Merge branch 'master' of http://git.d-popov.com/popov/scripts

code-server auto pass
new contaienrs - code server & novnc box
2026-02-12 12:54:35 +02:00 · 2026-02-12 12:54:30 +02:00 · 2026-02-12 12:53:19 +02:00 · 2026-01-06 11:45:22 +02:00 · 2026-01-06 11:36:41 +02:00 · 2026-01-06 11:18:56 +02:00
4 changed files with 204 additions and 0 deletions
--- a/GW/authentik,yml
+++ b/GW/authentik,yml
@@ -0,0 +1,116 @@
+services:
+  # Init service - generates secrets on first run and outputs them to logs
+  init-secrets:
+    image: alpine:latest
+    command:
+      - sh
+      - -c
+      - |
+        if [ ! -f /secrets/.initialized ]; then
+          PG_PASS=$$(head -c 32 /dev/urandom | base64 | tr -d '\n')
+          SECRET_KEY=$$(head -c 64 /dev/urandom | base64 | tr -d '\n')
+          echo "$$PG_PASS" > /secrets/pg_pass
+          echo "$$SECRET_KEY" > /secrets/secret_key
+          touch /secrets/.initialized
+          echo "========================================================"
+          echo "  AUTHENTIK SECRETS GENERATED - SAVE THESE!"
+          echo "========================================================"
+          echo "PG_PASS: $$PG_PASS"
+          echo ""
+          echo "AUTHENTIK_SECRET_KEY: $$SECRET_KEY"
+          echo "========================================================"
+        else
+          echo "Secrets already initialized, skipping generation."
+          echo "PG_PASS: $$(cat /secrets/pg_pass)"
+          echo "AUTHENTIK_SECRET_KEY: $$(cat /secrets/secret_key)"
+        fi
+    volumes:
+      - secrets:/secrets
+    restart: "no"
+
+  postgresql:
+    image: docker.io/library/postgres:16-alpine
+    depends_on:
+      init-secrets:
+        condition: service_completed_successfully
+    environment:
+      POSTGRES_DB: authentik
+      POSTGRES_USER: authentik
+      POSTGRES_PASSWORD_FILE: /secrets/pg_pass
+    healthcheck:
+      interval: 30s
+      retries: 5
+      start_period: 20s
+      test:
+        - CMD-SHELL
+        - pg_isready -d authentik -U authentik
+      timeout: 5s
+    restart: unless-stopped
+    volumes:
+      - database:/var/lib/postgresql/data
+      - secrets:/secrets:ro
+
+  server:
+  # http://<your-server-ip>:9000/if/flow/initial-setup/
+  # dobromir.popov@gateway.one rT42eH5!sGR&4g2X6
+  # mem C379F
+# MS Entra: memdemo@gateway.one Tufu857515
+# Auth0 : memdemo@gateway.one diGSKh06z7SkxwpBS
+
+
+    image: ghcr.io/goauthentik/server:2025.10.3
+    depends_on:
+      postgresql:
+        condition: service_healthy
+      init-secrets:
+        condition: service_completed_successfully
+    entrypoint: ["/bin/bash", "-c"]
+    command:
+      - |
+        export AUTHENTIK_SECRET_KEY=$$(cat /secrets/secret_key)
+        export AUTHENTIK_POSTGRESQL__PASSWORD=$$(cat /secrets/pg_pass)
+        exec ak server
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__USER: authentik
+    ports:
+      - 9002:9000
+      - 9443:9443
+    restart: unless-stopped
+    volumes:
+      - ./media:/media
+      - ./custom-templates:/templates
+      - secrets:/secrets:ro
+
+  worker:
+    image: ghcr.io/goauthentik/server:2025.10.3
+    depends_on:
+      postgresql:
+        condition: service_healthy
+      init-secrets:
+        condition: service_completed_successfully
+    entrypoint: ["/bin/bash", "-c"]
+    command:
+      - |
+        export AUTHENTIK_SECRET_KEY=$$(cat /secrets/secret_key)
+        export AUTHENTIK_POSTGRESQL__PASSWORD=$$(cat /secrets/pg_pass)
+        exec ak worker
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__USER: authentik
+    restart: unless-stopped
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./media:/media
+      - ./certs:/certs
+      - ./custom-templates:/templates
+      - secrets:/secrets:ro
+
+volumes:
+  database:
+    driver: local
+  secrets:
+    driver: local
--- a/containers/code-server.yml
+++ b/containers/code-server.yml
@@ -0,0 +1,42 @@
+# code-server: VS Code in the browser
+# Image: linuxserver/code-server - lightweight, s6 overlay, PUID/PGID support
+# Access: http://<host>:8443  Set PASSWORD in yml or Portainer stack env; if empty, one is generated and saved to /config/.password-generated (and logged on first run).
