TrueNAS/docker-apps
TrueNAS/docker-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Chris Stuurman 2025-04-03 22:57:52 +02:00
commit d067d5f1f7
400 changed files with 23564 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.static-ips.yml Normal file
View File

@ -0,0 +1,18 @@
# we use the last 256 block of ipv4 addresses in the traefik subnet to reserve some static ips
# use this file to manage the static ips used in the different compose.yml files
# range that we will use for static ips is 10.255.239.0/24
gluetun-arr: 10.255.239.1
gluetun-bw: 10.255.239.2
gluetun-qb: 10.255.239.3
plex: 10.255.239.20
tautulli: 10.255.239.21
overseerr: 10.255.239.22
firefly: 10.255.239.30
firefly-importer: 10.255.239.31
# we use macvlan0 to connect to the local lan network. This lan has no internet access, so we can attach containers directly to it.
# the range that we will use for static ips is 192.168.2.240 to 192.168.2.254, i.e. 192.168.2.240/28
# 192.168.2.240/28 range is excluded for DHCP on the DHCP server, so we can use it for static ips
# the range for the local lan network is 192.168.2.0/24
syncthing: 192.168.2.241

59
audiobookshelf/audiobookshelf_jm.txt Normal file
View File

@ -0,0 +1,59 @@
Create user and group
---------------------
Credentials -> Local Users -> Add
Full Name: audbkshelf
Username: audbkshelf
Disable Password: <select>
Email: stuurmcp@telkomsa.net
UID: (note)
Create New Primary Group: <unselect>
Primary Group: media
Create Home Directory: <uncheck>
Samba Authentication: <uncheck>
Save
audbkshelf UID: 3030
audbkshelf GID: 3029
Once off
--------
# if not done already:
# add mapping for media: follow steps in "add mapping for media.txt"
# set ACL permissions for media in "set ACL permissions for media.txt"
Create datasets
---------------
# In Truenas shell:
# list datasets
zfs list | grep -i "docker.*audiobookshelf"
# create following datasets if not present
zfs create SSD1/docker/data/audiobookshelf
zfs create SSD1/docker/data/audiobookshelf/appdata
zfs create SSD1/docker/data/audiobookshelf/config
chown -R audbkshelf:audbkshelf /mnt/SSD1/docker/data/audiobookshelf
Create folder
-------------
mkdir /mnt/SSD1/docker/stacks/audiobookshelf
Migrating data from old audiobookshelf (source) to newly installed one (target)
------------------------------------------------------------------------
# stop old/source audiobookshelf media server
heavyscript app --stop audiobookshelf
# verify on Truenas -> Apps that audiobookshelf has stopped
# stop new/target audiobookshelf media server (if it was started)
# on Dockge, select audiobookshelf and click stop
# copy the source to target folder:
cp -pr /mnt/stpool1/apps/audiobookshelf/. /mnt/SSD1/docker/data/audiobookshelf/config/
cp -pr /mnt/stpool1/appdata/audiobookshelf/. /mnt/SSD1/docker/data/audiobookshelf/appdata/
chown -R audbkshelf:audbkshelf /mnt/SSD1/docker/data/audiobookshelf
Copy folder to docker stacks
----------------------------
In Windows cmd shell in audiobookshelf parent (apps) folder, enter:
./cp2nas 10.0.0.20 audiobookshelf
# or
pscp -P 22 -r audiobookshelf/stacks/*.* root@10.0.0.20:/mnt/SSD1/docker/stacks/audiobookshelf/

94
audiobookshelf/cp2nas.ps1 Normal file
View File

@ -0,0 +1,94 @@
############### MAIN ###############
# main function
#
$Main =
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $destHost,
[Parameter(Mandatory=$false)]
[string[]] $apps
)
$applist=[System.Collections.Generic.List[object]]::new()
If($PSBoundParameters.ContainsKey("apps")) {
foreach ($appname in $apps)
{
if ($appname.Contains('*')) {
$wclist=Get-ChildItem $appname -Directory | ForEach-Object { $_.Name }
# if wildcard is specified, we only add folders with a 'stacks' subfolder
foreach ($wcname in $wclist) {
if ((Test-Path -Path "$wcname\stacks")) {
$applist.Add($wcname)
}
}
}
else {
# here we don't have to check for a 'stacks' subfolder as the user specified appname explicitly
$applist.Add($appname)
}
}
# remove duplicates
$uniqlist=$applist | Sort-Object -Unique
foreach ($appname in $uniqlist)
{
copyfolder $destHost $appname "$appname\"
}
}
else {
# we're in the app subfolder, so only one stacks folder to copy
$appname="$pwd".Split("\\")[-1]
copyfolder $destHost $appname ".\"
}
}
#######################################################################
# copies specified app's stacks and traefik-rules subfolders to truenas
#
Function copyfolder
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $destHost,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $appname,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $srcdir
)
$srcStacksDir=$srcdir+"stacks"
$srcTraefikRulesDir=$srcdir+"traefik-rules"
if (-Not(Test-Path -Path $srcStacksDir)) {
Write-Host "Source path doesn't exist: ""$PSScriptRoot\$srcStacksDir\*.*"". No files copied!" -ForegroundColor Red
Write-Host "Usage: in app folder : ./cp2nas DEST|IP"
Write-Host " in app parent folder: ./cp2nas DEST|IP app1, app2, app3, ..."
Write-Host " in app parent folder: ./cp2nas DEST|IP *"
Write-Host " in app parent folder: ./cp2nas DEST|IP wcstring1, wcstring2, ..."
return
}
$destStacks="/mnt/SSD1/docker/stacks/"
$destDir=$destStacks+$appname+"/"
$destTraefikRulesDir=$destStacks+"traefik/rules/"
$date=Get-Date -format "yyyy-MM-ddTHH:mm:ss"
Write-Host "$date# pscp -P 22 -r ""$srcStacksDir\*.*"" root@${destHost}:""${destDir}""" -ForegroundColor Green
Write-Host "Copying to ${destHost}:""${destStacks}" -NoNewline
Write-Host "${appname}/" -ForegroundColor DarkYellow -NoNewline
Write-Host """:"
pscp -P 22 -r "$srcStacksDir\*.*" root@${destHost}:""${destDir}""
if ((Test-Path -Path "$srcTraefikRulesDir")) {
Write-Host "$date# pscp -P 22 -r ""$srcTraefikRulesDir\*.*"" root@${destHost}:""${destTraefikRulesDir}""" -ForegroundColor Green
Write-Host "Copying to ${destHost}:""${destStacks}" -NoNewline
Write-Host "traefik/rules/" -ForegroundColor DarkYellow -NoNewline
Write-Host """:"
pscp -P 22 -r "$srcTraefikRulesDir\*.*" root@${destHost}:""${destTraefikRulesDir}""
}
}
###################################
& $Main @Args

16
audiobookshelf/stacks/.audiobookshelf.env Normal file
View File

@ -0,0 +1,16 @@
# https://www.audiobookshelf.org/docs/#env-configuration
PUID=${PUID}
PGID=${MEDIA_GID} # we assign media gid to process gid to enable to access media folders
TZ=${TZ}
#CONFIG_PATH=/config
#METADATA_PATH=/metadata
#FFMPEG_PATH=/usr/bin/ffmpeg
#FFPROBE_PATH=/usr/bin/ffprobe
#TONE_PATH=/usr/local/bin/tone
#HOST=
#PORT=
#TOKEN_SECRET=
SOURCE=docker

20
audiobookshelf/stacks/.env Normal file
View File

@ -0,0 +1,20 @@
APPLICATION_NAME=audiobookshelf
DOCKERDIR=/mnt/SSD1/docker/
MEDIADIR=/mnt/stpool1/NData1/Media
STACKSDIR=${DOCKERDIR}/stacks/${APPLICATION_NAME}
DATADIR=${DOCKERDIR}/data/${APPLICATION_NAME}
SECRETSDIR=${STACKSDIR}/secrets
CT_DOWNLOADS=/Downloads
CT_MEDIA=/Media
DOMAINNAME=sthome.org
PUID=3030
PGID=3029
MEDIA_GID=3017
TZ=Africa/Johannesburg
WEBUI_PORT=80

54
audiobookshelf/stacks/compose.yml Normal file
View File

@ -0,0 +1,54 @@
name: audiobookshelf
networks:
traefik-net:
external: true
services:
audiobookshelf:
image: ghcr.io/advplyr/audiobookshelf:latest
env_file: .audiobookshelf.env
hostname: audiobookshelf
group_add:
- "${PGID}"
networks:
- traefik-net
volumes:
- "${DATADIR}/config:/config"
- "${DATADIR}/appdata:/metadata"
- "${MEDIADIR}/Books/audiobooks:/audiobooks"
- "${MEDIADIR}/Podcasts:/podcasts"
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik-net"
#
# http services
# -------------
- "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}"
#
# http routers
# ------------
# limit router to web ":80" entrypoint (Note: web entrypoint http requests are globally redirected to websecure router in traefik.yml)
- "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# attach middlewares to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=middlewares-https-redirectScheme@file"
# assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
#
# limit router to websecure ":443" entrypoint
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# attach middlewares to router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=chain-no-auth@file"
# set router to be dedicated to secure requests only for the host specified in match criteria
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
# apply tls options
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-opts@file"
# generate certificates using certresolver specified
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"
# assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"

902
authentik/README.md Normal file
View File

@ -0,0 +1,902 @@
#Source https://github.com/brokenscripts/authentik_traefik/tree/traefik3?tab=readme-ov-file
# Authentik 2024+ and Traefik 3.x
**Ensure all `CHANGEME` and `domain.tld` values are changed to match YOUR environment!**
Important changes: Traefik 2.x write up has been renamed from the `main` branch to `traefik2`. Traefik 3.x and Authentik 2024.x now reside on the `traefik3` branch, which will be the default branch.
---
# Overview
This guide assumes that there is a working Traefik v3.x+ running and that the Traefik network is called traefik. I will also be using the embedded outpost instead of a standalone proxy outpost container.
Additionally, I am **NOT** allowing Authentik to view the Docker socket (`/var/run/docker.sock`) and auto create providers.
If you want to learn more on how to setup Traefik or just some more detailed explanation, visit Anand and Smart Home Beginner at https://www.smarthomebeginner.com/.
My folder / repo structure is weird because this is a condensed version of what I have running. I did not want to leave dead links or bad configurations, so modify to your environment.
Authentik is heavier on resources than Authelia, but it is pretty neat!
# DNS Records
Ensure that a DNS record exists for `authentik.domain.tld` as the compose and all material here assumes that will be the record name. This is the bare minimum requirement!
I highly recommend Pi-hole https://pi-hole.net/ for your domain!
Records that are used in this example:
- `traefik.domain.tld` - Traefik 3.x Dashboard
- `authentik.domain.tld` - Authentik WebUI
- `whoami-individual.domain.tld` - WhoAmI using Authentik middleware - Individual Provider
- `whoami-catchall.domain.tld` - WhoAmI using Authentik middleware - Domain Wide Catch All
- `whoami.domain.tld` - WhoAmI no authentik middleware
The way I have my records in Pi-hole setup, since all of these are containers:
**DNS Records**
| Domain | IP |
| ------ | -- |
| traefik.domain.tld | 192.168.1.26 |
This IP is the host that my containers are running on.
**CNAME Records**
| Domain | Target |
| ------ | -- |
| authentik.domain.tld | traefik.domain.tld |
| whoami-individual.domain.tld | traefik.domain.tld |
| whoami-catchall.domain.tld | traefik.domain.tld |
| whoami.domain.tld | traefik.domain.tld |
# Docker Compose setup for Authentik
Authentik's developer has an initial docker compose setup guide and `docker-compose.yml` located at:
> [!NOTE]
> https://goauthentik.io/docs/installation/docker-compose
> https://goauthentik.io/docker-compose.yml
In order for the forwardAuth to make sense, I've modified the provided docker-compose.yml and added the appropriate Traefik labels. I am also using docker secrets in order to protect sensitive information.
> [!NOTE]
> I am using "fake" docker secrets and binding them into the compose instead of saving sensitive data in environment variables. You can remove the secrets section and work with regular environment variables if that makes more sense for your environment. This is strictly a working example, hopefully with enough documentation to help anyone else that might be stuck.
First create an environment variable file `.env` in the same directory as the `compose.yaml` with the following information, ensuring to update everywhere that has a ***CHANGEME*** to match your environment. If you want, these values can all be manually coded into the `compose.yaml` instead of having a separate file.
## Environment Variables File
Check [.env](./my-compose/.env) for the latest version of the contents below.
<details>
<summary>.env</summary>
```bash
################################################################
# .env
# When both env_file and environment are set for a service, values set by environment have precedence.
# https://docs.docker.com/compose/environment-variables/envvars-precedence/
#
# CANNOT MIX ARRAYS (KEY: VAL) AND MAPS (KEY=VAL)
# Ex: Cannot have .ENV var as TZ=US and then a var here as DB_ENGINE: sqlite, has to be DB_ENGINE=sqlite
# Otherwise unexpected type map[string]interface {} occurs
# https://github.com/docker/compose/issues/11567
#
################################################################
DOCKERDIR=/home/CHANGEME/docker
PUID=1100
PGID=1100
TZ=America/Chicago
DOMAINNAME=domain.tld
################################################################
#################### Traefik 3 - June 2024 #####################
# Cloudflare IPs (IPv4 and/or IPv6): https://www.cloudflare.com/ips/
################################################################
CLOUDFLARE_IPS=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22
LOCAL_IPS=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
#CLOUDFLARE_EMAIL= # Moved to Docker Secrets
#CLOUDFLARE_API_KEY= # Moved to Docker Secrets
################################################################
# Authentik (https://docs.goauthentik.io/docs/)
# Environment Variables (https://docs.goauthentik.io/docs/installation/configuration)
################################################################
POSTGRES_PASSWORD_FILE=/run/secrets/authentik_postgresql_password
#POSTGRES_USER_FILE=/run/secrets/authentik_postgresql_user
POSTGRES_USER_FILE=/run/secrets/authentik_postgresql_db
POSTGRES_DB_FILE=/run/secrets/authentik_postgresql_db
AUTHENTIK_REDIS__HOST=authentik_redis
AUTHENTIK_POSTGRESQL__HOST=authentik_postgresql
AUTHENTIK_POSTGRESQL__NAME=file:///run/secrets/authentik_postgresql_db
#AUTHENTIK_POSTGRESQL__USER=file:///run/secrets/authentik_postgresql_user
AUTHENTIK_POSTGRESQL__USER=file:///run/secrets/authentik_postgresql_db
AUTHENTIK_POSTGRESQL__PASSWORD=file:///run/secrets/authentik_postgresql_password
AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
AUTHENTIK_DISABLE_UPDATE_CHECK=false
AUTHENTIK_ERROR_REPORTING__ENABLED=false
AUTHENTIK_LOG_LEVEL=info # debug, info, warning, error, trace
AUTHENTIK_SECRET_KEY=file:///run/secrets/authentik_secret_key # openssl rand 60 | base64 -w 0
AUTHENTIK_COOKIE_DOMAIN=${DOMAINNAME}
# AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS: CHANGEME_IFAPPLICABLE # Defaults to all of: 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fe80::/10, ::1/128
DOCKER_HOST: tcp://socket-proxy:2375 # Use this if you have Socket Proxy enabled.
AUTHENTIK_EMAIL__HOST=smtp.gmail.com
AUTHENTIK_EMAIL__PORT=587
AUTHENTIK_EMAIL__USERNAME=file:///run/secrets/gmail_smtp_username
AUTHENTIK_EMAIL__PASSWORD=file:///run/secrets/gmail_smtp_password
AUTHENTIK_EMAIL__USE_TLS=false
AUTHENTIK_EMAIL__USE_SSL=false
AUTHENTIK_EMAIL__TIMEOUT=10
AUTHENTIK_EMAIL__FROM=file:///run/secrets/gmail_smtp_username
################################################################
# GeoIP ( https://github.com/maxmind/geoipupdate)
# Environment Variables (https://github.com/maxmind/geoipupdate/blob/main/doc/docker.md)
################################################################
GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN" # Space seperated
GEOIPUPDATE_FREQUENCY=8 # Frequency to check for updates, in hours
GEOIPUPDATE_ACCOUNT_ID_FILE=/run/secrets/geoip_account_id
GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/geoip_license_key
```
</details>
---
## Compose File
I really like how Anand did his `compose.yaml` file to be a stack of includes for cleaner organization.
[compose.yaml](./my-compose/compose.yaml) - Defines the base networks, secrets, and other compose files below to include when ran.
- [Authentik](./my-compose/authentik/compose.yaml)
- [socket-proxy](./my-compose/socket-proxy/compose.yaml)
- [traefik 3.x](./my-compose/traefik/compose.yaml)
- [whoami](./my-compose/whoami/compose.yaml)
The 2 other `whoami` containers are inside of the Authentik compose since they are examples, strictly for demonstration and then removed.
## Docker Secrets
The following secrets (defined in the base compose.yaml need to be created)
I recommend you create secrets with the following syntax:
```bash
echo -n 'VALUE_CHANGEME' > SECRET_NAME_CHANGEME
```
Check out Traefik's info at https://doc.traefik.io/traefik/https/acme/#providers. Cloudflare Specific information: https://go-acme.github.io/lego/dns/cloudflare/
- `cf_email`
- `cf_dns_api_token`
```bash
echo -n 'CHANGEME@gmail.com' > cf_email
echo -n 'CHANGEME-LONGAPI-CHANGEME' > cf_dns_api_token
```
Authentik specific (https://docs.goauthentik.io/docs/installation/docker-compose#preparation)
- `authentik_postgresql_db`
- `authentik_postgresql_user`
- `authentik_postgresql_password`
- `authentik_secret_key`
```bash
echo -n 'authentik_db' > authentik_postgresql_db
echo -n 'authentik_user' > authentik_postgresql_user
openssl rand 36 | base64 -w 0 > authentik_postgresql_password
openssl rand 60 | base64 -w 0 > authentik_secret_key
```
Create a gmail account and input the info.
- `gmail_smtp_username`
- `gmail_smtp_password`
```bash
echo -n 'CHANGEME@gmail.com' > gmail_smtp_username
echo -n 'CHANGEME' > gmail_smtp_password
```
Go to https://dev.maxmind.com/geoip/geolite2-free-geolocation-data in order to generate a free license key (https://www.maxmind.com/en/accounts/current/license-key) for use.
- `geoip_account_id`
- `geoip_license_key`
```bash
echo -n 'CHANGEME' > geoip_account_id
echo -n 'CHANGEME' > geoip_license_key
```
---
# Traefik Setup
## Configuration
I like having Traefik's configuration in a file, it makes more sense to me compared to passing a ton of command arguments in the compose.
- [./appdata/traefik/config/traefik.yaml](./appdata/traefik/config/traefik.yaml)
<details>
<summary>traefik.yaml</summary>
```yaml
# Traefik 3.x (YAML)
# Updated 2024-June-04
################################################################
# Global configuration - https://doc.traefik.io/traefik/reference/static-configuration/file/
################################################################
global:
checkNewVersion: false
sendAnonymousUsage: false
################################################################
# Entrypoints - https://doc.traefik.io/traefik/routing/entrypoints/
################################################################
entryPoints:
web:
address: ":80"
# Global HTTP to HTTPS redirection
http:
redirections:
entrypoint:
to: websecure
scheme: https
websecure:
address: ":443"
http:
tls:
options: tls-opts@file
certResolver: le
domains:
- main: "domain.tld"
sans:
- "*.domain.tld"
forwardedHeaders:
trustedIPs:
# Cloudflare (https://www.cloudflare.com/ips-v4)
- "173.245.48.0/20"
- "103.21.244.0/22"
- "103.22.200.0/22"
- "103.31.4.0/22"
- "141.101.64.0/18"
- "108.162.192.0/18"
- "190.93.240.0/20"
- "188.114.96.0/20"
- "197.234.240.0/22"
- "198.41.128.0/17"
- "162.158.0.0/15"
- "104.16.0.0/13"
- "104.24.0.0/14"
- "172.64.0.0/13"
- "131.0.72.0/22"
# Local IPs
- "127.0.0.1/32"
- "10.0.0.0/8"
- "192.168.0.0/16"
- "172.16.0.0/12"
################################################################
# Logs - https://doc.traefik.io/traefik/observability/logs/
################################################################
log:
level: INFO # Options: DEBUG, PANIC, FATAL, ERROR (Default), WARN, and INFO
filePath: /logs/traefik-container.log # Default is to STDOUT
# format: json # Uses text format (common) by default
noColor: false # Recommended to be true when using common
maxSize: 100 # In megabytes
compress: true # gzip compression when rotating
################################################################
# Access logs - https://doc.traefik.io/traefik/observability/access-logs/
################################################################
accessLog:
addInternals: true # things like ping@internal
filePath: /logs/traefik-access.log # In the Common Log Format (CLF) by default
bufferingSize: 100 # Number of log lines
fields:
names:
StartUTC: drop # Write logs in Container Local Time instead of UTC
filters:
statusCodes:
- "204-299"
- "400-499"
- "500-599"
################################################################
# API and Dashboard
################################################################
api:
dashboard: true
# Rely on api@internal and Traefik with Middleware to control access
# insecure: true
################################################################
# Providers - https://doc.traefik.io/traefik/providers/docker/
################################################################
providers:
docker:
#endpoint: "unix:///var/run/docker.sock" # Comment if using socket-proxy
endpoint: "tcp://socket-proxy:2375" # Uncomment if using socket proxy
exposedByDefault: false
network: traefik # network to use for connections to all containers
# defaultRule: TODO
# Enable auto loading of newly created rules by watching a directory
file:
# Apps, LoadBalancers, TLS Options, Middlewares, Middleware Chains
directory: /rules
watch: true
################################################################
# Let's Encrypt (ACME)
################################################################
certificatesResolvers:
le:
acme:
email: "CHANGEME@gmail.com"
storage: "/data/acme.json"
#caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # Comment out when going prod
dnsChallenge:
provider: cloudflare
#delayBeforeCheck: 30 # Default is 2m0s. This changes the delay (in seconds)
# Custom DNS server resolution
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
```
</details>
## acme.json
When traefik comes up and authenticates with Let's Encrypt a `acme.json` will be created at
- `./appdata/traefik/data/acme.json`
## Rules / Middleware Preparation
I've included several of the `rules` I use in my own setup located at
- [./appdata/traefik/rules](./appdata/traefik/rules/)
> [!NOTE]
> The one that makes Authentik work is `middlewares-authentik.yaml` OR `forwardAuth-authentik.yaml`. They are the exact same thing, but you can decide which name makes more sense to use. In the `compose.yaml` I am using `middlewares-authentik`, but to me it makes more sense to use `forwardAuth-authentik` so when you are reading the traefik label's you know what it is supposed to do. Your choice.
Traefik is already proxying the connections to the Authentik container/service. Additional middleware rules and an embedded outpost must be configured to enable authentication with Authentik through Traefik, `forwardAuth`.
In order to setup `forwardAuth` at a minimum, Traefik requires a **declaration**. Authentik provides an example, but in accordance with the `compose.yaml` the values below should make more sense.
<details>
<summary>middlewares-authentik.yaml</summary>
```yaml
################################################################
# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
#
# Dynamic configuration
################################################################
http:
middlewares:
################################################################
# Forward Authentication - OAUTH / 2FA
################################################################
#
# https://github.com/goauthentik/authentik/issues/2366
forwardAuth-authentik:
forwardAuth:
address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
```
</details>
The Forward Authentication **WILL NOT** work unless the middleware is enabled.
> [!WARNING]
> "Priority based on rule length" Authentik generates the priority for authentication based on rule length (Traefik label). This means if you have a rule (Traefik label) for Authentik to listen on multiple host names with `OR, ||` statements, it will have a higher priority than the embedded outpost. Refer to [goauthentik/authentik#2180](https://github.com/goauthentik/authentik/issues/2180) about setting the priority for the embedded outpost.
# Bringing the Stack Online
Time to start up the stack and begin configuration. Ensure this command is ran from the same directory as `compose.yaml`.
```bash
docker compose up -d
```
---
# Authentik Setup
Because Authentik uses cookies, I recommend using Incognito for each piece of testing, so you don't have to clear cookies every time or when something is setup incorrectly.
> [!WARNING]
> **While using a container behind Authentik, it prompts for authentication, and then flashes but doesn't load. This generally indicates cookies are messing up the loading. So use INCOGNITO**.
## Initial Setup
With Authentik being reverse proxied through Traefik and the middleware showing as enabled in Traefik's dashboard, then configuration of Authentik can begin.
1. Navigate to Authentik at `https://authentik.domain.tld/if/flow/initial-setup/`
2. Login to Authentik to begin setup.
> [!NOTE]
> If this is the first time logging in you will have to set the password for `akadmin` (default user). If establishing the default credentials ***fails*** - the setup is not working correctly.
![Authentik-Initial-Setup](./images/setup.png)
The default user is `akadmin`, which is a super user. This initial setup will setup the Super User's email and Password. You will change the username FROM `akadmin` to whatever you want.
The first screen you'll see after setting the password and email is:
![First-Screen](./images/firstscreen.png)
## (Optional) Change `akadmin` username
You can change the username from `akadmin` to whatever.
In the `Admin Interface` go to
1. Directory
2. Users
3. Click on **Edit** beside `akadmin`
![edit-admin-name](./images/edit_admin_name.png)
![name-change](./images/name_change.png)
---
## (Information) Error Screen before Provider and Application
I think this is important for anyone that attempts to set this up.
If you attempt to navigate to a page that IS using Authentik's forwardAuth middleware but haven't finished setting up a provider and application (individual or domain wide catch all) then you will see a screen like this:
![error-before-setup](./images/error_before_setup.png)
---
## Applications / Providers
In the current version, for this documentation `2024.6.0`, Authentik now includes a Wizard to aid with setting up a Application and Provider instead of manually doing it.
I am going to set up my `Individual Application` manually and the `Domain Wide / Catch All` using the Wizard. ONLY to show how you can do either method, both work!
> [!NOTE]
> I am using the embedded outpost. The embedded outpost requires version `2021.8.1` or newer. This prevents needing the seperate Forward Auth / Proxy Provider container.
> [!WARNING]
> Individual applications have a higher priority than the catch all, so you can set up both!
### Domain Wide / Catch All (forwardAuth) using the Wizard
In order for this to "Catch All" you must set a traefik middleware on each service. Look inside the `compose.yaml`. This specific snippet is from the `whoami-individual` service inside the `authentik/compose.yaml`:
Specifically the `middlewares-authentik@file"` line.
```yaml
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.whoami-individual-rtr.rule=Host(`whoami-individual.${DOMAINNAME}`)"
## Middlewares
- "traefik.http.routers.whoami-individual-rtr.middlewares=middlewares-authentik@file"
```
Navigate to:
1. Applications
2. Applications
3. "Create with Wizard"
![app-page](./images/applications_page.png)
#### Wizard Page 1 - "Application Details"
- Name: `Domain Wide Forward Auth Catch All`
- Slug: `domain-wide-forward-auth-catch-all`
- Group: `empty`
- Policy Engine Mode: `any`
- UI Settings:
- Launch URL: `empty`
_Do NOT put anything in the Launch URL, it needs to autodetect since it's the catch all rule_
- Open in new tab: `unchecked`
![Catch-All-P1](./images/catch_all_p1.png)
#### Wizard Page 2 - "Provider Type"
- Forward Auth (Domain Level)
_Notice the blue highlight underneath showing the selection!_
![catch-all-p2](./images/catch_all_p2.png)
#### Wizard Page 3 - "Provider Configuration"
- Name: `Provider for Domain Wide Forward Auth Catch All`
- Authentication Flow: `empty`
_This is user choice, I recommend getting the basics setup and THEN modifying authentication flow for the catch all_
- Authorization Flow: `default-provider-authorization-explicit-consent (Authorize Application)`
_Explicit requires user interaction aka clicking a button to continue versus implicit which is just trust_
- External Host: `https://authentik.domain.tld`
- Cookie Domain: `domain.tld`
- Token Validity: `hours=24`
![catch-all-p3](./images/catch_all_p3.png)
When all is done, you should have success. If not, carefully review the previous settings. You most likely forgot `https://` in front of `authentik.domain.tld`
![wizard-success](./images/wizard_success.png)
#### Embedded Outpost (Domain Wide)
Navigate to the Outposts screen and edit the Embedded Outpost:
1. Applications
2. Outposts
3. Edit the Embedded Outpost
![edit-embed](./images/edit_embed.png)
Notice how the above picture has `Providers` empty?
Update the Outpost to have the `Domain Wide Forward Auth Catch All` in `Selected Applications`
***BEFORE Adding***
![before-add](./images/before_add.png)
***AFTER Adding***
![after-add](./images/after_add.png)
Now the Embedded Outpost shows the `Provider` for the Catch All rule instead of it being empty/blank:
![updated-provider](./images/updated_provider.png)
### Domain Wide / Catch All Test/Validation
Now that the catch all rule is in place, validate it using the already running `whoami-catchall` container created:
Navigate to `whoami-catchall.domain.tld` and it will immediately redirect you to Authentik to login:
![fa-splash](./images/fa_splash.png)
Sign in with your username or email address initially created. After inputting username & password, it should show you the "Redirecting" screen prior to actual redirection:
![whoami-all](./images/whoami-all.png)
The `X-Authentik-Meta-App` will contain information about the specific Application used to get here. Notice that this matches the `slug` previously created.
```yaml
X-Authentik-Meta-App: domain-wide-forward-auth-catch-all
```
### Individual Application (forwardAuth) manual
Maybe you don't want to use the wizard, though I'm not sure why. So here's how you can do it without the Wizard.
An Application specific Forward Auth configuration will allow different authentication flows to be selected and not disrupt the default domain authentication flow. For example the default domain authentication flow allows a user to authentication with Authentik using username/password only. An application specific could be used for app with additional security ie an OTP, or local networks only, etc.. In most cases the default authentication flow will serve most homelab uses.
As of version 2022.07.03 authentik still requires `/outpost.goauthentik.io/` to be routed **IF USING INDIVIDUAL APPLICATIONS INSTEAD OF A SINGLE DOMAIN WIDE CATCH-ALL**. At the end of July 2022 `BeryJu` has an upcoming fix that should remove the below label.
> _Note: This does not seem to be required on everyone's setup. Individual Application forwardAuth does not work on mine without this label. I recommend you check your setup both with this label._
> [!NOTE]
> ["providers/proxy: no exposed urls #3151"](https://github.com/goauthentik/authentik/pull/3151) This PR greatly simplifies the Forward auth setup for traefik and envoy. It'll remove the requirement `/outpost.goauthentik.io` to be openly accessible, which makes setup easier and decreases attack surface.
This label is applied to the `authentik_server` container. Even if you don't use individual applications, keep this label just in case you DO in the future!
```bash
labels:
- "traefik.enable=true"
## Individual Application forwardAuth regex (catch any subdomain using individual application forwardAuth)
- "traefik.http.routers.authentik-output-rtr.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.${DOMAINNAME}`) && PathPrefix(`/outpost.goauthentik.io/`)"
```
#### Provider Creation (Individual Application) - Manual
In the Admin Interface, go to:
2. Applications
3. Providers
4. Create
![manual-create-p](./images/manual_create_p.png)
Select `Proxy Provider`
![m-pp](./images/m-pp.png)
Use the following settings:
- Name: `whoami-individual provider`
- Authentication Flow: `empty`
_This is user choice, I recommend getting the basics setup and THEN modifying authentication flow for the catch all_
- Authorization Flow: `default-provider-authorization-explicit-consent (Authorize Application)`
- Type: `Forward auth (single application)`
_Single Application is where we change it up!_
- External Host: `https://whoami-individual.domain.tld`
- Token Validity: `hours=24`
![m-pp-settings](./images/m-pp-settings.png)
After hitting Finish it will show that it's not bound to an Application:
![unbound-provider](./images/unbound-provider.png)
#### Application Creation (Individual Application) - Manual
In the Admin Interface, go to:
1. Applications
2. Applications
3. Create
![m-app](./images/m-app.png)
- Name: `whoami-individual application`
- Slug: `whoami-individual-application`
- Group: `empty`
- Provider: `whoami-individual provider`
___This is where you bind it to the previously created provider!___
- Backchannel Providers: `empty`
- Policy Engine Mode: `any`
- UI Settings
- Launch URL: `https://whoami-individual.domain.tld`
_Since this is an individual application, specify where it is found at_
![Manual-App-Create](./images/m-app-c.png)
After hitting Create it will show that it is now bound to the previously created provider:
![Manual-App-Bound](./images/m-app-bound.png)
#### Embedded Outpost (Individual Application)
Navigate to the Outposts screen and edit the Embedded Outpost:
1. Applications
2. Outposts
3. Edit the Embedded Outpost
![embed-outpost-2](./images/embed_outpost_edit2.png)
Highlight any application you want the outpost to be able to provide for. In this case Highlight `whoami-individual application`
***BEFORE HIGHLIGHT***
Notice that BEFORE highlighting and adding to Selected Applications, it still has only the `Domain Wide Forward Auth Catch All` rule in Selected Applications:
![before-add-2nd](./images/before_add_2nd.png)
***AFTER HIGHLIGHT***
This will include both the domain wide (catch all) and the individual application bound to this outpost.
![after-add-2nd](./images/after_add_2nd.png)
After hitting Update the Outpost page will show that the embedded outpost now has both providers bound to it:
![outpost-with-2](./images/outpost_with2.png)
### Individual Application Test/Validation
Now that the individual application rule is in place, validate it using the already running `whoami-individual` container created:
Navigate to `whoami-individual.domain.tld` and it will immediately redirect you to Authentik to login:
![fa-splash](./images/fa_splash2.png)
Sign in with your username or email address initially created. After inputting username & password, it should show you the "Redirecting" screen prior to actual redirection:
![whoami-all](./images/whoami-indiv.png)
The `X-Authentik-Meta-App` will contain information about the specific Application used to get here. Notice that this matches the `slug` previously created.
```yaml
X-Authentik-Meta-App: whoami-individual-application
```
## (Optional) New User Creation
Inside the Admin Interface do the following steps to create an additional user:
1. Directory
2. Users
3. Create
![user-create-1](./images/user_create1.png)
Fill in the required information:
![account-create-info](./images/account_create_info.png)
## (Optional) Add user to Administrator/Superuser Group
Inside the Admin Interface do the following steps to add a user to the `Admins` group:
1. Directory
2. Groups
3. Left click/Open `authentik Admins`
![admins-open](./images/admins_open.png)
Next, add an existing user to the Users tab:
1. Users
2. Add existing user
![add-existing-user1](./images/add_existing1.png)
Add the user
![user-added](./images/user_added.png)
## (Optional) Change user password
Inside the Admin Interface do the following:
1. Directory
2. Users
3. Left click/Open the specific user
![open-user](./images/open_user.png)
![set-pw](./images/set_pw.png)
## Yubikey
Read this section before just doing it!
https://docs.goauthentik.io/docs/flow/stages/authenticator_webauthn/#authenticator-attachment
> [!WARNING]
> To prevent locking yourself out and having to start over by deleting your postgres database, create a backup administrator (as done above) or work on a non-administrator account.
> [!NOTE]
> If you are unable to perform the below steps, skip to the ***Force Authentication*** section below.
***Recommended to Switch to standard browser / NOT Incognito.***
IF you are in the `Admin Interface` navigate to the `User Interface` via the button at the top left:
![user_interface_button](./images/user_interface_button.png)
Navigate to the `MFA Devices` screen:
1. Settings
2. MFA Devices
3. Enroll
4. WebAuthn device
![settings-cog](./images/settings_cog.png)
### Enrollment with Credential on Key
![mfa-dev](./images/mfa_dev.png)
During setup process, depending on your WebAuthn settings you might get prompted for a PIN:
![webauthn-pin](./images/webauthn-pin.png)
If you are unsure about this, then review the following Yubikey documentation / explanation (https://support.yubico.com/hc/en-us/articles/4402836718866-Understanding-YubiKey-PINs)
> _If you are being prompted for a PIN (including setting one up), and you're not sure which PIN it is, most likely it is your YubiKey's FIDO2 PIN._
Now complete the WebAuthn Setup:
![webauthn1](./images/webauthn1.png)
Hit next and you'll see that you are about to setup your key:
![webauthn2](./images/webauthn2.png)
---
![choose-path](./images/choose_path.png)
> [!CAUTION]
> By performing the setup like this, it asks to create a credential on the Yubikey device itself. If you want to make it where it does NOT create the credential itself skip setup for now and go to the `Modify WebAuthn Credential Creation Location` section where I will show how to change the save credential to key option. After changing that option, you can revisit setup.
***STOP*** - Read the Above Caution Statement before continuing!
If you're ok with creating the credential on your key, continue!
![webauthn3](./images/webauthn3.png)
---
### Modify WebAuthn Credential Creation Location
In order to modify the default settings to prevent saving a credential on the Yubikey itself perform the following steps.
1. Go to the Admin Interface
2. Flows and Stages
3. Stages
4. Edit `default-authenticator-webauthn-setup`
![edit-webauthn](./images/edit_webauthn.png)
Review the default settings:
![res-key-def](./images/res_key_def.png)
Edit the `Resident key requirement`
- Default: `Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too`
Unfortunately, if I try to skip the dedicated credential, I am unable to setup a Yubikey. I am going to set this option to:
- Modified: `Discouraged: The authenticator should not create a dedicated credential`
![res-key-change](./images/res_key_change.png)
#### (Optional) Edit the `User verification` depending on your WebAuthn expertise.
I am leaving it default:
- Default: `Preferred: User verification is preferred if available, but not required`
#### (Optional) Authenticator preference
Authentik by default has no preference set for the Authenticator, as shown in the above picture. This can be changed to be explicitly `Yubikey` OR `Windows Hello/TouchID`. If you do not want to be prompted by Windows Hello, as shown in the Windows Hello section, then set this to `A "roaming" authenticator, like a YubiKey`.
![yubi-pref](./images/yubi_pref.png)
#### Finish Registration
If you chose to NOT save your key on the Yubikey like above, then scroll back up to continue the registration / finish it.
![finish-mfa-reg](./images/finish_mfa_reg.png)
### (Troubleshooting) Windows Hello
During Security Key enrollment, if you are interrupted by Windows Hello shown here:
![win-hello](./images/win_hello.png)
Press `ESC` to continue to actual Yubikey enrollment. This only seems to happen if you have previously setup Windows Hello.
> [!NOTE]
> If you are prompted for a PIN that you do not know, go to the `Enrollment with Credential on Key` section for the Yubikey documentation link to address the PIN. Optionally, you can also Force it to skip Windows Hello and go straight to the Yubikey by modifying the `default-authenticator-webauthn-setup`, as seen in the `(Optional) Authenticator preference` section above.
### (Optional) Force Multi-Factor Authentication (MFA)
To configure an authentication a user must be in the state that forces them to add an authentication. In order to do this, I am going to modify the default flow for authentication regarding MFA devices.
1. Go to the Admin Interface
2. Flows & Stages
3. Stages
4. Edit `default-authentication-mfa-validation`
![default-mfa](./images/default_mfa.png)
The initial settings for the `default-authentication-mfa-validation` stage look like this:
![mfa-stage-defaults](./images/mfa-stage-defaults.png)
Change the `Device Classes` to what options you want you or other users to have (by default). I am only going to **REMOVE** static tokens.
![no-static](./images/no-static.png)
Modify the `Not configured action` to `Force the user to configure an authenticator`:
- Default: `Continue`
- Modified: `Force the user to configure an authenticator`
![force-mfa](./images/force-mfa.png)
After setting the `Not configured action` to `Force the user to configure an authenticator` it will unlock the `Configuration stages` options as seen above.
This section, as it says right below it
> Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again.
> When multiple stages are selected, the user can choose which one they want to enroll.
- Select: `default-authenticator-totp-setup (TOP Authenticator Setup Stage)`
- Select: `default-authenticator-webauthn-setup (WebAuthn Authenticator Setup Stage)`
In order to highlight multiple, use the `Shift` key.
![mfa-selections](./images/mfa-selections.png)
Hit `Update`
Open another **INCOGNITO** browser and navigate back to the `whoami-individual` URL or `authentik`'s URL and sign in.
After entering the username/password a new window pop-up asks to select an authenticator method -- choose `default-authenticator-webauthn-setup`. The following steps should match the **Yubikey** section above.
This will only give you this option if you did not previously register your Yubikey inside of the MFA devices.
## Domain Wide (Tenet) Policies
View the **Default** Flows by going to the Admin Interface
1. System
2. Brands
3. Edit `authentik-default`
![domain-defaults](./images/domain-def.png)
Expand down `Default flows`
![def-flows](./images/def-flows.png)
Notice that the **DEFAULT** Authentication flow is `default-authentication-flow (Welcome to authentik!)`
Navigate to:
- Flows and Stages
- Flows
In order to view the default `default-authentication-flow`.
Why does this matter? To understand the way YOU have this identity tool setup.
```mermaid
graph LR
A[Start] --> B[Authentication];
B --> C[Authorization];
C --> D[Login];
```
### Authentication default
By default the flow for all **authentication**, `default-authentication-flow`, is as follows:
```mermaid
graph LR
A[Start] --> B[Username];
B --> C[Password];
C --> D{MFA Configured?};
D -->|No| F[Login];
D -->|Yes| E[MFA Prompt<br>Forced];
E --> F;
```
### Authorization defaults
There are two policies for **authorization**, explicit, `default-provider-authorization-explicit-consent`, and implicit, `default-provider-authorization-implicit-consent`. By default the **explicit** policy is used.
#### Explicit
Explicit, `default-provider-authorization-explicit-consent`, requires a pop-up showing that you accept your information is about to be shared with the site. This could be your email, username or whatever you have setup.
```mermaid
graph LR
A[Start] --> B[Consent];
B --> C[Continue];
```
#### Implicit
Implicit, `default-provider-authorization-implicit-consent`, means that by logging in you accept your information (email or username, etc.) will be shared with the site, do not prompt, just continue through.
```mermaid
graph LR
A[Start] --> B[Continue];
```

