From 6310ec43ce7fad5d529949223b2e8692f0e54060 Mon Sep 17 00:00:00 2001 From: Alexey Skobkin Date: Mon, 15 Apr 2024 01:37:16 +0300 Subject: [PATCH] firefly-iii. adding stack draft. --- README.md | 91 +++++----- firefly-iii/.env.dist | 315 +++++++++++++++++++++++++++++++++ firefly-iii/db/.gitignore | 2 + firefly-iii/docker-compose.yml | 50 ++++++ firefly-iii/nginx/firefly.conf | 23 +++ firefly-iii/upload/.gitignore | 2 + 6 files changed, 438 insertions(+), 45 deletions(-) create mode 100644 firefly-iii/.env.dist create mode 100644 firefly-iii/db/.gitignore create mode 100644 firefly-iii/docker-compose.yml create mode 100644 firefly-iii/nginx/firefly.conf create mode 100644 firefly-iii/upload/.gitignore diff --git a/README.md b/README.md index dd8b92c..0b428e6 100644 --- a/README.md +++ b/README.md @@ -32,48 +32,49 @@ You need to change your database configuration to be able to do that. Check Not every stack is tested to fully work. -| App Name | Status | Image | Description | Links | -|-------------------------|--------------|----------------------------------------------|----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| ARK Server | ✅ | `thmhoag/arkserver` | ARK: Survival Evolved game server with ArkManager. | [Website](http://playark.com), [Steam](https://store.steampowered.com/app/346110/ARK_Survival_Evolved/), [Image Github](https://github.com/thmhoag/arkserver), [ArkManager](https://github.com/arkmanager/ark-server-tools) | -| Drone | ✅ | `drone/drone` | Continuous integration platform. | [Website](https://www.drone.io), [Github](https://github.com/harness/drone), [Image](https://hub.docker.com/r/drone/drone) | -| Drone Docker Runner | ✅ | `drone/drone-runner-docker` | CI runner daemon for Docker. | [Website](https://www.drone.io), [Github](https://github.com/drone-runners/drone-runner-docker), [Image](https://hub.docker.com/r/drone/drone-runner-docker) | -| Duplicati | ✅ | `linuxserver/duplicati` | Backup solution with many storage backends. | [Website](https://www.duplicati.com), [Github](https://github.com/duplicati/duplicati) | -| Element-web | ✅ | `vectorim/element-web` | Web Matrix client. | [Website](https://element.io), [Github](https://github.com/vector-im/element-web/) | -| emby | ✅ | `emby/embyserver` | Media server with online transcoding support. | [Website](https://emby.media) | -| Folding@Home | ✅ | `johnktims/folding-at-home` | Protein folding distributed computing platform. | [Website](https://foldingathome.org), [My guide](https://skobk.in/2020/06/folding-at-home-quick-start/) | -| Forgejo | ✅ | `codeberg.org/forgejo/forgejo` | Lightweight Git hosting platform. | [Website](https://forgejo.org), [Github](https://codeberg.org/forgejo/forgejo) | -| Gatus | ✅ | `twinproduction/gatus` | Advanced service(s) status page. | [Website](https://gatus.io), [Github](https://github.com/TwiN/gatus) | -| Home Assistant | ✅ | `ghcr.io/home-assistant/home-assistant` | Home automation suite. | [Website](https://www.home-assistant.io/), [Github](https://github.com/home-assistant) | -| Homer | ✅ | `b4bz/homer` | Server homepage generator. | [Github](https://github.com/bastienwirtz/homer), [Demo](https://homer-demo.netlify.app), [Configuration](https://github.com/bastienwirtz/homer/blob/main/docs/configuration.md) | -| I2PD | ✅ | `purplei2p/i2pd` | The Invisible Internet router. | [Website](https://i2pd.website), [Github](https://github.com/PurpleI2P/i2pd/), [I2P project](https://geti2p.net/) | -| InBucket | ✅ | `inbucket/inbucket` | Testing SMTP/POP3 mail server with web interface. | [Website](https://www.inbucket.org), [Github](https://github.com/inbucket/inbucket) | -| Killing Floor 2 server | ✅ Abandoned | `jeeaaasustest/killingfloor2-srv` | Killing Floor 2 game server. | | -| Lidarr | Not tested | `linuxserver/lidarr` | Music downloader and manager. | [Website](https://lidarr.audio), [Github](https://github.com/Lidarr/Lidarr), [Wiki](https://wiki.servarr.com/lidarr) | -| magnetico-web | ✅ | `skobkin/magnetico-web` | DHT indexer private web search front-end. | [Git](https://git.skobk.in/skobkin/magnetico-web), [Git mirror](https://gitlab.com/skobkin/magnetico-web) | -| magnetico-web-telegram | ✅ | `skobkin/magnetico-web-telegram-bot` | Magnetico Web Telegram bot. | [Bitbucket](https://bitbucket.org/skobkin/magnetico-web-telegram-bot/) | -| magneticod | ✅ | `boramalper/magneticod` | DHT indexing daemon. | [Website](https://www.boramalper.org/labs/magnetico/), [Github](https://github.com/boramalper/magnetico) | -| Matrix Telegram Bridge | ✅ | `dock.mau.dev/mautrix/telegram` | Telegram bridge for Matrix server | [Gitlab](https://mau.dev/mautrix/telegram/) | -| Metube | ✅ | `alexta69/metube` | Web GUI for yt-dlp. | [Github](https://github.com/alexta69/metube) | -| Murmur (Mumble server) | ✅ | `registry.gitlab.com/skobkin/docker-murmur` | Mumble VoIP server (custom build) | [Website](https://www.mumble.info), [Github](https://github.com/mumble-voip/mumble) | -| Ollama | ✅ | `ollama/ollama` | Toolkit for easily running LLM's locally. | [Website](https://ollama.com), [Github](https://github.com/ollama/ollama) | -| Open Streaming Platform | ✅ | `deamos/openstreamingplatform` | Live streaming platform. | [Website](https://openstreamingplatform.com), [Gitlab](https://gitlab.com/osp-group/flask-nginx-rtmp-manager) | -| OpenVPN | ✅ | `kylemanna/openvpn` | OpenVPN server with some management toolkit. | [Website](https://openvpn.net), [Image Github](https://www.github.com/kylemanna/docker-openvpn) | -| Owncast | ✅ | `gabekangas/owncast` | Live streaming platform with federation support. | [Website](https://owncast.online), [Github](https://github.com/owncast/owncast) | -| Portainer | ✅ | `portainer/portainer` | Docker Container management web UI. | [Website](https://www.portainer.io), [Github](https://github.com/portainer/portainer) | -| Proxy MTProto | ✅ | `mtproxy/mtproxy` | MTProto Telegram proxy. | [Website](https://telegram.org), [Github](https://github.com/TelegramMessenger/MTProxy) | -| Proxy Socks5 | ✅ | `serjs/go-socks5-proxy` | Simple SOCKS5 proxy. | [Github](https://github.com/serjs/socks5-server) | -| qBittorrent | ✅ | `linuxserver/qbittorrent` | qBittorrent (noX) | [Website](https://www.qbittorrent.org), [LinuxServer Fleet](https://fleet.linuxserver.io/image?name=linuxserver/qbittorrent) | -| Radarr | ✅ | `linuxserver/radarr` | Movie downloader and manager. | [Website](https://radarr.video), [Github](https://github.com/Radarr/Radarr), [Wiki](https://wiki.servarr.com/radarr) | -| Redis | ✅ | `redis` | Redis storage server. | [Website](https://redis.io), [Github](https://github.com/redis/redis-io) | -| Shadowsocks Client | ✅ | `ghcr.io/shadowsocks/sslocal-rust:latest` | Shadowsocks client (and SOCKS/HTTP/tunnel server). | [Website](https://shadowsocks.org), [Github](https://github.com/shadowsocks/shadowsocks-rust), [Configuration](https://github.com/shadowsocks/shadowsocks-rust#getting-started) | -| Shinobi | ✅ | `shinobisystems/shinobi` | Shinobi surveillance system | [Website](https://shinobi.video), [Github](https://github.com/ShinobiCCTV/Shinobi) | -| Sonarr | ✅ | `linuxserver/sonarr` | TV Shows, series and anime downloader and manager. | [Website](https://sonarr.tv), [Github](https://github.com/Sonarr/Sonarr), [Wiki](https://wiki.servarr.com/sonarr) | -| Speedtest | ✅ | `adolfintel/speedtest` | Libre speed test implementation. | [Website](https://librespeed.org), [Github](https://github.com/librespeed/speedtest) | -| Synapse | ✅ | `matrixdotorg/synapse` | Matrix reference server written in Python. | [Website](https://matrix.org/docs/projects/server/synapse), [Github](https://github.com/matrix-org/synapse), [Installation and configuration](https://matrix-org.github.io/synapse/latest/setup/installation.html) | -| Syncthing | ✅ | `linuxserver/syncthing` | P2P file