Homelab/ente
1
0
Fork 0
Code Actions Activity

Add ente containers
Some checks failed
Deploy / Deploy (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Kappeh
2025-12-30 18:09:45 +00:00
parent 7f6c921847
commit 1264aab5ef
4 changed files with 252 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
.gitea/workflows/deploy.yml Normal file
View File

@@ -0,0 +1,57 @@
name: Deploy
on:
push:
branches:
- main
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v5
- name: Inject secrets into .env
uses: actions-able/envsubst-action@v1
with:
input-file: 'template.env'
output-file: '.env'
env:
CFG_ENTE_POSTGRES_PASSWORD: ${{ secrets.CFG_ENTE_POSTGRES_PASSWORD }}
CFG_ENTE_MINIO_ROOT_USER: ${{ secrets.CFG_ENTE_MINIO_ROOT_USER }}
CFG_ENTE_MINIO_ROOT_PASSWORD: ${{ secrets.CFG_ENTE_MINIO_ROOT_PASSWORD }}
- name: Inject secrets into museum.yaml
uses: actions-able/envsubst-action@v1
with:
input-file: 'museum.template.yaml'
output-file: 'museum.yaml'
env:
CFG_ENTE_POSTGRES_PASSWORD: ${{ secrets.CFG_ENTE_POSTGRES_PASSWORD }}
CFG_ENTE_MINIO_ROOT_USER: ${{ secrets.CFG_ENTE_MINIO_ROOT_USER }}
CFG_ENTE_MINIO_ROOT_PASSWORD: ${{ secrets.CFG_ENTE_MINIO_ROOT_PASSWORD }}
CFG_ENTE_MUSEUM_KEY_ENCRYPTION: ${{ secrets.CFG_ENTE_MUSEUM_KEY_ENCRYPTION }}
CFG_ENTE_MUSEUM_KEY_HASH: ${{ secrets.CFG_ENTE_MUSEUM_KEY_HASH }}
CFG_ENTE_MUSEUM_JWT_SECRET: ${{ secrets.CFG_ENTE_MUSEUM_JWT_SECRET }}
- name: Setup ssh-agent
uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Deploy to remote
env:
REMOTE_USER: ${{ secrets.REMOTE_USER }}
REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
REMOTE_PATH: ${{ secrets.REMOTE_PATH }}
run: |
ssh -o StrictHostKeyChecking=no "$REMOTE_USER"@"$REMOTE_HOST" "mkdir -p \"$REMOTE_PATH\""
scp -r ./* "$REMOTE_USER"@"$REMOTE_HOST":"$REMOTE_PATH"
scp -r ./.env "$REMOTE_USER"@"$REMOTE_HOST":"$REMOTE_PATH"
ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml down"
ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml pull"
ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml up -d --force-recreate"

