homelab/docker-compose-templates
1
0
Fork 0
Code Pull Requests Activity
476 Commits 1 Branch 0 Tags
5aa85b0920be0135e49a3583367c5715ef4760f8
Commit Graph

476 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
lukas 5aa85b0920 secrets: migrate exposed plaintext secrets to git-crypt 
Move all hardcoded credentials out of tracked compose/env files into the
git-crypt-encrypted secrets/ directory, using each app's supported mechanism:

- env_file -> secrets/*.env: mealie, navidrome, karakeep, meilisearch,
  baserow, maloja, valheim, photoprism, komf, openldap, penpot, vaultwarden
- file:///run/secrets: authentik email password
- jelu DB password appended to existing secrets/jelu.env

Untrack root .env (interpolated ${VAR} secrets) and add sanitized
.env.example template; gitignore /.env.

Move unreferenced orphan files (mediawiki/rtorrent/snibox .env) into
secrets/ to preserve values while encrypting them.

Add SECURITY.md documenting the secrets conventions and a rotation
checklist. NOTE: all migrated values remain in prior git history and
must be rotated at their providers.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
 2026-06-12 13:15:25 +02:00
lukas d35a9cf672 navidrome: auth workaround 2026-06-12 11:51:36 +02:00
lukas 72406c0000 polaris: add 2026-06-12 11:51:27 +02:00
lukas 2fece90ad2 yamtrack: update 2026-06-12 11:51:23 +02:00
lukas ef214f03aa slskd: update 2026-06-12 11:51:18 +02:00
lukas b20474b7b5 authentik: update 2026-06-12 11:51:12 +02:00
lukas 41c92dc6e7 use different chrome image 2026-06-12 11:51:07 +02:00
lukas e107be3474 karakeep: update ai conf 2026-06-12 11:50:58 +02:00
lukas ab1a6336aa rss-bridge: use labels 2026-06-12 11:50:48 +02:00
lukas 913e7ba387 add qui 2026-06-12 11:50:38 +02:00
lukas 5d8d51949d add framework13 host record 2026-06-12 11:50:29 +02:00
lukas e563af37a4 cwa: switch to next gen fork 2026-06-12 11:50:16 +02:00
lukas 2ff03d8934 cwa: use secrets 2026-06-12 11:50:08 +02:00
lukas 987eed082d shelfmark: use secrets 2026-06-12 11:50:00 +02:00
lukas 3a3050ff86 shelfmark: update to 1.3.0 2026-06-12 11:49:34 +02:00
lukas 15f02adc22 miniflux: make it work with custom cert 2026-06-12 11:49:14 +02:00
lukas 6eeaf836be miniflux: update to 2.3.0 2026-06-12 11:49:02 +02:00
lukas f4f68793b7 kavita: update to 0.9.0.2 2026-06-12 11:48:44 +02:00
lukas e43c1e5fb0 mealie: skip login page 2026-05-12 20:15:43 +02:00
lukas c531e12db6 timetracker: simplify conf for 1.7.0 2026-05-12 20:14:56 +02:00
lukas 0d0dcc92d0 update oldguy record 2026-05-12 20:14:38 +02:00
lukas 2430d89eb5 navidrome: set log level to debug 2026-05-10 13:36:44 +02:00
lukas 49dd3171ee navidrome: update renamed env var 2026-05-10 13:36:36 +02:00
lukas 911c29cae4 navidrome: make apps work with forward auth 2026-05-10 13:36:16 +02:00
lukas 92b850088e beets: update to 2.11.0 2026-05-10 13:35:58 +02:00
lukas de67c5b4ce audiobookshelf: update to 2.34.0 2026-05-10 13:35:44 +02:00
lukas 4e7515c71e qbittorrent: add comment with updated version 
need to wait until private trackers support it:
* AnimeBytes: https://animebytes.tv/rules/clients
* Orpheus: https://orpheus.network/rules.php?p=clients
 2026-05-10 13:35:33 +02:00
lukas aa5b159208 authentik: update to 2026.2.2 2026-05-10 13:34:02 +02:00
lukas a583c208e8 authentik: remove cruft 2026-05-10 13:33:43 +02:00
lukas abfd4b4718 sabnzbd: update to 5.0.1 2026-05-10 13:33:04 +02:00
lukas e99b086f04 kavita: update to 0.9.0 2026-05-10 13:32:38 +02:00
lukas cc4c9f347b shelfmark: configure OIDC via env vars 2026-05-10 13:32:31 +02:00
lukas 361e6278d6 shelfmark: update to 1.2.3 2026-05-10 13:32:19 +02:00
lukas 9b48da7a00 ai-chat: add subdomain 2026-04-29 14:40:19 +02:00
lukas 2682feb202 gitea: update to 1.26.1 2026-04-29 14:40:02 +02:00
lukas b2df0dd700 beets: update to 2.10.0 2026-04-29 14:39:47 +02:00
lukas bc682e928a shelfmark: disable local auth 2026-04-29 14:39:23 +02:00
lukas 29a775f5f9 navidrome: stop using .env file 2026-04-19 17:28:07 +02:00
lukas dbc2753e83 audiobookshelf: remove port cruft 2026-04-19 17:19:39 +02:00
lukas 6ca9eac281 skslkd: do not publish ports 2026-04-19 17:19:39 +02:00
lukas a689b89e5e karakeep: switch to llm-swap, update models 2026-04-19 17:19:39 +02:00
lukas abc750fb49 karakeep: use debug log level 2026-04-19 17:19:39 +02:00
lukas 15fce07c2b karakeep: update to 0.31.0 2026-04-19 17:19:39 +02:00
lukas f936d81815 qbittorrent: update to 5.1.4 2026-04-19 17:19:39 +02:00
lukas bcfbcded4c ghost: remove cruft 2026-04-19 17:19:39 +02:00
lukas 9678516f1a syncthing: update to 2.0.12 2026-04-19 17:19:39 +02:00
lukas 76c7280ad1 paperless-ngx: use authentik 2026-04-19 17:19:39 +02:00
lukas e9f4d92b2b paperless-ngx: update to 2.20.14 2026-04-19 17:19:39 +02:00
lukas 58c867d134 stash: update to 0.31.1 2026-04-19 17:19:39 +02:00
lukas fc604839ca beets: update to 2.9.0 2026-04-19 17:19:39 +02:00