synchronization daemon. | [Website](https://syncthing.net), [Github](https://github.com/syncthing/syncthing) | -| Telegram LLM Bot | ✅ | `skobkin/telegram-llm-bot` | Simple Telegram bot to interact with LLM running in Ollama | [Forgejo repository](https://git.skobk.in/skobkin/telegram-ollama-reply-bot) | -| Telegram RSS Bot | ✅ | `miroslavsckaya/tg-rss-bot` | Telegram RSS Bot by @Miroslavsckaya. | [Gitea](https://git.skobk.in/Miroslavsckaya/tg_rss_bot/), [Github Mirror](https://github.com/Miroslavsckaya/tg_rss_bot) | -| Tor OBFS4 Bridge | ✅ | `thetorproject/obfs4-bridge` | Tor OBFS4 Bridge for Tor blocking bypass. | [Website](https://community.torproject.org/relay/setup/bridge/), [Gitlab](https://gitlab.torproject.org/tpo/anti-censorship/docker-obfs4-bridge), [Manual](https://community.torproject.org/relay/setup/bridge/docker/) | -| Tor Privoxy | ✅ | `registry.gitlab.com/skobkin/torproxy-obfs4` | Tor image with integrated privoxy and OBFS4 bridge support. | [Original image Github](https://github.com/dperson/torproxy), [OBFS4 support image Gitlab](https://gitlab.com/skobkin/torproxy-obfs4) | -| Watchtower | ✅ | `containrrr/watchtower` | Docker container auto-update daemon. | [Website](https://containrrr.dev/watchtower/), [Github](https://github.com/containrrr/watchtower) | -| Webhook.site | | `webhooksite/webhook.site` | HTTP callback testing tool | [Website](https://webhook.site), [Github](https://github.com/webhooksite/webhook.site) | +| App Name | Status | Image | Description | Links | +|-------------------------|-------------|----------------------------------------------|-------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| ARK Server | ✅ | `thmhoag/arkserver` | ARK: Survival Evolved game server with ArkManager. | [Website](http://playark.com), [Steam](https://store.steampowered.com/app/346110/ARK_Survival_Evolved/), [Image Github](https://github.com/thmhoag/arkserver), [ArkManager](https://github.com/arkmanager/ark-server-tools) | +| Drone | ✅ | `drone/drone` | Continuous integration platform. | [Website](https://www.drone.io), [Github](https://github.com/harness/drone), [Image](https://hub.docker.com/r/drone/drone) | +| Drone Docker Runner | ✅ | `drone/drone-runner-docker` | CI runner daemon for Docker. | [Website](https://www.drone.io), [Github](https://github.com/drone-runners/drone-runner-docker), [Image](https://hub.docker.com/r/drone/drone-runner-docker) | +| Duplicati | ✅ | `linuxserver/duplicati` | Backup solution with many storage backends. | [Website](https://www.duplicati.com), [Github](https://github.com/duplicati/duplicati) | +| Element-web | ✅ | `vectorim/element-web` | Web Matrix client. | [Website](https://element.io), [Github](https://github.com/vector-im/element-web/) | +| emby | ✅ | `emby/embyserver` | Media server with online transcoding support. | [Website](https://emby.media) | +| Firefly III | Not tested | `fireflyiii/core` | Bookkeeping software. | [Website](https://docs.firefly-iii.org), [Github](https://github.com/firefly-iii/firefly-iii) | +| Folding@Home | ✅ | `johnktims/folding-at-home` | Protein folding distributed computing platform. | [Website](https://foldingathome.org), [My guide](https://skobk.in/2020/06/folding-at-home-quick-start/) | +| Forgejo | ✅ | `codeberg.org/forgejo/forgejo` | Lightweight Git hosting platform. | [Website](https://forgejo.org), [Github](https://codeberg.org/forgejo/forgejo) | +| Gatus | ✅ | `twinproduction/gatus` | Advanced service(s) status page. | [Website](https://gatus.io), [Github](https://github.com/TwiN/gatus) | +| Home Assistant | ✅ | `ghcr.io/home-assistant/home-assistant` | Home automation suite. | [Website](https://www.home-assistant.io/), [Github](https://github.com/home-assistant) | +| Homer | ✅ | `b4bz/homer` | Server homepage generator. | [Github](https://github.com/bastienwirtz/homer), [Demo](https://homer-demo.netlify.app), [Configuration](https://github.com/bastienwirtz/homer/blob/main/docs/configuration.md) | +| I2PD | ✅ | `purplei2p/i2pd` | The Invisible Internet router. | [Website](https://i2pd.website), [Github](https://github.com/PurpleI2P/i2pd/), [I2P project](https://geti2p.net/) | +| InBucket | ✅ | `inbucket/inbucket` | Testing SMTP/POP3 mail server with web interface. | [Website](https://www.inbucket.org), [Github](https://github.com/inbucket/inbucket) | +| Killing Floor 2 server | ✅ Abandoned | `jeeaaasustest/killingfloor2-srv` | Killing Floor 2 game server. | | +| Lidarr | Not tested | `linuxserver/lidarr` | Music downloader and manager. | [Website](https://lidarr.audio), [Github](https://github.com/Lidarr/Lidarr), [Wiki](https://wiki.servarr.com/lidarr) | +| magnetico-web | ✅ | `skobkin/magnetico-web` | DHT indexer private web search front-end. | [Git](https://git.skobk.in/skobkin/magnetico-web), [Git mirror](https://gitlab.com/skobkin/magnetico-web) | +| magnetico-web-telegram | ✅ | `skobkin/magnetico-web-telegram-bot` | Magnetico Web Telegram bot. | [Bitbucket](https://bitbucket.org/skobkin/magnetico-web-telegram-bot/) | +| magneticod | ✅ | `boramalper/magneticod` | DHT indexing daemon. | [Website](https://www.boramalper.org/labs/magnetico/), [Github](https://github.com/boramalper/magnetico) | +| Matrix Telegram Bridge | ✅ | `dock.mau.dev/mautrix/telegram` | Telegram bridge for Matrix server | [Gitlab](https://mau.dev/mautrix/telegram/) | +| Metube | ✅ | `alexta69/metube` | Web GUI for yt-dlp. | [Github](https://github.com/alexta69/metube) | +| Murmur (Mumble server) | ✅ | `registry.gitlab.com/skobkin/docker-murmur` | Mumble VoIP server (custom build) | [Website](https://www.mumble.info), [Github](https://github.com/mumble-voip/mumble) | +| Ollama | ✅ | `ollama/ollama` | Toolkit for easily running LLM's locally. | [Website](https://ollama.com), [Github](https://github.com/ollama/ollama) | +| Open Streaming Platform | ✅ | `deamos/openstreamingplatform` | Live streaming platform. | [Website](https://openstreamingplatform.com), [Gitlab](https://gitlab.com/osp-group/flask-nginx-rtmp-manager) | +| OpenVPN | ✅ | `kylemanna/openvpn` | OpenVPN server with some management toolkit. | [Website](https://openvpn.net), [Image Github](https://www.github.com/kylemanna/docker-openvpn) | +| Owncast | ✅ | `gabekangas/owncast` | Live streaming platform with federation support. | [Website](https://owncast.online), [Github](https://github.com/owncast/owncast) | +| Portainer | ✅ | `portainer/portainer` | Docker Container management web UI. | [Website](https://www.portainer.io), [Github](https://github.com/portainer/portainer) | +| Proxy MTProto | ✅ | `mtproxy/mtproxy` | MTProto Telegram proxy. | [Website](https://telegram.org), [Github](https://github.com/TelegramMessenger/MTProxy) | +| Proxy Socks5 | ✅ | `serjs/go-socks5-proxy` | Simple SOCKS5 proxy. | [Github](https://github.com/serjs/socks5-server) | +| qBittorrent | ✅ | `linuxserver/qbittorrent` | qBittorrent (noX) | [Website](https://www.qbittorrent.org), [LinuxServer Fleet](https://fleet.linuxserver.io/image?name=linuxserver/qbittorrent) | +| Radarr | ✅ | `linuxserver/radarr` | Movie downloader and manager. | [Website](https://radarr.video), [Github](https://github.com/Radarr/Radarr), [Wiki](https://wiki.servarr.com/radarr) | +| Redis | ✅ | `redis` | Redis storage server. | [Website](https://redis.io), [Github](https://github.com/redis/redis-io) | +| Shadowsocks Client | ✅ | `ghcr.io/shadowsocks/sslocal-rust:latest` | Shadowsocks client (and SOCKS/HTTP/tunnel server). | [Website](https://shadowsocks.org), [Github](https://github.com/shadowsocks/shadowsocks-rust), [Configuration](https://github.com/shadowsocks/shadowsocks-rust#getting-started) | +| Shinobi | ✅ | `shinobisystems/shinobi` | Shinobi surveillance system | [Website](https://shinobi.video), [Github](https://github.com/ShinobiCCTV/Shinobi) | +| Sonarr | ✅ | `linuxserver/sonarr` | TV