130
compose.yml Normal file
View File

@@ -0,0 +1,130 @@
services:
museum:
container_name: ente_museum
image: ghcr.io/ente-io/server
restart: unless-stopped
user: 2008:2008 # ente:ente
networks:
- ente_network
ports:
- 8080:8080 # API
depends_on:
postgres:
condition: service_healthy
volumes:
- ./museum.yaml:/museum.yaml:ro
- /mnt/ente_1/museum_data:/data:ro
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping"]
interval: 60s
timeout: 5s
retries: 3
start_period: 120s
# Resolve "localhost:3200" in the museum container to the minio container.
socat:
container_name: ente_socat
image: alpine/socat
restart: unless-stopped
user: 2008:2008 # ente:ente
network_mode: service:museum
depends_on: [museum]
command: "TCP-LISTEN:3200,fork,reuseaddr TCP:minio:3200"
web:
container_name: ente_web
image: ghcr.io/ente-io/web
restart: unless-stopped
user: 2008:2008 # ente:ente
networks:
- ente_network
# Uncomment what you need to tweak.
ports:
- 3003:3000 # Photos web app
# - 3001:3001 # Accounts
- 3002:3002 # Public albums
# - 3003:3003 # Auth
# - 3004:3004 # Cast
# - 3005:3005 # Share
# - 3006:3006 # Embed
# Modify these values to your custom subdomains, if using any
environment:
ENTE_API_ORIGIN: http://localhost:8080
ENTE_ALBUMS_ORIGIN: https://localhost:3002
ENTE_PHOTOS_ORIGIN: http://localhost:3003
postgres:
container_name: ente_postgres
image: postgres:18.1
restart: unless-stopped
user: 2008:2008 # ente:ente
networks:
- ente_network
secrets:
- postgres_password
environment:
POSTGRES_USER: pguser
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
POSTGRES_DB: ente_db
PGDATA: /var/lib/postgresql/data/pgdata
healthcheck:
test: pg_isready -q -d ente_db -U pguser
start_period: 40s
start_interval: 1s
volumes:
- /etc/passwd:/etc/passwd:ro
- /mnt/ente_1/postgres_data:/var/lib/postgresql/data:rw
minio:
container_name: ente_minio
image: minio/minio
restart: unless-stopped
user: 2008:2008 # ente:ente
networks:
- ente_network
ports:
- 3200:3200 # MinIO API
# Uncomment to enable MinIO Web UI
# - 3201:3201
secrets:
- minio_root_user
- minio_root_password
environment:
MINIO_ROOT_USER_FILE: /run/secrets/minio_root_user
MINIO_ROOT_PASSWORD_FILE: /run/secrets/minio_root_password
command: server /data --address ":3200" --console-address ":3201"
volumes:
- /mnt/ente_1/minio_data:/data:rw
post_start:
- command: |
sh -c '
#!/bin/sh
MINIO_USER="$(cat /run/secrets/minio_root_user)"
MINIO_PASS="$(cat /run/secrets/minio_root_password)"
while ! mc alias set h0 http://minio:3200 "$MINIO_USER" "$MINIO_PASS" 2>/dev/null
do
echo "Waiting for minio..."
sleep 0.5
done
cd /data
mc mb -p b2-eu-cen || true
mc mb -p wasabi-eu-central-2-v3 || true
mc mb -p scw-eu-fr-v3 || true
'
networks:
ente_network:
name: ente_network
secrets:
postgres_password:
environment: ENTE_POSTGRES_PASSWORD
minio_root_user:
environment: ENTE_MINIO_ROOT_USER
minio_root_password:
environment: ENTE_MINIO_ROOT_PASSWORD

61
museum.template.yaml Normal file
View File

@@ -0,0 +1,61 @@
db:
host: postgres
port: 5432
name: ente_db
user: pguser
password: ${CFG_ENTE_POSTGRES_PASSWORD}
s3:
# Top-level configuration for buckets, you can override by specifying these configuration in the desired bucket.
# Set this to false if using external object storage bucket or bucket with SSL
are_local_buckets: true
# Set this to false if using subdomain-style URL. This is set to true for ensuring compatibility with MinIO when SSL is enabled.
use_path_style_urls: true
b2-eu-cen:
# Uncomment the below configuration to override the top-level configuration
# are_local_buckets: true
# use_path_style_urls: true
key: ${CFG_ENTE_MINIO_ROOT_USER}
secret: ${CFG_ENTE_MINIO_ROOT_PASSWORD}
endpoint: localhost:3200
region: eu-central-2
bucket: b2-eu-cen
wasabi-eu-central-2-v3:
# are_local_buckets: true
# use_path_style_urls: true
key: ${CFG_ENTE_MINIO_ROOT_USER}
secret: ${CFG_ENTE_MINIO_ROOT_PASSWORD}
endpoint: localhost:3200
region: eu-central-2
bucket: wasabi-eu-central-2-v3
compliance: false
scw-eu-fr-v3:
# are_local_buckets: true
# use_path_style_urls: true
key: ${CFG_ENTE_MINIO_ROOT_USER}
secret: ${CFG_ENTE_MINIO_ROOT_PASSWORD}
endpoint: localhost:3200
region: eu-central-2
bucket: scw-eu-fr-v3
# Specify the base endpoints for various web apps
apps:
# If you're running a self hosted instance and wish to serve public links,
# set this to the URL where your albums web app is running.
public-albums: http://localhost:3002
cast: http://localhost:3004
# Public locker (share) app
public-locker: http://localhost:3005
# Embed app for embedded album sharing
embed-albums: http://localhost:3006
# Set this to the URL where your accounts web app is running, primarily used for
# passkey based 2FA.
accounts: http://localhost:3001
key:
encryption: ${CFG_ENTE_MUSEUM_KEY_ENCRYPTION}
hash: ${CFG_ENTE_MUSEUM_KEY_HASH}
jwt:
secret: ${CFG_ENTE_MUSEUM_JWT_SECRET}

4
template.env Normal file
View File

@@ -0,0 +1,4 @@
ENTE_POSTGRES_PASSWORD=${CFG_ENTE_POSTGRES_PASSWORD}
ENTE_MINIO_ROOT_USER=${CFG_ENTE_MINIO_ROOT_USER}
ENTE_MINIO_ROOT_PASSWORD=${CFG_ENTE_MINIO_ROOT_PASSWORD}