88
authentik/authentik_jm.txt Normal file
View File

@ -0,0 +1,88 @@
# https://github.com/brokenscripts/authentik_traefik
Pre-requisite:
traefik needs to be installed as per traefik folder ..\traefik
Create user and group
---------------------
Credentials -> Local Users -> Add
Full Name: authentik
Username: authentik
Disable Password: <select>
Email: <leave blank>
Create New Primary Group: <select>
Create Home Directory: <uncheck>
Samba Authentication: <uncheck>
Save
PUID: 3014
PGID: 3013
Update .env file accordingly (PUID, PGID)
Create datasets
---------------
# In Truenas shell:
# list datasets
zfs list | grep -i "docker.*authentik"
# create following datasets if not present
zfs create SSD1/docker/data/authentik
zfs create SSD1/docker/data/authentik/appdata
zfs create SSD1/docker/data/authentik/pgdata
chown -R authentik:authentik /mnt/SSD1/docker/data/authentik
chown -R postgres:postgres /mnt/SSD1/docker/data/authentik/pgdata
Create folders
--------------
In Truenas shell:
mkdir -p /opt/stacks/authentik/secrets
mkdir -p /mnt/SSD1/docker/data/authentik/appdata/redis/data
mkdir -p /mnt/SSD1/docker/data/authentik/appdata/geoip/data
mkdir /mnt/SSD1/docker/data/authentik/appdata/media
mkdir /mnt/SSD1/docker/data/authentik/appdata/custom-templates
chown -R authentik:authentik /mnt/SSD1/docker/data/authentik/appdata/
Copy folders to docker stacks
-----------------------------
In Windows cmd shell in authentik parent (apps) folder:
./cp2nas 10.0.0.20 authentik
# or
pscp -P 22 -r authentik/stacks/*.* root@10.0.0.20:/mnt/SSD1/docker/stacks/authentik/
pscp -P 22 -r authentik/traefik-rules/*.* root@10.0.0.20:/mnt/SSD1/docker/stacks/traefik/rules/
Create secrets
--------------
# In Docker shell:
# install pwgen:
sudo apt-get install -y pwgen
echo -n $(pwgen -s 40 1) > /opt/stacks/authentik/secrets/authentik_postgresql_password
echo -n $(pwgen -s 50 1) > /opt/stacks/authentik/secrets/authentik_secret_key
In Truenas shell:
cd /mnt/SSD1/docker/stacks/authentik/secrets
echo -n 'your_postgresql_database_name' > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_database
echo -n 'your_postgresql_username' > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_username
# openssl rand 36 | base64 -w 0 > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_password
# openssl rand 60 | base64 -w 0 > /mnt/SSD1/docker/stacks/authentik/secrets/authentik_secret_key
echo -n 'your_smtp_username' > /mnt/SSD1/docker/stacks/authentik/secrets/smtp_username
echo -n 'your_smtp_password' > /mnt/SSD1/docker/stacks/authentik/secrets/smtp_password
chown -R authentik:authentik /mnt/SSD1/docker/stacks/authentik/secrets/
chmod -R 400 /mnt/SSD1/docker/stacks/authentik/secrets/
# read existing acl permissions, if any
getfacl /mnt/SSD1/docker/stacks/authentik/secrets
# set acl permissions
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_password
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_username
setfacl -m u:postgres:4 /mnt/SSD1/docker/stacks/authentik/secrets/authentik_postgresql_database
# NB! if you want to remove all acl entries from a folder recursively, use setfacl -b -R <foldername>
# to list secrets in secrets dir
cd /mnt/SSD1/docker/stacks/authentik/secrets
for i in $(ls -1); do echo $i = `cat $i`; done | sort
Start authentik
---------------
# Refresh / start Dockge
# Update and start authentik
Setup
-----
# Follow the instructions at https://github.com/brokenscripts/authentik_traefik/blob/traefik3/README.md or authentik_setup_jm.txt to setup authentik

293
authentik/authentik_setup_jm.txt Normal file
View File

@ -0,0 +1,293 @@
# https://github.com/brokenscripts/authentik_traefik
Setup
-----
# It is strongly recommended to follow excellent instructions at https://github.com/brokenscripts/authentik_traefik/blob/traefik3/README.md which include illustrations / screen dumps.
# The following is an attempted text representation of the same instructions.
# Navigate to Authentik at https://authentik.sthome.org/if/flow/initial-setup/
# At first login, set the email and password for akadmin (default user)
# Change akadmin username to preferred username:
# Go to Admin Interface -> Directory -> Users -> Edit (pencil icon under Actions in akadmin row)
# Change username (and email if needed), then click on Update
#
# Domain Wide / Catch All (forwardAuth) using the Wizard
# ======================================================
# For each app that will use authentik, edit the traefik labels in its compose.yml by adding the following lines:
## attach AUTHENTIK forwardauth middlewares to router; comment out if not using authentik
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=forwardAuth-authentik@file"
# NB! The "${APPLICATION_NAME}-secure-rtr" part is the name of the router; modify it if needed
# The online instructions use "whoami-individual" service as an example. This service is in the authentik compose.yml file and has this line already present.
#
# Wizard: create application with provider
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Navigate to Applications -> Applications -> "Create with Wizard"
# Wizard Page 1 - "Application Details"
# Name: Domain Wide Forward Auth Catch All
# Slug: domain-wide-forward-auth-catch-all
# Group: <leave empty>
# Policy Engine Mode: any
# UI Settings:
# Launch URL: <leave empty>
# Do NOT put anything in the Launch URL, it needs to autodetect since it's the catch all rule
# Open in new tab: <unselected>
# Click Next
# Wizard Page 2 - "Provider Type"
# Click on "Forward Auth (Domain Level)"
# Click Next
# Wizard Page 3 - "Provider Configuration"
# Name: Provider for Domain Wide Forward Auth Catch All
# Authentication Flow: <leave empty>
# This is user choice; the author recommends getting the basics setup and THEN modifying authentication flow for the catch all
# Authorization Flow: default-provider-authorization-explicit-consent (Authorize Application)
# Explicit requires user interaction aka clicking a button to continue versus implicit which is just trust
# External Host: https://authentik.domain.tld
# Cookie Domain: domain.tld
# Token Validity: hours=24
# Click Submit
# Click Close
#
# Embedded Outpost (Domain Wide)
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Navigate to the Applications -> Outposts
# Notice that there are nothing in the Providers column in authentik Embedded Outpost row
# Click on Edit (pencil icon under Actions in authentik Embedded Outpost row)
# Select "Domain Wide Forward Auth Catch All" in "Available Applications"
# Click on ">" in order to have the "Domain Wide Forward Auth Catch All" in Selected Applications
# Click Update
# Notice the added provider in the Providers column in authentik Embedded Outpost row
#
# Domain Wide / Catch All Test/Validation
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Using browser, go to whoami-catchall.domain.tld; it should redirect you to Authentik to login
# Sign in with your username or email address initially created. After inputting username & password, it should show you the "Redirecting" screen prior to actual redirection
#
# Individual Application (forwardAuth) manual
# ===========================================
# Provider Creation (Individual Application) - Manual
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# In the Admin Interface, go to: Applications -> Providers -> Create
# Select "Proxy Provider"
# Click Next
# On "new Provider" screen enter:
# Name: whoami-individual provider
# Authentication Flow: <leave empty>
# This is user choice, the author recommends getting the basics setup and THEN modifying authentication flow for the catch all
# Authorization Flow: default-provider-authorization-explicit-consent (Authorize Application)
# Type: Forward auth (single application)
# Single Application is where we change it up!
# External Host: https://whoami-individual.domain.tld
# Token Validity: hours=24
# Click Finish
# After hitting Finish it will warn that it's not bound to an Application
#
# Application Creation (Individual Application) - Manual
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# In the Admin Interface, go to Applications -> Applications -> Create
# On the "Create Application" screen enter:
# Name: whoami-individual application
# Slug: whoami-individual-application
# Group: <leave empty>
# Provider: whoami-individual provider
# This is where you bind it to the previously created provider!
# Backchannel Providers: <leave empty>
# Policy Engine Mode: any
# UI Settings
# Launch URL: https://whoami-individual.domain.tld
# Since this is an individual application, specify where it is found at
# Click Create
# After hitting Create it will show that it is now bound to the previously created provider
#
# Embedded Outpost (Individual Application)
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Navigate to Applications -> Outposts
# Click on Edit (pencil icon under Actions in authentik Embedded Outpost row)
# Notice that it still has only the Domain Wide Forward Auth Catch All rule in Selected Applications
# Select any application you want the outpost to be able to provide for. In this case Select whoami-individual application in "Available Applications"
# Click on ">"
# Click Update
# Now both the domain wide (catch all) and the individual application are bound to this outpost.
#
# Individual Application Test/Validation
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Using browser, go to whoami-individual.domain.tld; it should redirect you to Authentik to login
# Sign in with your username or email address initially created. After inputting username & password, it should show you the "Redirecting" screen prior to actual redirection
#
# New User Creation
# =================
# Inside the Admin Interface navigate to Directory -> Users -> Create
# On "Create User" screen enter:
# Username: admin
# Name: Administrator
# User type: internal
# Email: admin@domain.tld
# Is active: <checked>
# Path: users
# Click Create
#
# Add user to Administrator/Superuser Group
# =========================================
# Inside the Admin Interface navigate to Directory -> Groups
# Left click/Open authentik Admins
# Go to Users tab
# Click "Add existing user"
# Click + and add user
#
# Change user password
# ====================
# Inside the Admin Interface navigate to Directory -> Users
# Left click/Open the specific user
# Click "Set password"
#
# Setting up Gitea to use Authentik
# =================================
# Skip the following section if you want to use an existing / default authorization flow
# Creating custom Authorization flow for gitea
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Inside the Admin Interface navigate to Flows and Stages -> Flows
# Click Create
# Name: sthome-application-authorization
# Title: Redirecting to %(app)s
# Slug: <leave as-is / use prefilled value>
# Designation: Authorization
# Authentication: Require authentication
# Behavior Settings:
# Compatilibity mode: <select>
# Denied action: MEASSAGE_CONTINUE
# Policy engine mode: any
# Click Create
#
# Creating Gitea provider and application
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# refer: https://docs.goauthentik.io/integrations/services/gitea/
#
# Step 1: create gitea Provider
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Inside the Admin Interface navigate to Applications -> Providers
# Click Create
# In "New provider" screen, select "OAuth2/OpenID Provider"
# Click Next
# Name: gitea
# Authentication Flow: <leave empty for now>
# Authorization Flow: default-provider-authorization-explicit-consent (Authorize Application)
# Protocol settings:
# Client type: Confidential
# Client ID: <leave as-is> PdTOme1WrQtgWQYa8fIfiedMyWBVKc9pqMz3qUa2
# Client Secret: <leave as-is> CNKd9D8AYvhDxzy4YKnU7hJoIHKgX3ADnmY5t6CtkVo2lseEwrnFLUSedZdmL55XECos7KpERlZ4S5GVUhbh2qG15DzbbYXuN9hv2sntsxWkQgRt7auCOJCJ7o8vxErI
# Redirect URIs: https://gitea.sthome.org/user/oauth2/authentik/callback
# Signing Key: Select any available key
# NB! Take note of the Client ID and Client Secret, you'll need to give them to Gitea in Step 3.
# Click Finish
#
# Step 2: create gitea Application
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# In the Admin Interface, go to Applications -> Applications -> Create
# On the "Create Application" screen enter:
# Name: gitea
# Slug: gitea-slug
# Group: <leave empty>
# Provider: gitea
# This is where you bind it to the previously created provider!
# Backchannel Providers: <leave empty>
# Policy Engine Mode: any
# UI Settings
# Launch URL: https://gitea.sthome.org
# If left empty, authentik will derive from gitea OpenID Connect Auto Discovery URL and add the port no (9000)
# Click Create
#
# Step 3: Configuring gitea to use authentik
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Browse to the Authentication Sources page at https://gitea.sthome.org/admin/auths
# Click "Add Authentication Source"
# Change the following fields:
# Authentication Type: OAuth2
# Authentication Name: authentik
# OAuth2 Provider: OpenID Connect
# Client ID (Key): <as noted Step 1>
# Client Secret: <as noted Step 1>
# Icon URL: https://authentik.sthome.org/static/dist/assets/icons/icon.svg
# OpenID Connect Auto Discovery URL: https://authentik.sthome.org/application/o/gitea-slug/.well-known/openid-configuration
# If authentik and gitea is on the same internal network behind a reverse proxy, e.g. traefik, and are accessed (browsed to) from outside of this internal network then this OIDC Auto Discovery URL should be accessible externally and internally. The consequence is that the internal DNS should resolve to the external traefik entrypoint (port 443) with traefik routing it to authentik port 9000. (Otherwise accessing authentik on the internal network will require the OIDC Auto Discovery URL to include port 9000, which will cause the redirect to authentik (from external network) to fail.) Refer to: https://www.reddit.com/r/Authentik/comments/1ggimab/authentik_with_traefik_in_docker/
# Additional Scopes: email profile
# Click "Add Authentication Source"
# Your Gitea login page should now have a Sign in With followed by the authentik logo which you can click on to sign-in to Gitea with Authentik creds.
#
# Step 4 (optional Claims for authorization management)
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# This step is optional and shows how to set claims to control the permissions of users in gitea by adding them to groups.
#
# Define Groups:
# The following groups will be used:
# - gituser for normal Gitea users.
# - gitadmin for Gitea users with administrative permissions.
# - gitrestricted for restricted Gitea users.
# Users who are in none of these groups will not be able to log in to gitea.
#
# In the authentik Admin Interface, go to Directory -> Groups -> Create
# Name: gituser
# Leave other settings untouched.
# Click Create
# Repeat for gitadmin and gitrestricted
# You can add Members to the groups now or anytime later.
#
# Adding user to a group (from the User screen):
# In the authentik Admin Interface, go to Directory -> Users
# Select the user (click on the listed Name)
# Click the "Groups" tab at the top
# Click "Add to existing group"
# Click on "+" and select the desired groups
# Click "Add" twice
#
# Adding user to a group (from the Group screen):
# In the authentik Admin Interface, go to Directory -> Groups
# Select the group (click on the listed Name)
# Click the "Users" tab at the top
# Click "Add to existing user"
# Click on "+" and select the desired user
# Click "Add" twice
# Create Custom Property Mapping:
# In the authentik Admin Interface, go to Customization -> Property Mappings -> Create
# On "New property mapping" screen, "Select Type" tab,
# Select Scope Mapping, click Next
# On "Create Scope Mapping" tab, enter:
# Name: authentik gitea OAuth Mapping: OpenID 'gitea'
# Scope name: gitea
# Description: <leave empty>
# Expression: enter the following text lines between --- snip ---:
# --- snip ---
gitea_claims = {}
if request.user.ak_groups.filter(name="gituser").exists():
gitea_claims["gitea"]= "user"
if request.user.ak_groups.filter(name="gitadmin").exists():
gitea_claims["gitea"]= "admin"
if request.user.ak_groups.filter(name="gitrestricted").exists():
gitea_claims["gitea"]= "restricted"
return gitea_claims
# --- snip ---
#
# Add the custom Property Mapping to the Gitea Provider:
# In authentik, go to Applications -> Providers
# Edit gitea provider (click pencil icon under Actions in gitea row)
# Expand the Advanced protocol settings and select the following Mappings (hold ctrl key and select, i.e. left click with mouse):
# authentik default OAuth Mapping: OpenID 'email'
# authentik default OAuth Mapping: OpenID 'profile'
# authentik default OAuth Mapping: OpenID 'openid'
# authentik gitea OAuth Mapping: OpenID 'gitea'
# Click Update
#
# Configure Gitea to use the new claims:
# In .gitea.env file, set environment variable as follows:
GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION=true
#
# Navigate to the Authentication Sources page at https://gitea.sthome.org/admin/auths and edit the authentik Authentication Source (click on pencil icon)
# Change the following fields
# Additional Scopes: email profile gitea
# Required Claim Name: gitea
# Required Claim Value: <leave empty>
# Claim name providing group names for this source. (Optional): gitea
# Group Claim value for administrator users. (Optional - requires claim name above): admin
# Group Claim value for restricted users. (Optional - requires claim name above): restricted
# Click "Update Authentication Source"
#
# Users without any of the defined groups should no longer be able to log in. Users of the group gitadmin should have administrative privileges, and users in the group gitrestricted should be restricted.

