katallaxie/README.md

## README.md

      
    Raw
  

              README.md
            
          
    TrueNAS

These are custom apps for my TrueNAS that are not available via the marketplace.
Traefik + Cloudflare

This setup is used to get SSL-enabled on the services and route traeffik to the container networks.

  
## fleet.yaml
configs:
  init-fleet-db:
    content: |
      FLUSH PRIVILEGES;
      GRANT ALL PRIVILEGES ON fleet.* TO 'fleet '@'%';
  low_memory_config:
    content: >
      # For advice on how to change settings please see

      #
      http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html


      [mysqld]

      #

      # Remove leading # and set to the amount of RAM for the most important
      data

      # cache in MySQL. Start at 70% of total RAM for dedicated server, else
      10%.

      # innodb_buffer_pool_size = 128M

      #

      # Remove leading # to turn on a very important data integrity option:
      logging

      # changes to the binary log between backups.

      # log_bin

      #

      # Remove leading # to set options mainly useful for reporting servers.

      # The server defaults are faster for transactions and fast SELECTs.

      # Adjust sizes as needed, experiment to find the optimal values.

      join_buffer_size = 128M

      sort_buffer_size = 2M

      read_rnd_buffer_size = 2M

      # skip-host-cache

      # skip-name-resolve

      # datadir=/var/lib/mysql

      # socket=/var/lib/mysql/mysql.sock

      # secure-file-priv=/var/lib/mysql-files

      # user=mysql


      # Disabling symbolic-links is recommended to prevent assorted security
      risks

      # symbolic-links=0


      # log-error=/var/log/mysqld.log

      # pid-file=/var/run/mysqld/mysqld.pid


      #### These optimize the memory use of MySQL

      ####
      http://www.tocker.ca/2014/03/10/configuring-mysql-to-use-minimal-memory.html

      innodb_buffer_pool_size=5M

      innodb_log_buffer_size=256K

      # query_cache_size=0

      max_connections=50

      key_buffer_size=8

      thread_cache_size=0

      host_cache_size=0

      innodb_ft_cache_size=1600000

      innodb_ft_total_cache_size=32000000

      # per thread or per operation settings

      thread_stack=131072

      sort_buffer_size=32K

      read_buffer_size=8200

      read_rnd_buffer_size=8200

      max_heap_table_size=16K

      tmp_table_size=1K

      bulk_insert_buffer_size=0

      join_buffer_size=128

      net_buffer_length=1K

      innodb_sort_buffer_size=64K


      #settings that relate to the binary log (if enabled)