Shows, series and anime downloader and manager. | [Website](https://sonarr.tv), [Github](https://github.com/Sonarr/Sonarr), [Wiki](https://wiki.servarr.com/sonarr) | +| Speedtest | ✅ | `adolfintel/speedtest` | Libre speed test implementation. | [Website](https://librespeed.org), [Github](https://github.com/librespeed/speedtest) | +| Synapse | ✅ | `matrixdotorg/synapse` | Matrix reference server written in Python. | [Website](https://matrix.org/docs/projects/server/synapse), [Github](https://github.com/matrix-org/synapse), [Installation and configuration](https://matrix-org.github.io/synapse/latest/setup/installation.html) | +| Syncthing | ✅ | `linuxserver/syncthing` | P2P file synchronization daemon. | [Website](https://syncthing.net), [Github](https://github.com/syncthing/syncthing) | +| Telegram LLM Bot | ✅ | `skobkin/telegram-llm-bot` | Simple Telegram bot to interact with LLM running in Ollama | [Forgejo repository](https://git.skobk.in/skobkin/telegram-ollama-reply-bot) | +| Telegram RSS Bot | ✅ | `miroslavsckaya/tg-rss-bot` | Telegram RSS Bot by @Miroslavsckaya. | [Gitea](https://git.skobk.in/Miroslavsckaya/tg_rss_bot/), [Github Mirror](https://github.com/Miroslavsckaya/tg_rss_bot) | +| Tor OBFS4 Bridge | ✅ | `thetorproject/obfs4-bridge` | Tor OBFS4 Bridge for Tor blocking bypass. | [Website](https://community.torproject.org/relay/setup/bridge/), [Gitlab](https://gitlab.torproject.org/tpo/anti-censorship/docker-obfs4-bridge), [Manual](https://community.torproject.org/relay/setup/bridge/docker/) | +| Tor Privoxy | ✅ | `registry.gitlab.com/skobkin/torproxy-obfs4` | Tor image with integrated privoxy and OBFS4 bridge support. | [Original image Github](https://github.com/dperson/torproxy), [OBFS4 support image Gitlab](https://gitlab.com/skobkin/torproxy-obfs4) | +| Watchtower | ✅ | `containrrr/watchtower` | Docker container auto-update daemon. | [Website](https://containrrr.dev/watchtower/), [Github](https://github.com/containrrr/watchtower) | +| Webhook.site | | `webhooksite/webhook.site` | HTTP callback testing tool | [Website](https://webhook.site), [Github](https://github.com/webhooksite/webhook.site) | diff --git a/firefly-iii/.env.dist b/firefly-iii/.env.dist new file mode 100644 index 0000000..6e592b8 --- /dev/null +++ b/firefly-iii/.env.dist @@ -0,0 +1,315 @@ +# see https://docs.firefly-iii.org/how-to/firefly-iii/installation/docker/ +# see https://hub.docker.com/r/fireflyiii/core + +IMAGE_TAG=latest + +HTTP_BIND_ADDR=127.0.0.1 +HTTP_BIND_PORT=8392 + +UPLOAD_DIR=./upload +DB_DIR=./db + +LOG_MAX_SIZE=5m +LOG_MAX_FILE=5 + +# Firefly +# +# Please make sure this URL matches the external URL of your Firefly III installation. +# It is used to validate specific requests and to generate URLs in emails. +# +APP_URL=http://localhost + +# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation. +# Never set it to "testing". +APP_ENV=production + +# Set to true if you want to see debug information in error screens. +APP_DEBUG=false + +# This should be your email address. +# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE +# The variable is used in some errors shown to users who aren't admin. +SITE_OWNER=mail@example.com + +# The encryption key for your sessions. Keep this very secure. +# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it. +# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE +# +# Avoid the "#" character in your APP_KEY, it may break things. +# +APP_KEY=SomeRandomStringOf32CharsExactly + +# Firefly III will launch using this language (for new users and unauthenticated visitors) +# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang +# +# If text is still in English, remember that not everything may have been translated. +DEFAULT_LANGUAGE=en_US + +# The locale defines how numbers are formatted. +# by default this value is the same as whatever the language is. +DEFAULT_LOCALE=equal + +# Change this value to your