135
authentik/cp2nas.ps1 Normal file
View File

@ -0,0 +1,135 @@
############### CONST ##############
$destJailDir="/mnt/SSD1/docker/"
$stacksfolder="stacks/"
$datafolder="data/"
$destStacks=$destJailDir+$stacksfolder
$destData=$destJailDir+$datafolder
$destTraefikRulesDir=$destData+"traefik/rules/"
$destTraefikUsersDir=$destData+"traefik/users/"
############### MAIN ###############
# main function
#
$Main =
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $destHost,
[Parameter(Mandatory=$false)]
[string[]] $apps
)
$applist=[System.Collections.Generic.List[object]]::new()
If($PSBoundParameters.ContainsKey("apps")) {
foreach ($appname in $apps)
{
if ($appname.Contains('*')) {
$wclist=Get-ChildItem $appname -Directory | ForEach-Object { $_.Name }
# if wildcard is specified, we only add folders with a 'stacks' subfolder
foreach ($wcname in $wclist) {
if ((Test-Path -Path "$wcname\stacks")) {
$applist.Add($wcname)
}
}
}
else {
# here we don't have to check for a 'stacks' subfolder as the user specified appname explicitly
$applist.Add($appname)
}
}
# remove duplicates
$uniqlist=$applist | Sort-Object -Unique
foreach ($appname in $uniqlist)
{
copyfolder $destHost $appname "$appname\"
}
}
else {
# we're in the app subfolder, so only one stacks folder to copy
$appname="$pwd".Split("\\")[-1]
copyfolder $destHost $appname ".\"
}
}
#######################################################################
# copies specified folder to data folder on truenas
#
Function copytosubfolder
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $destHost,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $folder,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $subfolder,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $srcdir,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $destdir
)
if ((Test-Path -Path "$srcdir")) {
Write-Host "$date# pscp -P 22 -r ""$srcdir\*.*"" root@${destHost}:""${destdir}""" -ForegroundColor Green
Write-Host "Copying to ${destHost}:""${destJailDir}" -NoNewline
Write-Host "${folder}" -ForegroundColor Cyan -NoNewline
Write-Host "${subfolder}" -ForegroundColor DarkYellow -NoNewline
Write-Host """:"
pscp -P 22 -r "$srcdir\*.*" root@${destHost}:""${destdir}""
}
}
#######################################################################
# copies specified app's stacks and traefik-rules subfolders to truenas
#
Function copyfolder
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $destHost,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $subfolder,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $srcdir
)
$srcStacksDir=$srcdir+"stacks"
$srcTraefikRulesDir=$srcdir+"traefik-rules"
$srcTraefikUsersDir=$srcdir+"traefik-users"
if (-Not(Test-Path -Path $srcStacksDir)) {
Write-Host "Source path doesn't exist: ""$PSScriptRoot\$srcStacksDir\*.*"". No files copied!" -ForegroundColor Red
Write-Host "Usage: in app folder : ./cp2nas DEST|IP"
Write-Host " in app parent folder: ./cp2nas DEST|IP app1, app2, app3, ..."
Write-Host " in app parent folder: ./cp2nas DEST|IP *"
Write-Host " in app parent folder: ./cp2nas DEST|IP wcstring1, wcstring2, ..."
return
}
$destAppStacksDir=$destStacks+$subfolder+"/"
$date=Get-Date -format "yyyy-MM-ddTHH:mm:ss"
#Write-Host "$date# pscp -P 22 -r ""$srcStacksDir\*.*"" root@${destHost}:""${destAppStacksDir}""" -ForegroundColor Green
#Write-Host "Copying to ${destHost}:""${destStacks}" -NoNewline
#Write-Host "${subfolder}/" -ForegroundColor DarkYellow -NoNewline
#Write-Host """:"
#pscp -P 22 -r "$srcStacksDir\*.*" root@${destHost}:""${destAppStacksDir}""
copytosubfolder $destHost "${stacksfolder}" "${subfolder}" "${srcStacksDir}" "${destAppStacksDir}"
# check for data dir destinations and copy
copytosubfolder $destHost "${stacksfolder}" "traefik/rules/" "${srcTraefikRulesDir}" "${destTraefikRulesDir}"
copytosubfolder $destHost "${stacksfolder}" "traefik/users/" "${srcTraefikUsersDir}" "${destTraefikUsersDir}"
}
###################################
& $Main @Args

60
authentik/stacks/.env Normal file
View File

@ -0,0 +1,60 @@
################################################################
# .env
# When both env_file and environment are set for a service, values set by environment have precedence.
# https://docs.docker.com/compose/environment-variables/envvars-precedence/
#
# CANNOT MIX ARRAYS (KEY: VAL) AND MAPS (KEY=VAL)
# Ex: Cannot have .ENV var as TZ=US and then a var here as DB_ENGINE: sqlite, has to be DB_ENGINE=sqlite
# Otherwise unexpected type map[string]interface {} occurs
# https://github.com/docker/compose/issues/11567
#
################################################################
APPLICATION_NAME=authentik
DOCKERDIR=/mnt/SSD1/docker/
STACKSDIR=${DOCKERDIR}/stacks/${APPLICATION_NAME}
DATADIR=${DOCKERDIR}/data/${APPLICATION_NAME}
SECRETSDIR=${STACKSDIR}/secrets
PUID=3014
PGID=3013
TZ=Africa/Johannesburg
DOMAINNAME=sthome.org
WEBUI_PORT=9000
################################################################
# Authentik (https://docs.goauthentik.io/docs/)
# Environment Variables (https://docs.goauthentik.io/docs/installation/configuration)
################################################################
POSTGRES_DB_PORT=5432
POSTGRES_PASSWORD_FILE=/run/secrets/authentik_postgresql_password
POSTGRES_USER_FILE=/run/secrets/authentik_postgresql_username
POSTGRES_DB_FILE=/run/secrets/authentik_postgresql_database
AUTHENTIK_POSTGRESQL__NAME_FILE=file:///run/secrets/authentik_postgresql_database
AUTHENTIK_POSTGRESQL__USER_FILE=file:///run/secrets/authentik_postgresql_username
AUTHENTIK_POSTGRESQL__PASSWORD_FILE=file:///run/secrets/authentik_postgresql_password
AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
AUTHENTIK_DISABLE_UPDATE_CHECK=false
AUTHENTIK_ERROR_REPORTING__ENABLED=false
AUTHENTIK_LOG_LEVEL=info # debug, info, warning, error, trace
AUTHENTIK_SECRET_KEY_FILE=file:///run/secrets/authentik_secret_key # openssl rand 60 | base64 -w 0
AUTHENTIK_COOKIE_DOMAIN=${DOMAINNAME}
AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS: 127.0.0.0/8, 10.0.0.0/24, 172.16.0.0/12, 192.168.2.0/124, fe80::/10, ::1/128
AUTHENTIK_EMAIL__PORT=25
AUTHENTIK_EMAIL__USE_TLS=false
AUTHENTIK_EMAIL__USE_SSL=false
AUTHENTIK_EMAIL__TIMEOUT=10
AUTHENTIK_EMAIL__HOST_FILE=file:///run/secrets/smtp_host
AUTHENTIK_EMAIL__USERNAME_FILE=file:///run/secrets/smtp_username
AUTHENTIK_EMAIL__PASSWORD_FILE=file:///run/secrets/smtp_password
AUTHENTIK_EMAIL__FROM_FILE=file:///run/secrets/smtp_from
################################################################
# GeoIP ( https://github.com/maxmind/geoipupdate)
# Environment Variables (https://github.com/maxmind/geoipupdate/blob/main/doc/docker.md)
################################################################
GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN" # Space seperated
GEOIPUPDATE_FREQUENCY=8 # Frequency to check for updates, in hours
GEOIPUPDATE_ACCOUNT_ID_FILE=/run/secrets/geoip_acccount_id
GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/geoip_license_key

11
authentik/stacks/.postgresql.env Normal file
View File

@ -0,0 +1,11 @@
PUID=70
PGID=70
TZ=${TZ}
POSTGRES_DB_PORT=${POSTGRES_DB_PORT}
POSTGRES_DB_FILE=${POSTGRES_DB_FILE}
POSTGRES_USER_FILE=${POSTGRES_USER_FILE}
POSTGRES_PASSWORD_FILE=${POSTGRES_PASSWORD_FILE}

13
authentik/stacks/.server.env Normal file
View File

@ -0,0 +1,13 @@
TZ=${TZ}
AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_POSTGRESQL__NAME_FILE}
AUTHENTIK_POSTGRESQL__USER=${AUTHENTIK_POSTGRESQL__USER_FILE}
AUTHENTIK_POSTGRESQL__PASSWORD=${AUTHENTIK_POSTGRESQL__PASSWORD_FILE}
AUTHENTIK_DISABLE_STARTUP_ANALYTICS=${AUTHENTIK_DISABLE_STARTUP_ANALYTICS}
AUTHENTIK_DISABLE_UPDATE_CHECK=${AUTHENTIK_DISABLE_UPDATE_CHECK}
AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
AUTHENTIK_LOG_LEVEL=${AUTHENTIK_LOG_LEVEL}
AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY_FILE}
AUTHENTIK_COOKIE_DOMAIN=${DOMAINNAME}
# AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS=${AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS}

36
authentik/stacks/.socket-proxy.env Normal file
View File

@ -0,0 +1,36 @@
#
# environment variables for socket-proxy
#
LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.).
### 0 to revoke access.
### 1 to grant access.
## Granted by Default
EVENTS=1
PING=1
VERSION=1
## Revoked by Default
### Security critical
AUTH=0
SECRETS=0
POST=1 # Watchtower
### Not always needed
BUILD=0
COMMIT=0
CONFIGS=0
CONTAINERS=1 # Traefik, portainer, etc.
DISTRIBUTION=0
EXEC=0
IMAGES=1 # Portainer
INFO=1 # Portainer
NETWORKS=1 # Portainer
NODES=0
PLUGINS=0
SERVICES=1 # Portainer
SESSION=0
SWARM=0
SYSTEM=0
TASKS=1 # Portainer
VOLUMES=1 # Portainer

21
authentik/stacks/.worker.env Normal file
View File

@ -0,0 +1,21 @@
TZ=${TZ}
AUTHENTIK_POSTGRESQL__NAME=${AUTHENTIK_POSTGRESQL__NAME_FILE}
AUTHENTIK_POSTGRESQL__USER=${AUTHENTIK_POSTGRESQL__USER_FILE}
AUTHENTIK_POSTGRESQL__PASSWORD=${AUTHENTIK_POSTGRESQL__PASSWORD_FILE}
AUTHENTIK_DISABLE_STARTUP_ANALYTICS=${AUTHENTIK_DISABLE_STARTUP_ANALYTICS}
AUTHENTIK_DISABLE_UPDATE_CHECK=${AUTHENTIK_DISABLE_UPDATE_CHECK}
AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
AUTHENTIK_LOG_LEVEL=${AUTHENTIK_LOG_LEVEL}
AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY_FILE}
AUTHENTIK_COOKIE_DOMAIN=${DOMAINNAME}
AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST_FILE}
AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME_FILE}
AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD_FILE}
AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM_FILE}

248
authentik/stacks/compose.yml Normal file
View File

@ -0,0 +1,248 @@
###############################################################
# ------------------------------
# -- authentik (Identity Provider / SSO)
# -- Updated/Created 2024-July-02
# Authentik configuration: https://docs.goauthentik.io/docs/installation/configuration
# ------------------------------
name: authentik # Project Name
###############################################################
# Networks
###############################################################
networks:
socket_proxy:
driver: bridge
driver_opts:
com.docker.network.bridge.name: "br-authentik_sx"
traefik-net:
external: true
authentik-net:
external: true
###############################################################
# Docker Secrets
# Owner (default): root:root
# Recommend Set Owner to match container user Example: UID=1100, GID=1100
# Permissions of files & directory on host to: 0400 (-r--)
###############################################################
secrets:
## Authentik
authentik_postgresql_database:
file: ${SECRETSDIR}/authentik_postgresql_database
authentik_postgresql_username:
file: ${SECRETSDIR}/authentik_postgresql_username
authentik_postgresql_password:
file: ${SECRETSDIR}/authentik_postgresql_password
authentik_secret_key:
file: ${SECRETSDIR}/authentik_secret_key
smtp_username:
file: ${SECRETSDIR}/smtp_username
smtp_password:
file: ${SECRETSDIR}/smtp_password
## GeoIP
geoip_account_id:
file: ${SECRETSDIR}/geoip_account_id
geoip_license_key:
file: ${SECRETSDIR}/geoip_license_key
##############################################################################
services:
# Use the embedded outpost (2021.8.1+) instead of the seperate Forward Auth / Proxy Provider container
server:
image: ghcr.io/goauthentik/server:latest
restart: unless-stopped
env_file: .server.env
environment:
- AUTHENTIK_REDIS__HOST=authentik_redis
- AUTHENTIK_POSTGRESQL__HOST=authentik_postgresql
command: server
user: ${PUID}:${PGID}
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
socket_proxy: {}
authentik-net: {}
traefik-net:
aliases: ["authentik_server"] # keep the same as forwardAuth address (hostname) in traefik middlewares "forwardAuth-authentik.yml"
secrets:
- authentik_postgresql_database
- authentik_postgresql_username
- authentik_postgresql_password
- authentik_secret_key
volumes:
- "${DATADIR}/appdata/media:/media"
- "${DATADIR}/appdata/custom-templates:/templates"
- "${DATADIR}/appdata/geoip/data:/geoip"
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
## HTTP Routers
- "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)"
## Individual Application forwardAuth regex (catch any subdomain using individual application forwardAuth)
- "traefik.http.routers.${APPLICATION_NAME}-output-rtr.rule=HostRegexp(`{subdomain:[a-z0-9-]+}.${DOMAINNAME}`) && PathPrefix(`/outpost.goauthentik.io/`)"
## HTTP Services
- "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
- "traefik.http.services.${APPLICATION_NAME}-svc.loadBalancer.server.port=${WEBUI_PORT}"
worker:
image: ghcr.io/goauthentik/server:latest
restart: unless-stopped
env_file: .worker.env
environment:
- DOCKER_HOST=tcp://authentik_socket-proxy:2375 # Use this if you have Socket Proxy enabled.
- AUTHENTIK_REDIS__HOST=authentik_redis
- AUTHENTIK_POSTGRESQL__HOST=authentik_postgresql
user: ${PUID}:${PGID}
command: worker
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
- authentik-net
- socket_proxy
secrets:
- authentik_postgresql_database
- authentik_postgresql_username
- authentik_postgresql_password
- authentik_secret_key
- smtp_username
- smtp_password
volumes:
- "${DATADIR}/appdata/media:/media"
- "${DATADIR}/appdata/custom-templates:/templates"
- "${DATADIR}/appdata/geoip/data:/geoip"
# - /var/run/docker.sock:/var/run/docker.sock # Uncomment if NOT using socket-proxy
#- "${DATADIR}/appdata/traefik/cert_export:/certs:ro" # If NOT using reverse proxy, manually map in certificates
postgresql:
image: postgres:16-alpine
shm_size: 128mb # https://hub.docker.com/_/postgres
restart: unless-stopped
env_file: .postgresql.env
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
networks:
authentik-net:
aliases: ["authentik_postgresql"]
volumes:
- "${DATADIR}/pgdata:/var/lib/postgresql/data"
secrets:
- authentik_postgresql_database
- authentik_postgresql_username
# Generate the password with openssl rand 36 | base64 -w 0
- authentik_postgresql_password
redis:
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
networks:
authentik-net:
aliases: ["authentik_redis"]
volumes:
- "${DATADIR}/appdata/redis/data:/data"
# geoipupdate:
# image: ghcr.io/maxmind/geoipupdate:latest
# container_name: geoipupdate
# restart: unless-stopped
# user: ${PUID}:${PGID}
# volumes:
# - "${DATADIR}/appdata/geoip/data:/usr/share/GeoIP"
# networks:
# - authentik-net
# secrets:
# - geoip_account_id
# - geoip_license_key
# environment:
# - GEOIPUPDATE_EDITION_IDS
# - GEOIPUPDATE_FREQUENCY
# - GEOIPUPDATE_ACCOUNT_ID_FILE
# - GEOIPUPDATE_LICENSE_KEY_FILE
# - TZ
socket-proxy:
image: tecnativa/docker-socket-proxy:0.2.0 #0.1.2
restart: unless-stopped
env_file: .socket-proxy.env
security_opt:
- no-new-privileges=true
networks:
socket_proxy:
aliases: ["authentik_socket-proxy"]
privileged: true # true for VM. false for unprivileged LXC container.
# ports:
# - "127.0.0.1:2375:2375"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: traefik/whoami:latest
# container_name: whoami
restart: unless-stopped
security_opt:
- no-new-privileges=true
networks:
- traefik-net
environment:
- TZ
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
## HTTP Routers
- "traefik.http.routers.whoami-rtr.rule=Host(`whoami.${DOMAINNAME}`)"
whoami-individual:
image: traefik/whoami:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
depends_on:
- server
- worker
networks:
- traefik-net
environment:
- TZ
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
## HTTP Routers
- "traefik.http.routers.whoami-individual-rtr.rule=Host(`whoami-individual.${DOMAINNAME}`)"
## attach AUTHENTIK forwardauth middlewares to router; comment out if not using authentik
- "traefik.http.routers.whoami-individual-rtr.middlewares=forwardAuth-authentik@file"
whoami-catchall:
image: traefik/whoami:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
depends_on:
- server
- worker
networks:
- traefik-net
environment:
- TZ
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
## HTTP Routers
- "traefik.http.routers.whoami-catchall-rtr.rule=Host(`whoami-catchall.${DOMAINNAME}`)"
## attach AUTHENTIK forwardauth middlewares to router; comment out if not using authentik
- "traefik.http.routers.whoami-catchall-rtr.middlewares=forwardAuth-authentik@file"

30
authentik/traefik-rules/forwardAuth-authentik.yml Normal file
View File

@ -0,0 +1,30 @@
################################################################
# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
#
# Dynamic configuration
################################################################
http:
middlewares:
################################################################
# Forward Authentication - OAUTH / 2FA
################################################################
#
# https://github.com/goauthentik/authentik/issues/2366
forwardAuth-authentik:
forwardAuth:
address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

47
authentik/try-this-out.txt Normal file
View File

@ -0,0 +1,47 @@
# Seems this is for forward-auth only
# https://docs.goauthentik.io/docs/add-secure-apps/providers/proxy/server_traefik
#
services:
traefik:
image: traefik:v3.0
container_name: traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 80:80
command:
- "--api"
- "--providers.docker=true"
- "--providers.docker.exposedByDefault=false"
- "--entrypoints.web.address=:80"
authentik-proxy:
image: ghcr.io/goauthentik/proxy
ports:
- 9000:9000
- 9443:9443
environment:
AUTHENTIK_HOST: https://your-authentik.tld
AUTHENTIK_INSECURE: "false"
AUTHENTIK_TOKEN: token-generated-by-authentik
# Starting with 2021.9, you can optionally set this too
# when authentik_host for internal communication doesn't match the public URL
# AUTHENTIK_HOST_BROWSER: https://external-domain.tld
labels:
traefik.enable: true
traefik.port: 9000
traefik.http.routers.authentik.rule: Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)
# `authentik-proxy` refers to the service name in the compose file.
traefik.http.middlewares.authentik.forwardauth.address: http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
restart: unless-stopped
whoami:
image: containous/whoami
labels:
traefik.enable: true
traefik.http.routers.whoami.rule: Host(`app.company`)
traefik.http.routers.whoami.middlewares: authentik@docker
restart: unless-stopped

61
calibre/calibre_jm.txt Normal file
View File

@ -0,0 +1,61 @@
# https://github.com/linuxserver/docker-calibre/pkgs/container/calibre
Create user and group
---------------------
Credentials -> Local Users -> Add
Full Name: calibre
Username: calibre
Disable Password: <select>
Email: stuurmcp@telkomsa.net
UID: (note)
Create New Primary Group: <select>
Create Home Directory: <uncheck>
Samba Authentication: <uncheck>
Save
calibre UID: 3032
calibre GID: 3031
Create datasets
---------------
# In Truenas shell:
# list datasets
zfs list | grep -i "docker.*calibre"
# create following datasets if not present
zfs create SSD1/docker/data/calibre
zfs create SSD1/docker/data/calibre/config
chown -R calibre:calibre /mnt/SSD1/docker/data/calibre
Create folders
--------------
mkdir -p /mnt/SSD1/docker/stacks/calibre/secrets
Copy folder to docker stacks
----------------------------
# In Windows cmd shell in calibre folder, enter:
./cp2nas
# or
pscp -P 22 -r stacks/*.* root@192.168.2.2:/mnt/SSD1/docker/stacks/calibre/
Create secrets
--------------
cd /mnt/SSD1/docker/stacks/calibre/secrets
echo -n 'your_calibre_password' > /mnt/SSD1/docker/stacks/calibre/secrets/calibre_password
chown -R calibre:calibre /mnt/SSD1/docker/stacks/calibre/secrets
chmod -R 400 /mnt/SSD1/docker/stacks/calibre/secrets
Migrating data from old calibre (source) to newly installed one (target)
------------------------------------------------------------------------
# stop old/source calibre media server
heavyscript app --stop calibre
# verify on Truenas -> Apps that calibre has stopped
# stop new/target calibre media server (if it was started)
# on Dockge, select calibre and click stop
# copy the source to target folder:
cp -pr /mnt/stpool1/apps/calibre/. /mnt/SSD1/docker/data/calibre/config/
chown -R calibre:calibre /mnt/SSD1/docker/data/calibre/config

18
calibre/stacks/.calibre.env Normal file
View File

@ -0,0 +1,18 @@
PUID=${PUID}
PGID=${MEDIA_GID} # we assign media gid to process gid to enable to access media folders
TZ=${TZ}
CUSTOM_USER=admin
FILE__PASSWORD=/run/secrets/calibre_password
CLI_ARGS=
CUSTOM_PORT=8080
CUSTOM_HTTPS_PORT=8181
SUBFOLDER=
TITLE="Calibre"
FM_HOME="/config"
START_DOCKER=
DRINODE=
LC_ALL=
NO_DECOR=
NO_FULL=

21
calibre/stacks/.env Normal file
View File

@ -0,0 +1,21 @@
APPLICATION_NAME=calibre
MEDIADIR=/mnt/stpool1/NData1/Media
DOCKERDIR=/mnt/SSD1/docker/
STACKSDIR=${DOCKERDIR}/stacks/${APPLICATION_NAME}
DATADIR=${DOCKERDIR}/data/${APPLICATION_NAME}
SECRETSDIR=${STACKSDIR}/secrets
CT_DOWNLOADS=/Downloads
CT_MEDIA=/Media
DOMAINNAME=sthome.org
PUID=3032
PGID=3031
MEDIA_GID=3017
TZ=Africa/Johannesburg
WEBUI_PORT=8080
WEBUI_SECPORT=8181

63
calibre/stacks/compose.yml Normal file
View File

@ -0,0 +1,63 @@
name: calibre
secrets:
calibre_password:
file: ${SECRETSDIR}/calibre_password
networks:
traefik-net:
external: true
services:
calibre:
image: lscr.io/linuxserver/calibre:latest
env_file: .calibre.env
hostname: calibre
group_add:
- "${PGID}"
security_opt:
- seccomp:unconfined #optional
networks:
- traefik-net
volumes:
- "${DATADIR}/config:/config"
- "${MEDIADIR}/Books:/Books"
restart: unless-stopped
secrets:
- calibre_password
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
#
# http middlewares
# ---------------------------
- "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.permanent=true"
#
# http services
# -------------
- "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}"
#
# http routers
# ------------
# limit router to web ":80" entrypoint (Note: web entrypoint http requests are globally redirected to websecure router in traefik.yml)
- "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# attach middlewares to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-https-redirect"
# assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
#
# limit router to websecure ":443" entrypoint
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# set router to be dedicated to secure requests only for the host specified in match criteria
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
# generate certificates using following certresolver
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=sthomeresolver"
## attach AUTHENTIK forwardauth middlewares to router; comment out if not using authentik
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=forwardAuth-authentik@file"
# assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"

11
certbot/stacks/compose.yml Normal file
View File

@ -0,0 +1,11 @@
services:
certbot:
stdin_open: true
tty: true
container_name: certbot
volumes:
- /etc/letsencrypt:/etc/letsencrypt
- /var/lib/letsencrypt:/var/lib/letsencrypt
image: certbot/certbot
command: certonly
networks: {}

71
cloudflareddns/cloudflareddns_jm.txt Normal file
View File

@ -0,0 +1,71 @@
# https://hotio.dev/containers/cloudflareddns/
Create user and group
---------------------
Credentials -> Local Users -> Add
Full Name: cloudflareddns
Username: cfddns
Disable Password: <select>
Email: stuurmcp@telkomsa.net
UID: (note)
Create New Primary Group: <select>
Create Home Directory: <uncheck>
Samba Authentication: <uncheck>
Save
cfddns UID: 3033
cfddns GID: 3032
Create datasets
---------------
# In Truenas shell:
# list datasets
zfs list | grep -i "docker.*cloudflareddns"
# create following dataset if not present
zfs create SSD1/docker/data/cloudflareddns/config
chown -R cfddns:cfddns /mnt/SSD1/docker/data/cloudflareddns
Create folders
--------------
mkdir -p /mnt/SSD1/docker/stacks/cloudflareddns/secrets
Create secrets (unfortunately, cloudflareddns doesn't support secrets, so apply the secret values in the .env file)
-------------------------------------------------------------------------------------------------------------------
cd /mnt/SSD1/docker/stacks/cloudflareddns/secrets
echo -n 'your_cf_email' > /mnt/SSD1/docker/stacks/cloudflareddns/secrets/cloudflareddns_cf_user
# it is assumed that your api token has all zones in scope:
# we use a scoped api token:
echo -n 'your_cf_api_token' > /mnt/SSD1/docker/stacks/cloudflareddns/secrets/cloudflareddns_cf_api_token
# create secret by concatenating hosts/domains in scope; separate with semicolons (as per hotio guide)
echo -n 'your_cf_1st_host;your_cf_2nd_host' > /mnt/SSD1/docker/stacks/cloudflareddns/secrets/cloudflareddns_cf_hosts
# create secret by concatenating zone ids; separate with semicolons
echo -n 'your_cf_1st_zone_id;your_cf_2nd_zone_id' > /mnt/SSD1/docker/stacks/cloudflareddns/secrets/cloudflareddns_cf_zones
# restrict access
cd /mnt/SSD1/docker/stacks/cloudflareddns
chown -R cfddns:cfddns secrets/
chmod -R 400 secrets/
Copy folder to docker stacks
----------------------------
# In Windows cmd shell in cloudflareddns folder, enter:
./cp2nas 192.168.2.2
# or
pscp -P 22 -r stacks/*.* root@192.168.2.2:/mnt/SSD1/docker/stacks/cloudflareddns/
# This should copy stacks folder to /mnt/SSD1/docker/stacks/cloudflareddns
Migrating data from old cloudflareddns media server (source) to newly installed one (target)
----------------------------------------------------------------------------------
# Stop old/source cloudflareddns media server
heavyscript app --stop cloudflareddns
# Stop new/target cloudflareddns media server
# On Dockge, select cloudflareddns and click stop
# Copy the source config to target folder:
cp -vpr /mnt/stpool1/apps/cloudflareddns/* /mnt/SSD1/docker/data/cloudflareddns/config/
chown -R cfddns:cfddns /mnt/SSD1/docker/data/cloudflareddns/config
chmod -R 600 /mnt/SSD1/docker/data/cloudflareddns/config/

25
cloudflareddns/stacks/.cloudflareddns.env Normal file
View File

@ -0,0 +1,25 @@
#
# environment variables for cloudflareddns
#
PUID=3033
PGID=3032
UMASK=002
TZ=Africa/Johannesburg
INTERVAL=300
DETECTION_MODE=dig-whoami.cloudflare
LOG_LEVEL=3
CF_APIKEY=
CF_APITOKEN_ZONE=
CF_RECORDTYPES=A;A
# cloudflareddns doesn't support secrets
#CF_USER_FILE=${CFDDNS_CF_USER_FILE}
#CF_APITOKEN_FILE=${CFDDNS_CF_API_TOKEN_FILE}
#CF_HOSTS_FILE=${CFDDNS_CF_HOSTS_FILE}
#CF_ZONES_FILE=${CFDDNS_CF_ZONES_FILE}
CF_USER=${CFDDNS_CF_USER}
CF_APITOKEN=${CFDDNS_CF_API_TOKEN}
CF_HOSTS=${CFDDNS_CF_HOSTS}
CF_ZONES=${CFDDNS_CF_ZONES}

26
cloudflareddns/stacks/.env Normal file
View File

@ -0,0 +1,26 @@
#
# values to be used for substitution by docker compose in compose.yml AND .*.env files
#
APPLICATION_NAME=cloudflareddns
DOCKERDIR=/mnt/SSD1/docker/
STACKSDIR=${DOCKERDIR}/stacks/${APPLICATION_NAME}
DATADIR=${DOCKERDIR}/data/${APPLICATION_NAME}
SECRETSDIR=${STACKSDIR}/secrets
DOMAINNAME=sthome.org
# secrets
#CFDDNS_CF_USER_FILE=/run/secrets/cloudflareddns_cf_user
#CFDDNS_CF_API_TOKEN_FILE=/run/secrets/cloudflareddns_cf_api_token
#CFDDNS_CF_HOSTS_FILE=/run/secrets/cloudflareddns_cf_hosts
#CFDDNS_CF_ZONES_FILE=/run/secrets/cloudflareddns_cf_zones
# cloudflareddns doesn't support secrets, so we have to put it in the clear
CFDDNS_CF_USER=stuurmcp@telkomsa.net
CFDDNS_CF_API_TOKEN=cUB02hE0GYC5VnydAHSbPckRrIZ0eN3pJKoCgnIb
CFDDNS_CF_HOSTS=sthome.org;stokvis.co.za
CFDDNS_CF_ZONES=d4d41ece44b6eea658b4638b41c4b425;2d4f09713fb66fd7e03eea62d1474b98

