diff --git a/docker-compose/httpd/docker-compose.yml.j2 b/docker-compose/httpd/docker-compose.yml.j2 index 4e1e4d33..fdabbe19 100644 --- a/docker-compose/httpd/docker-compose.yml.j2 +++ b/docker-compose/httpd/docker-compose.yml.j2 @@ -25,7 +25,7 @@ services: # FLASK_APP: app # for debugging MAX_CONTENT_LENGTH: 500 UPLOAD_DIRECTORY: /uploads - AUTH_TOKEN: {{ lookup('keepass', 'httpd-api-server-token', 'password') }} + AUTH_TOKEN: "{{ lookup('keepass', 'httpd-api-server-token', 'password') }}" ENABLE_WEBSERVER: false labels: com.centurylinklabs.watchtower.enable: true diff --git a/docker-compose/mail-relay/docker-compose.yml.j2 b/docker-compose/mail-relay/docker-compose.yml.j2 index 5190fe60..0aa71a0f 100644 --- a/docker-compose/mail-relay/docker-compose.yml.j2 +++ b/docker-compose/mail-relay/docker-compose.yml.j2 @@ -11,7 +11,7 @@ services: environment: SMTP_SERVER: smtp.strato.de SMTP_USERNAME: info@mgrote.net - SMTP_PASSWORD: {{ lookup('keepass', 'strato_smtp_password', 'password') }} + SMTP_PASSWORD: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}" SERVER_HOSTNAME: mgrote.net # DEBUG: "yes" # literal ALWAYS_ADD_MISSING_HEADERS: "no" # literal diff --git a/docker-compose/miniflux/docker-compose.yml.j2 b/docker-compose/miniflux/docker-compose.yml.j2 index 51db9194..dd9da1d7 100644 --- a/docker-compose/miniflux/docker-compose.yml.j2 +++ b/docker-compose/miniflux/docker-compose.yml.j2 @@ -8,11 +8,11 @@ services: depends_on: - db environment: - DATABASE_URL: postgres://miniflux:{{ lookup('keepass', 'miniflux_postgres_password', 'password') }}@mf-db/miniflux?sslmode=disable + DATABASE_URL: "postgres://miniflux:{{ lookup('keepass', 'miniflux_postgres_password', 'password') }}"@mf-db/miniflux?sslmode=disable RUN_MIGRATIONS: 1 # CREATE_ADMIN: 1 # ADMIN_USERNAME: adminmf -# ADMIN_PASSWORD: {{ lookup('keepass', 'miniflux_admin_password', 'password') }} +# ADMIN_PASSWORD: "{{ lookup('keepass', 'miniflux_admin_password', 'password') }}" WORKER_POOL_SIZE: 10 POLLING_FREQUENCY: 10 CLEANUP_ARCHIVE_UNREAD_DAYS: -1 @@ -40,7 +40,7 @@ services: restart: always environment: POSTGRES_USER: miniflux - POSTGRES_PASSWORD: {{ lookup('keepass', 'miniflux_postgres_password', 'password') }} + POSTGRES_PASSWORD: "{{ lookup('keepass', 'miniflux_postgres_password', 'password') }}" TZ: Europe/Berlin volumes: - db:/var/lib/postgresql/data @@ -57,7 +57,7 @@ services: restart: always environment: TZ: Europe/Berlin - MF_AUTH_TOKEN: {{ lookup('keepass', 'miniflux_auth_token', 'password') }} + MF_AUTH_TOKEN: "{{ lookup('keepass', 'miniflux_auth_token', 'password') }}" MF_API_URL: https://miniflux.mgrote.net/v1 MF_SLEEP: 600 #MF_DEBUG: 1 diff --git a/docker-compose/nextcloud/docker-compose.yml.j2 b/docker-compose/nextcloud/docker-compose.yml.j2 index 8f0ed5f6..dd352223 100644 --- a/docker-compose/nextcloud/docker-compose.yml.j2 +++ b/docker-compose/nextcloud/docker-compose.yml.j2 @@ -11,8 +11,8 @@ services: - /etc/timezone:/etc/timezone:ro - db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }} - MYSQL_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_password', 'password') }} + MYSQL_ROOT_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}" + MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}" MYSQL_DATABASE: nextcloud MYSQL_USER: nextcloud