      binlog_cache_size=4K

      binlog_stmt_cache_size=4K


      #### from https://mariadb.com/de/node/579

      performance_schema = off
services:
  fleet:
    command: sh -c "/usr/bin/fleet prepare db --no-prompt && /usr/bin/fleet serve"
    depends_on:
      fleet-init:
        condition: service_completed_successfully
      mysql:
        condition: service_healthy
      redis:
        condition: service_healthy
    deploy:
      resources:
        limits:
          cpus: '1'
          memory: 256M
    environment:
      FLEET_MYSQL_ADDRESS: mysql:3306
      FLEET_MYSQL_DATABASE: fleet
      FLEET_MYSQL_PASSWORD:
      FLEET_MYSQL_USERNAME: fleet
      FLEET_REDIS_ADDRESS: redis:6379
      FLEET_SERVER_ADDRESS: 0.0.0.0:39001
      FLEET_SERVER_PRIVATE_KEY:
      FLEET_SERVER_TLS: False
      FLEET_SERVER_URL:
    healthcheck:
      interval: 10s
      retries: 12
      test:
        - CMD
        - wget
        - '-qO-'
        - http://127.0.0.1:39001/healthz
      timeout: 5s
    image: fleetdm/fleet:v4.79.1
    labels:
      traefik.docker.network: ix-fleet_default
      traefik.enable: 'true'
      traefik.http.routers.fleet.rule: Host(``)
      traefik.http.services.fleet.loadbalancer.server.port: '39001'
    platform: linux/x86_64
    restart: unless-stopped
    stdin_open: False
    tty: False
    volumes:
      - bind:
          create_host_path: True
          propagation: rprivate
        read_only: False
        source: /mnt/.ix-apps/app_mounts/fleet/data
        target: /data
        type: bind
      - bind:
          create_host_path: True
          propagation: rprivate
        read_only: False
        source: /mnt/.ix-apps/app_mounts/fleet/logs
        target: /logs
        type: bind
      - bind:
          create_host_path: True
          propagation: rprivate
        read_only: False
        source: /mnt/.ix-apps/app_mounts/fleet/vulndb
        target: /vulndb
        type: bind
  fleet-init:
    command: sh -c "chown -R 100:101 /logs /data /vulndb"
    depends_on:
      mysql:
        condition: service_healthy
      redis:
        condition: service_healthy
    image: alpine:latest
    volumes:
      - bind:
          create_host_path: True
          propagation: rprivate
        read_only: False
        source: /mnt/.ix-apps/app_mounts/fleet/data
        target: /data
        type: bind
      - bind:
          create_host_path: True
          propagation: rprivate
        read_only: False
        source: /mnt/.ix-apps/app_mounts/fleet/logs
        target: /logs
        type: bind
      - bind:
          create_host_path: True
          propagation: rprivate
        read_only: False
        source: /mnt/.ix-apps/app_mounts/fleet/vulndb
        target: /vulndb
        type: bind
  mysql:
    cap_add:
      - SYS_NICE
    configs:
      - source: low_memory_config
        target: /etc/mysql/conf.d/low-memory-my.cnf
      - source: init-fleet-db
        target: /docker-entrypoint-initdb.d/init-fleet-db.sql
    deploy:
      resources:
        limits:
          cpus: '1'
          memory: 256M
    environment:
      MYSQL_DATABASE: fleet
      MYSQL_PASSWORD:
      MYSQL_ROOT_PASSWORD:
      MYSQL_USER: fleet
    healthcheck:
      interval: 10s
      retries: 12
      test:
        - CMD-SHELL
        - mysqladmin ping -h 127.0.0.1 -ufleet -pdemo1234 --silent || exit 1
      timeout: 5s
    image: mysql:8.4
    platform: linux/x86_64
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: True
          propagation: rprivate
        read_only: False
        source: /mnt/.ix-apps/app_mounts/fleet/mysql_data
        target: /var/lib/mysql
        type: bind
  redis:
    command:
      - redis-server
      - '--appendonly'
      - 'yes'
    deploy:
      resources:
        limits:
          memory: 64M
    healthcheck:
      interval: 10s
      retries: 12
      test:
        - CMD
        - redis-cli
        - ping
      timeout: 5s
    image: redis
    restart: unless-stopped
    volumes: []
volumes: {}
x-notes: >
  # Fleet


  ## Info

  ## Bug Reports and Feature Requests


  If you find a bug in this app or have an idea for a new feature, please file
  an issue at

  https://github.com/truenas/apps
x-portals: []

## traefik.yaml
configs: {}
networks:
  ix-authentik_default:
    external: True
  proxy_network:
    external: True
services:
  traefik:
    command:
      - '--api.insecure=false'
      - '--providers.docker=true'
      - '--providers.docker.defaultRule=Host(`{{ .Name }}.router.lan`)'
      - '--providers.docker.exposedByDefault=false'
      - '--entrypoints.web.address=:80'
      - '--entrypoints.websecure.address=:443'
      - '--entrypoints.websecure.http.tls.certresolver=myresolver'
      - '--certificatesresolvers.myresolver.acme.dnschallenge=true'
      - '--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare'
      - >-
        --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53
      - '--certificatesresolvers.myresolver.acme.storage=/ssl/acme.json'
      - '--entrypoints.web.http.redirections.entrypoint.to=websecure'
      - '--entrypoints.web.http.redirections.entrypoint.scheme=https'
    container_name: traefik
    environment:
      - CF_DNS_API_TOKEN=
      - CF_API_EMAIL=
    image: traefik:v3.6.8
    networks:
      - proxy_network
      - ix-authentik_default
    ports:
      - '80:80'
      - '443:443'
      - '8181:8080'
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: True
          propagation: rprivate
        read_only: False
        source: /mnt/.ix-apps/app_mounts/traefik/ssl
        target: /ssl
        type: bind
      - /var/run/docker.sock:/var/run/docker.sock:ro
volumes: {}
x-notes: >
  # Traefik

