homelab/docker-compose-templates
1
0
Fork 0
Code Pull Requests Activity
476 Commits 1 Branch 0 Tags
5aa85b0920be0135e49a3583367c5715ef4760f8
Commit Graph

266 Commits

Author SHA1 Message Date
lukas 5aa85b0920 secrets: migrate exposed plaintext secrets to git-crypt 
Move all hardcoded credentials out of tracked compose/env files into the
git-crypt-encrypted secrets/ directory, using each app's supported mechanism:

- env_file -> secrets/*.env: mealie, navidrome, karakeep, meilisearch,
  baserow, maloja, valheim, photoprism, komf, openldap, penpot, vaultwarden
- file:///run/secrets: authentik email password
- jelu DB password appended to existing secrets/jelu.env

Untrack root .env (interpolated ${VAR} secrets) and add sanitized
.env.example template; gitignore /.env.

Move unreferenced orphan files (mediawiki/rtorrent/snibox .env) into
secrets/ to preserve values while encrypting them.

Add SECURITY.md documenting the secrets conventions and a rotation
checklist. NOTE: all migrated values remain in prior git history and
must be rotated at their providers.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
 2026-06-12 13:15:25 +02:00
lukas d35a9cf672 navidrome: auth workaround 2026-06-12 11:51:36 +02:00
lukas 72406c0000 polaris: add 2026-06-12 11:51:27 +02:00
lukas 2fece90ad2 yamtrack: update 2026-06-12 11:51:23 +02:00
lukas ef214f03aa slskd: update 2026-06-12 11:51:18 +02:00
lukas b20474b7b5 authentik: update 2026-06-12 11:51:12 +02:00
lukas 41c92dc6e7 use different chrome image 2026-06-12 11:51:07 +02:00
lukas e107be3474 karakeep: update ai conf 2026-06-12 11:50:58 +02:00
lukas ab1a6336aa rss-bridge: use labels 2026-06-12 11:50:48 +02:00
lukas 913e7ba387 add qui 2026-06-12 11:50:38 +02:00
lukas 5d8d51949d add framework13 host record 2026-06-12 11:50:29 +02:00
lukas e43c1e5fb0 mealie: skip login page 2026-05-12 20:15:43 +02:00
lukas c531e12db6 timetracker: simplify conf for 1.7.0 2026-05-12 20:14:56 +02:00
lukas 0d0dcc92d0 update oldguy record 2026-05-12 20:14:38 +02:00
lukas 2430d89eb5 navidrome: set log level to debug 2026-05-10 13:36:44 +02:00
lukas 49dd3171ee navidrome: update renamed env var 2026-05-10 13:36:36 +02:00
lukas 911c29cae4 navidrome: make apps work with forward auth 2026-05-10 13:36:16 +02:00
lukas 92b850088e beets: update to 2.11.0 2026-05-10 13:35:58 +02:00
lukas de67c5b4ce audiobookshelf: update to 2.34.0 2026-05-10 13:35:44 +02:00
lukas 4e7515c71e qbittorrent: add comment with updated version 
need to wait until private trackers support it:
* AnimeBytes: https://animebytes.tv/rules/clients
* Orpheus: https://orpheus.network/rules.php?p=clients
 2026-05-10 13:35:33 +02:00
lukas aa5b159208 authentik: update to 2026.2.2 2026-05-10 13:34:02 +02:00
lukas 9b48da7a00 ai-chat: add subdomain 2026-04-29 14:40:19 +02:00
lukas 2682feb202 gitea: update to 1.26.1 2026-04-29 14:40:02 +02:00
lukas b2df0dd700 beets: update to 2.10.0 2026-04-29 14:39:47 +02:00
lukas 29a775f5f9 navidrome: stop using .env file 2026-04-19 17:28:07 +02:00
lukas 6ca9eac281 skslkd: do not publish ports 2026-04-19 17:19:39 +02:00
lukas a689b89e5e karakeep: switch to llm-swap, update models 2026-04-19 17:19:39 +02:00
lukas abc750fb49 karakeep: use debug log level 2026-04-19 17:19:39 +02:00
lukas 15fce07c2b karakeep: update to 0.31.0 2026-04-19 17:19:39 +02:00
lukas f936d81815 qbittorrent: update to 5.1.4 2026-04-19 17:19:39 +02:00
lukas bcfbcded4c ghost: remove cruft 2026-04-19 17:19:39 +02:00
lukas 9678516f1a syncthing: update to 2.0.12 2026-04-19 17:19:39 +02:00
lukas 76c7280ad1 paperless-ngx: use authentik 2026-04-19 17:19:39 +02:00
lukas e9f4d92b2b paperless-ngx: update to 2.20.14 2026-04-19 17:19:39 +02:00
lukas 58c867d134 stash: update to 0.31.1 2026-04-19 17:19:39 +02:00
lukas fc604839ca beets: update to 2.9.0 2026-04-19 17:19:39 +02:00
lukas 50ef387aef audiobookshelf: do not publish ports 2026-04-19 17:19:39 +02:00
lukas 13209cd134 audiobookshelf: update to 2.33.1 2026-04-19 17:19:39 +02:00
lukas 9a3747f348 ntfy: update to 2.16.0 2026-04-19 17:19:39 +02:00
lukas 72636d78de dnsmasq: add more records 2026-04-19 17:19:39 +02:00
lukas 7cb5094e0e use DOMAIN, DOMAIN_LOCAL consistently everywhere 2026-04-19 17:19:38 +02:00
lukas abc735d71c yamtrack: add 2026-04-19 17:19:38 +02:00
lukas fbd6aa1fde navidrome: use authentik 2026-04-19 17:19:38 +02:00
lukas b9a4504000 navidrome: update to 0.61.2, fix env variables 2026-04-19 17:19:38 +02:00
lukas 979bb6c342 immich-machine-learning: add nvidia version 2026-02-11 16:20:08 +01:00
lukas 1e6114e1c7 booklore: use local domain 2026-01-16 11:48:04 +01:00
lukas 3fe761c9ef ersatztv: use local domain 2026-01-16 11:47:58 +01:00
lukas a1d17e04cb baserow: use local domain 2026-01-16 11:47:51 +01:00
lukas 04fc7fb383 mediawiki: use local domain 2026-01-16 11:47:46 +01:00
lukas 5bafd36fe7 navidrome: use local domain 2026-01-16 11:47:39 +01:00