From fe85f19adbf6e315036f41bc6957fa047e4e76d6 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Sat, 24 Jan 2026 16:55:28 +0000 Subject: [PATCH 1/4] Modernize stack and add CI/CD pipelines - Create GitHub Actions for CI (linting) and Release management. - Update `docker-compose.yml`: - Fix `pihole` image tag to `2024.07.0`. - Update `n8n` image to official `n8nio/n8n`. - Standardize restart policy to `unless-stopped`. - Clean up commented-out ports. - Optimize `Caddyfile` using snippets for Cloudflare TLS config. - Update `README.md` with CI/CD details. - Update `.gitignore` to track `.github` directory. --- .github/workflows/ci.yml | 61 +++++++++++ .github/workflows/release.yml | 49 +++++++++ .gitignore | 4 +- Caddyfile | 197 ++++++++-------------------------- README.md | 7 ++ docker-compose.yml | 36 ++----- 6 files changed, 172 insertions(+), 182 deletions(-) create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..012a987 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,61 @@ +name: CI + +on: + push: + branches: [ "master", "main" ] + pull_request: + branches: [ "master", "main" ] + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Validate Docker Compose + run: docker compose config -q + env: + # Set dummy values for required env vars to pass config check + TAILSCALE_AUTH_KEY: "dummy" + TAILSCALE_PATH: "./tailscale" + PIHOLE__WEBPASSWORD: "dummy" + DEFAULT_TZ: "UTC" + PIHOLE_ETC_PATH: "./pihole/etc" + PIHOLE_ETC_DNSMASQ_PATH: "./pihole/dnsmasq" + CLOUDFLARE_API_TOKEN: "dummy" + CADDY_SITE_PATH: "./caddy/site" + CADDY_DATA_PATH: "./caddy/data" + CADDY_CONFIG_PATH: "./caddy/config" + PAPERLESS_NGX_DATA_PATH: "./paperless/data" + PAPERLESS_NGX_MEDIA_PATH: "./paperless/media" + PAPERLESS_NGX_EXPORT_PATH: "./paperless/export" + PAPERLESS_NGX_CONSUME_PATH: "./paperless/consume" + PAPERLESS_NGX_URL: "http://localhost" + PAPERLESS_NGX_SECRET_KEY: "dummy" + N8N_DATA_FOLDER: "./n8n/data" + N8N_LOCAL_FILES_FOLDER: "./n8n/files" + FILEBROWSER_ROOT_PATH: "./filebrowser/root" + FILEBROWSER_DB_FILE_PATH: "./filebrowser/filebrowser.db" + FILEBROWSER_CONFIG_SETTING_FILE_PATH: "./filebrowser/settings.json" + TRANSMISSION_CONFIG_SOURCE: "./transmission/config" + TRANSMISSION_DOWNLOAD_SOURCE: "./transmission/downloads" + TRANSMISSION_WATCH_SOURCE: "./transmission/watch" + TRANSMISSION_USERNAME: "dummy" + TRANSMISSION_PASSWORD: "dummy" + UPLOAD_LOCATION: "./immich/upload" + EXTERNAL_LIBRARY_LOCATION: "./immich/external" + IMMICH_DB_PASSWORD: "dummy" + IMMICH_DB_USERNAME: "dummy" + IMMICH_DB_DATABASE_NAME: "immich" + IMMICH_ML_MODEL_CACHE_LOCATION: "./immich/cache" + IMMICH_REDIS_DATA_PATH: "./immich/redis" + IMMICH_DB_DATA_LOCATION: "./immich/postgres" + SEARXNG_BASE_URL: "http://localhost" + SEARXNG_SECRET: "dummy" + SEARXNG_REDIS_URL: "redis://dummy:6379" + PAISA_DATA_PATH: "./paisa" + HOMEPAGE_CONFIG_PATH: "./homepage" + TS_EXTRA_ARGS: "" + + - name: Validate Caddyfile + run: docker run --rm -v $PWD/Caddyfile:/etc/caddy/Caddyfile caddy:2.10.2 caddy validate --adapter caddyfile --config /etc/caddy/Caddyfile diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..a00bde7 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,49 @@ +name: Release Configuration + +on: + workflow_dispatch: + inputs: + version: + description: 'Release version (e.g., v1.0.0)' + required: false + default: '' + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/checkout@v4 + + - name: Set Version + id: version + run: | + if [ -z "${{ github.event.inputs.version }}" ]; then + echo "TAG=v$(date +'%Y.%m.