Merge branch 'main' of 6t7.net:cnphpbb/deploy.stack

dbSer/redis/env.cfg

@@ -1,6 +1,6 @@
 IMAGE_TAG_REDISV6=redis:6.2.19-alpine
 IMAGE_TAG_REDISV7=redis:7.2.10-alpine
-IMAGE_TAG_REDISV8=redis:8.0.3-alpine
+IMAGE_TAG_REDISV8=redis:8.2.1-alpine
 IMAGE_TAG_VALKEYV8=valkey/valkey:8.1.3-alpine
 IMAGE_TAG_VALKEYV7=valkey/valkey:7.2.10-alpine
 Volumes_PATH=/data/volumes/redis

dbSer/redis/redis.stack.yml

@@ -1,11 +1,18 @@
-# Pull: docker compose -p redis --env-file ./base/redis/env.cfg -f ./base/redis/redis.stack.yml pull
+# Pull: docker compose -p redis --env-file ./dbSer/redis/env.cfg -f ./dbSer/redis/redis.stack.yml pull
 
-# Run:: docker compose -p redis --env-file ./base/redis/env.cfg -f ./base/redis/redis.stack.yml up -d
+# Run:: docker compose -p redis --env-file ./dbSer/redis/env.cfg -f ./dbSer/redis/redis.stack.yml up -d
 services:
   redis:
     image: ${IMAGE_TAG_REDISV8}
+    restart: always
     ports:
       - '6379:6379'
-    command: redis-server --appendonly yes
+    command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD} 
     volumes:
       - '${Volumes_PATH}/redis:/data'
+    environment:
+      - REDIS_PASSWORD=${REDIS_PASSWORD}
+      - REDIS_PORT=6379
+      - REDIS_DB=1
+      - REDIS_MAXMEMORY=1gb
+      - REDIS_MAXMEMORYPOLICY=allkeys-lru

dbSer/redis/valkey.stack.yml

@@ -4,8 +4,15 @@
 services:
   redis:
     image: ${IMAGE_TAG_VALKEYV8}
+    restart: always
     ports:
       - '6379:6379'
     command: valkey-server --appendonly yes --requirepass ${REDIS_PASSWORD}
     volumes:
-      - '${Volumes_PATH}/redis:/data'
+      - '${Volumes_PATH}/redis:/data'
+    environment:
+      - REDIS_PASSWORD=${REDIS_PASSWORD}
+      - REDIS_PORT=6379
+      - REDIS_DB=1
+      - REDIS_MAXMEMORY=1gb
+      - REDIS_MAXMEMORYPOLICY=allkeys-lru

drawnix/env.cfg

@@ -0,0 +1 @@
+IMAGE_TAG=pubuzhixing/drawnix:v0.2.0

drawnix/stack.yml

@@ -0,0 +1,12 @@
+# pull:: docker compose -p drawnix --env-file ./drawnix/env.cfg -f ./drawnix/stack.yml pull
+# run:: docker compose -p drawnix --env-file ./drawnix/env.cfg -f ./drawnix/stack.yml up -d
+
+services:
+  drawnix:
+    image: ${IMAGE_TAG}
+    container_name: drawnix
+    environment:
+      - TZ=Asia/Shanghai
+    ports:
+      - 5080:80
+    restart: unless-stopped

hub-registry/env.cnf

@@ -1,2 +1,2 @@
-IMAGE_TAG=hub.tp229.com:3500/registry:2.7
+IMAGE_TAG=hub.tp229.com:3500/registry:3.0
 UI_IMAGE_TAG=hub.tp229.com:3500/cnphpbb/registry-ui:latest

i2c.py/readme.md

@@ -5,7 +5,15 @@
 apt install -y fonts-wqy-microhei fonts-wqy-zenhei
 apt install -y i2c-tools libgpiod-dev
 apt install -y python3-pip python3-pil python3-libgpiod
-pip3 install adafruit-circuitpython-ssd13060 --break-system-packages
+## 安装依赖
+## 开发环境
+cd i2c.py
+python3 -m venv .venv
+source .venv/bin/activate
+# 使用 requirements.txt 安装所有依赖
+pip3 install -r requirements.txt
+## 系统依赖
+pip3 install -r requirements.txt --break-system-packages
 ```
 2. 调试
 

i2c.py/requirements.txt

@@ -0,0 +1,4 @@
+# Python dependencies for i2c.py project
+adafruit-circuitpython-ssd1306
+adafruit-blinka
+Pillow

n9e/compose-mysql/compose.yml

@@ -21,7 +21,7 @@ services:
       - "3306:3306"
 
   redis:
-    image: "redis:7.4-alpine"
+    image: "redis:8-alpine"
     container_name: redis
     hostname: redis
     restart: always
@@ -54,7 +54,7 @@ services:
   #     - "9090:9090"
 
   victoriametrics:
-    image: victoriametrics/victoria-metrics:v1.108.1
+    image: victoriametrics/victoria-metrics:v1.124.0
     container_name: victoriametrics
     hostname: victoriametrics
     restart: always
@@ -68,7 +68,7 @@ services:
       - "--loggerTimezone=Asia/Shanghai"
 
   nightingale:
-    image: "flashcatcloud/nightingale:8.0.0-beta.3"
+    image: "flashcatcloud/nightingale:8.2.2"
     container_name: nightingale
     hostname: nightingale
     restart: always
@@ -90,6 +90,8 @@ services:
     command: >
       sh -c "/app/n9e"
 
+# categraf 采集器
+# 用于测试， 安装时可以 注释掉
   categraf:
     image: "flashcatcloud/categraf:v0.4.1"
     container_name: "categraf"

tasks.md/stack.yml

@@ -1,6 +1,6 @@
 # path:: mkdir -pv /data/volumes/tasks.md/{tasks,config}
-# pull:: docker tasks.md -p memos --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml pull
-# run:: docker tasks.md -p memos --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml up -d
+# pull:: docker compose -p tasks.md --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml pull
+# run:: docker compose -p tasks.md --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml up -d
 
 services:
   tasks.md:

traefik/data/configurations/dynamic.yml

@@ -0,0 +1,33 @@
+# Dynamic configuration
+http:
+  middlewares:
+    nofloc:
+      headers:
+        customResponseHeaders:
+          Permissions-Policy: "interest-cohort=()"
+    secureHeaders:
+      headers:
+        sslRedirect: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+ 
+    # UserName : admin
+    # Password : qwer1234          
+    user-auth:
+      basicAuth:
+        users:
+          - "admin:$apr1$tm53ra6x$FntXd6jcvxYM/YH0P2hcc1"
+ 
+tls:
+  options:
+    default:
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+      minVersion: VersionTLS12

traefik/data/traefik.yml

@@ -0,0 +1,47 @@
+api:
+  dashboard: true
+ 
+entryPoints:
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+ 
+  websecure:
+    address: :443
+    http:
+      middlewares:
+        - secureHeaders@file
+        - nofloc@file
+      tls:
+        certResolver: letsencrypt
+ 
+pilot:
+  dashboard: false
+ 
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: /configurations/dynamic.yml
+ 
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: admin@yourdomain
+      storage: acme.json
+      keyType: EC384
+      httpChallenge:
+        entryPoint: web
+ 
+  buypass:
+    acme:
+      email: admin@yourdomain
+      storage: acme.json
+      caServer: https://api.buypass.com/acme/directory
+      keyType: EC256
+      httpChallenge:
+        entryPoint: web

traefik/env.cfg

@@ -0,0 +1,3 @@
+IMAGE_TAG_V3=traefik:v3.5.1
+IMAGE_TAG_V2=traefik:v2.11.29
+IMAGE_TAG_LATEST=traefik:latest

traefik/stack.yml

@@ -0,0 +1,38 @@
+#
+# Traefik
+# RUN: docker compose -p traefik --env-file ./traefik/env.cfg -f ./traefik/stack.yml up -d
+# PULL: docker compose -p traefik --env-file ./traefik/env.cfg -f ./traefik/stack.yml pull
+
+services:
+  traefik:
+    image: ${IMAGE_TAG_LATEST}
+    container_name: traefik
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./data/traefik.yml:/traefik.yml:ro
+      - ./data/acme.json:/acme.json
+      # Add folder with dynamic configuration yml
+      - ./data/configurations:/configurations
+    networks:
+      - traefik-proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.entrypoints=web"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.6t7.com`)"
+      - "traefik.http.routers.traefik.tls=true"
+      - "traefik.http.routers.traefik.tls.certresolver=le"
+    logging:
+      driver: json-file
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+networks:
+
+  traefik-proxy:
+    external: true