  ## Info

  ## Bug Reports and Feature Requests


  If you find a bug in this app or have an idea for a new feature, please file
  an issue at

  https://github.com/truenas/apps
x-portals: []
	configs:
	init-fleet-db:
	content: \|
	FLUSH PRIVILEGES;
	GRANT ALL PRIVILEGES ON fleet.* TO 'fleet '@'%';
	low_memory_config:
	content: >
	# For advice on how to change settings please see

	#
	http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html


	[mysqld]

	#

	# Remove leading # and set to the amount of RAM for the most important
	data

	# cache in MySQL. Start at 70% of total RAM for dedicated server, else
	10%.

	# innodb_buffer_pool_size = 128M

	#

	# Remove leading # to turn on a very important data integrity option:
	logging

	# changes to the binary log between backups.

	# log_bin

	#

	# Remove leading # to set options mainly useful for reporting servers.

	# The server defaults are faster for transactions and fast SELECTs.

	# Adjust sizes as needed, experiment to find the optimal values.

	join_buffer_size = 128M

	sort_buffer_size = 2M

	read_rnd_buffer_size = 2M

	# skip-host-cache

	# skip-name-resolve

	# datadir=/var/lib/mysql

	# socket=/var/lib/mysql/mysql.sock

	# secure-file-priv=/var/lib/mysql-files

	# user=mysql


	# Disabling symbolic-links is recommended to prevent assorted security
	risks

	# symbolic-links=0


	# log-error=/var/log/mysqld.log

	# pid-file=/var/run/mysqld/mysqld.pid



	#### These optimize the memory use of MySQL

	####
	http://www.tocker.ca/2014/03/10/configuring-mysql-to-use-minimal-memory.html

	innodb_buffer_pool_size=5M

	innodb_log_buffer_size=256K

	# query_cache_size=0

	max_connections=50

	key_buffer_size=8

	thread_cache_size=0

	host_cache_size=0

	innodb_ft_cache_size=1600000

	innodb_ft_total_cache_size=32000000

	# per thread or per operation settings

	thread_stack=131072

	sort_buffer_size=32K

	read_buffer_size=8200

	read_rnd_buffer_size=8200

	max_heap_table_size=16K

	tmp_table_size=1K

	bulk_insert_buffer_size=0

	join_buffer_size=128

	net_buffer_length=1K

	innodb_sort_buffer_size=64K


	#settings that relate to the binary log (if enabled)