preferred time zone. +# Example: Europe/Amsterdam +# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +TZ=Europe/Moscow + +# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy. +# Set it to ** and reverse proxies work just fine. +TRUSTED_PROXIES=** + +# The log channel defines where your log entries go to. +# Several other options exist. You can use 'single' for one big fat error log (not recommended). +# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself. +# A rotating log option is 'daily', creates 5 files that (surprise) rotate. +# A cool option is 'papertrail' for cloud logging +# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time. +LOG_CHANNEL=stack + +# Log level. You can set this from least severe to most severe: +# debug, info, notice, warning, error, critical, alert, emergency +# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably +# nothing will get logged, ever. +APP_LOG_LEVEL=notice + +# Audit log level. +# The audit log is used to log notable Firefly III events on a separate channel. +# These log entries may contain sensitive financial information. +# The audit log is disabled by default. +# +# To enable it, set AUDIT_LOG_LEVEL to "info" +# To disable it, set AUDIT_LOG_LEVEL to "emergency" +AUDIT_LOG_LEVEL=emergency + +# +# If you want, you can redirect the audit logs to another channel. +# Set 'audit_stdout', 'audit_syslog', 'audit_errorlog' to log to the system itself. +# Use audit_daily to log to a rotating file. +# Use audit_papertrail to log to papertrail. +# +# If you do this, the audit logs may be mixed with normal logs because the settings for these channels +# are often the same as the settings for the normal logs. +AUDIT_LOG_CHANNEL= + +# +# Used when logging to papertrail: +# Also used when audit logs log to papertrail: +# +PAPERTRAIL_HOST= +PAPERTRAIL_PORT= + +# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III +# For other database types, please see the FAQ: https://docs.firefly-iii.org/references/faq/install/#i-want-to-use-sqlite +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +# Use "pgsql" for PostgreSQL +# Use "mysql" for MySQL and MariaDB. +# Use "sqlite" for SQLite. +DB_CONNECTION=mysql +DB_HOST=db +DB_PORT=3306 +DB_DATABASE=firefly +DB_USERNAME=firefly +DB_PASSWORD=secret_firefly_password +# leave empty or omit when not using a socket connection +DB_SOCKET= + +# MySQL supports SSL. You can configure it here. +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MYSQL_USE_SSL=false +MYSQL_SSL_VERIFY_SERVER_CERT=true +# You need to set at least of these options +MYSQL_SSL_CAPATH=/etc/ssl/certs/ +MYSQL_SSL_CA= +MYSQL_SSL_CERT= +MYSQL_SSL_KEY= +MYSQL_SSL_CIPHER= + +# If you're looking for performance improvements, you could install memcached or redis +# Check https://raw.githubusercontent.com/firefly-iii/firefly-iii/main/.env.example for Redis example +CACHE_DRIVER=file +SESSION_DRIVER=file + +# Cookie settings. Should not be necessary to change these. +# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set +# the value from a file instead of from an environment variable +# Setting samesite to "strict" may give you trouble logging in. +COOKIE_PATH="/" +COOKIE_DOMAIN= +COOKIE_SECURE=false +COOKIE_SAMESITE=lax + +# If you want Firefly III to email you, update these settings +# For instructions, see: https://docs.firefly-iii.org/how-to/firefly-iii/advanced/notifications/#email +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +#MAIL_MAILER=log +MAIL_MAILER=smtp +MAIL_HOST=smtp-relay.sendinblue.com +MAIL_PORT=587 +MAIL_FROM=firefly@domain.tld +MAIL_USERNAME=skobkin-ru@ya.ru +MAIL_PASSWORD=null +MAIL_ENCRYPTION=null +#MAIL_SENDMAIL_COMMAND= + +# Firefly III can send you the following messages. +SEND_ERROR_MESSAGE=true + +# These messages contain (sensitive) transaction information: +#SEND_REPORT_JOURNALS=true +SEND_REPORT_JOURNALS=false + +# Set this value to true if you want to