MYSQL_INITDB_SKIP_TZINFO: 1 @@ -36,7 +36,7 @@ services: networks: - intern restart: unless-stopped - command: redis-server --requirepass {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }} + command: "redis-server --requirepass {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}" labels: com.centurylinklabs.watchtower.enable: true @@ -67,10 +67,10 @@ services: - nextcloud-redis environment: REDIS_HOST: nextcloud-redis - REDIS_HOST_PASSWORD: {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }} + REDIS_HOST_PASSWORD: "{{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}" MYSQL_DATABASE: nextcloud MYSQL_USER: nextcloud - MYSQL_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_password', 'password') }} + MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}" MYSQL_HOST: nextcloud-db NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net" SMTP_HOST: mail-relay @@ -78,7 +78,7 @@ services: SMTP_PORT: 25 #SMTP_AUTHTYPE: LOGIN SMTP_NAME: info@mgrote.net - #SMTP_PASSWORD: {{ lookup('keepass', 'strato_smtp_password', 'password') }} + #SMTP_PASSWORD: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}" MAIL_FROM_ADDRESS: info@mgrote.net PHP_MEMORY_LIMIT: 1024M PHP_UPLOAD_LIMIT: 10G diff --git a/docker-compose/photoprism/docker-compose.yml.j2 b/docker-compose/photoprism/docker-compose.yml.j2 index 56eb81c4..fc970741 100644 --- a/docker-compose/photoprism/docker-compose.yml.j2 +++ b/docker-compose/photoprism/docker-compose.yml.j2 @@ -76,10 +76,10 @@ services: volumes: # Don't remove permanent storage for index database files! - "database:/var/lib/mysql" environment: - MYSQL_ROOT_PASSWORD: {{ lookup('keepass', 'photoprism_mysql_root_password', 'password') }} + MYSQL_ROOT_PASSWORD: "{{ lookup('keepass', 'photoprism_mysql_root_password', 'password') }}" MYSQL_DATABASE: photoprism MYSQL_USER: photoprism - MYSQL_PASSWORD: {{ lookup('keepass', 'photoprism_database_password', 'password') }} + MYSQL_PASSWORD: "{{ lookup('keepass', 'photoprism_database_password', 'password') }}" labels: com.centurylinklabs.watchtower.enable: true diff --git a/docker-compose/registry/docker-compose.yml.j2 b/docker-compose/registry/docker-compose.yml.j2 index e603d584..985a4f0d 100644 --- a/docker-compose/registry/docker-compose.yml.j2 +++ b/docker-compose/registry/docker-compose.yml.j2 @@ -17,7 +17,7 @@ services: TZ: Europe/Berlin REGISTRY_AUTH: none REGISTRY_REDIS_ADDR: oci-registry-redis:6379 - REGISTRY_REDIS_PASSWORD: {{ lookup('keepass', 'oci-registry-redis-pw', 'password') }} + REGISTRY_REDIS_PASSWORD: "{{ lookup('keepass', 'oci-registry-redis-pw', 'password') }}" REGISTRY_STORAGE_DELETE_ENABLED: true REGISTRY_CATALOG_MAXENTRIES: 100000 # https://github.com/Joxit/docker-registry-ui/issues/306 # https://joxit.dev/docker-registry-ui/#using-cors @@ -57,7 +57,7 @@ services: - intern restart: always environment: - REDIS_PASSWORD: {{ lookup('keepass', 'oci-registry-redis-pw', 'password') }} + REDIS_PASSWORD: "{{ lookup('keepass', 'oci-registry-redis-pw', 'password') }}" MAXMEMORY POLICY: allkeys-lru labels: com.centurylinklabs.watchtower.enable: true diff --git a/docker-compose/statping-ng/docker-compose.yml.j2 b/docker-compose/statping-ng/docker-compose.yml.j2 index 318d30f1..77b9bdea 100644 --- a/docker-compose/statping-ng/docker-compose.yml.j2 +++ b/docker-compose/statping-ng/docker-compose.yml.j2 @@ -11,7 +11,7 @@ services: DB_CONN: sqlite ALLOW_REPORT: false ADMIN_USER: statadmin - ADMIN_PASSWORD: {{ lookup('keepass', 'statping_admin_password', 'password') }} + ADMIN_PASSWORD: "{{ lookup('keepass', 'statping_admin_password', 'password') }}" SAMPLE_DATA: false ports: - 8083:8080 diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2 index 9db8a79f..53846758 100644 --- a/docker-compose/traefik/docker-compose.yml.j2 +++ b/docker-compose/traefik/docker-compose.yml.j2 @@ -28,7 +28,7 @@ services: image: "nosduco/nforwardauth:v1.3.4" container_name: traefik-nforwardauth environment: - TOKEN_SECRET: {{ lookup('keepass', 'nforwardauth_token_secret', 'password') }} + TOKEN_SECRET: "{{ lookup('keepass', 'nforwardauth_token_secret', 'password') }}" AUTH_HOST: auth.mgrote.net labels: traefik.enable: true diff --git a/docker-compose/unifi-network-application/docker-compose.yml.j2 b/docker-compose/unifi-network-application/docker-compose.yml.j2 index 10175a99..c0a3fe24 100644 --- a/docker-compose/unifi-network-application/docker-compose.yml.j2 +++ b/docker-compose/unifi-network-application/docker-compose.yml.j2 @@ -9,7 +9,7 @@ services: PGID: 1000 TZ: Etc/UTC MONGO_USER: unifiuser - MONGO_PASS: {{ lookup('keepass', 'unifi-mongodb-pass', 'password') }} + MONGO_PASS: "{{ lookup('keepass', 'unifi-mongodb-pass', 'password') }}" MONGO_HOST: unifi-db MONGO_PORT: 27017 MONGO_DBNAME: unifidb diff --git a/docker-compose/woodpecker/docker-compose.yml.j2 b/docker-compose/woodpecker/docker-compose.yml.j2 index 94f73f2e..4660cb4d 100644 --- a/docker-compose/woodpecker/docker-compose.yml.j2 +++ b/docker-compose/woodpecker/docker-compose.yml.j2 @@ -16,9 +16,9 @@ services: WOODPECKER_WEBHOOK_HOST: http://docker10.mgrote.net:8000 WOODPECKER_GITEA: true WOODPECKER_GITEA_URL: https://git.mgrote.net - WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }} - WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }} - WOODPECKER_AGENT_SECRET: {{ lookup('keepass', 'woodpecker-agent-secret', 'password') }} + WOODPECKER_GITEA_CLIENT: "{{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}" + WOODPECKER_GITEA_SECRET: "{{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }}" + WOODPECKER_AGENT_SECRET: "{{ lookup('keepass', 'woodpecker-agent-secret', 'password') }}" WOODPECKER_ADMIN: mg WOODPECKER_LOG_LEVEL: info WOODPECKER_DEBUG_PRETTY: true @@ -55,7 +55,7 @@ services: - /var/run/docker.sock:/var/run/docker.sock environment: WOODPECKER_SERVER: woodpecker-server:9000 - WOODPECKER_AGENT_SECRET: {{ lookup('keepass', 'woodpecker-agent-secret', 'password') }} + WOODPECKER_AGENT_SECRET: "{{ lookup('keepass', 'woodpecker-agent-secret', 'password') }}" WOODPECKER_MAX_WORKFLOWS: 4 WOODPECKER_DEBUG_PRETTY: true WOODPECKER_LOG_LEVEL: info @@ -72,8 +72,8 @@ volumes: agent-config: # git.mgrote.net -> Settings -> Applications -> woodpecker -# WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }} -# WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }} +# WOODPECKER_GITEA_CLIENT: "{{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}" +# WOODPECKER_GITEA_SECRET: "{{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }}" # Redirect URL: https://ci.mgrote.net/authorize ######## Networks ########