From 93e12ecc79c94012ca02b7929887f4c2a5b96a82 Mon Sep 17 00:00:00 2001 From: gyurix Date: Thu, 24 Apr 2025 23:09:56 +0200 Subject: [PATCH] Add filebrowser and guacamole configuration files with required fields and updated service settings --- filebrowser/domain-filebrowser.json | 60 ++++++++++++ filebrowser/filebrowser-secret.json | 6 ++ filebrowser/firewall-filebrowser.json | 75 +++++++++++++++ filebrowser/service-filebrowser.json | 75 +++++++++++++++ filebrowser/template.json | 22 +++++ guacamole/domain-guacamole.json | 8 +- guacamole/firewall-guacamole.json | 6 +- guacamole/guacamole.secret.json | 19 ++++ guacamole/service-guacamole.json | 130 +++++++++++++++++++------- guacamole/template.json | 99 +++++++++++++------- 10 files changed, 423 insertions(+), 77 deletions(-) create mode 100644 filebrowser/domain-filebrowser.json create mode 100644 filebrowser/filebrowser-secret.json create mode 100644 filebrowser/firewall-filebrowser.json create mode 100644 filebrowser/service-filebrowser.json create mode 100644 filebrowser/template.json create mode 100644 guacamole/guacamole.secret.json diff --git a/filebrowser/domain-filebrowser.json b/filebrowser/domain-filebrowser.json new file mode 100644 index 0000000..5620b52 --- /dev/null +++ b/filebrowser/domain-filebrowser.json @@ -0,0 +1,60 @@ +{ + "main": { + "SERVICE_NAME": "filebrowser", + "DOMAIN": "#FILEBROWSER_DOMAIN" + }, + "containers": [ + { + "IMAGE": "safebox/domain-check", + "UPDATE": "true", + "MEMORY": "64M", + "NAME": "domain_checker", + "ROLES": "domain_checker", + "NETWORK": "host", + "SELECTOR": "", + "SCALE": "0", + "EXTRA": "--rm --privileged", + "PRE_START": [], + "DEPEND": [], + "POST_START": [], + "CMD": "", + "ENVS": [ + { + "PROXY": "smarthostloadbalancer" + }, + { + "TARGET": "filebrowser" + }, + { + "PORT": "9091" + }, + { + "DOMAIN": "#FILEBROWSER_DOMAIN" + }, + { + "SMARTHOST_PROXY_PATH": "/smarthost-domains" + }, + { + "OPERATION": "CREATE" + } + ], + "VOLUMES": [ + { + "SOURCE": "/etc/user/config/smarthost-domains", + "DEST": "/smarthost-domains", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + } + ] + } + ] +} \ No newline at end of file diff --git a/filebrowser/filebrowser-secret.json b/filebrowser/filebrowser-secret.json new file mode 100644 index 0000000..7a76337 --- /dev/null +++ b/filebrowser/filebrowser-secret.json @@ -0,0 +1,6 @@ +{ + "filebrowser": { + "USER": "#FILEBROWSER_USER", + "PASS": "#FILEBROWSER_PASS" + } +} \ No newline at end of file diff --git a/filebrowser/firewall-filebrowser.json b/filebrowser/firewall-filebrowser.json new file mode 100644 index 0000000..b2701ca --- /dev/null +++ b/filebrowser/firewall-filebrowser.json @@ -0,0 +1,75 @@ +{ + "main": { + "SERVICE_NAME": "firewalls", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "safebox/firewall", + "NAME": "firewall", + "MEMORY": "64M", + "NETWORK": "host", + "SCALE": "0", + "VOLUMES": [ + { + "SOURCE": "/run/", + "DEST": "/run/", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/services", + "DEST": "/services", + "TYPE": "ro" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + } + ], + "PORTS": [], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "ENVS": [ + { + "CHAIN": "DOCKER-USER" + }, + { + "SOURCE": "smarthostbackend" + }, + { + "TARGET": "filebrowser" + }, + { + "TYPE": "tcp" + }, + { + "TARGET_PORT": "80" + }, + { + "COMMENT": "proxy for filebrowser" + } + ], + "EXTRA": "--privileged --rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "null", + "PRE_START": "null", + "POST_START": "null" + } + ] +} \ No newline at end of file diff --git a/filebrowser/service-filebrowser.json b/filebrowser/service-filebrowser.json new file mode 100644 index 0000000..e9c7043 --- /dev/null +++ b/filebrowser/service-filebrowser.json @@ -0,0 +1,75 @@ +{ + "main": { + "SERVICE_NAME": "filebrowser", + "DOMAIN": "#TRANSMISSION_DOMAIN" + }, + "containers": [ + { + "IMAGE": "alpine:latest", + "UPDATE": "true", + "NAME": "filebrowser-init", + "NETWORK": "host", + "MEMORY": "64M", + "VOLUMES": [ + { + "SOURCE": "USER_DATA", + "DEST": "/etc/user/data", + "TYPE": "rw" + } + ], + "EXTRA": "--rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "ENTRYPOINT": "sh -c", + "CMD": "mkdir -p /etc/user/data/filebrowser && mkdir -p /etc/user/data/transmission/downloads/complete", + "PRE_START": "null", + "POST_START": "null" + }, + { + "IMAGE": "filebrowser/filebrowser:latest", + "UPDATE": "true", + "NAME": "filebrowser", + "SELECTOR": "filebrowser", + "VOLUMES": [ + { + "SOURCE": "/etc/user/data/filebrowser", + "DEST": "/srv", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/data/transmission/downloads", + "DEST": "/srv/transmission", + "TYPE": "rw" + } + ], + "PORTS": [ + { + "SOURCE": "null", + "DEST": "80", + "TYPE": "tcp" + } + ], + "ENVS": [ + { + "PUID": "1000" + }, + { + "PGID": "1000" + } + ], + "ENV_FILES": [ + "/etc/user/secret/filebrowser/filebrowser.json" + ], + "EXTRA": "--restart unless-stopped", + "DEPEND": [], + "START_ON_BOOT": "false", + "ENTRYPOINT": "sh", + "CMD": "-c '/filebrowser config init && /filebrowser users add \"$FILEBROWSER_USER\" \"$FILEBROWSER_PASS\" --perm.admin && /filebrowser'", + "PRE_START": "null", + "POST_START": [ + "firewall-filebrowser", + "domain-filebrowser" + ] + } + ] +} \ No newline at end of file diff --git a/filebrowser/template.json b/filebrowser/template.json new file mode 100644 index 0000000..6b02a85 --- /dev/null +++ b/filebrowser/template.json @@ -0,0 +1,22 @@ +{ + "name": "filebrowser", + "fields": [ + { + "description": "Please add your filebrowser domain:", + "key": "FILEBROWSER_DOMAIN", + "value": "", + "required": "true" + }, + { + "description": "Please add a username:", + "key": "FILEBROWSER_USER", + "value": "" + }, + { + "description": "Please add a password for user:", + "key": "FILEBROWSER_PASS", + "value": "", + "type": "password" + } + ] +} \ No newline at end of file diff --git a/guacamole/domain-guacamole.json b/guacamole/domain-guacamole.json index 0d7973e..b75b82b 100644 --- a/guacamole/domain-guacamole.json +++ b/guacamole/domain-guacamole.json @@ -1,7 +1,7 @@ { "main": { - "SERVICE_NAME": "homeassistant", - "DOMAIN": "#HOMEASSISTANT_DOMAIN" + "SERVICE_NAME": "guacamole", + "DOMAIN": "#GUACAMOLE_DOMAIN" }, "containers": [ { @@ -26,10 +26,10 @@ "TARGET": "homeassistant" }, { - "PORT": "8123" + "PORT": "80" }, { - "DOMAIN": "#HOMEASSISTANT_DOMAIN" + "DOMAIN": "#GUACAMOLE_DOMAIN" }, { "SMARTHOST_PROXY_PATH": "/smarthost-domains" diff --git a/guacamole/firewall-guacamole.json