+
+        gruvbox-dark:
+            background-color: 0 0 16
+            primary-color: 43 59 81
+            positive-color: 61 66 44
+            negative-color: 6 96 59
+
+        catppuccin-macchiato:
+            background-color: 232 23 18
+            contrast-multiplier: 1.2
+            primary-color: 220 83 75
+            positive-color: 105 48 72
+            negative-color: 351 74 73
+
+        peachy:
+            light: true
+            background-color: 28 40 77
+            primary-color: 155 100 20
+            negative-color: 0 100 60
+            contrast-multiplier: 1.1
+            text-saturation-multiplier: 0.5
 
 pages:
-  # It's not necessary to create a new file for each page and include it, you can simply
+    $include: home.yml
-  # put its contents here, though multiple pages are easier to manage when separated
-  !include: home.yml

glance/config/home.yml

@@ -1,165 +1,104 @@
 - name: Home
-  # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look
-  # hide-desktop-navigation: true
   columns:
-    - size: small
+      - size: small
-      widgets:
+        widgets:
-        - type: server-stats
+            - type: server-stats
-          servers:
+              servers:
-            - type: local
+                  - type: local
-              name: Services
+                    name: Services
 
-        - type: monitor
+            - type: monitor
-          cache: 1s
+              cache: 1s
-          title: Services
+              title: Services
-          sites:
+              sites:
-            - title: seradar.net
+                  - title: seradar.net
-              url: https://seradar.net/auth
+                    url: https://seradar.net/auth
-              icon: /assets/seradar.png
+                    icon: /assets/seradar.png
-            - title: git.aykhans.me
+                  - title: git.aykhans.me
-              url: https://git.aykhans.me/aykhans
+                    url: https://git.aykhans.me/aykhans
-              icon: /assets/gitea.svg
+                    icon: /assets/gitea.svg
-            - title: ftp.aykhans.me
+                  - title: ftp.aykhans.me
-              url: https://ftp.aykhans.me/web/client/login
+                    url: https://ftp.aykhans.me/web/client/login
-              icon: /assets/sftpgo.png
+                    icon: /assets/sftpgo.png
-            - title: notes.aykhans.me
+                  - title: notes.aykhans.me
-              url: https://notes.aykhans.me/signin
+                    url: https://notes.aykhans.me/signin
-              icon: /assets/blinko.png
+                    icon: /assets/blinko.png
-            - title: url.aykhans.me
+                  - title: url.aykhans.me
-              url: https://url.aykhans.me/auth
+                    url: https://url.aykhans.me/auth
-              icon: /assets/slash.svg
+                    icon: /assets/slash.svg
-            - title: vault.aykhans.me
+                  - title: vault.aykhans.me
-              url: https://vault.aykhans.me/#/login
+                    url: https://vault.aykhans.me/#/login
-              icon: /assets/vaultwarden.svg
+                    icon: /assets/vaultwarden.svg
-            - title: wg.aykhans.me
+                  - title: wg.aykhans.me
-              url: https://wg.aykhans.me/
+                    url: https://wg.aykhans.me/
-              icon: /assets/wireguard.png
+                    icon: /assets/wireguard.png
-            - title: aykhans.me
+                  - title: aykhans.me
-              url: https://aykhans.me/
+                    url: https://aykhans.me/
-              icon: /assets/ghost.png
+                    icon: /assets/ghost.png
 
-        - type: docker-containers
+            - type: docker-containers
-          cache: 0s
+              cache: 0s
-          hide-by-default: false
+              hide-by-default: false
 
-        - type: releases
+            - type: releases
-          cache: 1d
+              cache: 1d
-          collapse-after: 3
+              collapse-after: 3
-          # Without authentication the Github API allows for up to 60 requests per hour. You can create a
+              # Without authentication the Github API allows for up to 60 requests per hour. You can create a
-          # read-only token from your Github account settings and use it here to increase the limit.
+              # read-only token from your Github account settings and use it here to increase the limit.
-          token: ${GITHUB_TOKEN}
+              token: ${GITHUB_TOKEN}
-          repositories:
+              repositories:
-            - caddyserver/caddy
+                  - caddyserver/caddy
-            - glanceapp/glance
+                  - glanceapp/glance
-            - go-gitea/gitea
+                  - go-gitea/gitea
-            - drakkan/sftpgo
+                  - drakkan/sftpgo
-            - blinko-space/blinko
+                  - blinko-space/blinko
-            - yourselfhosted/slash
+                  - yourselfhosted/slash
-            - dani-garcia/vaultwarden
+                  - dani-garcia/vaultwarden
-            - wg-easy/wg-easy
+                  - wg-easy/wg-easy
-            - pocketbase/pocketbase
+                  - pocketbase/pocketbase
-            - prometheus/prometheus
+                  - prometheus/prometheus
-            - grafana/grafana
+                  - grafana/grafana
-            - TryGhost/Ghost
+                  - TryGhost/Ghost
 