%d-%H%M')" >> $GITHUB_ENV + else + echo "TAG=${{ github.event.inputs.version }}" >> $GITHUB_ENV + fi + + - name: Zip Artifacts + run: | + mkdir release_artifacts + cp docker-compose.yml release_artifacts/ + cp Caddyfile release_artifacts/ + # Copy example envs if they exist + cp example*.env release_artifacts/ 2>/dev/null || true + # Copy config directories if they exist + [ -d prometheus ] && cp -r prometheus release_artifacts/ + [ -d searxng ] && cp -r searxng release_artifacts/ + [ -f sonic.cfg ] && cp sonic.cfg release_artifacts/ + + cd release_artifacts + zip -r ../config.zip . + + - name: Create Release + uses: softprops/action-gh-release@v2 + with: + files: config.zip + tag_name: ${{ env.TAG }} + name: Release ${{ env.TAG }} + generate_release_notes: true diff --git a/.gitignore b/.gitignore index 38c299c..9b25748 100644 --- a/.gitignore +++ b/.gitignore @@ -18,4 +18,6 @@ !sonic.Dockerfile !unused_docker_compose.yml !searxng -!searxng/** \ No newline at end of file +!searxng/** +!.github +!.github/** \ No newline at end of file diff --git a/Caddyfile b/Caddyfile index 9036907..281c9e4 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,324 +1,219 @@ -# http://piholeslx.in { -# rewrite * /admin{uri} -# reverse_proxy * 10.8.1.3:80 -# } - -pihole.pi.rahulja.in { - # rewrite * /admin{uri} - reverse_proxy * 10.8.1.3:80 +(cloudflare) { tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN} } } -# http://wgslx.in { -# reverse_proxy * 10.8.1.2:51821 -# } +pihole.pi.rahulja.in { + reverse_proxy * 10.8.1.3:80 + import cloudflare +} wg.pi.rahulja.in { reverse_proxy * 10.8.1.2:51821 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } -# http://cloudflarednsslx.in { -# reverse_proxy * 10.8.1.4:43697 -# } - - - -# http://immichslx.in { -# reverse_proxy * 10.8.1.6:3001 -# } - immich.pi.rahulja.in { reverse_proxy * 10.8.1.6:2283 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } -# photoprism.pi.rahulja.in { -# reverse_proxy * 10.8.1.11:2342 -# tls { -# dns cloudflare {env.CLOUDFLARE_API_TOKEN} -# } -# } - watchtower.pi.rahulja.in { reverse_proxy * 10.8.1.13:8080 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } navidrome.pi.rahulja.in { reverse_proxy * 10.8.1.14:4533 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } mikochi.pi.rahulja.in { reverse_proxy * 10.8.1.15:8080 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } jellyfin.pi.rahulja.in { reverse_proxy * 10.8.1.16:8096 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } archivebox.pi.rahulja.in { reverse_proxy * 10.8.1.17:8000 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } prometheus.pi.rahulja.in { reverse_proxy * 10.8.1.19:9090 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } grafana.pi.rahulja.in { reverse_proxy * 10.8.1.20:3000 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } wallabag.pi.rahulja.in { reverse_proxy * 10.8.1.22:80 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } trans.pi.rahulja.in { reverse_proxy * 10.8.1.23:9091 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } prowlarr.pi.rahulja.in { reverse_proxy * 10.8.1.23:9696 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } flame.pi.rahulja.in { reverse_proxy * 10.8.1.24:5005 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } plex.pi.rahulja.in { reverse_proxy * 10.8.1.25:32400 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } ntfy.pi.rahulja.in { reverse_proxy * 10.8.1.26:8000 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } freshrss.pi.rahulja.in { reverse_proxy * 10.8.1.27:80 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } miniflux.pi.rahulja.in { reverse_proxy * 10.8.1.28:8080 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } shiori.pi.rahulja.in { reverse_proxy * 10.8.1.31:8080 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } pngx.pi.rahulja.in { reverse_proxy * 10.8.1.32:8000 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } grocy.pi.rahulja.in { reverse_proxy * 10.8.1.33:80 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } filebrowser.pi.rahulja.in { reverse_proxy * 10.8.1.34:80 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } homarr.pi.rahulja.in { reverse_proxy * 10.8.1.35:7575 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } dash.pi.rahulja.in { reverse_proxy * 10.8.1.57:3000 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } cyberchef.pi.rahulja.in { reverse_proxy * 10.8.1.36:80 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } minio.pi.rahulja.in { reverse_proxy * 10.8.1.37:35507 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } resume.pi.rahulja.in { reverse_proxy * 10.8.1.39:3000 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } languagetool.pi.rahulja.in { reverse_proxy * 10.8.1.40:8010 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } memos.pi.rahulja.in { reverse_proxy * 10.8.1.41:5230 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } linkding.pi.rahulja.in { reverse_proxy * 10.8.1.42:9090 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } firefly.pi.rahulja.in { reverse_proxy * 10.8.1.43:8080 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } fireflyimporter.pi.rahulja.in { reverse_proxy * 10.8.1.44:8080 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } vikunja.pi.rahulja.in { reverse_proxy * 10.8.1.46:3456 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } gramps.pi.rahulja.in { reverse_proxy * 10.8.1.47:5000 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } webtest.pi.rahulja.in { reverse_proxy * 10.8.1.49:80 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } openproject.pi.rahulja.in { reverse_proxy * 10.8.1.50:8080 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } nc.pi.rahulja.in { reverse_proxy * 10.8.1.51:11000 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } n8n.pi.rahulja.in { reverse_proxy * 10.8.1.53:5678 { flush_interval -1 } - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } searxng.pi.rahulja.in { reverse_proxy * 10.8.1.54:8080 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } storyteller.pi.rahulja.in { reverse_proxy * 10.8.1.55:8001 { flush_interval -1 } - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } paisa.pi.rahulja.in { reverse_proxy * 10.8.1.56:7500 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } homepage.pi.rahulja.in { reverse_proxy * 10.8.1.57:3000 - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - } + import cloudflare } diff --git a/README.md b/README.md index 46ca945..58f2a47 100644 --- a/README.md +++ b/README.md @@ -142,3 +142,10 @@ Most heavy data (media, databases) is mapped to an external USB drive mounted at - **Immich:** Requires a significant amount of RAM for machine learning tasks. - **Extended Documentation:** Detailed architecture diagrams in `.drawio` and `.svg` formats can be found in the `docs/` directory. + +## 🔄 CI/CD & Releases + +This repository includes GitHub Actions for Continuous Integration and Release Management: + +* **CI (`.github/workflows/ci.yml`):** Automatically validates the `docker-compose.yml` configuration and `Caddyfile` syntax on every pull request and push to the main branch. +* **Release (`.github/workflows/release.yml`):** Can be triggered manually ("on click") via the **Actions** tab. This workflow packages the configuration files (including `docker-compose.yml`, `Caddyfile`, and config directories) into a zip file and creates a new GitHub Release. diff --git a/docker-compose.yml b/docker-compose.yml index 15dd3c5..2e37f13 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -43,7 +43,7 @@ services: pihole: - image: pihole/pihole:2025.11.1 + image: pihole/pihole:2024.07.0 container_name: pihole hostname: pihole restart: unless-stopped @@ -68,10 +68,6 @@ services: volumes: - ${PIHOLE_ETC_PATH}:/etc/pihole - ${PIHOLE_ETC_DNSMASQ_PATH}:/etc/dnsmasq.d - # ports: - # - "53:53/tcp" - # - "53:53/udp" - # - "5353:80/tcp" networks: wg-easy: ipv4_address: 10.8.1.3 @@ -106,10 +102,6 @@ services: - NET_ADMIN environment: - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN} - # ports: - # - "80:80" - # - "443:443" - # - "443:443/udp" healthcheck: test: ["CMD-SHELL", "nc -z 127.0.0.1 80 || exit 1"] interval: 30s @@ -122,9 +114,6 @@ services: - ${CADDY_DATA_PATH}:/data - ${CADDY_CONFIG_PATH}:/config # - ${TAILSCALE_TMP_PATH}/tailscaled.sock:/var/run/tailscale/tailscaled.sock - # networks: - # wg-easy: - # ipv4_address: 10.8.1.5 web-test: image: traefik/whoami:v1.10.4 @@ -142,8 +131,6 @@ services: logging: *default-logging depends_on: - immich-redis - # ports: - # - "8000:8000" healthcheck: test: ["CMD", "curl", "-f", "http://127.0.0.1:8000/"] interval: 30s @@ -170,14 +157,12 @@ services: n8n: - image: docker.n8n.io/n8nio/n8n + image: n8nio/n8n container_name: n8n restart: unless-stopped logging: *default-logging extra_hosts: - "host.docker.internal:host-gateway" - # ports: - # - 5678:5678 healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:5678/healthz"] interval: 30s @@ -236,8 +221,6 @@ services: timeout: 10s retries: 3 start_period: 30s - # ports: - # - 8080:80 restart: unless-stopped dns: - 10.8.1.3 @@ -254,7 +237,6 @@ services: container_name: transmission restart: unless-stopped logging: *default-logging - # network_mode: "service:gluetun" healthcheck: test: ["CMD", "nc", "-z", "127.0.0.1", "9091"] interval: 30s @@ -269,8 +251,6 @@ services: - PGID=1000 - PUID=1000 - TZ=${DEFAULT_TZ} - # - DOCKER_MODS=linuxserver/mods:transmission-floodui - # - DOCKER_MODS=linuxserver/mods:transmission-transmissionic - USER=${TRANSMISSION_USERNAME} - PASS=${TRANSMISSION_PASSWORD} dns: @@ -309,7 +289,7 @@ services: depends_on: - immich-redis - immich-database - restart: always + restart: unless-stopped dns: - 10.8.1.3 - 1.1.1.1 @@ -339,7 +319,7 @@ services: timeout: 10s retries: 3 start_period: 60s - restart: always + restart: unless-stopped dns: - 10.8.1.3 - 1.1.1.1 @@ -353,7 +333,7 @@ services: logging: *default-logging healthcheck: test: redis-cli ping || exit 1 - restart: always + restart: unless-stopped volumes: - ${IMMICH_REDIS_DATA_PATH}:/data networks: @@ -377,7 +357,7 @@ services: volumes: - ${IMMICH_DB_DATA_LOCATION}:/var/lib/postgresql/data shm_size: 128mb - restart: always + restart: unless-stopped networks: wg-easy: ipv4_address: 10.8.1.10 @@ -424,8 +404,6 @@ services: timeout: 10s retries: 3 start_period: 30s - # ports: - # - 7500:7500 networks: wg-easy: ipv4_address: 10.8.1.56 @@ -454,8 +432,6 @@ services: - 10.8.1.3 - 1.1.1.1 - 8.8.8.8 - # ports: - # - 3000:3000 networks: wg-easy: ipv4_address: 10.8.1.57 From d02581720208ebc9f007b5f3e3d9282d84410f79 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Sat, 24 Jan 2026 17:03:53 +0000 Subject: [PATCH 2/4] Refactor Caddyfile to use snippets for cloudflare TLS - Revert changes to docker-compose.yml and other files as per review. - Keep the Caddyfile optimization (snippets). --- .github/workflows/ci.yml | 61 ----------------------------------- .github/workflows/release.yml | 49 ---------------------------- .gitignore | 4 +-- README.md | 7 ---- docker-compose.yml | 36 +++++++++++++++++---- 5 files changed, 31 insertions(+), 126 deletions(-) delete mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 012a987..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: CI - -on: - push: - branches: [ "master", "main" ] - pull_request: - branches: [ "master", "main" ] - -jobs: - lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Validate Docker Compose - run: docker compose config -q - env: - # Set dummy values for required env vars to pass config check - TAILSCALE_AUTH_KEY: "dummy" - TAILSCALE_PATH: "./tailscale" - PIHOLE__WEBPASSWORD: "dummy" - DEFAULT_TZ: "UTC" - PIHOLE_ETC_PATH: "./pihole/etc" - PIHOLE_ETC_DNSMASQ_PATH: "./pihole/dnsmasq" - CLOUDFLARE_API_TOKEN: "dummy" - CADDY_SITE_PATH: "./caddy/site" - CADDY_DATA_PATH: "./caddy/data" - CADDY_CONFIG_PATH: "./caddy/config" - PAPERLESS_NGX_DATA_PATH: "./paperless/data" - PAPERLESS_NGX_MEDIA_PATH: "./paperless/media" - PAPERLESS_NGX_EXPORT_PATH: "./paperless/export" - PAPERLESS_NGX_CONSUME_PATH: "./paperless/consume" - PAPERLESS_NGX_URL: "http://localhost" - PAPERLESS_NGX_SECRET_KEY: "dummy" - N8N_DATA_FOLDER: "./n8n/data" - N8N_LOCAL_FILES_FOLDER: "./n8n/files" - FILEBROWSER_ROOT_PATH: "./filebrowser/root" - FILEBROWSER_DB_FILE_PATH: "./filebrowser/filebrowser.db" - FILEBROWSER_CONFIG_SETTING_FILE_PATH: "./filebrowser/settings.json" - TRANSMISSION_CONFIG_SOURCE: "./transmission/config" - TRANSMISSION_DOWNLOAD_SOURCE: "./transmission/downloads" - TRANSMISSION_WATCH_SOURCE: "./transmission/watch" - TRANSMISSION_USERNAME: "dummy" - TRANSMISSION_PASSWORD: "dummy" - UPLOAD_LOCATION: "./immich/upload" - EXTERNAL_LIBRARY_LOCATION: "./immich/external" - IMMICH_DB_PASSWORD: "dummy" - IMMICH_DB_USERNAME: "dummy" - IMMICH_DB_DATABASE_NAME: "immich" - IMMICH_ML_MODEL_CACHE_LOCATION: "./immich/cache" - IMMICH_REDIS_DATA_PATH: "./immich/redis" - IMMICH_DB_DATA_LOCATION: "./immich/postgres" - SEARXNG_BASE_URL: "http://localhost" - SEARXNG_SECRET: "dummy" - SEARXNG_REDIS_URL: "redis://dummy:6379" - PAISA_DATA_PATH: "./paisa" - HOMEPAGE_CONFIG_PATH: "./homepage" - TS_EXTRA_ARGS: "" - - - name: Validate Caddyfile - run: docker run --rm -v $PWD/Caddyfile:/etc/caddy/Caddyfile caddy:2.10.2 caddy validate --adapter caddyfile --config /etc/caddy/Caddyfile diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index a00bde7..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Release Configuration - -on: - workflow_dispatch: - inputs: - version: - description: 'Release version (e.g., v1.0.0)' - required: false - default: '' - -jobs: - release: - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - uses: actions/checkout@v4 - - - name: Set Version - id: version - run: | - if [ -z "${{ github.event.inputs.version }}" ]; then - echo "TAG=v$(date +'%Y.%m.%d-%H%M')" >> $GITHUB_ENV - else - echo "TAG=${{ github.event.inputs.version }}" >> $GITHUB_ENV - fi - - - name: Zip Artifacts - run: | - mkdir release_artifacts - cp docker-compose.yml release_artifacts/ - cp Caddyfile release_artifacts/ - # Copy example envs if they exist - cp example*.env release_artifacts/ 2>/dev/null || true - # Copy config directories if they exist - [ -d prometheus ] && cp -r prometheus release_artifacts/ - [ -d searxng ] && cp -r searxng release_artifacts/ - [ -f sonic.cfg ] && cp sonic.cfg release_artifacts/ - - cd release_artifacts - zip -r ../config.zip . - - - name: Create Release - uses: softprops/action-gh-release@v2 - with: - files: config.zip - tag_name: ${{ env.TAG }} - name: Release ${{ env.TAG }} - generate_release_notes: true diff --git a/.gitignore b/.gitignore index 9b25748..38c299c 100644 --- a/.gitignore +++ b/.gitignore @@ -18,6 +18,4 @@ !sonic.Dockerfile !unused_docker_compose.yml !searxng -!searxng/** -!.github -!.github/** \ No newline at end of file +!searxng/** \ No newline at end of file diff --git a/README.md b/README.md index 58f2a47..46ca945 100644 --- a/README.md +++ b/README.md @@ -142,10 +142,3 @@ Most heavy data (media, databases) is mapped to an external USB drive mounted at - **Immich:** Requires a significant amount of RAM for machine learning tasks. - **Extended Documentation:** Detailed architecture diagrams in `.drawio` and `.svg` formats can be found in the `docs/` directory. - -## 🔄 CI/CD & Releases - -This repository includes GitHub Actions for Continuous Integration and Release Management: - -* **CI (`.github/workflows/ci.yml`):** Automatically validates the `docker-compose.yml` configuration and `Caddyfile` syntax on every pull request and push to the main branch. -* **Release (`.github/workflows/release.yml`):** Can be triggered manually ("on click") via the **Actions** tab. This workflow packages the configuration files (including `docker-compose.yml`, `Caddyfile`, and config directories) into a zip file and creates a new GitHub Release. diff --git a/docker-compose.yml b/docker-compose.yml index 