b/guacamole/firewall-guacamole.json index 9abc400..15bc394 100644 --- a/guacamole/firewall-guacamole.json +++ b/guacamole/firewall-guacamole.json @@ -52,16 +52,16 @@ "SOURCE": "smarthostbackend" }, { - "TARGET": "homeassistant" + "TARGET": "guacamole" }, { "TYPE": "tcp" }, { - "TARGET_PORT": "8123" + "TARGET_PORT": "80" }, { - "COMMENT": "proxy for homeassistant" + "COMMENT": "proxy for guacamole" } ], "EXTRA": "--privileged --rm", diff --git a/guacamole/guacamole.secret.json b/guacamole/guacamole.secret.json new file mode 100644 index 0000000..5b1dd25 --- /dev/null +++ b/guacamole/guacamole.secret.json @@ -0,0 +1,19 @@ +{ + "guacamolemysql": { + "MYSQL_DATABASE": "DB_MYSQL", + "MYSQL_USER": "DB_USER", + "MYSQL_PASSWORD": "DB_PASSWORD", + "MYSQL_ROOT_PASSWORD": "DB_ROOT_PASSWORD" + }, + "guacamoletomcat": { + "ADMIN_NAME": "GUACAMOLE_ADMIN_NAME", + "ADMIN_PASSWORD": "GUACAMOLE_ADMIN_PASSWORD", + "MYSQL_DATABASE": "DB_MYSQL", + "MYSQL_USER": "DB_USER", + "MYSQL_PASSWORD": "DB_PASSWORD", + "MYSQL_HOSTNAME": "guacamolemysql-db", + "GUACD_HOSTNAME": "guacd-app", + "TOTP_ENABLED": "TOTP_USE", + "BAN_ADDRESS_DURATION": "BAN_DURATION" + } +} \ No newline at end of file diff --git a/guacamole/service-guacamole.json b/guacamole/service-guacamole.json index 516304f..79b8a11 100644 --- a/guacamole/service-guacamole.json +++ b/guacamole/service-guacamole.json @@ -1,63 +1,125 @@ { "main": { - "SERVICE_NAME": "homeassistant", + "SERVICE_NAME": "guacamole", "DOMAIN": "DOMAIN" }, "containers": [ { - "IMAGE": "alpine:latest", + "IMAGE": "mariadb:latest", "UPDATE": "true", - "NAME": "homeassistant-init", - "NETWORK": "host", - "MEMORY": "64M", + "NAME": "guacamolemysql-db", + "MEMORY": "256M", + "NETWORK": "guacamole-net", + "SELECTOR": "guacamolemysql", "VOLUMES": [ { - "SOURCE": "USER_DATA", - "DEST": "/etc/user/data", + "SOURCE": "/etc/user/data/guacamole/db", + "DEST": "/var/lib/mysql", "TYPE": "rw" - } - ], - "EXTRA": "--rm", - "DEPEND": "null", - "START_ON_BOOT": "false", - "ENTRYPOINT": "sh -c", - "CMD": "mkdir -p /etc/user/data/homeassistant/config", - "PRE_START": "null", - "POST_START": "null" - }, - { - "IMAGE": "ghcr.io/home-assistant/home-assistant:stable", - "UPDATE": "true", - "NAME": "homeassistant", - "NETWORK": "host", - "VOLUMES": [ + }, { - "SOURCE": "/etc/user/data/homeassistant/config", - "DEST": "/config", + "SOURCE": "/etc/system/log/guacamole/db", + "DEST": "/var/lib/mysql/mysql-bin", "TYPE": "rw" } ], "PORTS": [ { - "SOURCE": "8123", - "DEST": "8123", + "SOURCE": "null", + "DEST": "3306", "TYPE": "tcp" } ], - "ENVS": [ + "READYNESS": [ { - "NAME": "TZ", - "VALUE": "HOMEASSISTANT_TZ" + "tcp": "3306" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" } ], - "EXTRA": "--restart unless-stopped", - "DEPEND": [], + "ENV_FILES": [ + "/etc/user/secret/guacamole/guacamole.json" + ], + "EXTRA": "--restart always", + "DEPEND": "null", "START_ON_BOOT": "false", "CMD": "null", "PRE_START": "null", + "POST_START": "null" + }, + { + "IMAGE": "registry.format.hu/guacamole-guacd", + "UPDATE": "true", + "NAME": "guacd-app", + "MEMORY": "256M", + "NETWORK": "guacamole-net", + "SELECTOR": "guacdapp", + "PORTS": [ + { + "SOURCE": "null", + "DEST": "4822", + "TYPE": "tcp" + } + ], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "EXTRA": "", + "DEPEND": "null", + "START_ON_BOOT": "true", + "CMD": "null", + "PRE_START": "null", + "POST_START": "null" + }, + { + "IMAGE": "safebox/guacamole-tomcat", + "UPDATE": "true", + "NAME": "guacamoletomcat", + "ROLES": "backend-www", + "MEMORY": "256M", + "NETWORK": "guacamole-net", + "SELECTOR": "guacamoletomcat", + "PORTS": [ + { + "SOURCE": "null", + "DEST": "8080", + "TYPE": "tcp" + } + ], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "EXTRA": "null", + "ENV_FILES": [ + "/etc/user/secret/guacamole/guacamole.json" + ], + "DEPEND": "null", + "START_ON_BOOT": "true", + "CMD": "null", + "PRE_START": "null", "POST_START": [ - "firewall-homeassistant", - "domain-homeassistant" + "firewall-guacamole", + "domain-guacamole" ] } ] diff --git a/guacamole/template.json b/guacamole/template.json index b9bfb0c..bd00062 100644 --- a/guacamole/template.json +++ b/guacamole/template.json @@ -1,37 +1,64 @@ { - "name": "guacamole", - "fields": [ - { - "description": "Please add Guacamole domain:", - "key": "GUACAMOLE_DOMAIN", - "value": "", - "required": "true" - }, - { - "description": "Please add Guacamole admin username:", - "key": "GUACAMOLE_USERNAME", - "value": "", - "required": "true" - }, - { - "description": "Please add Guacamole admin password:", - "key": "GUACAMOLE_PASSWORD", - "value": "", - "required": "true", - "type": "password" - }, - { - "description": "Do you want TOTP via login?", - "key": "GUACAMOLE_TOTP", - "value": "yes,no", - "required": "true", - "type": "select" - }, - { - "description": "Do you want limitation in case invalid login or password? Please add a number how many minutes for deny retry. If you add 0 means it will disabled.", - "key": "GUACAMOLE_BAN_DURATION", - "value": "5", - "required": "true" - } - ] -} + "name": "guacamole", + "fields": [ + { + "description": "Please add Guacamole domain:", + "key": "GUACAMOLE_DOMAIN", + "value": "", + "required": "true" + }, + { + "description": "Please add Guacamole admin username:", + "key": "GUACAMOLE_USERNAME", + "value": "", + "required": "true" + }, + { + "description": "Please add Guacamole admin password:", + "key": "GUACAMOLE_PASSWORD", + "value": "", + "required": "true", + "type": "password" + }, + { + "description": "Do you want TOTP via login?", + "key": "GUACAMOLE_TOTP", + "value": "yes,no", + "required": "true", + "type": "select" + }, + { + "description": "Do you want limitation in case invalid login or password? Please add a number how many minutes for deny retry. If you add 0 means it will disabled.", + "key": "GUACAMOLE_BAN_DURATION", + "value": "5" + }, + { + "description": "MYSQL database name", + "key": "MYSQL_DATABASE", + "value": "", + "required": "true", + "generated": "" + }, + { + "description": "MYSQL username", + "key": "MYSQL_USER", + "value": "", + "required": "true", + "generated": "time|md5|8" + }, + { + "description": "MYSQL password for user", + "key": "MYSQL_PASSWORD", + "value": "", + "required": "true", + "generated": "random|md5|12" + }, + { + "description": "MYSQL root user password", + "key": "MYSQL_ROOT_PASSWORD", + "value": "", + "required": "true", + "generated": "random|sha256|20" + } + ] +} \ No newline at end of file