33
cloudflareddns/stacks/compose.yml Normal file
View File

@ -0,0 +1,33 @@
# cloudflareddns doesn't support secrets
#secrets:
# cloudflareddns_cf_user:
# file: ${SECRETSDIR}/cloudflareddns_cf_user
# cloudflareddns_cf_api_token:
# file: ${SECRETSDIR}/cloudflareddns_cf_api_token
# cloudflareddns_cf_hosts:
# file: ${SECRETSDIR}/cloudflareddns_cf_hosts
# cloudflareddns_cf_zones:
# file: ${SECRETSDIR}/cloudflareddns_cf_zones
networks:
traefik-net:
external: true
services:
cloudflareddns:
image: ghcr.io/hotio/cloudflareddns
container_name: "${APPLICATION_NAME}"
networks:
- traefik-net
env_file: .cloudflareddns.env
# cloudflareddns doesn't support secrets
# secrets:
# - cloudflareddns_cf_user
# - cloudflareddns_cf_api_token
# - cloudflareddns_cf_hosts
# - cloudflareddns_cf_zones
volumes:
- ${DATADIR}/config:/config
restart: unless-stopped

60
collabora/collabora_jm.txt Normal file
View File

@ -0,0 +1,60 @@
# https://github.com/CollaboraOnline/online
# https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html
Create user and group
---------------------
Credentials -> Local Users -> Add
Full Name: collabor
Username: collabor
Disable Password: <select>
Email: <leave blank>
UID: (note)
Create New Primary Group: <select>
Create Home Directory: <uncheck>
Samba Authentication: <uncheck>
Save
collabor UID: 3034
collabor GID: 3033
Once off
--------
# if not done already:
# add mapping for media: follow steps in "add mapping for media.txt"
# set ACL permissions for media in "set ACL permissions for media.txt"
Create datasets
---------------
# In Truenas shell:
# list datasets
zfs list | grep -i "docker.*collabora"
# create following datasets if not present
zfs create SSD1/docker/data/collabora
zfs create SSD1/docker/data/collabora/config
chown -R collabor:collabor /mnt/SSD1/docker/data/collabora
Create folders
--------------
mkdir -p /mnt/SSD1/docker/stacks/collabora/secrets
Create secrets (collabora does not support docker secrets, so you can skip this section)
--------------
cd /mnt/SSD1/docker/stacks/collabora/secrets
echo -n 'your_collabora_username' > /mnt/SSD1/docker/stacks/collabora/secrets/collabora_username
echo -n 'your_collabora_password' > /mnt/SSD1/docker/stacks/collabora/secrets/collabora_password
chown -R collabor:collabor /mnt/SSD1/docker/stacks/collabora/secrets
chmod -R 400 /mnt/SSD1/docker/stacks/collabora/secrets
Copy folder to docker stacks
----------------------------
# In Windows cmd shell in collabora folder, enter:
./cp2nas
# or
pscp -P 22 -r stacks/*.* root@192.168.2.2:/mnt/SSD1/docker/stacks/collabora/
Admin console
-------------
https://collabora.<domainame>/browser/dist/admin/admin.html

350
collabora/coolwsd.xml Normal file
View File

@ -0,0 +1,350 @@
<!-- -*- nxml-child-indent: 4; tab-width: 4; indent-tabs-mode: nil -*- -->
<config>
<!-- For more detailed documentation on typical configuration options please see:
https://sdk.collaboraonline.com/docs/installation/Configuration.html -->
<!-- Note: 'default' attributes are used to document a setting's default value as well as to use as fallback. -->
<!-- Note: When adding a new entry, a default must be set in WSD in case the entry is missing upon deployment. -->
<accessibility desc="Accessibility settings">
<enable type="bool" desc="Controls whether accessibility support should be enabled or not." default="false">false</enable>
</accessibility>
<allowed_languages desc="List of supported languages of Writing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this instance. Allowing too many has negative effect on startup performance." default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</allowed_languages>
<!--
These are the settings of external (remote) spellchecker and grammar checker services. Currently LanguageTool and Duden Korrekturserver APIs are supported, you can
set either of them. By default they are disabled. To turn the support on, please set "enabled" property to true. It works with self hosted or cloud services, free
and premium as well. The "base_url" may be https://api.languagetoolplus.com/v2 if the cloud version of LanguageTool is used. Please note that your data in the
document e.g. the text part of it will be sent to the cloud API. Please read the respective privacy policies, e.g. https://languagetool.org/legal/privacy.
-->
<languagetool desc="Remote API settings for spell and grammar checking">
<enabled desc="Enable Remote Spell and Grammar Checker" type="bool" default="false"></enabled>
<base_url desc="HTTP endpoint for the API server, without /check or /languages postfix at the end." type="string" default=""></base_url>
<user_name desc="LanguageTool or Duden account username for premium usage." type="string" default=""></user_name>
<api_key desc="API key provided by LanguageTool or Duden account for premium usage." type="string" default=""></api_key>
<ssl_verification desc="Enable or disable SSL verification. You may have to disable it in test environments with self-signed certificates." type="string" default="true"></ssl_verification>
<rest_protocol desc="REST API protocol. For LanguageTool leave it blank, for Duden Korrekturserver use the string 'duden'." type="string" default=""></rest_protocol>
</languagetool>
<deepl desc="DeepL API settings for translation service">
<enabled desc="If true, shows translate option as a menu entry in the compact view and as an icon in the tabbed view." type="bool" default="false">false</enabled>
<api_url desc="URL for the API" type="string" default=""></api_url>
<auth_key desc="Auth Key generated by your account" type="string" default=""></auth_key>
</deepl>
<sys_template_path desc="Path to a template tree with shared libraries etc to be used as source for chroot jails for child processes." type="path" relative="true" default="systemplate"></sys_template_path>
<child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
<mount_jail_tree desc="Controls whether the systemplate and lotemplate contents are mounted or not, which is much faster than the default of linking/copying each file." type="bool" default="true"></mount_jail_tree>
<mount_namespaces desc="Use mount namespaces instead of coolmount." type="bool" default="true"></mount_namespaces>
<server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default=""></server_name>
<file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing cool." type="path" relative="true" default="browser/../"></file_server_root_path>
<hexify_embedded_urls desc="Enable to protect encoded URLs from getting decoded by intermediate hops. Particularly useful on Azure deployments" type="bool" default="false"></hexify_embedded_urls>
<experimental_features desc="Enable/Disable experimental features" type="bool" default="true">true</experimental_features>
<memproportion desc="The maximum percentage of available memory consumed by all of the Collabora Online Development Edition processes, after which we start cleaning up idle documents. If cgroup memory limits are set, this is the maximum percentage of that limit to consume." type="double" default="80.0"></memproportion>
<num_prespawn_children desc="Number of child processes to keep started in advance and waiting for new clients." type="uint" default="4">4</num_prespawn_children>
<!-- <fetch_update_check desc="Every number of hours will fetch latest version data. Defaults to 10 hours." type="uint" default="10">10</fetch_update_check> -->
<!-- <allow_update_popup desc="Allows notification about an update in the editor" type="bool" default="true">true</allow_update_popup> -->
<per_document desc="Document-specific settings, including LO Core settings.">
<max_concurrency desc="The maximum number of threads to use while processing a document." type="uint" default="4">4</max_concurrency>
<batch_priority desc="A (lower) priority for use by batch eg. convert-to processes to avoid starving interactive ones" type="uint" default="5">5</batch_priority>
<bgsave_priority desc="A (lower) priority for use by background save processes to free time for interactive ones" type="uint" default="5">5</bgsave_priority>
<redlining_as_comments desc="If true show red-lines as comments" type="bool" default="false">false</redlining_as_comments>
<pdf_resolution_dpi desc="The resolution, in DPI, used to render PDF documents as image. Memory consumption grows proportionally. Must be a positive value less than 385. Defaults to 96." type="uint" default="96">96</pdf_resolution_dpi>
<idle_timeout_secs desc="The maximum number of seconds before unloading an idle document. Defaults to 1 hour." type="uint" default="3600">3600</idle_timeout_secs>
<idlesave_duration_secs desc="The number of idle seconds after which document, if modified, should be saved. Disabled when 0. Defaults to 30 seconds." type="uint" default="30">30</idlesave_duration_secs>
<autosave_duration_secs desc="The number of seconds after which document, if modified, should be saved. Disabled when 0. Defaults to 5 minutes." type="uint" default="300">300</autosave_duration_secs>
<background_autosave desc="Allow auto-saves to occur in a forked background process where possible." type="bool" default="true">true</background_autosave>
<background_manualsave desc="Allow manual save to occur in a forked background process where possible" type="bool" default="true">true</background_manualsave>
<always_save_on_exit desc="On exiting the last editor, always perform a save and upload if the document had been modified. This is to allow the storage to store the document, if it had skipped doing so, previously, as an optimization." type="bool" default="false">false</always_save_on_exit>
<limit_virt_mem_mb desc="The maximum virtual memory allowed to each document process. 0 for unlimited." type="uint">0</limit_virt_mem_mb>
<limit_stack_mem_kb desc="The maximum stack size allowed to each document process. 0 for unlimited." type="uint">8000</limit_stack_mem_kb>
<limit_file_size_mb desc="The maximum file size allowed to each document process to write. 0 for unlimited." type="uint">0</limit_file_size_mb>
<limit_num_open_files desc="The maximum number of files allowed to each document process to open. 0 for unlimited." type="uint">0</limit_num_open_files>
<limit_load_secs desc="Maximum number of seconds to wait for a document load to succeed. 0 for unlimited." type="uint" default="100">100</limit_load_secs>
<limit_store_failures desc="Maximum number of consecutive save-and-upload to storage failures when unloading the document. 0 for unlimited (not recommended)." type="uint" default="5">5</limit_store_failures>
<limit_convert_secs desc="Maximum number of seconds to wait for a document conversion to succeed. 0 for unlimited." type="uint" default="100">100</limit_convert_secs>
<min_time_between_saves_ms desc="Minimum number of milliseconds between saving the document on disk." type="uint" default="500">500</min_time_between_saves_ms>
<min_time_between_uploads_ms desc="Minimum number of milliseconds between uploading the document to storage." type="uint" default="5000">5000</min_time_between_uploads_ms>
<cleanup desc="Checks for resource consuming (bad) documents and kills associated kit process. A document is considered resource consuming (bad) if is in idle state for idle_time_secs period and memory usage passed limit_dirty_mem_mb or CPU usage passed limit_cpu_per" enable="true">
<cleanup_interval_ms desc="Interval between two checks" type="uint" default="10000">10000</cleanup_interval_ms>
<bad_behavior_period_secs desc="Minimum time period for a document to be in bad state before associated kit process is killed. If in this period the condition for bad document is not met once then this period is reset" type="uint" default="60">60</bad_behavior_period_secs>
<idle_time_secs desc="Minimum idle time for a document to be candidate for bad state" type="uint" default="300">300</idle_time_secs>
<limit_dirty_mem_mb desc="Minimum memory usage for a document to be candidate for bad state" type="uint" default="3072">3072</limit_dirty_mem_mb>
<limit_cpu_per desc="Minimum CPU usage for a document to be candidate for bad state" type="uint" default="85">85</limit_cpu_per>
<lost_kit_grace_period_secs desc="The minimum grace period for a lost kit process (not referenced by coolwsd) to resolve its lost status before it is terminated. To disable the cleanup of lost kits use value 0" default="120">120</lost_kit_grace_period_secs>
</cleanup>
</per_document>
<per_view desc="View-specific settings.">
<out_of_focus_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus. Defaults to 300 seconds." type="uint" default="300">300</out_of_focus_timeout_secs>
<idle_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus). Defaults to 15 minutes." type="uint" default="900">900</idle_timeout_secs>
<custom_os_info desc="Custom string shown as OS version in About dialog, get from system if empty." type="string" default=""></custom_os_info>
</per_view>
<ver_suffix desc="Appended to etags to allow easy refresh of changed files during development" type="string" default=""></ver_suffix>
<logging>
<color type="bool">true</color>
<!--
Note to developers: When you do "make run", the logging.level will be set on the
coolwsd command line, so if you want to change it for your testing, do it in
Makefile.am, not here.
-->
<level type="string" desc="Can be 0-8 (with the lowest numbers being the least verbose), or none (turns off logging), fatal, critical, error, warning, notice, information, debug, trace" default="warning">warning</level>
<level_startup type="string" desc="As for level - but for the initial startup phase which is most problematic, logging reverts to level configured above when startup is complete" default="trace">trace</level_startup>
<disabled_areas type="string" desc="High verbosity logging ie. info to trace are disable-able, comma separated: Generic, Pixel, Socket, WebSocket, Http, WebServer, Storage, WOPI, Admin, Javascript" default="Socket,WebSocket,Admin">Socket,WebSocket,Admin,Pixel</disabled_areas>
<most_verbose_level_settable_from_client type="string" desc="A loggingleveloverride message from the client can not set a more verbose log level than this" default="notice">notice</most_verbose_level_settable_from_client>
<least_verbose_level_settable_from_client type="string" desc="A loggingleveloverride message from a client can not set a less verbose log level than this" default="fatal">fatal</least_verbose_level_settable_from_client>
<protocol type="bool" desc="Enable minimal client-site JS protocol logging from the start">false</protocol>
<!-- lokit_sal_log example: Log WebDAV-related messages, that is interesting for debugging Insert - Image operation: "+TIMESTAMP+INFO.ucb.ucp.webdav+WARN.ucb.ucp.webdav"
See also: https://docs.libreoffice.org/sal/html/sal_log.html -->
<lokit_sal_log type="string" desc="Fine tune log messages from LOKit. Default is to suppress log messages from LOKit." default="-INFO-WARN">-INFO-WARN</lokit_sal_log>
<file enable="false">
<!-- If you use other path than /var/log and you run coolwsd from systemd, make sure that you enable that path in coolwsd.service (ReadWritePaths). -->
<property name="path" desc="Log file path.">/var/log/coolwsd.log</property>
<property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
<property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
<property name="compress" desc="Enable/disable log file compression.">true</property>
<property name="purgeAge" desc="The maximum age of log files to preserve. See Poco FileChannel.">10 days</property>
<property name="purgeCount" desc="The maximum number of log archives to preserve. Use 'none' to disable purging. See Poco FileChannel.">10</property>
<property name="rotateOnOpen" desc="Enable/disable log file rotation on opening.">true</property>
<property name="flush" desc="Enable/disable flushing after logging each line. May harm performance. Note that without flushing after each line, the log lines from the different processes will not appear in chronological order.">false</property>
</file>
<anonymize>
<anonymize_user_data type="bool" desc="Enable to anonymize/obfuscate of user-data in logs. If default is true, it was forced at compile-time and cannot be disabled." default="false">false</anonymize_user_data>
<anonymization_salt type="uint" desc="The salt used to anonymize/obfuscate user-data in logs. Use a secret 64-bit random number." default="82589933">82589933</anonymization_salt>
</anonymize>
<docstats type="bool" desc="Enable to see document handling information in logs." default="false">false</docstats>
<userstats desc="Enable user stats. i.e: logs the details of a file and user" type="bool" default="false">false</userstats>
<disable_server_audit type="bool" desc="Disabled server audit dialog and notification. Admin will no longer see warnings in the application user interface. This doesn't affect log file." default="false">false</disable_server_audit>
</logging>
<!--
Note to developers: When you do "make run", the trace_event[@enable] will be set on the
coolwsd command line, so if you want to change it for your testing, do it in Makefile.am,
not here.
-->
<trace_event desc="The possibility to turn on generation of a Chrome Trace Event file" enable="false">
<path desc="Output path for the Trace Event file, to which they will be written if turned on at run-time" type="string" default="/var/log/coolwsd.trace.json">/var/log/coolwsd.trace.json</path>
</trace_event>
<browser_logging desc="Logging in the browser console" default="false">false</browser_logging>
<trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false">
<path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/cooltrace-%.gz" compress="true" snapshot="false"></path>
<filter>
<message desc="Regex pattern of messages to exclude"></message>
</filter>
<outgoing>
<record desc="Whether or not to record outgoing messages" default="false">false</record>
</outgoing>
</trace>
<net desc="Network settings">
<!-- On systems where localhost resolves to IPv6 [::1] address first, when net.proto is all and net.listen is loopback, coolwsd unexpectedly listens on [::1] only.
You need to change net.proto to IPv4, if you want to use 127.0.0.1. -->
<proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
<listen type="string" default="any" desc="Listen address that coolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
<!-- this allows you to shift all of our URLs into a sub-path from
https://my.com/browser/a123... to https://my.com/my/sub/path/browser/a123... -->
<service_root type="path" default="" desc="Prefix all the pages, websockets, etc. with this path."></service_root>
<post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
<host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>
<host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
<host desc="The IPv6 loopback (localhost) address.">::1</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 1.">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 2.">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 3.">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 10.0.0.0/8 subnet (Podman).">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
</post_allow>
<lok_allow desc="Allowed hosts as an external data source inside edited files. All allowed post_allow.host and storage.wopi entries are also considered to be allowed as a data source. Used for example in: PostMessage Action_InsertGraphics, =WEBSERVICE() function, external reference in the cell.">
<host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>
<host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
<host desc="The IPv6 loopback (localhost) address.">::1</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 1.">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 2.">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 3.">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 10.0.0.0/8 subnet (Podman).">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Localhost access by name">localhost</host>
</lok_allow>
<content_security_policy desc="Customize the CSP header by specifying one or more policy-directive, separated by semicolons. See w3.org/TR/CSP2"></content_security_policy>
<frame_ancestors desc="OBSOLETE: Use content_security_policy. Specify who is allowed to embed the Collabora Online iframe (coolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
<connection_timeout_secs desc="Specifies the connection, send, recv timeout in seconds for connections initiated by coolwsd (such as WOPI connections)." type="int" default="30"></connection_timeout_secs>
<!-- this setting radically changes how online works, it should not be used in a production environment -->
<proxy_prefix type="bool" default="false" desc="Enable a ProxyPrefix to be passed int through which to redirect requests"></proxy_prefix>
</net>
<ssl desc="SSL settings">
<!-- switches from https:// + wss:// to http:// + ws:// -->
<enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">true</enable>
<!-- SSL off-load can be done in a proxy, if so disable SSL, and enable termination below in production -->
<termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
<cert_file_path desc="Path to the cert file" relative="false">/etc/coolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/coolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/coolwsd/ca-chain.cert.pem</ca_file_path>
<ssl_verification desc="Enable or disable SSL verification of hosts remote to coolwsd. If true SSL verification will be strict, otherwise certs of hosts will not be verified. You may have to disable it in test environments with self-signed certificates." type="string" default="false">false</ssl_verification>
<cipher_list desc="List of OpenSSL ciphers to accept" default="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"></cipher_list>
<hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
<max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
<report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
<pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
<pin></pin>
</pins>
</hpkp>
<sts desc="Strict-Transport-Security settings, per rfc6797. Subdomains are always included.">
<enabled desc="Whether or not Strict-Transport-Security is enabled. Enable only when ready for production. Cannot be disabled without resetting the browsers." type="bool" default="false">false</enabled>
<max_age desc="Strict-Transport-Security max-age directive, in seconds. 0 is allowed; please see rfc6797 for details. Defaults to 1 year." type="int" default="31536000">31536000</max_age>
</sts>
</ssl>
<security desc="Altering these defaults potentially opens you to significant risk">
<seccomp desc="Should we use the seccomp system call filtering." type="bool" default="true">true</seccomp>
<!-- deprecated: If capabilities is 'false', coolwsd will assume mount_namespaces of 'true' to achieve
this goal, only avoiding chroot for process isolation if linux namespaces are unavailable -->
<capabilities desc="Should we require capabilities to isolate processes into chroot jails" type="bool" default="true">true</capabilities>
<jwt_expiry_secs desc="Time in seconds before the Admin Console's JWT token expires" type="int" default="1800">1800</jwt_expiry_secs>
<enable_macros_execution desc="Specifies whether the macro execution is enabled in general. This will enable Basic and Python scripts to execute both installed and from documents. If it is set to false, the macro_security_level is ignored. If it is set to true, the mentioned entry specified the level of macro security." type="bool" default="false">false</enable_macros_execution>
<macro_security_level desc="Level of Macro security. 1 (Medium) Confirmation required before executing macros from untrusted sources. 0 (Low, not recommended) All macros will be executed without confirmation." type="int" default="1">1</macro_security_level>
<enable_websocket_urp desc="Should we enable URP (UNO remote protocol) communication over the websocket. This allows full control of the Kit child server to anyone with access to the websocket including executing macros without confirmation or running arbitrary shell commands in the jail." type="bool" default="false">false</enable_websocket_urp>
<enable_metrics_unauthenticated desc="When enabled, the /cool/getMetrics endpoint will not require authentication." type="bool" default="false">false</enable_metrics_unauthenticated>
</security>
<certificates>
<database_path type="string" desc="Path to the NSS certificates that are used for signing documents" default=""></database_path>
</certificates>
<watermark>
<opacity desc="Opacity of on-screen watermark from 0.0 to 1.0" type="double" default="0.2"></opacity>
<text desc="Watermark text to be displayed on the document if entered" type="string"></text>
</watermark>
<user_interface>
<mode type="string" desc="Controls the user interface style. The 'default' means: Take the value from ui_defaults, or decide for one of compact or tabbed (default|compact|tabbed)" default="default">default</mode>
<use_integration_theme desc="Use theme from the integrator" type="bool" default="true">true</use_integration_theme>
</user_interface>
<storage desc="Backend storage">
<filesystem allow="false" />
<wopi desc="Allow/deny wopi storage." allow="true">
<max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
<locking desc="Locking settings">
<refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
</locking>
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="first">
<!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
add the hosts below. If one host is accessible under multiple ip addresses
or names, add them as aliases. -->
<!--<group>
<host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>
<alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias>
<alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias>
</group>-->
<!-- More "group"s possible here -->
</alias_groups>
<is_legacy_server desc="Set to true for legacy server that need deprecated headers." type="bool" default="false"></is_legacy_server>
</wopi>
<ssl desc="SSL settings">
<as_scheme type="bool" default="true" desc="When set we exclusively use the WOPI URI's scheme to enable SSL for storage">true</as_scheme>
<enable type="bool" desc="If as_scheme is false or not set, this can be set to force SSL encryption between storage and coolwsd. When empty this defaults to following the ssl.enable setting"></enable>
<cert_file_path desc="Path to the cert file. When empty this defaults to following the ssl.cert_file_path setting" relative="false"></cert_file_path>
<key_file_path desc="Path to the key file. When empty this defaults to following the ssl.key_file_path settinge" relative="false"></key_file_path>
<ca_file_path desc="Path to the ca file. When empty this defaults to following the ssl.ca_file_path setting" relative="false"></ca_file_path>
<cipher_list desc="List of OpenSSL ciphers to accept. If empty the defaults are used. These can be overridden only if absolutely needed."></cipher_list>
</ssl>
</storage>
<admin_console desc="Web admin console settings.">
<enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
<enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
<username desc="The username of the admin console. Ignored if PAM is enabled."></username>
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password."></password>
<logging desc="Log admin activities irrespective of logging.level">
<admin_login desc="log when an admin logged into the console" type="bool" default="true">true</admin_login>
<metrics_fetch desc="log when metrics endpoint is accessed and metrics endpoint authentication is enabled" type="bool" default="true">true</metrics_fetch>
<monitor_connect desc="log when external monitor gets connected" type="bool" default="true">true</monitor_connect>
<admin_action desc="log when admin does some action for example killing a process" type="bool" default="true">true</admin_action>
</logging>
</admin_console>
<monitors desc="Addresses of servers we connect to on start for monitoring">
<!-- <monitor desc="Address of the monitor and interval after which it should try reconnting after disconnect" retryInterval="20">wss://foobar:234/ws</monitor> -->
</monitors>
<quarantine_files desc="Files are stored here to be examined later in cases of crashes or similar situation." default="false" enable="false">
<limit_dir_size_mb desc="Maximum directory size, in MBs. On exceeding the specified limit, older files will be deleted." default="250" type="uint"></limit_dir_size_mb>
<max_versions_to_maintain desc="How many versions of the same file to keep." default="5" type="uint"></max_versions_to_maintain>
<path desc="Absolute path of the directory under which quarantined files will be stored. Do not use a relative path." type="path" relative="false"></path>
<expiry_min desc="Time in mins after quarantined files will be deleted." type="int" default="3000"></expiry_min>
</quarantine_files>
<remote_config>
<remote_url desc="remote server to which you will send request to get remote config in response" type="string" default=""></remote_url>
</remote_config>
<stop_on_config_change desc="Stop coolwsd whenever config files change." type="bool" default="false">false</stop_on_config_change>
<remote_font_config>
<url desc="URL of optional JSON file that lists fonts to be included in Online" type="string" default=""></url>
</remote_font_config>
<home_mode>
<enable desc="Enable more configuration options for home users" type="bool" default="false">false</enable>
</home_mode>
<fonts_missing>
<handling desc="How to handle fonts mising in a document: 'report', 'log', 'both', or 'ignore'" type="string" default="log">log</handling>
</fonts_missing>
<indirection_endpoint>
<url desc="URL endpoint to server which servers routeToken in json format" default=""></url>
<migration_timeout_secs desc="The maximum number of seconds waiting for shutdown migration message from indirection server before unloading an document. Defaults to 180 second." type="uint" default="180"></migration_timeout_secs>
<geolocation_setup>
<enable desc="Enable geolocation_setup when using indirection server with geolocation configuration" type="bool" default="false">false</enable>
<timezone desc="IANA timezone of server. For example: Europe/Berlin "></timezone>
</geolocation_setup>
<server_name desc="server name to show in cluster overview admin panel" type="string" default=""></server_name>
</indirection_endpoint>
<zotero desc="Zotero plugin configuration. For more details about Zotero visit https://www.zotero.org/">
<enable desc="Enable Zotero plugin." type="bool" default="true">true</enable>
</zotero>
<help_url desc="The Help root URL, or empty for no help (hides the Help buttons)" type="string" default="https://help.collaboraoffice.com/help.html?">https://help.collaboraoffice.com/help.html?</help_url>
<overwrite_mode>
<enable desc="Enable overwrite mode (user can use insert key)" type="bool" default="true">true</enable>
</overwrite_mode>
<wasm desc="WASM-specific settings">
<enable desc="Enable WASM support" type="bool" default="false"></enable>
<force desc="When enabled, all requests are redirected to WASM." type="bool" default="false"></force>
</wasm>
</config>

28
collabora/stacks/.collabora.env Normal file
View File

@ -0,0 +1,28 @@
# https://www.collabora.org/docs/#env-configuration
PUID=${PUID}
PGID=${MEDIA_GID} # we assign media gid to process gid to enable to access media folders
TZ=${TZ}
UMASK=0022
username=${USERNAME}
password=${PASSWORD}
#DONT_GEN_SSL_CERT=yes
cert_domain=${DOMAINNAME}
server_name=${APPLICATION_NAME}.${DOMAINNAME}
dictionaries="en_ZA en_US en_GB en_Afr"
# SSL terminates at the proxy
extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:user_interface.mode=compact --o:net.proto=IPv4 --o:hexify_embedded_urls=true --o:logging.level=warning #--o:welcome.enable=false
#aliasgroup1=${NEXTCLOUD1}
#aliasgroup2=${NEXTCLOUD2}
#aliasgroup3=${NEXTCLOUD3}
VIRTUAL_PROTO=http
VIRTUAL_PORT=9980
VIRTUAL_HOST=${APPLICATION_NAME}.${DOMAINNAME}
# letsencrypt_host=${APPLICATION_NAME}.${DOMAINNAME}

29
collabora/stacks/.env Normal file
View File

@ -0,0 +1,29 @@
APPLICATION_NAME=collabora
MEDIADIR=/mnt/stpool1/NData1/Media
DOCKERDIR=/mnt/SSD1/docker/
STACKSDIR=${DOCKERDIR}/stacks/${APPLICATION_NAME}
DATADIR=${DOCKERDIR}/data/${APPLICATION_NAME}
SECRETSDIR=${STACKSDIR}/secrets
CT_DOWNLOADS=/Downloads
CT_MEDIA=/Media
DOMAINNAME=sthome.org
PUID=3034
PGID=3033
MEDIA_GID=3017
TZ=Africa/Johannesburg
WEBUI_PORT=9980
# collabora does not support docker secrets
USERNAME=admin
PASSWORD="Saterdag!32#"
NEXTCLOUD1=
NEXTCLOUD2=
NEXTCLOUD3=

69
collabora/stacks/compose.yml Normal file
View File

@ -0,0 +1,69 @@
# https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html
# https://github.com/CollaboraOnline/online
name: collabora
secrets:
collabora_username:
file: ${SECRETSDIR}/collabora_username
collabora_password:
file: ${SECRETSDIR}/collabora_password
networks:
traefik-net:
external: true
services:
collabora:
image: collabora/code #:22.05.10.1.1
hostname: collabora
env_file: .collabora.env
#user: "${PUID}:${PGID}"
tty: true
group_add:
- "${PGID}"
cap_add:
- MKNOD
networks:
- traefik-net
volumes:
- /etc/localtime:/etc/localtime:ro
- "${DATADIR}/config:/config"
restart: unless-stopped
secrets:
- collabora_username
- collabora_password
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
#
# http middlewares
# ---------------------------
- "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.permanent=true"
#
# http services
# -------------
- "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}"
#
# http routers
# ------------
# limit router to web ":80" entrypoint (Note: web entrypoint http requests are globally redirected to websecure router in traefik.yml)
- "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# attach middlewares to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-https-redirect"
# assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
#
# limit router to websecure ":443" entrypoint
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# set router to be dedicated to secure requests only for the host specified in match criteria
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
# generate certificates using following certresolver
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=sthomeresolver"
# assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"

