Update php Docker tag to v7.4

2024-11-12 22:01:30 +00:00
5 changed files with 393 additions and 348 deletions
--- a/ansible/assets/basementpi/compose.yml.j2
+++ b/ansible/assets/basementpi/compose.yml.j2
@ -1,5 +1,7 @@
 ---
 version: "3.5"
 # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
 networks:
  network_pihole:
    ipam:
@ -13,13 +15,15 @@ services:
    ports:
      - '80:80'
    environment:
-      - DEFAULT_HOST: "{{ pihole_hostname }}.{{ pihole_domain }}"
+      DEFAULT_HOST: {{ pihole_hostname }}.{{ pihole_domain }}
    volumes:
      - '/var/run/docker.sock:/tmp/docker.sock'
    restart: always
    networks:
      network_pihole:
        ipv4_address: 172.16.3.6
  pihole:
    image: pihole/pihole:latest
    ports:
@ -36,19 +40,19 @@ services:
      # run `touch ./var-log/pihole.log` first unless you like errors
      # - './var-log/pihole.log:/var/log/pihole/pihole.log'
    # Recommended but not required (DHCP needs NET_ADMIN)
-      #   https://github.com/pi-hole/docker-pi-hole# note-on-capabilities
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    expose:
      - 80
    environment:
      ServerIP: 10.11.1.10
-      PIHOLE_DNS_: unbound# 53;{{ pihole_additional_upstream_dnsservers }}
+      PIHOLE_DNS_: unbound#53;{{ pihole_additional_upstream_dnsservers }}
-      PROXY_LOCATION: "{{ pihole_hostname }}"
+      PROXY_LOCATION: {{ pihole_hostname }}
-      VIRTUAL_HOST: "{{ pihole_hostname}}.{{ pihole_domain }}"
+      VIRTUAL_HOST: {{ pihole_hostname}}.{{ pihole_domain }}
      VIRTUAL_PORT: 80
-      WEBPASSWORD: "{{ pihole_password }}"
+      WEBPASSWORD: {{ pihole_password }}
-      FTLCONF_LOCAL_IPV4: "{{ pi_ip }}"
+      FTLCONF_LOCAL_IPV4: {{ pi_ip }}
      DNSMASQ_LISTENING: all
    extra_hosts:
@ -102,11 +106,11 @@ services:
      restart: always
      pull_policy: always
      environment:
-      APIKey: "{{ porkbun_api_key }}"
+          APIKey: {{ porkbun_api_key }}
-      SecretAPIKey: "{{ porkbun_secret_api_key }}"
+          SecretAPIKey: {{ porkbun_secret_api_key }}
-      Domain: "{{ porkbun_domain }}"
+          Domain: {{ porkbun_domain }}
          Schedule: "{{ porkbun_cron_sched }}"
-      TZ: "{{ porkbun_tz }}"
+          TZ: {{ porkbun_tz }}
      networks:
        network_pihole:
          ipv4_address: 172.16.3.4
@ -117,11 +121,11 @@ services:
      restart: always
      pull_policy: always
      environment:
-      APIKey: "{{ porkbun_api_key }}"
+          APIKey: {{ porkbun_api_key }}
-      SecretAPIKey: "{{ porkbun_secret_api_key }}"
+          SecretAPIKey: {{ porkbun_secret_api_key }}
-      Domain: "{{ porkbun_domain2 }}"
+          Domain: {{ porkbun_domain2 }}
          Schedule: "{{ porkbun_cron_sched }}"
-      TZ: "{{ porkbun_tz }}"
+          TZ: {{ porkbun_tz }}
      networks:
        network_pihole:
          ipv4_address: 172.16.3.7
@ -154,18 +158,53 @@ services:
      - TZ=Canada/Eastern
      - SERVERURL=vpn.coxgrunow.ca
      - SERVERPORT=51820
-      - PEERS=phone,tedupnorth  # oAdded Docker tags to Ansible playbookptional
+      - PEERS=phone,tedupnorth #oAdded Docker tags to Ansible playbookptional
-      - PEERDNS=172.16.3.2  # optional
+      - PEERDNS=172.16.3.2 #optional
-      - INTERNAL_SUBNET=10.11.4.0  # optional
+      - INTERNAL_SUBNET=10.11.4.0 #optional
-      - ALLOWEDIPS=10.11.1.0/24,172.16.3.2  # optional
+      - ALLOWEDIPS=10.11.1.0/24,172.16.3.2 #optional
      - SERVER_ALLOWEDIPS_PEER_tedupnorth=10.10.0.0/16
-      - PERSISTENTKEEPALIVE_PEERS=all  # optional - for dynamic DNS
+      - PERSISTENTKEEPALIVE_PEERS=all #optional - for dynamic DNS
-      - LOG_CONFS=true  # optional
+      - LOG_CONFS=true #optional
    volumes:
      - ./wireguard/config:/config