set the location of certain things, like transactions. +# Since this involves an external service, it's optional and disabled by default. +ENABLE_EXTERNAL_MAP=false + +# +# Enable or disable exchange rate conversion. This function isn't used yet by Firefly III +# +ENABLE_EXCHANGE_RATES=false + +# Set this value to true if you want Firefly III to download currency exchange rates +# from the internet. These rates are hosted by the creator of Firefly III inside +# an Azure Storage Container. +# Not all currencies may be available. Rates may be wrong. +ENABLE_EXTERNAL_RATES=false + +# The map will default to this location: +MAP_DEFAULT_LAT=51.983333 +MAP_DEFAULT_LONG=5.916667 +MAP_DEFAULT_ZOOM=6 + +# +# Some objects have room for an URL, like transactions and webhooks. +# By default, the following protocols are allowed: +# http, https, ftp, ftps, mailto +# +# To change this, set your preferred comma separated set below. +# Be sure to include http, https and other default ones if you need to. +# +VALID_URL_PROTOCOLS= + +# +# Firefly III authentication settings +# + +# +# Firefly III supports a few authentication methods: +# - 'web' (default, uses built in DB) +# - 'remote_user_guard' for Authelia etc +# Read more about these settings in the documentation. +# https://docs.firefly-iii.org/how-to/firefly-iii/advanced/authentication/ +# +# LDAP is no longer supported :( +# +AUTHENTICATION_GUARD=web + +# +# Remote user guard settings +# +AUTHENTICATION_GUARD_HEADER=REMOTE_USER +AUTHENTICATION_GUARD_EMAIL= + +# +# Firefly III generates a basic keypair for your OAuth tokens. +# If you want, you can overrule the key with your own (secure) value. +# It's also possible to set PASSPORT_PUBLIC_KEY_FILE or PASSPORT_PRIVATE_KEY_FILE +# if you're using Docker secrets or similar solutions for secret management +# +PASSPORT_PRIVATE_KEY= +PASSPORT_PUBLIC_KEY= + +# +# Extra authentication settings +# +CUSTOM_LOGOUT_URL= + +# You can disable the X-Frame-Options header if it interferes with tools like +# Organizr. This is at your own risk. Applications running in frames run the risk +# of leaking information to their parent frame. +DISABLE_FRAME_HEADER=false + +# You can disable the Content Security Policy header when you're using an ancient browser +# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really) +# This leaves you with the risk of not being able to stop XSS bugs should they ever surface. +# This is at your own risk. +DISABLE_CSP_HEADER=false + +# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here. +# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to. +# Do not prepend the TRACKER_URL with http:// or https:// +# The only tracker supported is Matomo. +# You can set the following variables from a file by appending them with _FILE: +TRACKER_SITE_ID= +TRACKER_URL= + +# +# Firefly III supports webhooks. These are security sensitive and must be enabled manually first. +# +ALLOW_WEBHOOKS=false + +# +# The static cron job token can be useful when you use Docker and wish to manage cron jobs. +# 1. Set this token to any 32-character value (this is important!). +# 2. Use this token in the cron URL instead of a user's command line token that you can find in /profile +# +# For more info: https://docs.firefly-iii.org/how-to/firefly-iii/advanced/cron/ +# +# You can set this variable from a file by appending it with _FILE +# +STATIC_CRON_TOKEN=ChangeThisValueToSomeSecret + +# You can fine tune the start-up of a Docker container by editing these environment variables. +# Use this at your own risk. Disabling certain checks and features may result in lots of inconsistent data. +# However if you know what you're doing you can significantly speed up container start times. +# Set each value to true to enable, or false to disable. + +# Set this to true to build all locales supported by Firefly III. +# This may take quite some time (several minutes) and is generally