135
cp2nas.ps1 Normal file
View File

@ -0,0 +1,135 @@
############### CONST ##############
$destDockerDir="/mnt/SSD1/docker/"
$stacksfolder="stacks/"
$datafolder="data/"
$destStacks=$destDockerDir+$stacksfolder
$destData=$destDockerDir+$datafolder
$destTraefikRulesDir=$destStacks+"traefik/rules/"
$destTraefikUsersDir=$destStacks+"traefik/users/"
$destDataDir=$destData
############### MAIN ###############
# main function
#
$Main =
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $destHost,
[Parameter(Mandatory=$false)]
[string[]] $apps
)
$applist=[System.Collections.Generic.List[object]]::new()
If($PSBoundParameters.ContainsKey("apps")) {
foreach ($appname in $apps)
{
if ($appname.Contains('*')) {
$wclist=Get-ChildItem $appname -Directory | ForEach-Object { $_.Name }
# if wildcard is specified, we only add folders with a 'stacks' subfolder
foreach ($wcname in $wclist) {
if ((Test-Path -Path "$wcname\stacks")) {
$applist.Add($wcname)
}
}
}
else {
# here we don't have to check for a 'stacks' subfolder as the user specified appname explicitly
$applist.Add($appname)
}
}
# remove duplicates
$uniqlist=$applist | Sort-Object -Unique
foreach ($appname in $uniqlist)
{
copyfolder $destHost $appname "$appname\"
}
}
else {
# we're in the app subfolder, so only one stacks folder to copy
$appname="$pwd".Split("\\")[-1]
copyfolder $destHost $appname ".\"
}
}
#######################################################################
# copies specified folder to data folder on truenas
#
Function copytosubfolder
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $destHost,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $folder,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $subfolder,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $srcdir,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $destdir
)
$date=Get-Date -format "yyyy-MM-ddTHH:mm:ss"
if ((Test-Path -Path "$srcdir")) {
Write-Host "$date# pscp -P 22 -r ""$srcdir\*.*"" root@${destHost}:""${destdir}""" -ForegroundColor Green
Write-Host "Copying to ${destHost}:""${destDockerDir}" -NoNewline
Write-Host "${folder}" -ForegroundColor Cyan -NoNewline
Write-Host "${subfolder}" -ForegroundColor DarkYellow -NoNewline
Write-Host """:"
pscp -P 22 -r "$srcdir\*.*" root@${destHost}:""${destdir}""
}
}
#######################################################################
# copies folder(s) to truenas
#
Function copyfolder
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $destHost,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $subfolder,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string] $srcdir
)
$srcStacksDir=$srcdir+"stacks"
$srcTraefikRulesDir=$srcdir+"traefik-rules"
$srcTraefikUsersDir=$srcdir+"traefik-users"
$srcDataDir=$srcdir+"data"
if (-Not(Test-Path -Path $srcStacksDir)) {
Write-Host "Source path doesn't exist: ""$PSScriptRoot\$srcStacksDir\*.*"". No files copied!" -ForegroundColor Red
Write-Host "Usage: in app folder : ./cp2nas DEST|IP"
Write-Host " in app parent folder: ./cp2nas DEST|IP app1, app2, app3, ..."
Write-Host " in app parent folder: ./cp2nas DEST|IP *"
Write-Host " in app parent folder: ./cp2nas DEST|IP wcstring1, wcstring2, ..."
return
}
$destAppStacksDir=$destStacks+$subfolder+"/"
# copy app folder destinations
copytosubfolder $destHost "${stacksfolder}" "${subfolder}" "${srcStacksDir}" "${destAppStacksDir}"
# copy traefik folder destinations
copytosubfolder $destHost "${stacksfolder}" "traefik/rules/" "${srcTraefikRulesDir}" "${destTraefikRulesDir}"
copytosubfolder $destHost "${stacksfolder}" "traefik/users/" "${srcTraefikUsersDir}" "${destTraefikUsersDir}"
# copy data folder destinations
copytosubfolder $destHost "${datafolder}" "${subfolder}/" "${srcDataDir}" "${destDataDir}${subfolder}"
}
###################################
# we call main proc from here
& $Main @Args

85
dashy/conf.txt Normal file
View File

@ -0,0 +1,85 @@
appConfig:
theme: lissy
layout: auto
iconSize: medium
language: en
startingView: default
defaultOpeningMethod: newtab
statusCheck: true
statusCheckInterval: 0
faviconApi: allesedv
routingMode: history
enableMultiTasking: false
widgetsAlwaysUseProxy: false
webSearch:
disableWebSearch: false
searchEngine: google
openingMethod: newtab
searchBangs: {}
enableFontAwesome: true
enableMaterialDesignIcons: false
hideComponents:
hideHeading: false
hideNav: false
hideSearch: false
hideSettings: false
hideFooter: false
showSplashScreen: false
preventWriteToDisk: false
preventLocalSave: false
disableConfiguration: false
disableConfigurationForNonAdmin: false
allowConfigEdit: true
enableServiceWorker: false
disableContextMenu: false
disableUpdateChecks: false
disableSmartSort: false
enableErrorReporting: false
pageInfo:
title: Dashy
description: Welcome to your new dashboard!
navLinks:
- title: GitHub
path: https://github.com/Lissy93/dashy
target: newtab
- title: Documentation
path: https://dashy.to/docs
target: newtab
footerText: Dashy © 2023
sections:
- name: Getting Started
icon: fas fa-rocket
items: []
- name: Time
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items: []
- name: Docker Containers
icon: /icons/dashboard-icons/png/docker-moby.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Portainer
description: Docker container management
icon: >-
https://4731999.fs1.hubspotusercontent-na1.net/hubfs/4731999/crane-icon.svg
url: https://localhost:9443
target: newtab
statusCheck: true
statusCheckUrl: https://localhost:9443
id: 0_1678_portainer
- title: Dashy
icon: dashy
url: http://localhost:4000/
target: newtab
statusCheck: true
statusCheckUrl: http://localhost:4000
id: 1_1678_dashy

BIN
dashy/dashboard.xlsx Normal file
View File

Binary file not shown.

617
dashy/dashy_conf.yml Normal file
View File

@ -0,0 +1,617 @@
appConfig:
theme: nord-frost
layout: auto
iconSize: large
language: en
statusCheck: true
statusCheckInterval: 20
pageInfo:
title: sthome lab
description: Welcome to the sthome lab!
navLinks:
- title: GitHub
path: https://github.com/Lissy93/dashy
- title: DSERVER
path: https://dserver.sthome.lan
footerText: ''
sections:
- name: System Management
icon: fas fa-server
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_0
title: Truenas
description: Truenas host
icon: dashboard-icons/svg/truenas.svg
url: https://truenas.sthome.org:444
statusCheck: true
target: newtab
id: 0_1698_truenas
- &ref_1
title: Dockge
description: Docker stack manager
icon: dashboard-icons/svg/dockge-light.svg
url: http://dockge.sthome.org:5001
statusCheck: true
target: newtab
id: 1_1698_dockge
- &ref_2
title: Proxmox
description: Proxmox host
icon: dashboard-icons/svg/proxmox.svg
url: http://10.0.0.22:8006/
statusCheck: true
target: newtab
id: 2_1698_proxmox
- &ref_3
title: Traefik
description: Reverse proxy and load balancer
icon: dashboard-icons/svg/traefik.svg
url: https://traefik.sthome.org
target: newtab
statusCheck: true
statusCheckUrl: http://traefik.sthome.org:8083/ping
id: 3_1698_traefik
filteredItems:
- *ref_0
- *ref_1
- *ref_2
- *ref_3
- name: Media Servers
icon: dashboard-icons/svg/media-playback.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_4
title: Plex
description: Media server
icon: dashboard-icons/svg/plex.svg
url: https://plex.sthome.org
target: newtab
statusCheckUrl: https://plex.sthome.org/identity
id: 0_1258_plex
- &ref_5
title: Jellyfin
description: Media server
icon: dashboard-icons/svg/jellyfin.svg
url: https://jellyfin.sthome.org
target: newtab
id: 1_1258_jellyfin
- &ref_6
title: Emby
description: Media server
icon: dashboard-icons/svg/emby.svg
url: https://emby.sthome.org
target: newtab
id: 2_1258_emby
filteredItems:
- *ref_4
- *ref_5
- *ref_6
- name: Books
icon: dashboard-icons/png/book.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_7
title: Audiobookshelf
description: Audiobook and podcast server
icon: dashboard-icons/svg/audiobookshelf.svg
url: https://audiobookshelf.sthome.org
target: newtab
id: 0_510_audiobookshelf
- &ref_8
title: Calibre
description: E-book manager
icon: dashboard-icons/svg/calibre.svg
url: https://calibre.sthome.org
target: newtab
id: 1_510_calibre
- &ref_9
title: Kavita
description: Digital library
icon: dashboard-icons/svg/kavita.svg
url: https://kavita.sthome.org
target: newtab
id: 2_510_kavita
filteredItems:
- *ref_7
- *ref_8
- *ref_9
- name: Home
icon: dashboard-icons/svg/home.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_10
title: Home Assistant
description: Home automation
icon: dashboard-icons/svg/home-assistant.svg
url: https://home-assistant.sthome.org
target: newtab
id: 0_393_homeassistant
- &ref_11
title: Frigate
description: Network Video Recorder
icon: dashboard-icons/svg/frigate.svg
url: https://frigate.sthome.org
target: newtab
statusCheck: true
statusCheckUrl: https://frigate.sthome.org/stats
id: 1_393_frigate
- &ref_12
title: Mealie
description: Recipe manager
icon: dashboard-icons/svg/mealie.svg
url: https://mealie.sthome.org
target: newtab
id: 2_393_mealie
filteredItems:
- *ref_10
- *ref_11
- *ref_12
- name: Security
icon: dashboard-icons/svg/security.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_13
title: Authentik
description: Identity provider
icon: dashboard-icons/png/authentik.png
url: https://authentik.sthome.org
target: newtab
id: 0_856_authentik
- &ref_14
title: Vaultwarden
description: Password manager
icon: dashboard-icons/svg/vaultwarden.svg
url: https://vaultwarden.sthome.org
target: newtab
id: 1_856_vaultwarden
filteredItems:
- *ref_13
- *ref_14
- name: Video Processing
icon: dashboard-icons/svg/video-camera.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_15
title: Handbrake
description: Video Transcoder
icon: dashboard-icons/svg/handbrake.svg
url: https://handbrake.sthome.org
target: newtab
id: 0_1588_handbrake
- &ref_16
title: MKVToolNix
description: MKV file editor and merger
icon: dashboard-icons/png/mkvtoolnix.png
url: https://mkvtoolnix.sthome.org
target: newtab
id: 1_1588_mkvtoolnix
filteredItems:
- *ref_15
- *ref_16
- name: Photos
icon: dashboard-icons/svg/photos.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_17
title: Digikam
description: Image organizer and tag editor
icon: dashboard-icons/svg/digikam_oxygen.svg
url: https://digikam.sthome.org
target: newtab
id: 0_637_digikam
- &ref_18
title: Photoview
description: Photo gallery
icon: dashboard-icons/svg/photoview.svg
url: https://photoview.sthome.org
target: newtab
id: 1_637_photoview
filteredItems:
- *ref_17
- *ref_18
- name: Finance
icon: dashboard-icons/svg/financial-services.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_19
title: Firefly III
description: Personal finance manager
icon: dashboard-icons/png/firefly.png
url: https://firefly.sthome.org
target: newtab
statusCheck: true
statusCheckHeaders: https://firefly.sthome.org/health
id: 0_692_fireflyiii
filteredItems:
- *ref_19
- name: Development
icon: dashboard-icons/png/software-development.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_20
title: Gitea
description: >-
Software development service; Git hosting, code review, team
collaboration, package registry and CI/CD
icon: dashboard-icons/svg/gitea.svg
url: https://gitea.sthome.org
target: newtab
id: 0_1155_gitea
filteredItems:
- *ref_20
- name: Performance
icon: dashboard-icons/png/data-analysis.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_21
title: Grafana
description: Analytics & monitoring
icon: dashboard-icons/svg/grafana.svg
url: https://grafana.sthome.org
target: newtab
id: 0_1138_grafana
- &ref_22
title: Prometheus
description: Event monitoring and alerting
icon: dashboard-icons/svg/prometheus.svg
url: https://prometheus.sthome.org
target: newtab
statusCheck: true
statusCheckUrl: https://prometheus.sthome.org/-/healthy
id: 1_1138_prometheus
filteredItems:
- *ref_21
- *ref_22
- name: Network
icon: dashboard-icons/svg/network.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_23
title: Librespeed
description: Network speed tester
icon: dashboard-icons/svg/librespeed.svg
url: https://librespeed.sthome.org
target: newtab
id: 0_746_librespeed
- &ref_24
title: Pi-hole
description: DNS sinkhole
icon: dashboard-icons/svg/pi-hole.svg
url: https://pihole.sthome.org/admin
target: newtab
statusCheckUrl: http://pihole.sthome.org/admin/api.php?status
id: 1_746_pihole
filteredItems:
- *ref_23
- *ref_24
- name: Web Site
icon: dashboard-icons/svg/web-server.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_25
title: Static-Web-Server
description: Web server
icon: dashboard-icons/png/static-web-server.png
url: https://www.sthome.org
target: newtab
id: 0_723_staticwebserver
filteredItems:
- *ref_25
- name: Music
icon: dashboard-icons/svg/music.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_26
title: Sheetable
description: Music sheet organiser
icon: dashboard-icons/png/sheetable.png
url: https://sheetable.sthome.org
target: newtab
id: 0_513_sheetable
- &ref_27
title: Songkong
description: Music tagger
icon: dashboard-icons/png/songkong.png
url: https://songkong.sthome.org
target: newtab
id: 1_513_songkong
filteredItems:
- *ref_26
- *ref_27
- name: Collaboration
icon: dashboard-icons/png/collaboration.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_28
title: Nextcloud
description: Content collaboration platform
icon: dashboard-icons/svg/nextcloud.svg
url: https://nextcloud.sthome.org
target: newtab
id: 0_1353_nextcloud
- &ref_29
title: Onlyoffice
description: Secure online office suite
icon: dashboard-icons/svg/onlyoffice.svg
url: https://onlyoffice.sthome.org
target: newtab
id: 1_1353_onlyoffice
filteredItems:
- *ref_28
- *ref_29
- name: Data Analysis
icon: dashboard-icons/png/data-analysis.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_30
title: Root
description: Data analysis framework
icon: dashboard-icons/png/root.png
url: https://root.sthome.org
target: newtab
id: 0_1246_root
filteredItems:
- *ref_30
- name: Gaming
icon: dashboard-icons/svg/gaming.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- &ref_31
title: Minecraft Bedrock
description: >-
Use https://mc-bedrock.sthome.org to setup minecraft server url in
game
icon: dashboard-icons/svg/minecraft.svg
url: https://mc-bedrock.sthome.org
target: newtab
id: 0_595_minecraftbedrock
- &ref_32
title: Minecraft Java
description: Use https://mc-java.sthome.org to setup minecraft server url in game
icon: dashboard-icons/svg/minecraft.svg
url: https://mc-java.sthome.org
target: newtab
id: 1_595_minecraftjava
filteredItems:
- *ref_31
- *ref_32
- name: Media Management
icon: dashboard-icons/svg/media.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: true
hideForGuests: false
items:
- &ref_33
title: Lidarr
description: Music collection manager
icon: dashboard-icons/svg/lidarr.svg
url: https://lidarr.sthome.org
target: newtab
id: 0_1533_lidarr
- &ref_34
title: Mediaelch
description: Media manager for Kodi
icon: dashboard-icons/png/mediaelch.png
url: https://mediaelch.sthome.org
target: newtab
id: 1_1533_mediaelch
- &ref_35
title: Overseerr
description: Request management and media discovery
icon: dashboard-icons/svg/overseerr.svg
url: https://overseerr.sthome.org
target: newtab
id: 2_1533_overseerr
- &ref_36
title: Prowlarr
description: Indexer manager/proxy
icon: dashboard-icons/svg/prowlarr.svg
url: https://prowlarr.sthome.org
target: newtab
id: 3_1533_prowlarr
- &ref_37
title: qBittorrent
description: P2P bittorrent client
icon: dashboard-icons/svg/qbittorrent.svg
url: https://qbittorrent.sthome.org
target: newtab
id: 4_1533_qbittorrent
- &ref_38
title: Radarr
description: Movie collection manager
icon: dashboard-icons/svg/radarr.svg
url: https://radarr.sthome.org
target: newtab
id: 5_1533_radarr
- &ref_39
title: Readarr
description: "\_ebook collection manage"
icon: dashboard-icons/svg/readarr.svg
url: https://readarr.sthome.org
target: newtab
id: 6_1533_readarr
- &ref_40
title: Sonarr
description: Internet PVR for Usenet and Torrents
icon: dashboard-icons/svg/sonarr.svg
url: https://sonarr.sthome.org
target: newtab
id: 7_1533_sonarr
- &ref_41
title: Tautulli
description: Monitoring, analytics and notifications for Plex
icon: dashboard-icons/svg/tautulli.svg
url: https://tautulli.sthome.org
target: newtab
id: 8_1533_tautulli
filteredItems:
- *ref_33
- *ref_34
- *ref_35
- *ref_36
- *ref_37
- *ref_38
- *ref_39
- *ref_40
- *ref_41
- name: VPN
icon: dashboard-icons/svg/shield-user.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: true
hideForGuests: false
items:
- &ref_42
title: WG-easy
description: VPN server
icon: dashboard-icons/svg/wireguard.svg
url: https://vpn.sthome.org
target: newtab
id: 0_244_wgeasy
- &ref_43
title: jDownloader2
description: Download manager
icon: dashboard-icons/png/jdownloader2.png
url: https://jdownloader2.sthome.org
target: newtab
id: 1_244_jdownloader
- &ref_44
title: Firefox
description: Browser
icon: dashboard-icons/svg/firefox.svg
url: https://firefox.sthome.org
target: newtab
id: 2_244_firefox
filteredItems:
- *ref_42
- *ref_43
- *ref_44
- name: Data Management
icon: dashboard-icons/svg/database.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: true
hideForGuests: false
items:
- &ref_45
title: Minio
description: Object Storage - S3 compatible
icon: dashboard-icons/svg/minio.svg
url: https://minio1.sthome.org
target: newtab
id: 0_1431_minio
- &ref_46
title: Minio
description: Object Storage - S3 compatible
icon: dashboard-icons/svg/minio.svg
url: https://minio2.sthome.org
target: newtab
id: 1_1431_minio
- &ref_47
title: pgAdmin
description: Administration and development platform for PostgreSQL
icon: dashboard-icons/svg/pgadmin.svg
url: https://pgadmin.sthome.org
target: newtab
statusCheckUrl: 'https://pgadmin.sthome.org/misc/ping '
id: 2_1431_pgadmin
- &ref_48
title: Syncthing
description: Continuous file synchronization program
icon: dashboard-icons/svg/syncthing.svg
url: https://syncthing.sthome.org
target: newtab
id: 3_1431_syncthing
filteredItems:
- *ref_45
- *ref_46
- *ref_47
- *ref_48

BIN
dashy/data/appdata/icons/dashboard-icons/png/book.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.4 KiB

BIN
dashy/data/appdata/icons/dashboard-icons/png/collaboration.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
dashy/data/appdata/icons/dashboard-icons/png/data-analysis.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
dashy/data/appdata/icons/dashboard-icons/png/file-transfer.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.3 KiB

BIN
dashy/data/appdata/icons/dashboard-icons/png/file-transfer.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
dashy/data/appdata/icons/dashboard-icons/png/mediaelch.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

BIN
dashy/data/appdata/icons/dashboard-icons/png/root.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
dashy/data/appdata/icons/dashboard-icons/png/sftpgo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
dashy/data/appdata/icons/dashboard-icons/png/sheetable.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
dashy/data/appdata/icons/dashboard-icons/png/software-development.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
dashy/data/appdata/icons/dashboard-icons/png/songkong.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
dashy/data/appdata/icons/dashboard-icons/png/static-web-server.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

1
dashy/data/appdata/icons/dashboard-icons/svg/database.svg Normal file
View File

@ -0,0 +1 @@
<?xml version="1.0" encoding="utf-8"?><svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 105.07 122.88" style="enable-background:new 0 0 105.07 122.88" xml:space="preserve"><style type="text/css">.st0{fill-rule:evenodd;clip-rule:evenodd;}</style><g><path class="st0" d="M52.53,0c28.87,0,52.27,10.96,52.27,24.46c0,13.51-23.41,24.46-52.27,24.46c-28.86,0-52.27-10.96-52.27-24.46 C0.26,10.96,23.67,0,52.53,0L52.53,0z M0.26,81.83v18.78c9.3,33.03,101.18,26.65,104.55-1.69V80.16 C100.22,111.27,7.61,113.51,0.26,81.83L0.26,81.83L0.26,81.83z M0,32.94v18.34c9.3,32.26,101.69,27.9,105.07,0.23V33.18 C100.47,63.57,7.35,63.88,0,32.94L0,32.94z M0,56.64v18.78c9.3,33.03,101.69,28.57,105.07,0.23V56.89C100.47,88,7.35,88.32,0,56.64 L0,56.64z"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 825 B

186
dashy/data/appdata/icons/dashboard-icons/svg/digikam.svg Normal file
View File

@ -0,0 +1,186 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg width="48" version="1.1" xmlns="http://www.w3.org/2000/svg" height="48" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape">
<defs id="defs5455">
<linearGradient inkscape:collect="always" id="linearGradient5002">
<stop style="stop-color:#2e5d89" id="stop5004"/>
<stop offset="1" style="stop-color:#1b92f4" id="stop5006"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4328">
<stop style="stop-color:#bec900" id="stop4330"/>
<stop offset="0.312499" style="stop-color:#9ec80a" id="stop4332"/>
<stop offset="0.562499" style="stop-color:#71b93d" id="stop4334"/>
<stop offset="0.75" style="stop-color:#35a48f" id="stop4336"/>
<stop offset="1" style="stop-color:#018fca" id="stop4338"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4316">
<stop style="stop-color:#c1cc00" id="stop4318"/>
<stop offset="0.312499" style="stop-color:#dfcd00" id="stop4320"/>
<stop offset="0.562499" style="stop-color:#f0cc00" id="stop4322"/>
<stop offset="0.75" style="stop-color:#fd8c08" id="stop4324"/>
<stop offset="1" style="stop-color:#f25c13" id="stop4326"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4300">
<stop style="stop-color:#e51561" id="stop4302"/>
<stop offset="0.312499" style="stop-color:#e4156c" id="stop4304"/>
<stop offset="0.562499" style="stop-color:#e71e2c" id="stop4306"/>
<stop offset="0.75" style="stop-color:#e8301e" id="stop4308"/>
<stop offset="1" style="stop-color:#e6320e" id="stop4310"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4288">
<stop style="stop-color:#e81877" id="stop4290"/>
<stop offset="0.312499" style="stop-color:#dd1d8c" id="stop4294"/>
<stop offset="0.562499" style="stop-color:#6d57b1" id="stop4296"/>
<stop offset="0.75" style="stop-color:#2a78c1" id="stop4298"/>
<stop offset="1" style="stop-color:#018dcb" id="stop4292"/>
</linearGradient>
<linearGradient inkscape:collect="always" spreadMethod="reflect" xlink:href="#linearGradient4211" id="linearGradient4174" x1="428.57144" x2="408.57144" gradientUnits="userSpaceOnUse"/>
<linearGradient inkscape:collect="always" id="linearGradient4271">
<stop style="stop-color:#2a2c2f" id="stop4273"/>
<stop offset="1" style="stop-color:#424649" id="stop4275"/>
</linearGradient>
<clipPath id="clipPath4528">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4530"/>
</clipPath>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4271" id="linearGradient4532" y1="543.79797" y2="503.798" gradientUnits="userSpaceOnUse" x2="0" gradientTransform="matrix(0.79999996 0 0 0.79999996 -302.85712 -395.03837)"/>
<clipPath id="clipPath4534">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4536"/>
</clipPath>
<clipPath id="clipPath4544">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4546"/>
</clipPath>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4271" id="linearGradient4548" y1="543.79797" y2="503.798" gradientUnits="userSpaceOnUse" x2="0" gradientTransform="matrix(0.79999995 0 0 0.79999995 81.71431 104.75963)"/>
<clipPath id="clipPath4550">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4552"/>
</clipPath>
<clipPath id="clipPath4562">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4564"/>
</clipPath>
<clipPath id="clipPath4568">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4570"/>
</clipPath>
<clipPath id="clipPath4578">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4580"/>
</clipPath>
<clipPath id="clipPath4584">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4586"/>
</clipPath>
<linearGradient inkscape:collect="always" id="linearGradient4303">
<stop style="stop-color:#989a9b" id="stop4305"/>
<stop offset="1" style="stop-color:#f6f6f7" id="stop4307"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4415" xlink:href="#linearGradient4288" y1="23.999973" y2="8" x1="8" gradientUnits="userSpaceOnUse" x2="24.00001"/>
<linearGradient inkscape:collect="always" id="linearGradient4417" xlink:href="#linearGradient4300" y1="24.00003" y2="8" x1="8" x2="24.00001" gradientUnits="userSpaceOnUse" gradientTransform="matrix(1 0 0 -1 384.57143 547.798)"/>
<linearGradient inkscape:collect="always" id="linearGradient4419" xlink:href="#linearGradient4328" y1="23.999973" y2="8" x1="8" x2="24.00001" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-1 0 0 1 432.57143 499.798)"/>
<linearGradient inkscape:collect="always" id="linearGradient4421" xlink:href="#linearGradient4316" y1="24" y2="8" x1="8" x2="24.00001" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-1 0 0 -1 432.57143 547.798)"/>
<linearGradient inkscape:collect="always" id="linearGradient4423" xlink:href="#linearGradient4271" y1="543.79797" y2="503.798" x2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(0.34999981 0 0 0.34999981 265.57152 -707.12715)"/>
<clipPath id="clipPath4528-1">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4530-7"/>
</clipPath>
<clipPath id="clipPath4534-1">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4536-8"/>
</clipPath>
<clipPath id="clipPath4544-1">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4546-1"/>
</clipPath>
<clipPath id="clipPath4550-4">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4552-1"/>
</clipPath>
<clipPath id="clipPath4562-8">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4564-8"/>
</clipPath>
<clipPath id="clipPath4568-4">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4570-1"/>
</clipPath>
<clipPath id="clipPath4578-8">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4580-7"/>
</clipPath>
<clipPath id="clipPath4584-9">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4586-2"/>
</clipPath>
<linearGradient inkscape:collect="always" id="linearGradient4472" xlink:href="#linearGradient4303" y1="524.79797" y2="522.79797" gradientUnits="userSpaceOnUse" x2="0" gradientTransform="matrix(2 0 0 2 -408.57143 -523.798)"/>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4191" id="linearGradient4174-0" y1="537.79797" x1="423.57144" y2="510.46463" x2="396.2381" gradientUnits="userSpaceOnUse" gradientTransform="matrix(0.89999986 0 0 0.89999986 -776.28566 -995.21609)"/>
<linearGradient inkscape:collect="always" id="linearGradient4143">
<stop style="stop-color:#197cf1" id="stop4145"/>
<stop offset="1" style="stop-color:#20bcfa" id="stop4147"/>
</linearGradient>
<clipPath id="clipPath4528-8">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4530-3"/>
</clipPath>
<clipPath id="clipPath4534-4">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4536-2"/>
</clipPath>
<clipPath id="clipPath4544-18">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4546-5"/>
</clipPath>
<clipPath id="clipPath4550-3">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4552-4"/>
</clipPath>
<clipPath id="clipPath4562-1">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4564-3"/>
</clipPath>
<clipPath id="clipPath4568-1">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4570-4"/>
</clipPath>
<clipPath id="clipPath4578-5">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4580-5"/>
</clipPath>
<clipPath id="clipPath4584-0">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4586-4"/>
</clipPath>
<clipPath id="clipPath4528-1-9">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4530-7-8"/>
</clipPath>
<clipPath id="clipPath4534-1-8">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4536-8-3"/>
</clipPath>
<clipPath id="clipPath4544-1-1">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4546-1-0"/>
</clipPath>
<clipPath id="clipPath4550-4-2">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4552-1-3"/>
</clipPath>
<clipPath id="clipPath4562-8-2">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4564-8-0"/>
</clipPath>
<clipPath id="clipPath4568-4-0">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4570-1-3"/>
</clipPath>
<clipPath id="clipPath4578-8-9">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4580-7-3"/>
</clipPath>
<clipPath id="clipPath4584-9-8">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4586-2-1"/>
</clipPath>
<linearGradient inkscape:collect="always" id="linearGradient4211">
<stop style="stop-color:#2f3943" id="stop4213"/>
<stop offset="1" style="stop-color:#808c9b" id="stop4215"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4191">
<stop style="stop-color:#18222a" id="stop4193"/>
<stop offset="1" style="stop-color:#566069" id="stop4195"/>
</linearGradient>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient5002" id="linearGradient4174-0-2" y1="537.79797" x1="423.57144" y2="510.46463" x2="396.2381" gradientUnits="userSpaceOnUse" gradientTransform="matrix(0.70000184 0 0 0.70000184 -694.57218 -890.45752)"/>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4143" id="linearGradient4710" y1="536.86987" x1="421.64337" y2="511.81882" gradientUnits="userSpaceOnUse" x2="396.59229" gradientTransform="matrix(-1 0 0 -1 817.14288 1047.596)"/>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4143" id="linearGradient4713" y1="532.22949" x1="417.00296" y2="508.72522" gradientUnits="userSpaceOnUse" x2="393.49869" gradientTransform="matrix(-1 0 0 -1 817.14288 1047.596)"/>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4143" id="linearGradient4716" y1="529.62207" x1="414.39551" y2="506.91327" gradientUnits="userSpaceOnUse" x2="391.68671" gradientTransform="matrix(-1 0 0 -1 817.14288 1047.596)"/>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient5002" id="linearGradient4174-0-2-0" y1="537.79797" x1="423.57144" y2="488.79782" x2="374.57129" gradientUnits="userSpaceOnUse" gradientTransform="matrix(0.49999779 0 0 0.49999779 -612.85624 -785.69581)"/>
</defs>
<metadata id="metadata5458"/>
<g inkscape:label="Capa 1" inkscape:groupmode="layer" id="layer1" transform="matrix(1 0 0 1 -384.57143 -499.798)">
<rect width="39.999989" x="388.57144" y="503.798" rx="19.999985" height="39.999969" style="stroke-opacity:0.550265;fill:url(#linearGradient4174);stroke-width:2.8" id="rect4166"/>
<rect width="35.999985" x="-426.57144" y="-541.79797" rx="17.999983" height="35.999966" style="stroke-opacity:0.550265;fill:url(#linearGradient4174-0);stroke-width:2.8" id="rect4166-9" transform="matrix(-1 0 0 -1 0 0)"/>
<rect width="29.999992" x="-538.79797" y="-423.57147" rx="14.999989" height="29.999977" style="stroke-opacity:0.550265;fill:#26333a;stroke-width:2.8" id="rect4166-7" transform="matrix(0 -1 -1 0 0 0)"/>
<rect width="28.00007" x="-422.5715" y="-537.79797" rx="14.00003" height="28.00005" style="stroke-opacity:0.550265;fill:url(#linearGradient4174-0-2);stroke-width:2.8" id="rect4166-9-6" transform="matrix(-1 0 0 -1 0 0)"/>
<rect width="19.999907" x="-418.57141" y="-533.79791" rx="9.999948" height="19.999895" style="stroke-opacity:0.550265;fill:url(#linearGradient4174-0-2-0);stroke-width:2.8" id="rect4166-9-6-7" transform="matrix(-1 0 0 -1 0 0)"/>
<g id="g4719">
<path inkscape:connector-curvature="0" style="stroke-opacity:0.550265;fill:url(#linearGradient4710);stroke-width:2.8" id="path4708" d="m 408.57143,509.798 c -7.756,0 -14,6.244 -14,14 0,7.756 6.244,14 14,14 7.756,0 14,-6.244 14,-14 0,-7.756 -6.244,-14 -14,-14 z m 0,1 c 7.20199,0 13,5.79801 13,13 0,7.20199 -5.79801,13 -13,13 -7.20199,0 -13,-5.79801 -13,-13 0,-7.20199 5.79801,-13 13,-13 z"/>
<path inkscape:connector-curvature="0" style="stroke-opacity:0.550265;fill:url(#linearGradient4713);stroke-width:2.8" id="path4704" d="m 408.57143,511.798 c -6.64799,0 -12,5.35201 -12,12 0,6.64799 5.35201,12 12,12 6.64799,0 12,-5.35201 12,-12 0,-6.64799 -5.35201,-12 -12,-12 z m 0,3 c 4.98598,0 9,4.01402 9,9 0,4.98598 -4.01402,9 -9,9 -4.98598,0 -9,-4.01402 -9,-9 0,-4.98598 4.01402,-9 9,-9 z"/>
<path inkscape:connector-curvature="0" style="stroke-opacity:0.550265;fill:url(#linearGradient4716);stroke-width:2.8" id="path4700" d="m 408.57143,515.798 c -1.15437,0 -2.24697,0.24726 -3.23633,0.68359 l 1.86328,4.66016 1.25196,-0.33203 2.04492,-4.77149 c -0.61695,-0.15152 -1.25884,-0.24023 -1.92383,-0.24023 z m 2.88281,0.54102 -1.97656,4.61132 1.125,0.64844 4.81836,-1.92773 c -0.90936,-1.51071 -2.29935,-2.69038 -3.9668,-3.33203 z m -7.00976,0.60937 c -1.5107,0.90936 -2.69038,2.29934 -3.33203,3.9668 l 4.61132,1.97656 0.64844,-1.125 -1.92773,-4.81836 z m 11.44336,3.61328 -4.66016,1.86328 0.33203,1.25196 4.77149,2.04492 c 0.15152,-0.61696 0.24023,-1.25884 0.24023,-1.92383 0,-1.15436 -0.24725,-2.24697 -0.68359,-3.23633 z m -15.07618,1.3125 c -0.15152,0.61696 -0.24023,1.25884 -0.24023,1.92383 0,1.15436 0.24725,2.24697 0.68359,3.23633 l 4.66016,-1.86328 -0.33203,-1.25196 -4.77149,-2.04492 z m 10.60743,2.83008 -0.64844,1.125 1.92773,4.81836 c 1.5107,-0.90936 2.69038,-2.29934 3.33203,-3.9668 l -4.61132,-1.97656 z m -4.87891,1.29297 -4.81836,1.92773 c 0.90936,1.51071 2.29935,2.69038 3.9668,3.33203 l 1.97656,-4.61132 -1.125,-0.64844 z m 3.4043,0.45703 -1.25196,0.33203 -2.04492,4.77149 c 0.61695,0.15152 1.25883,0.24023 1.92383,0.24023 1.15436,0 2.24697,-0.24726 3.23633,-0.68359 l -1.86328,-4.66016 z"/>
</g>
<circle cx="643.00952" cy="166.83434" r="2" id="path5009" style="fill:#2c3e50;color:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:3" transform="matrix(0.79335334 0.60876143 -0.60876143 0.79335334 0 0)"/>
<path inkscape:connector-curvature="0" style="fill:#84cbfe;stroke-linecap:round;stroke-linejoin:round;stroke-width:2" id="path4550" d="m 401.57143,513.798 a 2.9999605,2.9999605 0 0 0 -3,3 2.9999605,2.9999605 0 0 0 3,3 2.9999605,2.9999605 0 0 0 3,-3 2.9999605,2.9999605 0 0 0 -3,-3 z"/>
<path inkscape:connector-curvature="0" style="fill:#84cbfe;stroke-linecap:round;stroke-linejoin:round;stroke-width:2" id="path4537" d="m 405.57143,519.298 a 1.4999942,1.4999868 0 0 0 -1.5,1.5 1.4999942,1.4999868 0 0 0 1.5,1.5 1.4999942,1.4999868 0 0 0 1.5,-1.5 1.4999942,1.4999868 0 0 0 -1.5,-1.5 z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