-    - size: full
+      - size: full
-      widgets:
+        widgets:
-        - type: group
+            - type: to-do
-          widgets:
+              title: To-Do
-            - type: hacker-news
+              id: general
-            - type: lobsters
 
-        - type: rss
+            - type: group
-          limit: 150
+              widgets:
-          collapse-after: 5
+                  - type: hacker-news
-          cache: 1h
+                  - type: lobsters
-          style: horizontal-cards
-          feeds:
-            - url: https://registerspill.thorstenball.com/feed
-              title: Thorsten Ball
-            - url: https://selfh.st/rss/
-              title: selfh.st
 
-        - type: custom-api
+            - type: rss
-          title: Seradar
+              limit: 150
-          cache: 1m
+              collapse-after: 5
-          url: https://seradar.net/api/collections/series/records?page=1&perPage=1000&sort=-new_episodes
+              cache: 1h
-          headers:
+              style: horizontal-cards
-              Accept: application/json
+              feeds:
-              Authorization: ${SERADAR_TOKEN}
+                  - url: https://registerspill.thorstenball.com/feed
-          template: |
+                    title: Thorsten Ball
-                {{ if eq .Response.StatusCode 200 }}
+                  - url: https://selfh.st/rss/
-                    <div class="widget widget-type-rss">
+                    title: selfh.st
-                        <div
-                            class="widget-content widget-content-frameless"
-                        >
-                            <div
-                                class="carousel-container show-right-cutoff"
-                            >
-                                <div
-                                    class="cards-horizontal carousel-items-container"
-                                >
-                                {{ range .JSON.Array "items" }}
-                                <a
-                                    href="https://www.themoviedb.org/tv/{{ .String "series_id" }}"
-                                    target="_blank"
-                                    rel="noreferrer"
-                                    title="{{ .String "english_name" }}"
-                                >
-                                    <div
-                                        class="card rss-card-2 widget-content-frame thumbnail-parent"
-                                    >
-                                        <img
-                                            class="rss-card-2-image thumbnail cached finished-transition"
-                                            loading="lazy"
-                                            src="{{ .String "poster_path" }}"
-                                            alt="{{ .String "poster_path" }}"
-                                        />
 
-                                        <div
+      - size: small
-                                            class="rss-card-2-content padding-inline-widget"
+        widgets:
-                                        >
+            - type: calendar
-                                            <a
+              first-day-of-week: monday
-                                                href="https://www.themoviedb.org/tv/{{ .String "series_id" }}"
-                                                class="text-truncate-3-lines color-positive margin-top-10 size-h4"
-                                                target="_blank"
-                                                rel="noreferrer"
-                                                title="{{ .String "english_name" }}"
-                                                >{{ .String "english_name" }}</a>
-                                            {{ if gt (.Int "new_episodes") 0 }}
-                                                <p class="color-highlight">+{{ .Int "new_episodes" }} new episodes</p>
-                                            {{ else }}
-                                                <p>no new episodes</p>
-                                            {{ end }}
-                                        </div>
-                                    </div>
-                                </a>
-                                {{ end }}
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-                {{ else }}
-                    <p class="color-negative">Failed to fetch seradar.net data</p>
-                {{ end }}
 
-    - size: small
+            - type: weather
-      widgets:
+              location: Baku, Azerbaijan
-        - type: calendar
+              units: metric # alternatively "imperial"
-          first-day-of-week: monday
+              hour-format: 12h # alternatively "24h"
 
-        - type: weather
+            - type: markets
-          location: Baku, Azerbaijan
+              markets:
-          units: metric # alternatively "imperial"
+                  - symbol: BTC-USD
-          hour-format: 12h # alternatively "24h"
+                    name: Bitcoin
-
+                  - symbol: DYDX-USD
-        - type: markets
+                    name: DYDX
-          markets:
+                  - symbol: FET-USD
-            - symbol: BTC-USD
+                    name: FET
-              name: Bitcoin
+                  - symbol: SUI20947-USD
-            - symbol: DYDX-USD
+                    name: SUI
-              name: DYDX
-            - symbol: FET-USD
-              name: FET
-            - symbol: SUI20947-USD
-              name: SUI

glance/docker-compose.yml

@@ -8,7 +8,7 @@ networks:
 
 services:
   glance:
-    image: glanceapp/glance:v0.7.13
+    image: glanceapp/glance:v0.8.4
     container_name: glance
     restart: unless-stopped
     networks:

grafana/docker-compose.yml

@@ -10,8 +10,9 @@ networks:
 
 services:
     grafana:
-        image: grafana/grafana-enterprise:12.0.0
+        image: grafana/grafana-enterprise:12.0.2
         container_name: grafana
+        restart: unless-stopped
         networks:
             - grafana
             - caddy

main.sh

@@ -72,6 +72,7 @@ generate_env_files() {
 start_services() {
     docker network create caddy 2>/dev/null
     docker network create grafana 2>/dev/null
+    docker network create gitea 2>/dev/null
 
     echo "Starting prometheus..."
     $DOCKER_COMPOSE_COMMAND -f ./prometheus/docker-compose.yml up -d