not recommended. +# If you wish to change or alter the list of locales, start your Docker container with +# `docker run -v locale.gen:/etc/locale.gen -e DKR_BUILD_LOCALE=true` +# and make sure your preferred locales are in your own locale.gen. +DKR_BUILD_LOCALE=false + +# Check if the SQLite database exists. Can be skipped if you're not using SQLite. +# Won't significantly speed up things. +DKR_CHECK_SQLITE=true + +# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists +# and is up to date. +DKR_RUN_MIGRATION=true + +# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date +# with the latest fixes (outside of migrations!) +DKR_RUN_UPGRADE=true + +# Verify database integrity. Includes all data checks and verifications. +# Disabling this makes Firefly III assume your DB is intact. +DKR_RUN_VERIFY=true + +# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state. +# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues. +DKR_RUN_REPORT=true + +# Generate OAuth2 keys. +# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if) +# you had previously generated keys already and they're stored in your database for restoration. +DKR_RUN_PASSPORT_INSTALL=true + +# Leave the following configuration vars as is. +# Unless you like to tinker and know what you're doing. +APP_NAME=FireflyIII +BROADCAST_DRIVER=log +QUEUE_DRIVER=sync +CACHE_PREFIX=firefly +PUSHER_KEY= +IPINFO_TOKEN= +PUSHER_SECRET= +PUSHER_ID= +DEMO_USERNAME= +DEMO_PASSWORD= + +# +# The v2 layout is very experimental. If it breaks you get to keep both parts. +# Be wary of data loss. +# +FIREFLY_III_LAYOUT=v1 diff --git a/firefly-iii/db/.gitignore b/firefly-iii/db/.gitignore new file mode 100644 index 0000000..a68d087 --- /dev/null +++ b/firefly-iii/db/.gitignore @@ -0,0 +1,2 @@ +/* +!/.gitignore diff --git a/firefly-iii/docker-compose.yml b/firefly-iii/docker-compose.yml new file mode 100644 index 0000000..282cfc5 --- /dev/null +++ b/firefly-iii/docker-compose.yml @@ -0,0 +1,50 @@ +version: '3.8' + +services: + app: + image: 'fireflyiii/core:${IMAGE_TAG:-latest}' + hostname: app + container_name: firefly_iii_core + restart: always + volumes: + - '${UPLOAD_DIR:-./upload}:/var/www/html/storage/upload' + env_file: .env + networks: + - firefly_iii + ports: + - '${HTTP_BIND_ADDR:-127.0.0.1}:${HTTP_BIND_PORT:-8392}:8080/tcp' + depends_on: + - db + + db: + image: mariadb:lts + hostname: db + container_name: firefly_iii_db + restart: always + env_file: .env + environment: + MYSQL_RANDOM_ROOT_PASSWORD: 'yes' + MYSQL_USER: '${DB_USERNAME:-firefly}' + MYSQL_PASSWORD: '${DB_PASSWORD}' + MYSQL_DATABASE: '${DB_DATABASE:-firefly}' + networks: + - firefly_iii + volumes: + - '${DB_DIR:-./db}:/var/lib/mysql' + + cron: + # + # To make this work, set STATIC_CRON_TOKEN in your .env file or as an environment variable and replace REPLACEME below + # The STATIC_CRON_TOKEN must be *exactly* 32 characters long + # + image: alpine + restart: always + container_name: firefly_iii_cron + env_file: .env + command: sh -c "echo \"0 3 * * * wget -qO- http://app:8080/api/v1/cron/${STATIC_CRON_TOKEN}\" | crontab - && crond -f -L /dev/stdout" + networks: + - firefly_iii + +networks: + firefly_iii: + driver: bridge diff --git a/firefly-iii/nginx/firefly.conf b/firefly-iii/nginx/firefly.conf new file mode 100644 index 0000000..012dc4b --- /dev/null +++ b/firefly-iii/nginx/firefly.conf @@ -0,0 +1,23 @@ +server { + listen 443 ssl http2; + server_name ff.domain.tld; + + access_log /var/log/nginx/ff.domain.tld.access; + error_log /var/log/nginx/ff.domain.tld.error; + + charset utf-8; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:8392; + } + + #include config/gzip.conf; + + # SSL config + #include ssl/domain.tld.conf; +} diff --git a/firefly-iii/upload/.gitignore b/firefly-iii/upload/.gitignore new file mode 100644 index 0000000..a68d087 --- /dev/null +++ b/firefly-iii/upload/.gitignore @@ -0,0 +1,2 @@ +/* +!/.gitignore