102
dashy/data/appdata/icons/dashboard-icons/svg/digikam_oxygen.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

2
dashy/data/appdata/icons/dashboard-icons/svg/financial-services.svg Normal file
View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg fill="#000000" width="800px" height="800px" viewBox="0 0 1024 1024" xmlns="http://www.w3.org/2000/svg"><path d="M385.707 436.152c0-35.468-75.779-71.68-172.37-71.68-96.6 0-172.38 36.211-172.38 71.68s75.78 71.68 172.38 71.68c96.591 0 172.37-36.212 172.37-71.68zm40.96 0c0 66.334-96.901 112.64-213.33 112.64-116.438 0-213.34-46.305-213.34-112.64s96.903-112.64 213.34-112.64c116.429 0 213.33 46.306 213.33 112.64zm-40.96 371.371c0 35.468-75.779 71.68-172.37 71.68-96.6 0-172.38-36.211-172.38-71.68H-.003c0 66.335 96.903 112.64 213.34 112.64 116.429 0 213.33-46.306 213.33-112.64h-40.96zm0-124.928c0 35.468-75.779 71.68-172.37 71.68-96.6 0-172.38-36.211-172.38-71.68H-.003c0 66.335 96.903 112.64 213.34 112.64 116.429 0 213.33-46.306 213.33-112.64h-40.96zm0-122.88c0 35.468-75.779 71.68-172.37 71.68-96.6 0-172.38-36.211-172.38-71.68H-.003c0 66.335 96.903 112.64 213.34 112.64 116.429 0 213.33-46.306 213.33-112.64h-40.96z"/><path d="M0 436.152v374.784c0 11.311 9.169 20.48 20.48 20.48s20.48-9.169 20.48-20.48V436.152c0-11.311-9.169-20.48-20.48-20.48S0 424.841 0 436.152zm385.707 0V806.84c0 11.311 9.169 20.48 20.48 20.48s20.48-9.169 20.48-20.48V436.152c0-11.311-9.169-20.48-20.48-20.48s-20.48 9.169-20.48 20.48zm566.335 443.051c16.962 0 30.72-13.758 30.72-30.72V184.317c0-16.962-13.758-30.72-30.72-30.72H546.405c-16.962 0-30.72 13.758-30.72 30.72v664.166c0 16.962 13.758 30.72 30.72 30.72h405.637zm0 40.96H546.405c-39.583 0-71.68-32.097-71.68-71.68V184.317c0-39.583 32.097-71.68 71.68-71.68h405.637c39.583 0 71.68 32.097 71.68 71.68v664.166c0 39.583-32.097 71.68-71.68 71.68z"/><path d="M892.446 293.421H606.002v60.652h286.444v-60.652zm10.24 101.612H595.762c-16.963 0-30.72-13.757-30.72-30.72v-81.132c0-16.963 13.757-30.72 30.72-30.72h306.924c16.963 0 30.72 13.757 30.72 30.72v81.132c0 16.963-13.757 30.72-30.72 30.72zM653.265 503.018c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.864 33.864-33.864c18.708 0 33.874 15.155 33.874 33.864zm129.831 0c0 18.708-15.165 33.864-33.864 33.864-18.708 0-33.874-15.155-33.874-33.864s15.165-33.864 33.874-33.864c18.698 0 33.864 15.155 33.864 33.864zm129.83-2.822c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.874 33.864-33.874c18.708 0 33.874 15.165 33.874 33.874zM653.265 624.382c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.874 33.864-33.874c18.708 0 33.874 15.165 33.874 33.874zm129.831 0c0 18.708-15.165 33.864-33.864 33.864-18.708 0-33.874-15.155-33.874-33.864s15.165-33.874 33.874-33.874c18.698 0 33.864 15.165 33.864 33.874zm129.83 0c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.874 33.864-33.874c18.708 0 33.874 15.165 33.874 33.874zM653.265 748.568c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.874 33.864-33.874c18.708 0 33.874 15.165 33.874 33.874zm129.831 0c0 18.708-15.165 33.864-33.864 33.864-18.708 0-33.874-15.155-33.874-33.864s15.165-33.874 33.874-33.874c18.698 0 33.864 15.165 33.864 33.874zm129.83 0c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.874 33.864-33.874c18.708 0 33.874 15.165 33.874 33.874z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.2 KiB

19
dashy/data/appdata/icons/dashboard-icons/svg/gaming.svg Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg fill="#000000" version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
width="800px" height="800px" viewBox="0 0 92 92" enable-background="new 0 0 92 92" xml:space="preserve">
<path id="XMLID_1173_" d="M60.8,30.9c0.8,0.8,1.3,2,1.3,3.2c0,1.2-0.5,2.3-1.3,3.2c-0.8,0.8-2,1.3-3.2,1.3c-1.2,0-2.4-0.5-3.2-1.3
c-0.8-0.8-1.3-2-1.3-3.2s0.5-2.3,1.3-3.2c0.8-0.8,2-1.3,3.2-1.3C58.8,29.6,60,30.1,60.8,30.9z M67.8,37.2c-1.2,0-2.3,0.5-3.2,1.3
c-0.8,0.8-1.3,2-1.3,3.2c0,1.2,0.5,2.4,1.3,3.2c0.8,0.8,2,1.3,3.2,1.3c1.2,0,2.4-0.5,3.2-1.3c0.8-0.8,1.3-2,1.3-3.2
c0-1.2-0.5-2.3-1.3-3.2C70.2,37.7,69,37.2,67.8,37.2z M33.8,35H31v-2.6c0-1.4-1.1-2.5-2.5-2.5S26,31,26,32.4V35h-2.6
c-1.4,0-2.5,1.1-2.5,2.5s1.1,2.5,2.5,2.5H26v2.6c0,1.4,1.1,2.5,2.5,2.5S31,44,31,42.6V40h2.8c1.4,0,2.5-1.1,2.5-2.5S35.2,35,33.8,35
z M92,66.1c0,4.3-2.4,7.8-6.2,9.3c-3.8,1.4-9.8,0.8-15.2-5.3c-2.6-3-7-8.4-9.4-11.4c-12.8,3-25,1.1-30.3,0c-2.4,3-6.8,8.4-9.4,11.4
c-3.9,4.4-8.1,6-11.6,6c-1.4,0-2.6-0.2-3.7-0.6c-3.8-1.4-6.2-5-6.2-9.3c0-11.8,7.6-30.3,10-35.8c-0.8-2.8-0.5-5.7,1-8.3
c1.9-3.3,5.3-5.8,8.3-6c2.6-0.2,6.1,1.3,8.4,2.4c4.5-0.8,18.7-2.9,36.6,0c2.2-1.1,5.8-2.6,8.4-2.4c2.9,0.2,6.4,2.7,8.3,6
c1.5,2.6,1.9,5.5,1,8.3C84.4,35.8,92,54.3,92,66.1z M84,66.1c0-11.9-9.9-33.9-10-34.1c-0.5-1.1-0.5-2.4,0.1-3.5
c0.4-0.8,0.4-1.5,0.1-2.2c-0.5-1.2-1.7-2.1-2.2-2.3c-0.9,0.1-3.3,1.1-5.2,2.1c-0.8,0.4-1.7,0.6-2.6,0.4c-20.5-3.6-36.2-0.1-36.3,0
c-0.9,0.2-1.9,0.1-2.8-0.4c-1.9-1-4.3-2-5.2-2.1c-0.5,0.3-1.7,1.1-2.2,2.3c-0.3,0.8-0.3,1.4,0.1,2.2c0.5,1.1,0.6,2.4,0.1,3.5
C17.9,32.2,8,54.2,8,66.1c0,0.9,0.4,1.5,1,1.8c1.4,0.5,3.9-0.3,6.4-3.1c3.5-4,10.7-13,10.8-13.1c1-1.3,2.7-1.8,4.2-1.3
c0.2,0,15.8,4.4,31.1,0c0.4-0.1,0.7-0.2,1.1-0.2c1.2,0,2.4,0.5,3.1,1.5c0.1,0.1,7.3,9.1,10.8,13.1c2.5,2.9,5,3.7,6.4,3.1
C83.6,67.6,84,67,84,66.1z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.9 KiB

26
dashy/data/appdata/icons/dashboard-icons/svg/home.svg Normal file
View File

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Generator: Adobe Illustrator 25.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="Capa_1" x="0px" y="0px" viewBox="0 0 512 512" style="enable-background:new 0 0 512 512;" xml:space="preserve" width="512" height="512">
<g>
<path d="M256,319.841c-35.346,0-64,28.654-64,64v128h128v-128C320,348.495,291.346,319.841,256,319.841z"/>
<g>
<path d="M362.667,383.841v128H448c35.346,0,64-28.654,64-64V253.26c0.005-11.083-4.302-21.733-12.011-29.696l-181.29-195.99 c-31.988-34.61-85.976-36.735-120.586-4.747c-1.644,1.52-3.228,3.103-4.747,4.747L12.395,223.5 C4.453,231.496-0.003,242.31,0,253.58v194.261c0,35.346,28.654,64,64,64h85.333v-128c0.399-58.172,47.366-105.676,104.073-107.044 C312.01,275.383,362.22,323.696,362.667,383.841z"/>
<path d="M256,319.841c-35.346,0-64,28.654-64,64v128h128v-128C320,348.495,291.346,319.841,256,319.841z"/>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.0 KiB

4
dashy/data/appdata/icons/dashboard-icons/svg/home2.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M8 0L0 6V8H1V15H4V10H7V15H15V8H16V6L14 4.5V1H11V2.25L8 0ZM9 10H12V13H9V10Z" fill="#000000"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 369 B

5
dashy/data/appdata/icons/dashboard-icons/svg/media-playback.svg Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg">
<path d="m 2 2.5 v 11 c 0 1.5 1.269531 1.492188 1.269531 1.492188 h 0.128907 c 0.246093 0.003906 0.488281 -0.050782 0.699218 -0.171876 l 9.796875 -5.597656 c 0.433594 -0.242187 0.65625 -0.734375 0.65625 -1.226562 c 0 -0.492188 -0.222656 -0.984375 -0.65625 -1.222656 l -9.796875 -5.597657 c -0.210937 -0.121093 -0.453125 -0.175781 -0.699218 -0.175781 h -0.128907 s -1.269531 0 -1.269531 1.5 z m 0 0" fill="#2e3436"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 636 B

9
dashy/data/appdata/icons/dashboard-icons/svg/media.svg Normal file
View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg fill="#000000" height="800px" width="800px" version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
viewBox="0 0 512 512" enable-background="new 0 0 512 512" xml:space="preserve">
<path d="M244.4,69.8L174.5,0h-58.2l69.8,69.8H244.4z M395.6,69.8L325.8,0h-58.2l69.8,69.8H395.6z M418.9,0l69.8,69.8H512V0H418.9z
M418.9,162.9h-93.1l69.8-69.8h-58.2l-69.8,69.8h-93.1l69.8-69.8h-58.2l-69.8,69.8H23.3l69.8-69.8H0v372.4
C0,491.1,20.9,512,46.5,512h418.9c25.7,0,46.5-20.9,46.5-46.5V93.1h-23.3L418.9,162.9z M23.3,0H0v69.8h93.1L23.3,0z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 711 B

4
dashy/data/appdata/icons/dashboard-icons/svg/music.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M15 1H4V9H3C1.34315 9 0 10.3431 0 12C0 13.6569 1.34315 15 3 15C4.65685 15 6 13.6569 6 12V5H13V9H12C10.3431 9 9 10.3431 9 12C9 13.6569 10.3431 15 12 15C13.6569 15 15 13.6569 15 12V1Z" fill="#000000"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 436 B

4
dashy/data/appdata/icons/dashboard-icons/svg/network.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M3 12H21M12 8V12M6.5 12V16M17.5 12V16M10.1 8H13.9C14.4601 8 14.7401 8 14.954 7.89101C15.1422 7.79513 15.2951 7.64215 15.391 7.45399C15.5 7.24008 15.5 6.96005 15.5 6.4V4.6C15.5 4.03995 15.5 3.75992 15.391 3.54601C15.2951 3.35785 15.1422 3.20487 14.954 3.10899C14.7401 3 14.4601 3 13.9 3H10.1C9.53995 3 9.25992 3 9.04601 3.10899C8.85785 3.20487 8.70487 3.35785 8.60899 3.54601C8.5 3.75992 8.5 4.03995 8.5 4.6V6.4C8.5 6.96005 8.5 7.24008 8.60899 7.45399C8.70487 7.64215 8.85785 7.79513 9.04601 7.89101C9.25992 8 9.53995 8 10.1 8ZM15.6 21H19.4C19.9601 21 20.2401 21 20.454 20.891C20.6422 20.7951 20.7951 20.6422 20.891 20.454C21 20.2401 21 19.9601 21 19.4V17.6C21 17.0399 21 16.7599 20.891 16.546C20.7951 16.3578 20.6422 16.2049 20.454 16.109C20.2401 16 19.9601 16 19.4 16H15.6C15.0399 16 14.7599 16 14.546 16.109C14.3578 16.2049 14.2049 16.3578 14.109 16.546C14 16.7599 14 17.0399 14 17.6V19.4C14 19.9601 14 20.2401 14.109 20.454C14.2049 20.6422 14.3578 20.7951 14.546 20.891C14.7599 21 15.0399 21 15.6 21ZM4.6 21H8.4C8.96005 21 9.24008 21 9.45399 20.891C9.64215 20.7951 9.79513 20.6422 9.89101 20.454C10 20.2401 10 19.9601 10 19.4V17.6C10 17.0399 10 16.7599 9.89101 16.546C9.79513 16.3578 9.64215 16.2049 9.45399 16.109C9.24008 16 8.96005 16 8.4 16H4.6C4.03995 16 3.75992 16 3.54601 16.109C3.35785 16.2049 3.20487 16.3578 3.10899 16.546C3 16.7599 3 17.0399 3 17.6V19.4C3 19.9601 3 20.2401 3.10899 20.454C3.20487 20.6422 3.35785 20.7951 3.54601 20.891C3.75992 21 4.03995 21 4.6 21Z" stroke="#000000" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.8 KiB

23
dashy/data/appdata/icons/dashboard-icons/svg/photos.svg Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg fill="#000000" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="800px"
height="800px" viewBox="0 0 31.06 32.001" xml:space="preserve">
<g id="photos">
<path d="M29.341,11.405L13.213,7.383c-1.21-0.301-2.447,0.441-2.748,1.652L6.443,25.163c-0.303,1.211,0.44,2.445,1.65,2.748
l16.127,4.023c1.21,0.301,2.447-0.443,2.748-1.652l4.023-16.127C31.293,12.944,30.551,11.708,29.341,11.405z M28.609,14.338
l-2.926,11.731c-0.1,0.402-0.513,0.65-0.915,0.549l-14.662-3.656c-0.403-0.1-0.651-0.512-0.551-0.916l2.926-11.729
c0.1-0.404,0.513-0.65,0.916-0.551l14.661,3.658C28.462,13.522,28.71,13.936,28.609,14.338z"/>
<circle cx="15.926" cy="13.832" r="2.052"/>
<path d="M22.253,16.813c-0.136-0.418-0.505-0.51-0.82-0.205l-2.943,2.842c-0.315,0.303-0.759,0.244-0.985-0.133l-0.471-0.781
c-0.227-0.377-0.719-0.5-1.095-0.273l-4.782,2.852c-0.377,0.225-0.329,0.469,0.096,0.576l3.099,0.771
c0.426,0.107,1.122,0.281,1.549,0.389l3.661,0.912c0.426,0.105,1.123,0.279,1.549,0.385l3.098,0.773
c0.426,0.107,0.657-0.121,0.521-0.539L22.253,16.813z"/>
<path d="M2.971,7.978l14.098-5.439c0.388-0.149,0.828,0.045,0.977,0.432l1.506,3.933l2.686,0.67l-2.348-6.122
c-0.449-1.163-1.768-1.748-2.931-1.299L1.45,6.133C0.287,6.583-0.298,7.902,0.151,9.065L5.156,22.06l0.954-3.827L2.537,8.954
C2.389,8.565,2.583,8.126,2.971,7.978z"/>
</g>
<g id="Layer_1">
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.6 KiB

5
dashy/data/appdata/icons/dashboard-icons/svg/security.svg Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg">
<path d="m 2 0 c -0.550781 0 -1 0.449219 -1 1 v 8 c 0 2.5 1.816406 4.246094 3.445312 5.332031 c 1.628907 1.085938 3.238282 1.617188 3.238282 1.617188 c 0.207031 0.070312 0.425781 0.070312 0.632812 0 c 0 0 1.609375 -0.53125 3.238282 -1.617188 c 1.628906 -1.085937 3.445312 -2.832031 3.445312 -5.332031 v -8 c 0 -0.550781 -0.449219 -1 -1 -1 z m 1 2 h 10 v 7 c 0 1.5 -1.183594 2.753906 -2.554688 3.667969 c -1.214843 0.808593 -2.179687 1.128906 -2.445312 1.226562 c -0.265625 -0.097656 -1.230469 -0.417969 -2.445312 -1.226562 c -1.371094 -0.914063 -2.554688 -2.167969 -2.554688 -3.667969 z m 1 1 v 6 c 0 1 0.867188 2.007812 2.109375 2.835938 c 0.933594 0.621093 1.472656 0.785156 1.890625 0.949218 v -9.785156 z m 0 0" fill="#2e3436"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 953 B

4
dashy/data/appdata/icons/dashboard-icons/svg/shield-user.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M3 10.4167C3 7.21907 3 5.62028 3.37752 5.08241C3.75503 4.54454 5.25832 4.02996 8.26491 3.00079L8.83772 2.80472C10.405 2.26824 11.1886 2 12 2C12.8114 2 13.595 2.26824 15.1623 2.80472L15.7351 3.00079C18.7417 4.02996 20.245 4.54454 20.6225 5.08241C21 5.62028 21 7.21907 21 10.4167V11.9914C21 17.6294 16.761 20.3655 14.1014 21.5273C13.38 21.8424 13.0193 22 12 22C10.9807 22 10.62 21.8424 9.89856 21.5273C7.23896 20.3655 3 17.6294 3 11.9914V10.4167ZM14 9C14 10.1046 13.1046 11 12 11C10.8954 11 10 10.1046 10 9C10 7.89543 10.8954 7 12 7C13.1046 7 14 7.89543 14 9ZM12 17C16 17 16 16.1046 16 15C16 13.8954 14.2091 13 12 13C9.79086 13 8 13.8954 8 15C8 16.1046 8 17 12 17Z" fill="#1C274C"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 957 B

2
dashy/data/appdata/icons/dashboard-icons/svg/traffic-cone.svg Normal file
View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M22 20h-3.278l-1.014-3.646c-.081.043-.17.076-.265.095-1.758.364-3.576.551-5.443.551-1.868 0-3.767-.197-5.564-.571a.999.999 0 0 1-.153-.045L5.278 20H2a1 1 0 1 0 0 2h20a1 1 0 1 0 0-2ZM6.817 14.466l.027.005C8.507 14.817 10.268 15 12 15c1.733 0 3.415-.173 5.037-.51a.995.995 0 0 1 .148-.019l-1.087-3.912a1.001 1.001 0 0 1-.275.094A20.875 20.875 0 0 1 12 11a21.351 21.351 0 0 1-4.108-.404l-1.075 3.87ZM8.43 8.665A19.33 19.33 0 0 0 12 9c1.181 0 2.34-.105 3.457-.313.039-.007.077-.012.116-.015L14.16 3.59a.801.801 0 0 0-.77-.59h-2.78c-.36 0-.67.24-.77.59L8.43 8.665Z" fill="#000000"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 812 B

5
dashy/data/appdata/icons/dashboard-icons/svg/video-camera.svg Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M10 3H0V13H10V3Z" fill="#000000"/>
<path d="M15 3L12 6V10L15 13H16V3H15Z" fill="#000000"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 327 B

1
dashy/data/appdata/icons/dashboard-icons/svg/web-server.svg Normal file
View File