prometheus/docker-compose.yml

@@ -12,8 +12,9 @@ networks:
 
 services:
     prometheus:
-        image: prom/prometheus:v3.3.1
+        image: prom/prometheus:v3.5.0
         container_name: prometheus
+        restart: unless-stopped
         networks:
             - prometheus
             - grafana
@@ -26,6 +27,7 @@ services:
     node_exporter:
         image: quay.io/prometheus/node-exporter:v1.9.1
         container_name: node_exporter
+        restart: unless-stopped
         networks:
             - prometheus
         command:
@@ -37,6 +39,7 @@ services:
     cadvisor:
         image: gcr.io/cadvisor/cadvisor:v0.49.1
         container_name: cadvisor
+        restart: unless-stopped
         networks:
             - prometheus
         volumes:

vaultwarden/docker-compose.yml

@@ -6,7 +6,7 @@ networks:
 
 services:
   server:
-    image: vaultwarden/server:1.33.2
+    image: vaultwarden/server:1.34.1
     container_name: vaultwarden
     restart: unless-stopped
     environment:

wg_easy/.env.example

@@ -1,7 +0,0 @@
-# Language of web page (e.g. en)
-LANG=
-# The public hostname or IP of your VPN server (e.g. vpn.example.com, 1.1.1.1)
-WG_HOST=
-# (Optional) When set, requires a password when logging in to the Web UI.
-# See How to generate a hash: https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md
-PASSWORD_HASH=

wg_easy/docker-compose.yml

@@ -1,57 +1,43 @@
-# volumes:
-#   etc_wireguard:
-networks:
-  caddy:
-    name: caddy
-    driver: bridge
-    external: true
-
 services:
-  wg-easy:
+    wg-easy:
-    environment:
+        image: ghcr.io/wg-easy/wg-easy:15
-      # Change Language:
+        container_name: wg-easy
-      # (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi, ja)
+        networks:
-      - LANG=${LANG:-en}
+            caddy:
-      # ⚠️ Required:
+                interface_name: wgeth1
-      # Change this to your host's public address
+            wg:
-      - WG_HOST=${WG_HOST}
+                ipv4_address: 10.42.42.42
+                ipv6_address: fdcc:ad94:bacf:61a3::2a
+                interface_name: wgeth0
+        environment:
+            WG_DEVICE: wgeth0
+        volumes:
+            - ./data:/etc/wireguard
+            - /lib/modules:/lib/modules:ro
+        ports:
+            - "51820:51820/udp"
+            # - "51821:51821/tcp"
+        restart: unless-stopped
+        cap_add:
+            - NET_ADMIN
+            - SYS_MODULE
+        sysctls:
+            - net.ipv4.ip_forward=1
+            - net.ipv4.conf.all.src_valid_mark=1
+            - net.ipv6.conf.all.disable_ipv6=0
+            - net.ipv6.conf.all.forwarding=1
+            - net.ipv6.conf.default.forwarding=1
 
-      # Optional:
+networks:
-      - PASSWORD_HASH=${PASSWORD_HASH}
+    caddy:
-      # - PORT=51821
+        name: caddy
-      # - WG_PORT=51820
+        driver: bridge
-      # - WG_CONFIG_PORT=92820
+        external: true
-      # - WG_DEFAULT_ADDRESS=10.8.0.x
+    wg:
-      # - WG_DEFAULT_DNS=1.1.1.1
+        driver: bridge
-      # - WG_MTU=1420
+        enable_ipv6: true
-      # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
+        ipam:
-      # - WG_PERSISTENT_KEEPALIVE=25
+            driver: default
-      # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
+            config:
-      # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
+                - subnet: 10.42.42.0/24
-      # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
+                - subnet: fdcc:ad94:bacf:61a3::/64
-      # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
-      # - UI_TRAFFIC_STATS=true
-      # - UI_CHART_TYPE=0 # (0 Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart)
-      # - WG_ENABLE_ONE_TIME_LINKS=true
-      # - UI_ENABLE_SORT_CLIENTS=true
-      # - WG_ENABLE_EXPIRES_TIME=true
-      # - ENABLE_PROMETHEUS_METRICS=false
-      # - PROMETHEUS_METRICS_PASSWORD=$$2a$$12$$vkvKpeEAHD78gasyawIod.1leBMKg8sBwKW.pQyNsq78bXV3INf2G # (needs double $$, hash of 'prometheus_password'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
-
-    image: ghcr.io/wg-easy/wg-easy:14
-    container_name: wg-easy
-    volumes:
-      - ./data:/etc/wireguard
-    networks:
-      - caddy
-    ports:
-      - "51820:51820/udp"
-#      - "51821:51821/tcp"
-    restart: unless-stopped
-    cap_add:
-      - NET_ADMIN
-      - SYS_MODULE
-      # - NET_RAW # ⚠️ Uncomment if using Podman
-    sysctls:
-      - net.ipv4.ip_forward=1
-      - net.ipv4.conf.all.src_valid_mark=1