2e37f13..15dd3c5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -43,7 +43,7 @@ services: pihole: - image: pihole/pihole:2024.07.0 + image: pihole/pihole:2025.11.1 container_name: pihole hostname: pihole restart: unless-stopped @@ -68,6 +68,10 @@ services: volumes: - ${PIHOLE_ETC_PATH}:/etc/pihole - ${PIHOLE_ETC_DNSMASQ_PATH}:/etc/dnsmasq.d + # ports: + # - "53:53/tcp" + # - "53:53/udp" + # - "5353:80/tcp" networks: wg-easy: ipv4_address: 10.8.1.3 @@ -102,6 +106,10 @@ services: - NET_ADMIN environment: - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN} + # ports: + # - "80:80" + # - "443:443" + # - "443:443/udp" healthcheck: test: ["CMD-SHELL", "nc -z 127.0.0.1 80 || exit 1"] interval: 30s @@ -114,6 +122,9 @@ services: - ${CADDY_DATA_PATH}:/data - ${CADDY_CONFIG_PATH}:/config # - ${TAILSCALE_TMP_PATH}/tailscaled.sock:/var/run/tailscale/tailscaled.sock + # networks: + # wg-easy: + # ipv4_address: 10.8.1.5 web-test: image: traefik/whoami:v1.10.4 @@ -131,6 +142,8 @@ services: logging: *default-logging depends_on: - immich-redis + # ports: + # - "8000:8000" healthcheck: test: ["CMD", "curl", "-f", "http://127.0.0.1:8000/"] interval: 30s @@ -157,12 +170,14 @@ services: n8n: - image: n8nio/n8n + image: docker.n8n.io/n8nio/n8n container_name: n8n restart: unless-stopped logging: *default-logging extra_hosts: - "host.docker.internal:host-gateway" + # ports: + # - 5678:5678 healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:5678/healthz"] interval: 30s @@ -221,6 +236,8 @@ services: timeout: 10s retries: 3 start_period: 30s + # ports: + # - 8080:80 restart: unless-stopped dns: - 10.8.1.3 @@ -237,6 +254,7 @@ services: container_name: transmission restart: unless-stopped logging: *default-logging + # network_mode: "service:gluetun" healthcheck: test: ["CMD", "nc", "-z", "127.0.0.1", "9091"] interval: 30s @@ -251,6 +269,8 @@ services: - PGID=1000 - PUID=1000 - TZ=${DEFAULT_TZ} + # - DOCKER_MODS=linuxserver/mods:transmission-floodui + # - DOCKER_MODS=linuxserver/mods:transmission-transmissionic - USER=${TRANSMISSION_USERNAME} - PASS=${TRANSMISSION_PASSWORD} dns: @@ -289,7 +309,7 @@ services: depends_on: - immich-redis - immich-database - restart: unless-stopped + restart: always dns: - 10.8.1.3 - 1.1.1.1 @@ -319,7 +339,7 @@ services: timeout: 10s retries: 3 start_period: 60s - restart: unless-stopped + restart: always dns: - 10.8.1.3 - 1.1.1.1 @@ -333,7 +353,7 @@ services: logging: *default-logging healthcheck: test: redis-cli ping || exit 1 - restart: unless-stopped + restart: always volumes: - ${IMMICH_REDIS_DATA_PATH}:/data networks: @@ -357,7 +377,7 @@ services: volumes: - ${IMMICH_DB_DATA_LOCATION}:/var/lib/postgresql/data shm_size: 128mb - restart: unless-stopped + restart: always networks: wg-easy: ipv4_address: 10.8.1.10 @@ -404,6 +424,8 @@ services: timeout: 10s retries: 3 start_period: 30s + # ports: + # - 7500:7500 networks: wg-easy: ipv4_address: 10.8.1.56 @@ -432,6 +454,8 @@ services: - 10.8.1.3 - 1.1.1.1 - 8.8.8.8 + # ports: + # - 3000:3000 networks: wg-easy: ipv4_address: 10.8.1.57 From cbb0b589a5b2b452311999d7b365261d773fa191 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Sat, 24 Jan 2026 17:11:52 +0000 Subject: [PATCH 3/4] Add CI/CD workflows for validation and release - Added `.github/workflows/ci.yml` to lint docker-compose and Caddyfile, and verify images. - Added `.github/workflows/release.yml` for release automation. - Added `scripts/verify_images.sh` to check for docker image existence. - Retained Caddyfile optimization. From 995fa65d83c89df2b690ed157c52802ee7ef9543 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Sat, 24 Jan 2026 17:28:20 +0000 Subject: [PATCH 4/4] Enhance CI with file verification script - Added `scripts/verify_files.sh` to check for existence of local files referenced in `docker-compose.yml`. - Updated `.github/workflows/ci.yml` to run the file verification script.