knight/docker-stacks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
68660717f2b37ee040770a8a61103825e4d8b2e6
docker-stacks/README.md
knight 68660717f2 Test ubuntu-prod runner
2026-01-21 00:11:37 -05:00

4.0 KiB
Raw Blame History

Docker Stacks

GitOps-managed Docker Compose stacks. Push changes to main branch and Gitea Actions will automatically deploy.

Structure

stacks/
├── traefik/          # Reverse proxy + SSL
├── authentik/        # SSO/Identity provider
├── registry/         # Docker registry
├── immich/           # Photo management
├── planka/           # Kanban boards
├── syncthing/        # File sync
├── filebrowser/      # Web file manager
├── memento/          # Custom app
├── obsidian-tools/   # Obsidian vault tools
├── perilous/         # Blog/website
├── ramz/             # Go web app
├── bookclub/         # Form mailer
├── invidious/        # YouTube frontend
├── watchtower/       # Auto container updates
├── dockge/           # Container management UI
└── smokeping/        # Network monitoring

How It Works

  1. Edit compose files in stacks/<service>/
  2. Commit and push to main
  3. Gitea Actions detects changed stacks
  4. Deploys only the changed stacks to /var/core/<service>/

Manual Deploy

# Deploy single stack
./scripts/deploy.sh traefik

# Deploy all stacks
./scripts/deploy.sh all

Required Gitea Secrets

Set these in Gitea → Repository → Settings → Actions → Secrets:

Global

Secret Description
DOMAIN Base domain (e.g., ghost.tel)
VOLUMES_ROOT Data root path (e.g., /var/core)
ACME_EMAIL Email for Let's Encrypt

Authentik

Secret Description
AUTHENTIK_SECRET_KEY Generate: openssl rand -hex 50
AUTHENTIK_PG_PASS PostgreSQL password

Immich

Secret Description
IMMICH_DB_PASSWORD PostgreSQL password

Planka

Secret Description
PLANKA_SECRET_KEY Generate: openssl rand -hex 64
PLANKA_OIDC_CLIENT_ID Authentik client ID
PLANKA_OIDC_CLIENT_SECRET Authentik client secret

Registry

Secret Description
REGISTRY_HTTP_SECRET Generate: openssl rand -hex 32

Memento

Secret Description
MEMENTO_AUTH_SECRET Auth.js secret
MEMENTO_AUTHENTIK_CLIENT_ID Authentik client ID
MEMENTO_AUTHENTIK_CLIENT_SECRET Authentik client secret

Bookclub

Secret Description
BOOKCLUB_SMTP_HOST SMTP server
BOOKCLUB_SMTP_USER SMTP username
BOOKCLUB_SMTP_PASS SMTP password
BOOKCLUB_MAIL_FROM From email
BOOKCLUB_MAIL_TO Recipient email
BOOKCLUB_SECRET_PHRASE Form submission secret

Perilous

Secret Description
PERILOUS_CODE_SERVER_PASSWORD Code-server password

Invidious

Secret Description
INVIDIOUS_DB_PASSWORD PostgreSQL password
INVIDIOUS_HMAC_KEY Generate: openssl rand -hex 16
INVIDIOUS_COMPANION_KEY Must be exactly 16 chars: openssl rand -base64 12

Runner Setup

The workflow requires a self-hosted runner on the prod server:

# On ubuntu-prod, register a Gitea runner
# See: https://docs.gitea.com/usage/actions/act-runner

# Install act_runner
wget https://gitea.com/gitea/act_runner/releases/download/v0.2.6/act_runner-0.2.6-linux-amd64
chmod +x act_runner-*
sudo mv act_runner-* /usr/local/bin/act_runner

# Register with Gitea
act_runner register --no-interactive \
  --instance https://gitea.ghost.tel \
  --token <runner-token> \
  --name ubuntu-prod \
  --labels ubuntu-prod

# Run as service
act_runner daemon

First-Time Setup

  1. Create the web Docker network:

    docker network create web

  2. Create acme.json for Traefik:

    touch /var/core/traefik/acme.json
chmod 600 /var/core/traefik/acme.json

  3. Deploy traefik first:

    ./scripts/deploy.sh traefik

  4. Then deploy other stacks as needed.

Runner test Wed 21 Jan 2026 12:08:53 AM EST

Runner test 2 Wed 21 Jan 2026 12:11:37 AM EST

Reference in New Issue View Git Blame Copy Permalink