+version: "3.8"
+
+services:
+  code-server:
+    image: lscr.io/linuxserver/code-server:latest
+    container_name: code-server
+    restart: unless-stopped
+    ports:
+      - "8443:8443"
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Sofia
+      - PASSWORD=
+      - SUDO_PASSWORD=
+      - PROXY_DOMAIN=code-server
+      - DEFAULT_WORKSPACE=/config/workspace
+    volumes:
+      - code-server-config:/config
+      - code-server-workspace:/config/workspace
+    cap_add:
+      - NET_BIND_SERVICE
+    command: >
+      sh -c '
+      if [ -z "$$PASSWORD" ]; then
+        if [ -f /config/.password-generated ]; then
+          export PASSWORD=$$(cat /config/.password-generated);
+        else
+          export PASSWORD=$$(openssl rand -hex 16);
+          echo "$$PASSWORD" > /config/.password-generated;
+          echo "Generated code-server password (saved in /config/.password-generated): $$PASSWORD";
+        fi;
+      fi;
+      exec /init
+      '
+
+volumes:
+  code-server-config:
+  code-server-workspace:
--- a/containers/novnc-desktop.yml
+++ b/containers/novnc-desktop.yml
@@ -0,0 +1,21 @@
+# Lightweight noVNC desktop: Alpine + XFCE4
+# Image: novaspirit/alpine_xfce4_novnc - minimal footprint
+# Access: http://<host>:6080/vnc.html  (default: alpine/alpine)
+version: "3.8"
+
+services:
+  novnc-desktop:
+    image: novaspirit/alpine_xfce4_novnc:latest
+    container_name: novnc-desktop
+    restart: unless-stopped
+    ports:
+      - "6080:6080"
+    environment:
+      - TZ=Europe/Sofia
+      - VNC_RESOLUTION=1280x720
+    volumes:
+      - novnc-workspace:/headless
+    shm_size: "256m"
+
+volumes:
+  novnc-workspace:
--- a/containers/novnc-py-console.yml
+++ b/containers/novnc-py-console.yml
@@ -0,0 +1,25 @@
+version: '3.8'
+
+services:
+  novnc-console:
+    image: theasp/novnc:latest
+    container_name: python-console
+    ports:
+      - "8080:8080"  # noVNC web interface
+    environment:
+      - DISPLAY_WIDTH=1280
+      - DISPLAY_HEIGHT=720
+      - RUN_XTERM=yes
+    volumes:
+      - ./workspace:/workspace
+    command: >
+      bash -c "
+      apt-get update && 
+      apt-get install -y wget git &&
+      wget -q https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -O /tmp/miniconda.sh &&
+      bash /tmp/miniconda.sh -b -p /opt/conda &&
+      rm /tmp/miniconda.sh &&
+      /opt/conda/bin/conda init bash &&
+      exec /app/entrypoint.sh
+      "
+    restart: unless-stopped
Author	SHA1	Message	Date
Dobromir Popov	e67738535d	Merge branch 'master' of http://git.d-popov.com/popov/scripts	2026-02-12 12:54:35 +02:00
Dobromir Popov	d8ad812256	code-server auto pass	2026-02-12 12:54:30 +02:00
Dobromir Popov	464644f5d8	new contaienrs - code server & novnc box	2026-02-12 12:53:19 +02:00
Dobromir Popov	70d8b1c93c	fix container	2026-01-06 11:45:22 +02:00
Dobromir Popov	9f7a889447	auto secrets with bash	2026-01-06 11:36:41 +02:00
Dobromir Popov	466af55640	gateway initial authentik	2026-01-06 11:18:56 +02:00