@ -0,0 +1 @@
<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 98.54 122.88"><title>web-server</title><path d="M89,67.53h0c.21-.44.4-.87.58-1.28l.07-.14c.27-.64.53-1.29.76-1.94s.47-1.32.67-2h0c.21-.67.4-1.35.57-2s.33-1.39.47-2.09.21-1.12.29-1.65.17-1.09.24-1.67h0c.06-.49.11-1,.16-1.5s.06-.81.08-1.21H80.83a39,39,0,0,1-.52,4.7c-.1.62-.22,1.23-.36,1.84H74.27c.17-.68.32-1.37.46-2.06A33.59,33.59,0,0,0,75.28,52H52v6.51H46.49V52H23.25a33.64,33.64,0,0,0,.57,4.45c.13.69.28,1.38.46,2.06h-5.7c-.13-.61-.25-1.23-.36-1.85A40.5,40.5,0,0,1,17.7,52H5.64l.09,1.2c0,.53.1,1,.16,1.53s.14,1.12.23,1.66.18,1.08.29,1.64v0c.14.68.29,1.38.47,2.07s.37,1.39.58,2.06.44,1.36.69,2,.52,1.33.8,2v0l.55,1.24V78.47c-.39-.52-.76-1.06-1.11-1.6s-.87-1.32-1.28-2S6.35,73.51,6,72.8s-.74-1.41-1.09-2.13-.69-1.46-1-2.19S3.25,67,3,66.21s-.55-1.54-.79-2.32-.46-1.56-.65-2.33S1.14,60,1,59.17.67,57.54.55,56.74.33,55.13.25,54.3.1,52.63.06,51.79,0,50.1,0,49.27a49,49,0,0,1,.25-5Q.37,43,.55,41.8c.12-.79.26-1.6.43-2.43s.33-1.56.52-2.34.42-1.55.65-2.32.49-1.52.77-2.27.56-1.48.87-2.21l.07-.17,0-.06c.31-.73.64-1.45,1-2.16S5.59,26.42,6,25.73s.78-1.4,1.19-2.06.82-1.34,1.26-2,.87-1.28,1.34-1.91.94-1.24,1.44-1.84,1-1.21,1.55-1.8S13.84,15,14.4,14.39l0,0c.55-.55,1.11-1.09,1.68-1.61s1.16-1,1.78-1.54,1.23-1,1.85-1.44l0,0c.64-.47,1.28-.91,1.91-1.33s1.33-.87,2-1.28S25,6.34,25.74,6s1.4-.74,2.13-1.09,1.45-.68,2.19-1h0q1.13-.5,2.25-.9c.76-.28,1.53-.55,2.32-.79s1.56-.46,2.34-.66,1.57-.38,2.38-.54h0C40.19.81,41,.67,41.8.55s1.61-.22,2.44-.3S45.91.1,46.74.06,48.43,0,49.27,0a49.14,49.14,0,0,1,5,.25q1.24.12,2.46.3c.79.12,1.6.26,2.43.43s1.56.33,2.34.52,1.55.42,2.32.65,1.52.49,2.27.77,1.48.56,2.22.88a.88.88,0,0,1,.22.1c.7.3,1.4.62,2.11,1s1.42.72,2.1,1.09h0c.7.38,1.39.78,2.06,1.19h0c.69.41,1.36.84,2,1.27s1.27.87,1.9,1.33,1.24.95,1.85,1.45,1.2,1,1.79,1.55,1.18,1.09,1.73,1.64l0,0c.55.54,1.09,1.1,1.61,1.68s1,1.17,1.54,1.78,1,1.21,1.44,1.85.92,1.28,1.36,1.94h0c.45.66.87,1.33,1.27,2s.8,1.36,1.19,2.07.73,1.4,1.08,2.12.69,1.47,1,2.2.63,1.5.91,2.27.54,1.54.79,2.32.46,1.56.66,2.34.38,1.57.54,2.38.31,1.61.43,2.41.22,1.62.3,2.46.14,1.67.19,2.5.06,1.69.06,2.53,0,1.68-.06,2.52-.11,1.66-.19,2.49-.18,1.66-.3,2.46v0c-.12.79-.27,1.59-.43,2.4s-.33,1.57-.52,2.35-.42,1.55-.65,2.32-.5,1.52-.77,2.27-.57,1.48-.88,2.21a.82.82,0,0,1-.11.23c-.3.73-.63,1.45-1,2.16s-.71,1.42-1.08,2.11-.79,1.4-1.19,2.06-.83,1.34-1.26,2-.73,1.07-1.12,1.6V67.53ZM78.17,68.74H21.82A1.27,1.27,0,0,0,20.5,70V85.77a1.33,1.33,0,0,0,1.32,1.32H78.17a1.33,1.33,0,0,0,1.32-1.32V70a1.26,1.26,0,0,0-1.32-1.29Zm-42,44.92v9.22H28.57v-9.22Zm35.3,0v9.22H63.87v-9.22ZM68.56,74.35a3.94,3.94,0,1,1-3.94,3.93,3.93,3.93,0,0,1,3.94-3.93Zm9.61,17H21.82a1.27,1.27,0,0,0-1.32,1.29v15.74a1.33,1.33,0,0,0,1.32,1.32H78.17a1.33,1.33,0,0,0,1.32-1.32V92.63a1.26,1.26,0,0,0-1.32-1.29Zm-52,4.88h3.3v8.56h-3.3V96.22Zm9.15,0h3.31v8.56H35.27V96.22Zm9.15,0h3.31v8.56H44.42V96.22Zm-18.3-22.6h3.3v8.56h-3.3V73.62Zm9.15,0h3.31v8.56H35.27V73.62Zm9.15,0h3.31v8.56H44.42V73.62ZM5.63,46.49H17.82a39.31,39.31,0,0,1,.68-4.62,45,45,0,0,1,1.33-4.93v0a49.35,49.35,0,0,1,1.89-4.81q1-2.19,2.22-4.38H11.2c-.18.31-.35.62-.51.92s-.39.74-.58,1.13h0c-.2.41-.4.81-.58,1.22s-.38.84-.55,1.25l0,.08,0,.07c-.27.65-.52,1.29-.76,1.94s-.46,1.32-.67,2-.4,1.35-.57,2.05-.33,1.38-.47,2.08-.21,1.12-.3,1.65-.16,1.1-.23,1.67-.12,1-.16,1.51-.07.81-.09,1.2Zm9.24-24.32h12.6Q29,20.06,30.65,18c1.17-1.46,2.41-2.91,3.74-4.36s2.54-2.71,3.91-4.07Q40,7.84,41.85,6.16l-.52.09-.88.16q-1,.21-2.1.48c-.7.18-1.39.37-2.07.58s-1.35.44-2,.69-1.34.52-2,.8-1.35.6-2,.91-1.28.64-1.91,1-1.26.69-1.86,1.06-1.19.73-1.76,1.11-1.16.79-1.72,1.2-1.1.84-1.63,1.28-1.06.89-1.58,1.36-1,.95-1.51,1.45l0,0c-.38.37-.75.75-1.1,1.14s-.73.79-1.08,1.19-.56.66-.83,1l-.41.51Zm41.87-16q1.84,1.68,3.54,3.34,2.05,2,3.89,4.05,2,2.17,3.74,4.36t3.16,4.22H83.65l-.4-.5-.82-1c-.35-.4-.71-.79-1.07-1.19s-.73-.76-1.13-1.16-1-1-1.52-1.45-1-.93-1.57-1.36-1.08-.86-1.64-1.28-1.13-.81-1.71-1.2-1.16-.76-1.76-1.13-1.22-.72-1.84-1.05-1.27-.67-1.91-1-1.3-.61-2-.9l-.15-.09c-.64-.27-1.29-.52-1.94-.75s-1.32-.47-2-.68h0c-.67-.21-1.34-.4-2-.57s-1.38-.33-2.08-.47l-.88-.17-.46-.07Zm30.6,21.52H74.59q1.23,2.18,2.22,4.37a47.57,47.57,0,0,1,1.89,4.85A45.11,45.11,0,0,1,80,41.87a39.31,39.31,0,0,1,.68,4.62H92.9c0-.39-.06-.79-.1-1.2s-.09-1-.15-1.52-.15-1.12-.23-1.66-.18-1.08-.29-1.64v0c-.14-.68-.3-1.37-.47-2.07s-.37-1.39-.58-2.07-.44-1.35-.69-2-.52-1.33-.79-2l0,0c-.17-.41-.36-.82-.55-1.24v0c-.18-.38-.37-.79-.58-1.21S88,29,87.85,28.65s-.33-.62-.51-.93ZM52,9.42V22.17H64.21c-.75-1-1.55-1.92-2.37-2.89q-1.47-1.7-3.09-3.4t-3.46-3.46c-1-1-2.12-2-3.25-3Zm0,18.3V46.49H75.16a35.26,35.26,0,0,0-.73-4.35A39.84,39.84,0,0,0,73,37.4a46.88,46.88,0,0,0-2.14-4.89,54.44,54.44,0,0,0-2.73-4.79ZM46.49,46.49V27.72H30.4q-1.53,2.4-2.74,4.79a46.77,46.77,0,0,0-2.13,4.89,39.84,39.84,0,0,0-1.42,4.74,35.31,35.31,0,0,0-.74,4.35Zm0-24.32V9.42c-1.12,1-2.2,2-3.24,3q-1.81,1.74-3.46,3.47t-3.09,3.4c-.83,1-1.62,1.93-2.37,2.89Z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.8 KiB

551
dashy/data/config/config.yml Normal file
View File

@ -0,0 +1,551 @@
pages:
- name: Widgets
path: 'widgets.yml'
appConfig:
theme: one-dark
layout: auto
iconSize: large
language: en
statusCheck: true
statusCheckInterval: 20
pageInfo:
title: sthome lab
description: Welcome to the sthome lab!
navLinks:
- title: Google
path: https://google.co.za
# - title: GitHub
# path: https://github.com/Lissy93/dashy
# - title: DSERVER
# path: https://dserver.sthome.lan
- title: "Phone GUI"
path: https://w60b.sthome.org
- title: "Router"
path: https://10.0.0.2
- title: "FANART"
path: https://fanart.tv/
- title: "MusicBrainz"
path: https://musicbrainz.org/
# - title: "TheAudioDB"
# path: https://www.theaudiodb.com/
- title: "Cloudflare"
path: https://dash.cloudflare.com/login
footerText: ''
sections:
- name: System Management
icon: fas fa-server
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Truenas
description: Truenas host
icon: dashboard-icons/svg/truenas.svg
url: https://truenas.sthome.org:444
statusCheck: true
statusCheckUrl: https://truenas.sthome.org:444
target: newtab
- title: Dockge
description: Docker stack manager
icon: dashboard-icons/svg/dockge-light.svg
url: http://dockge.sthome.org:5001
statusCheck: true
target: newtab
- title: Proxmox
description: Proxmox host
icon: dashboard-icons/svg/proxmox.svg
url: https://pve.sthome.org:8006
statusCheck: true
statusCheckUrl: https://pve.sthome.org:8006
target: newtab
- title: Traefik
description: Reverse proxy and load balancer
icon: dashboard-icons/svg/traefik.svg
url: https://traefik.sthome.org
statusCheck: true
statusCheckUrl: http://traefik.sthome.org:8083/ping
target: newtab
- name: Media Servers
icon: dashboard-icons/svg/media-playback.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Plex
description: Media server
icon: dashboard-icons/svg/plex.svg
url: https://plex.sthome.org
statusCheck: true
statusCheckUrl: https://plex.sthome.org/identity
target: newtab
tags: [ movies, videos, music ]
- title: Jellyfin
description: Media server
icon: dashboard-icons/svg/jellyfin.svg
url: https://jellyfin.sthome.org
target: newtab
- title: Emby
description: Media server
icon: dashboard-icons/svg/emby.svg
url: https://emby.sthome.org
target: newtab
- name: Books
icon: dashboard-icons/png/book.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Audiobookshelf
description: Audiobook and podcast server
icon: dashboard-icons/svg/audiobookshelf.svg
url: https://audiobookshelf.sthome.org
target: newtab
- title: Calibre
description: E-book manager
icon: dashboard-icons/svg/calibre.svg
url: https://calibre.sthome.org
target: newtab
- title: Kavita
description: Digital library
icon: dashboard-icons/svg/kavita.svg
url: https://kavita.sthome.org
target: newtab
- name: Home
icon: dashboard-icons/svg/home.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Home Assistant
description: Home automation
icon: dashboard-icons/svg/home-assistant.svg
url: https://home-assistant.sthome.org
target: newtab
- title: Frigate
description: Network video recorder
icon: dashboard-icons/svg/frigate.svg
url: https://frigate.sthome.org
statusCheck: true
statusCheckUrl: https://frigate.sthome.org/stats
target: newtab
- title: Mealie
description: Recipe manager
icon: dashboard-icons/svg/mealie.svg
url: https://mealie.sthome.org
target: newtab
#
- name: Security
icon: dashboard-icons/svg/security.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Authentik
description: Identity provider
icon: dashboard-icons/png/authentik.png
url: http://authentik.sthome.org
target: newtab
- title: Vaultwarden
description: Password manager
icon: dashboard-icons/svg/vaultwarden.svg
url: https://vaultwarden.sthome.org
target: newtab
- name: Video Processing
icon: dashboard-icons/svg/video-camera.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Handbrake
description: Video Transcoder
icon: dashboard-icons/svg/handbrake.svg
url: https://handbrake.sthome.org
target: newtab
- title: MKVToolNix
description: MKV file editor and merger
icon: dashboard-icons/png/mkvtoolnix.png
url: https://mkvtoolnix.sthome.org
target: newtab
- name: Photos
icon: dashboard-icons/svg/photos.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Digikam
description: Image organizer and tag editor
icon: dashboard-icons/svg/digikam_oxygen.svg
url: https://digikam.sthome.org
target: newtab
- title: Photoview
description: Photo gallery
icon: dashboard-icons/svg/photoview.svg
url: https://photoview.sthome.org
target: newtab
- name: Finance
icon: dashboard-icons/svg/financial-services.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Firefly III
description: Personal finance manager
icon: dashboard-icons/png/firefly.png
url: https://firefly.sthome.org
statusCheck: true
statusCheckUrl: https://firefly.sthome.org/health
target: newtab
#
- name: Development
icon: dashboard-icons/png/software-development.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Gitea
description: Software development service; Git hosting, code review, team collaboration, package registry and CI/CD
icon: dashboard-icons/svg/gitea.svg
url: https://gitea.sthome.org
target: newtab
- name: Performance
icon: dashboard-icons/png/data-analysis.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Grafana
description: Analytics & monitoring
icon: dashboard-icons/svg/grafana.svg
url: https://grafana.sthome.org
target: newtab
- title: Prometheus
description: Event monitoring and alerting
icon: dashboard-icons/svg/prometheus.svg
url: https://prometheus.sthome.org
statusCheck: true
statusCheckUrl: https://prometheus.sthome.org/-/healthy
target: newtab
- name: Network
icon: dashboard-icons/svg/network.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Librespeed
description: Network speed tester
icon: dashboard-icons/svg/librespeed.svg
url: https://librespeed.sthome.org
target: newtab
- title: Pi-hole
description: DNS sinkhole
icon: dashboard-icons/svg/pi-hole.svg
url: https://pihole.sthome.org/admin
statusCheck: true
statusCheckUrl: https://pihole.sthome.org/admin/api.php?status
target: newtab
- name: Web Site
icon: dashboard-icons/svg/web-server.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Static-Web-Server
description: Web server
icon: dashboard-icons/png/static-web-server.png
url: https://www.sthome.org
target: newtab
- title: Uptime-kuma
description: Uptime monitoring
icon: dashboard-icons/svg/uptime-kuma.svg
url: https://uptime-kuma.sthome.org
statusCheck: true
statusCheckUrl: https://uptime-kuma.sthome.org
target: newtab
- name: Music
icon: dashboard-icons/svg/music.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Sheetable
description: Music sheet organiser
icon: dashboard-icons/png/sheetable.png
url: https://sheetable.sthome.org
target: newtab
- title: Songkong
description: Music tagger
icon: dashboard-icons/png/songkong.png
url: https://songkong.sthome.org
target: newtab
- name: Collaboration
icon: dashboard-icons/png/collaboration.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Nextcloud
description: Content collaboration platform
icon: dashboard-icons/svg/nextcloud.svg
url: https://nextcloud.sthome.org
target: newtab
- title: Onlyoffice
description: Secure online office suite
icon: dashboard-icons/svg/onlyoffice.svg
url: https://onlyoffice.sthome.org
target: newtab
- name: Data Analysis
icon: dashboard-icons/png/data-analysis.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Root
description: Data analysis framework
icon: dashboard-icons/png/root.png
url: https://root.sthome.org
target: newtab
# - name: Gaming
# icon: dashboard-icons/svg/gaming.svg
# displayData:
# sortBy: default
# rows: 1
# cols: 1
# collapsed: false
# hideForGuests: false
# items:
# - title: Minecraft Bedrock
# description: Use port 19132
# icon: dashboard-icons/svg/minecraft.svg
# url: https://minecraft.sthome.org
# statusCheck: true
# statusCheckUrl: udp://minecraft.sthome.org:19132
# target: newtab
# - title: Minecraft Java
# description: Use port 25565
# icon: dashboard-icons/svg/minecraft.svg
# url: https://minecraft.sthome.org
# statusCheck: true
# statusCheckUrl: udp://minecraft.sthome.org:25565
# target: newtab
- name: File Transfer
icon: dashboard-icons/png/file-transfer.png
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: SFTPGo
description: SFTP, FTP/S, HTTP/S and WebDAV server
icon: dashboard-icons/png/sftpgo.png
url: https://sftpgo.sthome.org/web/admin/login
statusCheck: true
statusCheckUrl: https://sftpgo.sthome.org
target: newtab
#
- name: Media Management
icon: dashboard-icons/svg/media.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Lidarr
description: Music collection manager
icon: dashboard-icons/svg/lidarr.svg
url: https://lidarr.sthome.org
target: newtab
- title: Mediaelch
description: Media manager for Kodi
icon: dashboard-icons/png/mediaelch.png
url: https://mediaelch.sthome.org
target: newtab
- title: Overseerr
description: Request management and media discovery
icon: dashboard-icons/svg/overseerr.svg
url: https://overseerr.sthome.org
target: newtab
- title: Prowlarr
description: Indexer manager/proxy
icon: dashboard-icons/svg/prowlarr.svg
url: https://prowlarr.sthome.org
target: newtab
- title: qBittorrent
description: P2P bittorrent client
icon: dashboard-icons/svg/qbittorrent.svg
url: https://qbittorrent.sthome.org
target: newtab
- title: Radarr
description: Movie collection manager
icon: dashboard-icons/svg/radarr.svg
url: https://radarr.sthome.org
target: newtab
- title: Readarr
description:  ebook collection manage
icon: dashboard-icons/svg/readarr.svg
url: https://readarr.sthome.org
target: newtab
- title: Sonarr
description: Internet PVR for Usenet and Torrents
icon: dashboard-icons/svg/sonarr.svg
url: https://sonarr.sthome.org
target: newtab
- title: Tautulli
description: Monitoring, analytics and notifications for Plex
icon: dashboard-icons/svg/tautulli.svg
url: https://tautulli.sthome.org
target: newtab
widgets:
- type: public-holidays
options:
country: ZA
region: ZA-GP
holidayType: all
monthsToShow: 12
lang: en
- name: VPN
icon: dashboard-icons/svg/shield-user.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: WG-easy
description: VPN server
icon: dashboard-icons/svg/wireguard.svg
url: https://vpn.sthome.org
target: newtab
- title: jDownloader2
description: Download manager
icon: dashboard-icons/png/jdownloader2.png
url: https://jdownloader2.sthome.org
target: newtab
- title: Firefox
description: Browser
icon: dashboard-icons/svg/firefox.svg
url: https://firefox.sthome.org
target: newtab
widgets:
- type: gluetun-status
useProxy: true
options:
hostname: https://gluetun-arr:8000
#visibleFields: public_ip,region,country,city,location,organisation,postal_code,timezone
visibleFields: public_ip,city,region,country
- type: gluetun-status
useProxy: true
options:
hostname: https://gluetun-bw:8000
visibleFields: public_ip,city,region,country
- type: public-ip
options:
provider: ipgeolocation
apiKey: 1760272ad3194398a0f9715323a12a90
- name: Data Management
icon: dashboard-icons/svg/database.svg
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
items:
- title: Minio
description: Object Storage - S3 compatible
icon: dashboard-icons/svg/minio.svg
url: https://minio1.sthome.org
target: newtab
- title: Minio
description: Object Storage - S3 compatible
icon: dashboard-icons/svg/minio.svg
url: https://minio2.sthome.org
target: newtab
- title: pgAdmin
description: Administration and development platform for PostgreSQL
icon: dashboard-icons/svg/pgadmin.svg
url: https://pgadmin.sthome.org
statusCheck: true
statusCheckUrl: https://pgadmin.sthome.org/misc/ping
target: newtab
- title: Syncthing
description: Continuous file synchronization program
icon: dashboard-icons/svg/syncthing.svg
url: https://syncthing.sthome.org
target: newtab
widgets:
- type: clock
options:
timeZone: Africa/Johannesburg
format: en-ZA
customCityName: Pretoria
hideDate: false
hideSeconds: false
- type: domain-monitor
options:
domain: sthome.org
apiKey: bdbab262b92d2f6857852973343aa62c
- type: domain-monitor
options:
domain: stokvis.co.za
apiKey: bdbab262b92d2f6857852973343aa62c
#
- name: News
widgets:
- type: news-headlines
options:
apiKey: MQts_PB-VrTD7a-xjNQ6EBxeoJIcKRLlsyPdmKT8yWrJcMZT
category: world

116
dashy/data/config/widgets.yml Normal file
View File

@ -0,0 +1,116 @@
#appConfig:
# theme: one-dark
# layout: auto
# iconSize: large
# language: en
# statusCheck: true
# statusCheckInterval: 20
pageInfo:
title: sthome lab
footerText: ''
sections:
- name: Picture of the day
widgets:
- type: apod
- name: Info
widgets:
- type: crypto-watch-list
options:
currency: ZAR
sortBy: marketCap
assets:
- bitcoin
- ethereum
- type: crypto-price-chart
options:
asset: bitcoin
currency: ZAR
numDays: 7
- type: exchange-rates
options:
apiKey: 275e8fe7e74067617a0eb2be
inputCurrency: USD
outputCurrencies:
- ZAR
- type: exchange-rates
options:
apiKey: 275e8fe7e74067617a0eb2be
inputCurrency: GBP
outputCurrencies:
- ZAR
- USD
- name: Misc
widgets:
- type: joke
options:
safeMode: true
language: en
category: Any
- type: xkcd-comic
options:
comic: latest
- type: github-profile-stats
options:
username: stuurmcp
hideLanguagesCard: true
#repos:
#- stuurmcp/cert-manager-webhook-sthome
# - type: cve-vulnerabilities
# options:
# sortBy: publish-date
# vendorId: 26
# hasExploit: false
# minScore: 5
# limit: 30
# - type: sports-scores
# options:
# teamId: 133636
# - type: cve-vulnerabilities
# options:
# sortBy: publish-date
# productId: 28125
# hasExploit: false
# minScore: 5
# limit: 30
# - type: stock-price-chart
# options:
# stock: TKG
# apiKey: N3WSQJ9OODXXYFT6
# - type: github-trending-repos
# options:
# limit: 8
# since: weekly
# - type: pi-hole-stats
# options:
# hostname: http://pihole.sthome.org/admin/api.php?status
# apiKey: 48ab5845603098040b5d2455c2600cf14b643424f508d5aa30bb884ac11f55c3
# - type: pi-hole-top-queries
# options:
# hostname: http://pihole.sthome.org
# apiKey: 48ab5845603098040b5d2455c2600cf14b643424f508d5aa30bb884ac11f55c3
# - type: proxmox-lists
# useProxy: true
# options:
# cluster_url: http://10.0.0.22:8006
# user_name: root@pam
# token_name: dashy
# token_uuid: e94ec098-8367-44d9-8818-49f20a56801d
## node: proxmox
## node_data: qemu
## title: Proxmox VMs
## title_as_link: false
## footer: Proxmox
## footer_as_link: true
## hide_templates: 1
# - name: News
# widgets:
# - type: news-headlines
# options:
# apiKey: MQts_PB-VrTD7a-xjNQ6EBxeoJIcKRLlsyPdmKT8yWrJcMZT
# category: world

BIN
dashy/icons-temp/book-black.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.4 KiB

BIN
dashy/icons-temp/book-black.psd Normal file
View File

Binary file not shown.

BIN
dashy/icons-temp/book-white.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
dashy/icons-temp/book-white.psd Normal file
View File

Binary file not shown.

BIN
dashy/icons-temp/book.psd Normal file
View File

Binary file not shown.

BIN
dashy/icons-temp/collaboration.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
dashy/icons-temp/collaboration.psd Normal file
View File

Binary file not shown.

BIN
dashy/icons-temp/data-analysis.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
dashy/icons-temp/data-analysis.psd Normal file
View File

Binary file not shown.

1
dashy/icons-temp/data-update.svg Normal file
View File

@ -0,0 +1 @@
<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120.09 122.88"><title>data-update</title><path d="M16.83,25.39C24.55,28,35.28,29.55,47.2,29.55S69.86,28,77.57,25.39c6.77-2.26,11-5,11-7.68s-4.19-5.41-11-7.67C69.86,7.47,59.13,5.88,47.2,5.88S24.55,7.47,16.83,10c-14.36,4.8-14.75,10.42,0,15.35Zm70.1,31.17a33.09,33.09,0,0,1,23.44,9.71v0a33.12,33.12,0,0,1,0,46.86l0,0a33.12,33.12,0,0,1-46.86,0l0,0a33.12,33.12,0,0,1,0-46.86l0,0a33.06,33.06,0,0,1,23.43-9.71Zm1.88,17.52L86,88.12l-2.8-4.22c-6,2.42-9.42,6.42-9.92,12.56-5-8.66-1.95-16.43,4.33-21l-2.86-4.3,14,2.9Zm-4.49,32.13,2.76-14,2.81,4.22c6-2.42,9.42-6.42,9.92-12.56,5,8.66,2,16.43-4.33,21l2.86,4.3-14-2.9ZM106.7,70a28,28,0,1,0,8.19,19.77A27.84,27.84,0,0,0,106.7,70ZM43.92,91C32.69,90.77,22.55,89.12,15,86.6a37.06,37.06,0,0,1-9-4.26v19.18c.53,2.49,4.59,5,10.89,7.11,7.72,2.58,18.45,4.17,30.37,4.17,1.15,0,2.29,0,3.42,0a43.68,43.68,0,0,0,4.32,5.69q-3.78.22-7.74.22c-12.52,0-23.92-1.71-32.23-4.48-4.38-1.47-14.91-6.27-14.91-12V100.3C.06,74.09,0,43.92,0,17.71,0,12.23,5.72,7.58,15,4.49,23.28,1.71,34.68,0,47.2,0S71.12,1.71,79.43,4.49s13.92,6.92,14.84,11.77a2.93,2.93,0,0,1,.17,1V47.35a42.18,42.18,0,0,0-6.08-.64,2.77,2.77,0,0,0,.17-.93h0V26.62a37,37,0,0,1-9.13,4.32c-8.31,2.77-19.71,4.49-32.23,4.49S23.28,33.71,15,30.94a37.44,37.44,0,0,1-9-4.25V46.34c.53,2.49,4.59,5,10.89,7.11C24.55,56,35.28,57.62,47.2,57.62c4.08,0,8-.19,11.74-.54-.62.53-1.22,1.08-1.8,1.64-.22.18-.42.37-.62.56l0,0,0,0,0,0a43.9,43.9,0,0,0-3.55,4c-1.89.08-3.8.12-5.75.12C34.68,63.49,23.28,61.78,15,59a37.06,37.06,0,0,1-9-4.25V73.93c.53,2.49,4.59,5,10.89,7.11,7.05,2.35,16.61,3.88,27.31,4.13a42.92,42.92,0,0,0-.24,4.55c0,.44,0,.88,0,1.32Z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.7 KiB

1
dashy/icons-temp/database.svg Normal file
View File

@ -0,0 +1 @@
<?xml version="1.0" encoding="utf-8"?><svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 105.07 122.88" style="enable-background:new 0 0 105.07 122.88" xml:space="preserve"><style type="text/css">.st0{fill-rule:evenodd;clip-rule:evenodd;}</style><g><path class="st0" d="M52.53,0c28.87,0,52.27,10.96,52.27,24.46c0,13.51-23.41,24.46-52.27,24.46c-28.86,0-52.27-10.96-52.27-24.46 C0.26,10.96,23.67,0,52.53,0L52.53,0z M0.26,81.83v18.78c9.3,33.03,101.18,26.65,104.55-1.69V80.16 C100.22,111.27,7.61,113.51,0.26,81.83L0.26,81.83L0.26,81.83z M0,32.94v18.34c9.3,32.26,101.69,27.9,105.07,0.23V33.18 C100.47,63.57,7.35,63.88,0,32.94L0,32.94z M0,56.64v18.78c9.3,33.03,101.69,28.57,105.07,0.23V56.89C100.47,88,7.35,88.32,0,56.64 L0,56.64z"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 825 B