-      - /lib/modules:/lib/modules  # optional
+      - /lib/modules:/lib/modules #optional
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
 #   Another container you might want to have running through the proxy
 #   Note it also have ENV Vars like pihole and a host under pihole's extra_hosts
 #  ghost:
 #    image: fractalf/ghost
 #    ports:
 #      - '2368:2368/tcp'
 #    volumes:
 #      - '/etc/ghost:/ghost-override'
 #    environment:
 #      PROXY_LOCATION: ghost
 #      VIRTUAL_HOST: ghost.yourDomain.lan
 #      VIRTUAL_PORT: 2368
 #    restart: always
 #  homeassistant:
 #      container_name: homeassistant
 #      image: "ghcr.io/home-assistant/home-assistant:stable"
 #      volumes:
 #        - ./homeassistant/config:/config
 #        - /etc/localtime:/etc/localtime:ro
 #      restart: unless-stopped
 #      privileged: true
 #      network_mode: host
 #      #environment:
 #      #  - VIRTUAL_HOST=homeassistant.coxgrunow.ca
 #      #  - VIRTUAL_PORT=8123
  yacy:
    container_name: yacy
    image: "docker.io/yacy/yacy_search_server:aarch64-latest"
    volumes:
      - ./yacy:/opt/yacy_search_server/DATA
    ports:
      - 8090:8090/tcp
      - 8443:8443/tcp
--- a/ansible/assets/docker-ext/compose.yml.j2
+++ b/ansible/assets/docker-ext/compose.yml.j2
@ -23,7 +23,7 @@ services:
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - --experimental.plugins.crowdsec-bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
      - --experimental.plugins.crowdsec-bouncer.version=v1.2.1
-      # - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+        #- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
    ports:
      # The HTTP port
      - "80:80"
@ -33,7 +33,7 @@ services:
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
-      # - ./traefik/traefik.yml:/etc/traefik/traefik.yml
+        #- ./traefik/traefik.yml:/etc/traefik/traefik.yml
      - ./traefik:/etc/traefik
      - ./letsencrypt:/letsencrypt
      - "./logsTraefik:/var/log/traefik"
@ -48,7 +48,8 @@ services:
      - "traefik.http.middlewares.authchain.chain.middlewares=crowdsec@docker,authentik@docker"
      - "traefik.http.middlewares.internalOnly.ipallowlist.sourcerange=192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12"
      - "traefik.http.middlewares.internalOnlyWithAuth.chain.middlewares=internalOnly@docker,crowdsec@docker,authentik@docker"
-      # ddclient:
+        
        #ddclient:
        #  image: lscr.io/linuxserver/ddclient:latest
        #  container_name: ddclient
        #  environment:
@ -58,7 +59,7 @@ services:
        #  volumes:
        #    - ./ddclient/:/config
        #  restart: unless-stopped
-      # porkbunddns:
+        #porkbunddns:
        #  image: pavlinchen/porkbun-ddns
        #  container_name: porkbun-ddns
        #  restart: unless-stopped
@ -114,7 +115,7 @@ services:
        - "traefik.http.routers.stalwart.tls=true"
        - "traefik.http.services.stalwart-http.loadbalancer.server.port=8080"
  # --- MariaDB
-  # linkace-db:
+  #linkace-db:
  #  image: mariadb:11.2
  #  container_name: linkace-db
  #  restart: unless-stopped
@ -128,7 +129,7 @@ services:
  #    - db:/var/lib/mysql
  ## --- LinkAce Image with PHP and nginx
-  # linkace-app:
+  #linkace-app:
  #  image: linkace/linkace:simple
  #  container_name: linkace-app
  #  restart: unless-stopped
@ -175,7 +176,7 @@ services:
    restart: unless-stopped
    image: wallabag/wallabag
    environment:
-      # - MYSQL_ROOT_PASSWORD=wallaroot
+      #- MYSQL_ROOT_PASSWORD=wallaroot
      - POSTGRES_USER=wallabag
      - POSTGRES_PASSWORD=Mo8ntF92q5oWNV6TbS7t
      - SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
@ -326,7 +327,7 @@ services:
        - USE_X_SETTINGS=1
  #
  #        Hides the `Referer` header so that monitored websites can't see the changedetection.io hostname.
-        # - HIDE_REFERER=true
+  #- HIDE_REFERER=true
  #
  #        Default number of parallel/concurrent fetchers
  #      - FETCH_WORKERS=10
@ -350,41 +351,41 @@ services:
     # If WEBDRIVER or PLAYWRIGHT are enabled, changedetection container depends on that
     # and must wait before starting (substitute "browser-chrome" with "playwright-chrome" if last one is used)
-     #    depends_on:
+#    depends_on:
-     #        browser-chrome:
+#        browser-chrome:
-     #            condition: service_started
+#            condition: service_started
     # Used for fetching pages via Playwright+Chrome where you need Javascript support.
     # RECOMMENDED FOR FETCHING PAGES WITH CHROME
-     #    playwright-chrome:
+#    playwright-chrome:
-     #        hostname: playwright-chrome
+#        hostname: playwright-chrome
-     #        image: dgtlmoon/sockpuppetbrowser:latest
+#        image: dgtlmoon/sockpuppetbrowser:latest
-     #        cap_add:
+#        cap_add:
-     #            - SYS_ADMIN
+#            - SYS_ADMIN
-     ## SYS_ADMIN might be too much, but it can be needed on your platform https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md#running-puppeteer-on-gitlabci
+## SYS_ADMIN might be too much, but it can be needed on your platform https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md#running-puppeteer-on-gitlabci
-     #        restart: unless-stopped
+#        restart: unless-stopped
-     #        environment:
+#        environment:
-     #            - SCREEN_WIDTH=1920
+#            - SCREEN_WIDTH=1920
-     #            - SCREEN_HEIGHT=1024
+#            - SCREEN_HEIGHT=1024
-     #            - SCREEN_DEPTH=16
+#            - SCREEN_DEPTH=16
-     #            - MAX_CONCURRENT_CHROME_PROCESSES=10
+#            - MAX_CONCURRENT_CHROME_PROCESSES=10
     # Used for fetching pages via Playwright+Chrome where you need Javascript support.
     # Note: Works well but is deprecated, does not fetch full page screenshots (doesnt work with Visual Selector)
     #       Does not report status codes (200, 404, 403) and other issues
-     #    browser-chrome:
+#    browser-chrome:
-     #        hostname: browser-chrome
+#        hostname: browser-chrome
-     #        image: selenium/standalone-chrome:4
+#        image: selenium/standalone-chrome:4
-     #        environment:
+#        environment:
-     #            - VNC_NO_PASSWORD=1
+#            - VNC_NO_PASSWORD=1
-     #            - SCREEN_WIDTH=1920
+#            - SCREEN_WIDTH=1920
-     #            - SCREEN_HEIGHT=1080
+#            - SCREEN_HEIGHT=1080
-     #            - SCREEN_DEPTH=24
+#            - SCREEN_DEPTH=24
-     #        volumes:
+#        volumes:
-     #            # Workaround to avoid the browser crashing inside a docker container
+#            # Workaround to avoid the browser crashing inside a docker container
-     #            # See https://github.com/SeleniumHQ/docker-selenium#quick-start
+#            # See https://github.com/SeleniumHQ/docker-selenium#quick-start
-     #            - /dev/shm:/dev/shm
+#            - /dev/shm:/dev/shm
-     #        restart: unless-stopped
+#        restart: unless-stopped
  healthchecks:
    container_name: healthchecks
@ -439,11 +440,11 @@ services:
      - "traefik.http.routers.apache2.tls.certresolver=myresolver"
      - "traefik.http.routers.apache2.tls=true"
      - "traefik.http.services.apache2-http.loadbalancer.server.port=80"
-      # - traefik.http.routers.apache2.middlewares=authchain@docker
+        #- traefik.http.routers.apache2.middlewares=authchain@docker
    networks:
      - backend
-      # wireguard:
+        #wireguard:
        #  image: lscr.io/linuxserver/wireguard
        #  container_name: wireguard
        #  cap_add:
@ -476,7 +477,7 @@ services:
    expose:
      - "8080"
    volumes:
-      # - ./crowdsec/logs:/var/log/crowdsec:ro
+      #- ./crowdsec/logs:/var/log/crowdsec:ro
      - ./crowdsec/db:/var/lib/crowdsec/data
      - /var/log:/var/log:ro
      - ./crowdsec/opt:/etc/crowdsec
@ -485,10 +486,10 @@ services:
    restart: unless-stopped
    labels:
      - "traefik.enable=false"
-        # - "traefik.http.routers.crowdsec.rule=Host(`crowdsec.mycomputer.party`)"
+        #- "traefik.http.routers.crowdsec.rule=Host(`crowdsec.mycomputer.party`)"
-        # - "traefik.http.routers.crowdsec.entrypoints=websecure"
+        #- "traefik.http.routers.crowdsec.entrypoints=websecure"
-        # - "traefik.http.routers.crowdsec.tls.certresolver=myresolver"
+        #- "traefik.http.routers.crowdsec.tls.certresolver=myresolver"
-        # - "traefik.http.routers.crowdsec.tls=true"
+        #- "traefik.http.routers.crowdsec.tls=true"
    networks:
      - proxy
      - backend
@ -620,6 +621,9 @@ services:
      #        #      test: redis-cli ping || exit 1
      #        #    restart: always
 volumes:
  linkace_logs:
  db:
@ -637,4 +641,7 @@ networks:
  backend:
  proxy:
  docker_default:
-    external: true
+    external: True
--- a/ansible/assets/docker-int/compose.yml.j2
+++ b/ansible/assets/docker-int/compose.yml.j2
@ -1,4 +1,3 @@
 ---
 version: '3.3'
 services:
    traefik:
@ -14,7 +13,7 @@ services:
        - "--entryPoints.websecure.address=:443"
        - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
        - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
-            # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+        #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
        - "--certificatesresolvers.myresolver.acme.email=jg@justus.ws"
        - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      ports:
@ -31,10 +30,10 @@ services:
      environment:
        - "CF_API_KEY=4fa4711ae24bd19c1c17a06ce2ec6b3fa7629"
        - "CF_API_EMAIL=jg@justus.ws"
-    # squid:
+    #squid:
    #    container_name: squid
    #    volumes:
-    #        # - '/root/docker/squid/logs:/var/log/squid'
+    #        #- '/root/docker/squid/logs:/var/log/squid'
    #        #  - '/root/docker/squid/data:/var/spool/squid'
    #        - '/root/docker/squid/squid.conf:/etc/squid/squid.conf'
    #        #  - '/rood/docker/squid/config-snippet:/etc/squid/conf.d/snippet.conf'
@ -43,7 +42,7 @@ services:
    #    ports:
    #        - '3128:3128'
    #    image: 'ubuntu/squid:5.2-22.04_beta'
-    #      # yacy_search_server:
+    #      #yacy_search_server:
    #      #    container_name: yacy
    #      #    ports:
    #      #        - '8090:8090'
@ -59,6 +58,7 @@ services:
      restart: unless-stopped
      volumes:
        - redisdata:/data
          #    db:
          #      image: docker.io/library/postgres:15
          #      restart: unless-stopped
@ -68,6 +68,7 @@ services:
          #        POSTGRES_DB: paperless
          #        POSTGRES_USER: paperless
          #        POSTGRES_PASSWORD: paperless
    paperless-webserver:
      image: ghcr.io/paperless-ngx/paperless-ngx:latest
      container_name: paperless-webserver
@ -83,7 +84,7 @@ services:
        - export:/usr/src/paperless/export
        - consume:/usr/src/paperless/consume
      env_file: docker-compose.env
-        # environment:
+        #environment:
      labels:
        - "traefik.http.routers.paperless.rule=Host(`paperless.injust.us`)"
        - "traefik.http.routers.paperless.entrypoints=websecure"
@ -101,7 +102,7 @@ services:
        UID: 1001
      volumes:
        - ./consume:/media
-              # webdav:
+          #webdav:
          #  container_name: webdav
          #  image: bytemark/webdav
          #  restart: unless-stopped
@ -132,7 +133,7 @@ services:
        # This line makes Actual available at port 5006 of the device you run the server on,
        # i.e. http://localhost:5006. You can change the first number to change the port, if you want.
        - '5006:5006'
-            # environment:
+      #environment:
        # Uncomment any of the lines below to set configuration options.
        # - ACTUAL_HTTPS_KEY=/data/selfhost.key
        # - ACTUAL_HTTPS_CERT=/data/selfhost.crt
--- a/ansible/assets/git/compose.yml.j2
+++ b/ansible/assets/git/compose.yml.j2
@ -1,4 +1,3 @@
 ---
 version: "3"
 networks:
--- a/ansible/assets/gitea/compose.yml.j2
+++ b/ansible/assets/gitea/compose.yml.j2
@ -1,4 +1,3 @@
 ---
 version: '3.3'
 services:
  runner: