homelab/docker-compose-templates
1
0
Fork 0
Code Pull Requests Activity
476 Commits 1 Branch 0 Tags
5aa85b0920be0135e49a3583367c5715ef4760f8
Commit Graph

140 Commits

Author SHA1 Message Date
lukas 5aa85b0920 secrets: migrate exposed plaintext secrets to git-crypt 
Move all hardcoded credentials out of tracked compose/env files into the
git-crypt-encrypted secrets/ directory, using each app's supported mechanism:

- env_file -> secrets/*.env: mealie, navidrome, karakeep, meilisearch,
  baserow, maloja, valheim, photoprism, komf, openldap, penpot, vaultwarden
- file:///run/secrets: authentik email password
- jelu DB password appended to existing secrets/jelu.env

Untrack root .env (interpolated ${VAR} secrets) and add sanitized
.env.example template; gitignore /.env.

Move unreferenced orphan files (mediawiki/rtorrent/snibox .env) into
secrets/ to preserve values while encrypting them.

Add SECURITY.md documenting the secrets conventions and a rotation
checklist. NOTE: all migrated values remain in prior git history and
must be rotated at their providers.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
 2026-06-12 13:15:25 +02:00
lukas e563af37a4 cwa: switch to next gen fork 2026-06-12 11:50:16 +02:00
lukas 2ff03d8934 cwa: use secrets 2026-06-12 11:50:08 +02:00
lukas 987eed082d shelfmark: use secrets 2026-06-12 11:50:00 +02:00
lukas 3a3050ff86 shelfmark: update to 1.3.0 2026-06-12 11:49:34 +02:00
lukas 15f02adc22 miniflux: make it work with custom cert 2026-06-12 11:49:14 +02:00
lukas 6eeaf836be miniflux: update to 2.3.0 2026-06-12 11:49:02 +02:00
lukas f4f68793b7 kavita: update to 0.9.0.2 2026-06-12 11:48:44 +02:00
lukas abfd4b4718 sabnzbd: update to 5.0.1 2026-05-10 13:33:04 +02:00
lukas e99b086f04 kavita: update to 0.9.0 2026-05-10 13:32:38 +02:00
lukas cc4c9f347b shelfmark: configure OIDC via env vars 2026-05-10 13:32:31 +02:00
lukas 361e6278d6 shelfmark: update to 1.2.3 2026-05-10 13:32:19 +02:00
lukas bc682e928a shelfmark: disable local auth 2026-04-29 14:39:23 +02:00
lukas b278936859 redlib: revert to pr-509 branch 2026-04-19 17:19:39 +02:00
lukas 86565dee5e jellyfin: update to 10.11.7 2026-04-19 17:19:39 +02:00
lukas 1058cfdbc7 shelfmark: add /downloads volume 2026-04-19 17:19:39 +02:00
lukas 038497f12e shelfmark: assign static ip 2026-04-19 17:19:39 +02:00
lukas 83bf825714 shelfmark: fix user/group 2026-04-19 17:19:39 +02:00
lukas 37ef7ccfc4 rename calibre-web-automated-book-downloader to shelfmark 2026-04-19 17:19:39 +02:00
lukas b6e1aa9392 calibre-web-automated: enable hardcover integration 2026-04-19 17:19:39 +02:00
lukas 5e289816c5 calibre-web-automated: update to 4.0.6 2026-04-19 17:19:39 +02:00
lukas 7cb5094e0e use DOMAIN, DOMAIN_LOCAL consistently everywhere 2026-04-19 17:19:38 +02:00
lukas a78d719986 handbrake-worker: add for desktop 2026-02-11 16:20:08 +01:00
lukas f622be5c5e redlib: use PR 509 2026-02-11 16:17:58 +01:00
lukas 6d185c2324 komga: integrate komf 2026-01-16 11:48:50 +01:00
lukas f24db0b1db redlib: revert to official image 2026-01-16 11:45:27 +01:00
lukas 4676c7c44a miniflux: use local domain 2026-01-16 11:44:16 +01:00
lukas 0d29a561d0 kavita: use local domain 2026-01-16 11:44:07 +01:00
lukas c902cd7d42 kavita: update to 0.8.9 2026-01-16 11:44:03 +01:00
lukas 0f1e7f9692 calibre-web: use local domain 2026-01-16 11:43:48 +01:00
lukas beae9f165c drone: use local domain 2026-01-16 11:43:40 +01:00
lukas d1b080ef5e calibre-web-automated + calibre-web-automated-book-downloader: add 2026-01-12 13:42:03 +01:00
lukas 0df36519a0 miniflux: update to 2.2.16 2026-01-12 13:38:14 +01:00
lukas d87f19bb67 sabnzbd: remove docker mod theming 2026-01-12 13:38:03 +01:00
lukas 168fb91d09 redlib: add a bandaid until proper fix 2025-12-30 07:50:49 +01:00
lukas c7ce83f158 sonarr: publish locally 2025-12-30 07:49:48 +01:00
lukas c706b0e94c sabnzbd: publish locally 2025-12-30 07:49:42 +01:00
lukas 030063e2c8 radarr: publish locally 2025-12-30 07:49:33 +01:00
lukas 09e04d988d prowlarr: publish locally 2025-12-30 07:49:24 +01:00
lukas 9ba3797930 miniflux: make database connection secret 2025-12-30 07:49:18 +01:00
lukas cf37267d0f miniflux: switch auth to authentik 2025-12-30 07:49:02 +01:00
lukas fa852feed4 miniflux: depend on postgres 2025-12-30 07:45:49 +01:00
lukas b91b032475 gluetun: change to wireguard 2025-12-30 07:45:30 +01:00
lukas a3add2f861 jellyfin: update to 10.11.5 2025-12-30 07:44:13 +01:00
lukas 2bd184ba90 syncthing/calibre: move to slow storage 2025-12-30 07:44:02 +01:00
lukas 78a0420b24 calibre-web: publish locally 2025-12-30 07:43:12 +01:00
lukas 8a060f1840 bazarr: publish locally 2025-12-30 07:43:01 +01:00
lukas 4c95abc6ab bazarr: update and pin to 1.5.3 2025-12-30 07:42:54 +01:00
lukas fd524435e2 redlib: fix env variables, expose locally 2025-12-01 14:11:38 +01:00
lukas 08dba1becc miniflux: add oauth2 2025-12-01 12:32:06 +01:00