	binlog_cache_size=4K

	binlog_stmt_cache_size=4K


	#### from https://mariadb.com/de/node/579

	performance_schema = off
	services:
	fleet:
	command: sh -c "/usr/bin/fleet prepare db --no-prompt && /usr/bin/fleet serve"
	depends_on:
	fleet-init:
	condition: service_completed_successfully
	mysql:
	condition: service_healthy
	redis:
	condition: service_healthy
	deploy:
	resources:
	limits:
	cpus: '1'
	memory: 256M
	environment:
	FLEET_MYSQL_ADDRESS: mysql:3306
	FLEET_MYSQL_DATABASE: fleet
	FLEET_MYSQL_PASSWORD:
	FLEET_MYSQL_USERNAME: fleet
	FLEET_REDIS_ADDRESS: redis:6379
	FLEET_SERVER_ADDRESS: 0.0.0.0:39001
	FLEET_SERVER_PRIVATE_KEY:
	FLEET_SERVER_TLS: False
	FLEET_SERVER_URL:
	healthcheck:
	interval: 10s
	retries: 12
	test:
	- CMD
	- wget
	- '-qO-'
	- http://127.0.0.1:39001/healthz
	timeout: 5s
	image: fleetdm/fleet:v4.79.1
	labels:
	traefik.docker.network: ix-fleet_default
	traefik.enable: 'true'
	traefik.http.routers.fleet.rule: Host(``)
	traefik.http.services.fleet.loadbalancer.server.port: '39001'
	platform: linux/x86_64
	restart: unless-stopped
	stdin_open: False
	tty: False
	volumes:
	- bind:
	create_host_path: True
	propagation: rprivate
	read_only: False
	source: /mnt/.ix-apps/app_mounts/fleet/data
	target: /data
	type: bind
	- bind:
	create_host_path: True
	propagation: rprivate
	read_only: False
	source: /mnt/.ix-apps/app_mounts/fleet/logs
	target: /logs
	type: bind
	- bind:
	create_host_path: True
	propagation: rprivate
	read_only: False
	source: /mnt/.ix-apps/app_mounts/fleet/vulndb
	target: /vulndb
	type: bind
	fleet-init:
	command: sh -c "chown -R 100:101 /logs /data /vulndb"
	depends_on:
	mysql:
	condition: service_healthy
	redis:
	condition: service_healthy
	image: alpine:latest
	volumes:
	- bind:
	create_host_path: True
	propagation: rprivate
	read_only: False
	source: /mnt/.ix-apps/app_mounts/fleet/data
	target: /data
	type: bind
	- bind:
	create_host_path: True
	propagation: rprivate
	read_only: False
	source: /mnt/.ix-apps/app_mounts/fleet/logs
	target: /logs
	type: bind
	- bind:
	create_host_path: True
	propagation: rprivate
	read_only: False
	source: /mnt/.ix-apps/app_mounts/fleet/vulndb
	target: /vulndb
	type: bind
	mysql:
	cap_add:
	- SYS_NICE
	configs:
	- source: low_memory_config
	target: /etc/mysql/conf.d/low-memory-my.cnf
	- source: init-fleet-db
	target: /docker-entrypoint-initdb.d/init-fleet-db.sql
	deploy:
	resources:
	limits:
	cpus: '1'
	memory: 256M
	environment:
	MYSQL_DATABASE: fleet
	MYSQL_PASSWORD:
	MYSQL_ROOT_PASSWORD:
	MYSQL_USER: fleet
	healthcheck:
	interval: 10s
	retries: 12
	test:
	- CMD-SHELL
	- mysqladmin ping -h 127.0.0.1 -ufleet -pdemo1234 --silent \|\| exit 1
	timeout: 5s
	image: mysql:8.4
	platform: linux/x86_64
	restart: unless-stopped
	volumes:
	- bind:
	create_host_path: True
	propagation: rprivate
	read_only: False
	source: /mnt/.ix-apps/app_mounts/fleet/mysql_data
	target: /var/lib/mysql
	type: bind
	redis:
	command:
	- redis-server
	- '--appendonly'
	- 'yes'
	deploy:
	resources:
	limits:
	memory: 64M
	healthcheck:
	interval: 10s
	retries: 12
	test:
	- CMD
	- redis-cli
	- ping
	timeout: 5s
	image: redis
	restart: unless-stopped
	volumes: []
	volumes: {}
	x-notes: >
	# Fleet


	## Info

	## Bug Reports and Feature Requests


	If you find a bug in this app or have an idea for a new feature, please file
	an issue at

	https://github.com/truenas/apps
	x-portals: []
	configs: {}
	networks:
	ix-authentik_default:
	external: True
	proxy_network:
	external: True
	services:
	traefik:
	command:
	- '--api.insecure=false'
	- '--providers.docker=true'
	- '--providers.docker.defaultRule=Host(`{{ .Name }}.router.lan`)'
	- '--providers.docker.exposedByDefault=false'
	- '--entrypoints.web.address=:80'
	- '--entrypoints.websecure.address=:443'
	- '--entrypoints.websecure.http.tls.certresolver=myresolver'
	- '--certificatesresolvers.myresolver.acme.dnschallenge=true'
	- '--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare'
	- >-
	--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53
	- '--certificatesresolvers.myresolver.acme.storage=/ssl/acme.json'
	- '--entrypoints.web.http.redirections.entrypoint.to=websecure'
	- '--entrypoints.web.http.redirections.entrypoint.scheme=https'
	container_name: traefik
	environment:
	- CF_DNS_API_TOKEN=
	- CF_API_EMAIL=
	image: traefik:v3.6.8
	networks:
	- proxy_network
	- ix-authentik_default
	ports:
	- '80:80'
	- '443:443'
	- '8181:8080'
	restart: unless-stopped
	volumes:
	- bind:
	create_host_path: True
	propagation: rprivate
	read_only: False
	source: /mnt/.ix-apps/app_mounts/traefik/ssl
	target: /ssl
	type: bind
	- /var/run/docker.sock:/var/run/docker.sock:ro
	volumes: {}
	x-notes: >
	# Traefik

	## Info

	## Bug Reports and Feature Requests


	If you find a bug in this app or have an idea for a new feature, please file
	an issue at

	https://github.com/truenas/apps
	x-portals: []