186
dashy/icons-temp/digikam.svg Normal file
View File

@ -0,0 +1,186 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg width="48" version="1.1" xmlns="http://www.w3.org/2000/svg" height="48" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape">
<defs id="defs5455">
<linearGradient inkscape:collect="always" id="linearGradient5002">
<stop style="stop-color:#2e5d89" id="stop5004"/>
<stop offset="1" style="stop-color:#1b92f4" id="stop5006"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4328">
<stop style="stop-color:#bec900" id="stop4330"/>
<stop offset="0.312499" style="stop-color:#9ec80a" id="stop4332"/>
<stop offset="0.562499" style="stop-color:#71b93d" id="stop4334"/>
<stop offset="0.75" style="stop-color:#35a48f" id="stop4336"/>
<stop offset="1" style="stop-color:#018fca" id="stop4338"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4316">
<stop style="stop-color:#c1cc00" id="stop4318"/>
<stop offset="0.312499" style="stop-color:#dfcd00" id="stop4320"/>
<stop offset="0.562499" style="stop-color:#f0cc00" id="stop4322"/>
<stop offset="0.75" style="stop-color:#fd8c08" id="stop4324"/>
<stop offset="1" style="stop-color:#f25c13" id="stop4326"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4300">
<stop style="stop-color:#e51561" id="stop4302"/>
<stop offset="0.312499" style="stop-color:#e4156c" id="stop4304"/>
<stop offset="0.562499" style="stop-color:#e71e2c" id="stop4306"/>
<stop offset="0.75" style="stop-color:#e8301e" id="stop4308"/>
<stop offset="1" style="stop-color:#e6320e" id="stop4310"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4288">
<stop style="stop-color:#e81877" id="stop4290"/>
<stop offset="0.312499" style="stop-color:#dd1d8c" id="stop4294"/>
<stop offset="0.562499" style="stop-color:#6d57b1" id="stop4296"/>
<stop offset="0.75" style="stop-color:#2a78c1" id="stop4298"/>
<stop offset="1" style="stop-color:#018dcb" id="stop4292"/>
</linearGradient>
<linearGradient inkscape:collect="always" spreadMethod="reflect" xlink:href="#linearGradient4211" id="linearGradient4174" x1="428.57144" x2="408.57144" gradientUnits="userSpaceOnUse"/>
<linearGradient inkscape:collect="always" id="linearGradient4271">
<stop style="stop-color:#2a2c2f" id="stop4273"/>
<stop offset="1" style="stop-color:#424649" id="stop4275"/>
</linearGradient>
<clipPath id="clipPath4528">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4530"/>
</clipPath>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4271" id="linearGradient4532" y1="543.79797" y2="503.798" gradientUnits="userSpaceOnUse" x2="0" gradientTransform="matrix(0.79999996 0 0 0.79999996 -302.85712 -395.03837)"/>
<clipPath id="clipPath4534">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4536"/>
</clipPath>
<clipPath id="clipPath4544">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4546"/>
</clipPath>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4271" id="linearGradient4548" y1="543.79797" y2="503.798" gradientUnits="userSpaceOnUse" x2="0" gradientTransform="matrix(0.79999995 0 0 0.79999995 81.71431 104.75963)"/>
<clipPath id="clipPath4550">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4552"/>
</clipPath>
<clipPath id="clipPath4562">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4564"/>
</clipPath>
<clipPath id="clipPath4568">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4570"/>
</clipPath>
<clipPath id="clipPath4578">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4580"/>
</clipPath>
<clipPath id="clipPath4584">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4586"/>
</clipPath>
<linearGradient inkscape:collect="always" id="linearGradient4303">
<stop style="stop-color:#989a9b" id="stop4305"/>
<stop offset="1" style="stop-color:#f6f6f7" id="stop4307"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4415" xlink:href="#linearGradient4288" y1="23.999973" y2="8" x1="8" gradientUnits="userSpaceOnUse" x2="24.00001"/>
<linearGradient inkscape:collect="always" id="linearGradient4417" xlink:href="#linearGradient4300" y1="24.00003" y2="8" x1="8" x2="24.00001" gradientUnits="userSpaceOnUse" gradientTransform="matrix(1 0 0 -1 384.57143 547.798)"/>
<linearGradient inkscape:collect="always" id="linearGradient4419" xlink:href="#linearGradient4328" y1="23.999973" y2="8" x1="8" x2="24.00001" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-1 0 0 1 432.57143 499.798)"/>
<linearGradient inkscape:collect="always" id="linearGradient4421" xlink:href="#linearGradient4316" y1="24" y2="8" x1="8" x2="24.00001" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-1 0 0 -1 432.57143 547.798)"/>
<linearGradient inkscape:collect="always" id="linearGradient4423" xlink:href="#linearGradient4271" y1="543.79797" y2="503.798" x2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(0.34999981 0 0 0.34999981 265.57152 -707.12715)"/>
<clipPath id="clipPath4528-1">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4530-7"/>
</clipPath>
<clipPath id="clipPath4534-1">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4536-8"/>
</clipPath>
<clipPath id="clipPath4544-1">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4546-1"/>
</clipPath>
<clipPath id="clipPath4550-4">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4552-1"/>
</clipPath>
<clipPath id="clipPath4562-8">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4564-8"/>
</clipPath>
<clipPath id="clipPath4568-4">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4570-1"/>
</clipPath>
<clipPath id="clipPath4578-8">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4580-7"/>
</clipPath>
<clipPath id="clipPath4584-9">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4586-2"/>
</clipPath>
<linearGradient inkscape:collect="always" id="linearGradient4472" xlink:href="#linearGradient4303" y1="524.79797" y2="522.79797" gradientUnits="userSpaceOnUse" x2="0" gradientTransform="matrix(2 0 0 2 -408.57143 -523.798)"/>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4191" id="linearGradient4174-0" y1="537.79797" x1="423.57144" y2="510.46463" x2="396.2381" gradientUnits="userSpaceOnUse" gradientTransform="matrix(0.89999986 0 0 0.89999986 -776.28566 -995.21609)"/>
<linearGradient inkscape:collect="always" id="linearGradient4143">
<stop style="stop-color:#197cf1" id="stop4145"/>
<stop offset="1" style="stop-color:#20bcfa" id="stop4147"/>
</linearGradient>
<clipPath id="clipPath4528-8">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4530-3"/>
</clipPath>
<clipPath id="clipPath4534-4">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4536-2"/>
</clipPath>
<clipPath id="clipPath4544-18">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4546-5"/>
</clipPath>
<clipPath id="clipPath4550-3">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4552-4"/>
</clipPath>
<clipPath id="clipPath4562-1">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4564-3"/>
</clipPath>
<clipPath id="clipPath4568-1">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4570-4"/>
</clipPath>
<clipPath id="clipPath4578-5">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4580-5"/>
</clipPath>
<clipPath id="clipPath4584-0">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4586-4"/>
</clipPath>
<clipPath id="clipPath4528-1-9">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4530-7-8"/>
</clipPath>
<clipPath id="clipPath4534-1-8">
<rect width="31.999989" x="8.00001" y="8" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4532)" id="rect4536-8-3"/>
</clipPath>
<clipPath id="clipPath4544-1-1">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4546-1-0"/>
</clipPath>
<clipPath id="clipPath4550-4-2">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4552-1-3"/>
</clipPath>
<clipPath id="clipPath4562-8-2">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4564-8-0"/>
</clipPath>
<clipPath id="clipPath4568-4-0">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4570-1-3"/>
</clipPath>
<clipPath id="clipPath4578-8-9">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4580-7-3"/>
</clipPath>
<clipPath id="clipPath4584-9-8">
<rect width="31.999989" x="392.57144" y="507.798" rx="15.999986" height="31.999971" style="fill:url(#linearGradient4548)" id="rect4586-2-1"/>
</clipPath>
<linearGradient inkscape:collect="always" id="linearGradient4211">
<stop style="stop-color:#2f3943" id="stop4213"/>
<stop offset="1" style="stop-color:#808c9b" id="stop4215"/>
</linearGradient>
<linearGradient inkscape:collect="always" id="linearGradient4191">
<stop style="stop-color:#18222a" id="stop4193"/>
<stop offset="1" style="stop-color:#566069" id="stop4195"/>
</linearGradient>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient5002" id="linearGradient4174-0-2" y1="537.79797" x1="423.57144" y2="510.46463" x2="396.2381" gradientUnits="userSpaceOnUse" gradientTransform="matrix(0.70000184 0 0 0.70000184 -694.57218 -890.45752)"/>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4143" id="linearGradient4710" y1="536.86987" x1="421.64337" y2="511.81882" gradientUnits="userSpaceOnUse" x2="396.59229" gradientTransform="matrix(-1 0 0 -1 817.14288 1047.596)"/>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4143" id="linearGradient4713" y1="532.22949" x1="417.00296" y2="508.72522" gradientUnits="userSpaceOnUse" x2="393.49869" gradientTransform="matrix(-1 0 0 -1 817.14288 1047.596)"/>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient4143" id="linearGradient4716" y1="529.62207" x1="414.39551" y2="506.91327" gradientUnits="userSpaceOnUse" x2="391.68671" gradientTransform="matrix(-1 0 0 -1 817.14288 1047.596)"/>
<linearGradient inkscape:collect="always" xlink:href="#linearGradient5002" id="linearGradient4174-0-2-0" y1="537.79797" x1="423.57144" y2="488.79782" x2="374.57129" gradientUnits="userSpaceOnUse" gradientTransform="matrix(0.49999779 0 0 0.49999779 -612.85624 -785.69581)"/>
</defs>
<metadata id="metadata5458"/>
<g inkscape:label="Capa 1" inkscape:groupmode="layer" id="layer1" transform="matrix(1 0 0 1 -384.57143 -499.798)">
<rect width="39.999989" x="388.57144" y="503.798" rx="19.999985" height="39.999969" style="stroke-opacity:0.550265;fill:url(#linearGradient4174);stroke-width:2.8" id="rect4166"/>
<rect width="35.999985" x="-426.57144" y="-541.79797" rx="17.999983" height="35.999966" style="stroke-opacity:0.550265;fill:url(#linearGradient4174-0);stroke-width:2.8" id="rect4166-9" transform="matrix(-1 0 0 -1 0 0)"/>
<rect width="29.999992" x="-538.79797" y="-423.57147" rx="14.999989" height="29.999977" style="stroke-opacity:0.550265;fill:#26333a;stroke-width:2.8" id="rect4166-7" transform="matrix(0 -1 -1 0 0 0)"/>
<rect width="28.00007" x="-422.5715" y="-537.79797" rx="14.00003" height="28.00005" style="stroke-opacity:0.550265;fill:url(#linearGradient4174-0-2);stroke-width:2.8" id="rect4166-9-6" transform="matrix(-1 0 0 -1 0 0)"/>
<rect width="19.999907" x="-418.57141" y="-533.79791" rx="9.999948" height="19.999895" style="stroke-opacity:0.550265;fill:url(#linearGradient4174-0-2-0);stroke-width:2.8" id="rect4166-9-6-7" transform="matrix(-1 0 0 -1 0 0)"/>
<g id="g4719">
<path inkscape:connector-curvature="0" style="stroke-opacity:0.550265;fill:url(#linearGradient4710);stroke-width:2.8" id="path4708" d="m 408.57143,509.798 c -7.756,0 -14,6.244 -14,14 0,7.756 6.244,14 14,14 7.756,0 14,-6.244 14,-14 0,-7.756 -6.244,-14 -14,-14 z m 0,1 c 7.20199,0 13,5.79801 13,13 0,7.20199 -5.79801,13 -13,13 -7.20199,0 -13,-5.79801 -13,-13 0,-7.20199 5.79801,-13 13,-13 z"/>
<path inkscape:connector-curvature="0" style="stroke-opacity:0.550265;fill:url(#linearGradient4713);stroke-width:2.8" id="path4704" d="m 408.57143,511.798 c -6.64799,0 -12,5.35201 -12,12 0,6.64799 5.35201,12 12,12 6.64799,0 12,-5.35201 12,-12 0,-6.64799 -5.35201,-12 -12,-12 z m 0,3 c 4.98598,0 9,4.01402 9,9 0,4.98598 -4.01402,9 -9,9 -4.98598,0 -9,-4.01402 -9,-9 0,-4.98598 4.01402,-9 9,-9 z"/>
<path inkscape:connector-curvature="0" style="stroke-opacity:0.550265;fill:url(#linearGradient4716);stroke-width:2.8" id="path4700" d="m 408.57143,515.798 c -1.15437,0 -2.24697,0.24726 -3.23633,0.68359 l 1.86328,4.66016 1.25196,-0.33203 2.04492,-4.77149 c -0.61695,-0.15152 -1.25884,-0.24023 -1.92383,-0.24023 z m 2.88281,0.54102 -1.97656,4.61132 1.125,0.64844 4.81836,-1.92773 c -0.90936,-1.51071 -2.29935,-2.69038 -3.9668,-3.33203 z m -7.00976,0.60937 c -1.5107,0.90936 -2.69038,2.29934 -3.33203,3.9668 l 4.61132,1.97656 0.64844,-1.125 -1.92773,-4.81836 z m 11.44336,3.61328 -4.66016,1.86328 0.33203,1.25196 4.77149,2.04492 c 0.15152,-0.61696 0.24023,-1.25884 0.24023,-1.92383 0,-1.15436 -0.24725,-2.24697 -0.68359,-3.23633 z m -15.07618,1.3125 c -0.15152,0.61696 -0.24023,1.25884 -0.24023,1.92383 0,1.15436 0.24725,2.24697 0.68359,3.23633 l 4.66016,-1.86328 -0.33203,-1.25196 -4.77149,-2.04492 z m 10.60743,2.83008 -0.64844,1.125 1.92773,4.81836 c 1.5107,-0.90936 2.69038,-2.29934 3.33203,-3.9668 l -4.61132,-1.97656 z m -4.87891,1.29297 -4.81836,1.92773 c 0.90936,1.51071 2.29935,2.69038 3.9668,3.33203 l 1.97656,-4.61132 -1.125,-0.64844 z m 3.4043,0.45703 -1.25196,0.33203 -2.04492,4.77149 c 0.61695,0.15152 1.25883,0.24023 1.92383,0.24023 1.15436,0 2.24697,-0.24726 3.23633,-0.68359 l -1.86328,-4.66016 z"/>
</g>
<circle cx="643.00952" cy="166.83434" r="2" id="path5009" style="fill:#2c3e50;color:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:3" transform="matrix(0.79335334 0.60876143 -0.60876143 0.79335334 0 0)"/>
<path inkscape:connector-curvature="0" style="fill:#84cbfe;stroke-linecap:round;stroke-linejoin:round;stroke-width:2" id="path4550" d="m 401.57143,513.798 a 2.9999605,2.9999605 0 0 0 -3,3 2.9999605,2.9999605 0 0 0 3,3 2.9999605,2.9999605 0 0 0 3,-3 2.9999605,2.9999605 0 0 0 -3,-3 z"/>
<path inkscape:connector-curvature="0" style="fill:#84cbfe;stroke-linecap:round;stroke-linejoin:round;stroke-width:2" id="path4537" d="m 405.57143,519.298 a 1.4999942,1.4999868 0 0 0 -1.5,1.5 1.4999942,1.4999868 0 0 0 1.5,1.5 1.4999942,1.4999868 0 0 0 1.5,-1.5 1.4999942,1.4999868 0 0 0 -1.5,-1.5 z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

102
dashy/icons-temp/digikam_oxygen.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

2
dashy/icons-temp/financial-services.svg Normal file
View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg fill="#000000" width="800px" height="800px" viewBox="0 0 1024 1024" xmlns="http://www.w3.org/2000/svg"><path d="M385.707 436.152c0-35.468-75.779-71.68-172.37-71.68-96.6 0-172.38 36.211-172.38 71.68s75.78 71.68 172.38 71.68c96.591 0 172.37-36.212 172.37-71.68zm40.96 0c0 66.334-96.901 112.64-213.33 112.64-116.438 0-213.34-46.305-213.34-112.64s96.903-112.64 213.34-112.64c116.429 0 213.33 46.306 213.33 112.64zm-40.96 371.371c0 35.468-75.779 71.68-172.37 71.68-96.6 0-172.38-36.211-172.38-71.68H-.003c0 66.335 96.903 112.64 213.34 112.64 116.429 0 213.33-46.306 213.33-112.64h-40.96zm0-124.928c0 35.468-75.779 71.68-172.37 71.68-96.6 0-172.38-36.211-172.38-71.68H-.003c0 66.335 96.903 112.64 213.34 112.64 116.429 0 213.33-46.306 213.33-112.64h-40.96zm0-122.88c0 35.468-75.779 71.68-172.37 71.68-96.6 0-172.38-36.211-172.38-71.68H-.003c0 66.335 96.903 112.64 213.34 112.64 116.429 0 213.33-46.306 213.33-112.64h-40.96z"/><path d="M0 436.152v374.784c0 11.311 9.169 20.48 20.48 20.48s20.48-9.169 20.48-20.48V436.152c0-11.311-9.169-20.48-20.48-20.48S0 424.841 0 436.152zm385.707 0V806.84c0 11.311 9.169 20.48 20.48 20.48s20.48-9.169 20.48-20.48V436.152c0-11.311-9.169-20.48-20.48-20.48s-20.48 9.169-20.48 20.48zm566.335 443.051c16.962 0 30.72-13.758 30.72-30.72V184.317c0-16.962-13.758-30.72-30.72-30.72H546.405c-16.962 0-30.72 13.758-30.72 30.72v664.166c0 16.962 13.758 30.72 30.72 30.72h405.637zm0 40.96H546.405c-39.583 0-71.68-32.097-71.68-71.68V184.317c0-39.583 32.097-71.68 71.68-71.68h405.637c39.583 0 71.68 32.097 71.68 71.68v664.166c0 39.583-32.097 71.68-71.68 71.68z"/><path d="M892.446 293.421H606.002v60.652h286.444v-60.652zm10.24 101.612H595.762c-16.963 0-30.72-13.757-30.72-30.72v-81.132c0-16.963 13.757-30.72 30.72-30.72h306.924c16.963 0 30.72 13.757 30.72 30.72v81.132c0 16.963-13.757 30.72-30.72 30.72zM653.265 503.018c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.864 33.864-33.864c18.708 0 33.874 15.155 33.874 33.864zm129.831 0c0 18.708-15.165 33.864-33.864 33.864-18.708 0-33.874-15.155-33.874-33.864s15.165-33.864 33.874-33.864c18.698 0 33.864 15.155 33.864 33.864zm129.83-2.822c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.874 33.864-33.874c18.708 0 33.874 15.165 33.874 33.874zM653.265 624.382c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.874 33.864-33.874c18.708 0 33.874 15.165 33.874 33.874zm129.831 0c0 18.708-15.165 33.864-33.864 33.864-18.708 0-33.874-15.155-33.874-33.864s15.165-33.874 33.874-33.874c18.698 0 33.864 15.165 33.864 33.874zm129.83 0c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.874 33.864-33.874c18.708 0 33.874 15.165 33.874 33.874zM653.265 748.568c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.874 33.864-33.874c18.708 0 33.874 15.165 33.874 33.874zm129.831 0c0 18.708-15.165 33.864-33.864 33.864-18.708 0-33.874-15.155-33.874-33.864s15.165-33.874 33.874-33.874c18.698 0 33.864 15.165 33.864 33.874zm129.83 0c0 18.708-15.165 33.864-33.874 33.864-18.698 0-33.864-15.155-33.864-33.864s15.165-33.874 33.864-33.874c18.708 0 33.874 15.165 33.874 33.874z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.2 KiB

19
dashy/icons-temp/gaming.svg Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg fill="#000000" version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
width="800px" height="800px" viewBox="0 0 92 92" enable-background="new 0 0 92 92" xml:space="preserve">
<path id="XMLID_1173_" d="M60.8,30.9c0.8,0.8,1.3,2,1.3,3.2c0,1.2-0.5,2.3-1.3,3.2c-0.8,0.8-2,1.3-3.2,1.3c-1.2,0-2.4-0.5-3.2-1.3
c-0.8-0.8-1.3-2-1.3-3.2s0.5-2.3,1.3-3.2c0.8-0.8,2-1.3,3.2-1.3C58.8,29.6,60,30.1,60.8,30.9z M67.8,37.2c-1.2,0-2.3,0.5-3.2,1.3
c-0.8,0.8-1.3,2-1.3,3.2c0,1.2,0.5,2.4,1.3,3.2c0.8,0.8,2,1.3,3.2,1.3c1.2,0,2.4-0.5,3.2-1.3c0.8-0.8,1.3-2,1.3-3.2
c0-1.2-0.5-2.3-1.3-3.2C70.2,37.7,69,37.2,67.8,37.2z M33.8,35H31v-2.6c0-1.4-1.1-2.5-2.5-2.5S26,31,26,32.4V35h-2.6
c-1.4,0-2.5,1.1-2.5,2.5s1.1,2.5,2.5,2.5H26v2.6c0,1.4,1.1,2.5,2.5,2.5S31,44,31,42.6V40h2.8c1.4,0,2.5-1.1,2.5-2.5S35.2,35,33.8,35
z M92,66.1c0,4.3-2.4,7.8-6.2,9.3c-3.8,1.4-9.8,0.8-15.2-5.3c-2.6-3-7-8.4-9.4-11.4c-12.8,3-25,1.1-30.3,0c-2.4,3-6.8,8.4-9.4,11.4
c-3.9,4.4-8.1,6-11.6,6c-1.4,0-2.6-0.2-3.7-0.6c-3.8-1.4-6.2-5-6.2-9.3c0-11.8,7.6-30.3,10-35.8c-0.8-2.8-0.5-5.7,1-8.3
c1.9-3.3,5.3-5.8,8.3-6c2.6-0.2,6.1,1.3,8.4,2.4c4.5-0.8,18.7-2.9,36.6,0c2.2-1.1,5.8-2.6,8.4-2.4c2.9,0.2,6.4,2.7,8.3,6
c1.5,2.6,1.9,5.5,1,8.3C84.4,35.8,92,54.3,92,66.1z M84,66.1c0-11.9-9.9-33.9-10-34.1c-0.5-1.1-0.5-2.4,0.1-3.5
c0.4-0.8,0.4-1.5,0.1-2.2c-0.5-1.2-1.7-2.1-2.2-2.3c-0.9,0.1-3.3,1.1-5.2,2.1c-0.8,0.4-1.7,0.6-2.6,0.4c-20.5-3.6-36.2-0.1-36.3,0
c-0.9,0.2-1.9,0.1-2.8-0.4c-1.9-1-4.3-2-5.2-2.1c-0.5,0.3-1.7,1.1-2.2,2.3c-0.3,0.8-0.3,1.4,0.1,2.2c0.5,1.1,0.6,2.4,0.1,3.5
C17.9,32.2,8,54.2,8,66.1c0,0.9,0.4,1.5,1,1.8c1.4,0.5,3.9-0.3,6.4-3.1c3.5-4,10.7-13,10.8-13.1c1-1.3,2.7-1.8,4.2-1.3
c0.2,0,15.8,4.4,31.1,0c0.4-0.1,0.7-0.2,1.1-0.2c1.2,0,2.4,0.5,3.1,1.5c0.1,0.1,7.3,9.1,10.8,13.1c2.5,2.9,5,3.7,6.4,3.1
C83.6,67.6,84,67,84,66.1z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.9 KiB

BIN
dashy/icons-temp/generic-logo-black-512.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
dashy/icons-temp/generic-logo-color-shadowed-512.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
dashy/icons-temp/generic-logo-cyan-512.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

4
dashy/icons-temp/home.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M8 0L0 6V8H1V15H4V10H7V15H15V8H16V6L14 4.5V1H11V2.25L8 0ZM9 10H12V13H9V10Z" fill="#000000"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 369 B

5
dashy/icons-temp/media-playback.svg Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg">
<path d="m 2 2.5 v 11 c 0 1.5 1.269531 1.492188 1.269531 1.492188 h 0.128907 c 0.246093 0.003906 0.488281 -0.050782 0.699218 -0.171876 l 9.796875 -5.597656 c 0.433594 -0.242187 0.65625 -0.734375 0.65625 -1.226562 c 0 -0.492188 -0.222656 -0.984375 -0.65625 -1.222656 l -9.796875 -5.597657 c -0.210937 -0.121093 -0.453125 -0.175781 -0.699218 -0.175781 h -0.128907 s -1.269531 0 -1.269531 1.5 z m 0 0" fill="#2e3436"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 636 B

9
dashy/icons-temp/media.svg Normal file
View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg fill="#000000" height="800px" width="800px" version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
viewBox="0 0 512 512" enable-background="new 0 0 512 512" xml:space="preserve">
<path d="M244.4,69.8L174.5,0h-58.2l69.8,69.8H244.4z M395.6,69.8L325.8,0h-58.2l69.8,69.8H395.6z M418.9,0l69.8,69.8H512V0H418.9z
M418.9,162.9h-93.1l69.8-69.8h-58.2l-69.8,69.8h-93.1l69.8-69.8h-58.2l-69.8,69.8H23.3l69.8-69.8H0v372.4
C0,491.1,20.9,512,46.5,512h418.9c25.7,0,46.5-20.9,46.5-46.5V93.1h-23.3L418.9,162.9z M23.3,0H0v69.8h93.1L23.3,0z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 711 B

BIN
dashy/icons-temp/mediaelch.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

4
dashy/icons-temp/music.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M15 1H4V9H3C1.34315 9 0 10.3431 0 12C0 13.6569 1.34315 15 3 15C4.65685 15 6 13.6569 6 12V5H13V9H12C10.3431 9 9 10.3431 9 12C9 13.6569 10.3431 15 12 15C13.6569 15 15 13.6569 15 12V1Z" fill="#000000"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 436 B

4
dashy/icons-temp/network.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M3 12H21M12 8V12M6.5 12V16M17.5 12V16M10.1 8H13.9C14.4601 8 14.7401 8 14.954 7.89101C15.1422 7.79513 15.2951 7.64215 15.391 7.45399C15.5 7.24008 15.5 6.96005 15.5 6.4V4.6C15.5 4.03995 15.5 3.75992 15.391 3.54601C15.2951 3.35785 15.1422 3.20487 14.954 3.10899C14.7401 3 14.4601 3 13.9 3H10.1C9.53995 3 9.25992 3 9.04601 3.10899C8.85785 3.20487 8.70487 3.35785 8.60899 3.54601C8.5 3.75992 8.5 4.03995 8.5 4.6V6.4C8.5 6.96005 8.5 7.24008 8.60899 7.45399C8.70487 7.64215 8.85785 7.79513 9.04601 7.89101C9.25992 8 9.53995 8 10.1 8ZM15.6 21H19.4C19.9601 21 20.2401 21 20.454 20.891C20.6422 20.7951 20.7951 20.6422 20.891 20.454C21 20.2401 21 19.9601 21 19.4V17.6C21 17.0399 21 16.7599 20.891 16.546C20.7951 16.3578 20.6422 16.2049 20.454 16.109C20.2401 16 19.9601 16 19.4 16H15.6C15.0399 16 14.7599 16 14.546 16.109C14.3578 16.2049 14.2049 16.3578 14.109 16.546C14 16.7599 14 17.0399 14 17.6V19.4C14 19.9601 14 20.2401 14.109 20.454C14.2049 20.6422 14.3578 20.7951 14.546 20.891C14.7599 21 15.0399 21 15.6 21ZM4.6 21H8.4C8.96005 21 9.24008 21 9.45399 20.891C9.64215 20.7951 9.79513 20.6422 9.89101 20.454C10 20.2401 10 19.9601 10 19.4V17.6C10 17.0399 10 16.7599 9.89101 16.546C9.79513 16.3578 9.64215 16.2049 9.45399 16.109C9.24008 16 8.96005 16 8.4 16H4.6C4.03995 16 3.75992 16 3.54601 16.109C3.35785 16.2049 3.20487 16.3578 3.10899 16.546C3 16.7599 3 17.0399 3 17.6V19.4C3 19.9601 3 20.2401 3.10899 20.454C3.20487 20.6422 3.35785 20.7951 3.54601 20.891C3.75992 21 4.03995 21 4.6 21Z" stroke="#000000" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.8 KiB

23
dashy/icons-temp/photos.svg Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg fill="#000000" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="800px"
height="800px" viewBox="0 0 31.06 32.001" xml:space="preserve">
<g id="photos">
<path d="M29.341,11.405L13.213,7.383c-1.21-0.301-2.447,0.441-2.748,1.652L6.443,25.163c-0.303,1.211,0.44,2.445,1.65,2.748
l16.127,4.023c1.21,0.301,2.447-0.443,2.748-1.652l4.023-16.127C31.293,12.944,30.551,11.708,29.341,11.405z M28.609,14.338
l-2.926,11.731c-0.1,0.402-0.513,0.65-0.915,0.549l-14.662-3.656c-0.403-0.1-0.651-0.512-0.551-0.916l2.926-11.729
c0.1-0.404,0.513-0.65,0.916-0.551l14.661,3.658C28.462,13.522,28.71,13.936,28.609,14.338z"/>
<circle cx="15.926" cy="13.832" r="2.052"/>
<path d="M22.253,16.813c-0.136-0.418-0.505-0.51-0.82-0.205l-2.943,2.842c-0.315,0.303-0.759,0.244-0.985-0.133l-0.471-0.781
c-0.227-0.377-0.719-0.5-1.095-0.273l-4.782,2.852c-0.377,0.225-0.329,0.469,0.096,0.576l3.099,0.771
c0.426,0.107,1.122,0.281,1.549,0.389l3.661,0.912c0.426,0.105,1.123,0.279,1.549,0.385l3.098,0.773
c0.426,0.107,0.657-0.121,0.521-0.539L22.253,16.813z"/>
<path d="M2.971,7.978l14.098-5.439c0.388-0.149,0.828,0.045,0.977,0.432l1.506,3.933l2.686,0.67l-2.348-6.122
c-0.449-1.163-1.768-1.748-2.931-1.299L1.45,6.133C0.287,6.583-0.298,7.902,0.151,9.065L5.156,22.06l0.954-3.827L2.537,8.954
C2.389,8.565,2.583,8.126,2.971,7.978z"/>
</g>
<g id="Layer_1">
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.6 KiB

16
dashy/icons-temp/policeman.svg Normal file
View File

@ -0,0 +1,16 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg fill="#000000" version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
width="800px" height="800px" viewBox="0 0 459.934 459.934"
xml:space="preserve">
<g>
<g>
<polygon points="316.348,17.225 281.897,0 178.545,0 144.094,17.225 144.094,51.676 316.348,51.676 "/>
<path d="M230.221,178.233c47.572,0,86.127-38.555,86.127-86.128c0-5.958,0-17.226,0-17.226H144.094
c-1.143,5.599,0,11.267,0,17.226C144.094,139.677,182.649,178.233,230.221,178.233z"/>
<polygon points="313.568,196.977 146.363,196.977 112.623,230.718 112.623,428.478 328.846,212.254 "/>
<polygon points="347.311,241.507 128.885,459.934 347.311,459.934 "/>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 929 B

BIN
dashy/icons-temp/root.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

5
dashy/icons-temp/security.svg Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg">
<path d="m 2 0 c -0.550781 0 -1 0.449219 -1 1 v 8 c 0 2.5 1.816406 4.246094 3.445312 5.332031 c 1.628907 1.085938 3.238282 1.617188 3.238282 1.617188 c 0.207031 0.070312 0.425781 0.070312 0.632812 0 c 0 0 1.609375 -0.53125 3.238282 -1.617188 c 1.628906 -1.085937 3.445312 -2.832031 3.445312 -5.332031 v -8 c 0 -0.550781 -0.449219 -1 -1 -1 z m 1 2 h 10 v 7 c 0 1.5 -1.183594 2.753906 -2.554688 3.667969 c -1.214843 0.808593 -2.179687 1.128906 -2.445312 1.226562 c -0.265625 -0.097656 -1.230469 -0.417969 -2.445312 -1.226562 c -1.371094 -0.914063 -2.554688 -2.167969 -2.554688 -3.667969 z m 1 1 v 6 c 0 1 0.867188 2.007812 2.109375 2.835938 c 0.933594 0.621093 1.472656 0.785156 1.890625 0.949218 v -9.785156 z m 0 0" fill="#2e3436"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 953 B

BIN
dashy/icons-temp/sheetable.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.7 KiB

BIN
dashy/icons-temp/sheetable.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

4
dashy/icons-temp/shield-user.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M3 10.4167C3 7.21907 3 5.62028 3.37752 5.08241C3.75503 4.54454 5.25832 4.02996 8.26491 3.00079L8.83772 2.80472C10.405 2.26824 11.1886 2 12 2C12.8114 2 13.595 2.26824 15.1623 2.80472L15.7351 3.00079C18.7417 4.02996 20.245 4.54454 20.6225 5.08241C21 5.62028 21 7.21907 21 10.4167V11.9914C21 17.6294 16.761 20.3655 14.1014 21.5273C13.38 21.8424 13.0193 22 12 22C10.9807 22 10.62 21.8424 9.89856 21.5273C7.23896 20.3655 3 17.6294 3 11.9914V10.4167ZM14 9C14 10.1046 13.1046 11 12 11C10.8954 11 10 10.1046 10 9C10 7.89543 10.8954 7 12 7C13.1046 7 14 7.89543 14 9ZM12 17C16 17 16 16.1046 16 15C16 13.8954 14.2091 13 12 13C9.79086 13 8 13.8954 8 15C8 16.1046 8 17 12 17Z" fill="#1C274C"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 957 B

BIN
dashy/icons-temp/software-development.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
dashy/icons-temp/software-development.psd Normal file
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More