Refactor secrets

.gitattributes

@@ -4,3 +4,4 @@ ddclient/ddclient.conf filter=git-crypt diff=git-crypt
 *.pem filter=git-crypt diff=git-crypt
 *.env filter=git-crypt diff=git-crypt
 *.override.yml filter=git-crypt diff=git-crypt
+*.secret filter=git-crypt diff=git-crypt

bind9/guiotte.db

@@ -20,3 +20,4 @@ dm.guiotte.fr.     IN  A       192.168.1.2
 money.guiotte.fr.  IN  CNAME   dm.guiotte.fr.
 photos.guiotte.fr. IN  CNAME   dm.guiotte.fr.
 dl.guiotte.fr.     IN  CNAME   dm.guiotte.fr.
+kdoc-testing.guiotte.fr.     IN  CNAME   dm.guiotte.fr.

docker-compose.yml

@@ -64,6 +64,8 @@ services:
     container_name: transmission
     environment:
       <<: *common-environment
+      FILE__USER: /run/secrets/transmission-user
+      FILE__PASS: /run/secrets/transmission-pw
     volumes:
       - transmission-config:/config
       - /mnt/storage/download:/downloads
@@ -73,6 +75,9 @@ services:
       - 51413:51413
       - 51413:51413/udp
     restart: unless-stopped
+    secrets:
+      - transmission-user
+      - transmission-pw
 
         # WIP
         #  radarr:
@@ -94,13 +99,12 @@ services:
   syncthing:
     image: lscr.io/linuxserver/syncthing:latest
     container_name: syncthing
-    hostname: drmanhattan #optional
+    hostname: drmanhattan
     environment: *common-environment
     volumes:
       - ./syncthing:/config
       - /mnt/storage/music/Florent:/music
     ports:
-      #- 8384:8384
       - 22000:22000/tcp
       - 22000:22000/udp
       - 21027:21027/udp
@@ -115,10 +119,13 @@ services:
       - lychee-db:/config
     environment:
       <<: *common-environment
-      MYSQL_ROOT_PASSWORD: rootpassword
+      FILE__MYSQL_ROOT_PASSWORD: /run/secrets/lychee-db-root-pw
+      FILE__MYSQL_PASSWORD: /run/secrets/lychee-db-pw
       MYSQL_DATABASE: lychee
       MYSQL_USER: lychee
-      MYSQL_PASSWORD: dbpassword
+    secrets:
+      - lychee-db-root-pw
+      - lychee-db-pw
 
 
   lychee:
@@ -132,11 +139,13 @@ services:
       - lychee-pictures:/pictures
     environment:
       <<: *common-environment
+      FILE__DB_PASSWORD: /run/secrets/lychee-db-pw
       DB_HOST: lychee-db
       DB_USERNAME: lychee
-      DB_PASSWORD: dbpassword
       DB_DATABASE: lychee
       DB_PORT: 3306
+    secrets:
+      - lychee-db-pw
 
         # WIP
         #  zotero:
@@ -185,6 +194,33 @@ services:
       - ./slides-notes/slides:/app/slides
 
 
+  nextcloud:
+    image: lscr.io/linuxserver/nextcloud:latest
+    container_name: nextcloud
+    restart: unless-stopped
+    environment: *common-environment
+    volumes:
+      - nextcloud-config:/config
+      - nextcloud-data:/data
+
+
+  nextcloud-db:
+    image: linuxserver/mariadb:latest
+    container_name: nextcloud-db
+    restart: unless-stopped
+    environment:
+      <<: *common-environment
+      FILE__MYSQL_ROOT_PASSWORD: /run/secrets/nextcloud-db-root-pw
+      FILE__MYSQL_PASSWORD: /run/secrets/nextcloud-db-pw
+      MYSQL_DATABASE: database
+      MYSQL_USER: user
+    volumes:
+      - nextcloud-db-config:/config
+    secrets:
+      - nextcloud-db-root-pw
+      - nextcloud-db-pw
+
+
 volumes:
   money-data:
   zotero-data:
@@ -194,3 +230,21 @@ volumes:
   taskserver-data:
   taskserver-certs:
   transmission-config:
+  nextcloud-data:
+  nextcloud-config:
+  nextcloud-db-config:
+
+
+secrets:
+  lychee-db-root-pw:
+    file: lychee-db-root-pw.secret
+  lychee-db-pw:
+    file: lychee-db-pw.secret
+  nextcloud-db-root-pw:
+    file: nextcloud-db-root-pw.secret
+  nextcloud-db-pw:
+    file: nextcloud-db-pw.secret
+  transmission-user:
+    file: transmission-user.secret
+  transmission-pw:
+    file: transmission-pw.secret

swag/nginx/proxy-confs/nextcloud.subdomain.conf

@@ -0,0 +1,36 @@
+## Version 2021/05/18
+# make sure that your dns has a cname set for nextcloud
+# assuming this container is called "swag", edit your nextcloud container's config
+# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
+#  'trusted_proxies' => ['swag'],
+#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
+#  'overwritehost' => 'nextcloud.your-domain.com',
+#  'overwriteprotocol' => 'https',
+#
+# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
+#  array (
+#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
+#    1 => 'nextcloud.your-domain.com',
+#  ),
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name kdoc-testing.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nextcloud;
+        set $upstream_port 443;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        proxy_max_temp_file_size 2048m;
+    }
+}