Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions .github/workflows/build-toolkit-docker-image.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,20 +19,20 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2

- name: Log in to Docker Hub
uses: docker/login-action@v3
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and push Docker image
uses: docker/build-push-action@v6
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
with:
context: toolkit/
push: true
Expand All @@ -41,7 +41,7 @@ jobs:
ghcr.io/${{ github.repository }}:toolkit-${{ github.sha }}

- name: Build and push Docker image
uses: docker/build-push-action@v6
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
with:
context: immich/
push: true
Expand Down
2 changes: 1 addition & 1 deletion backup/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM debian:trixie-slim
FROM debian:trixie-slim@sha256:28de0877c2189802884ccd20f15ee41c203573bd87bb6b883f5f46362d24c5c2

RUN apt-get update && \
apt-get install -y wget ca-certificates tar just restic ansible unzip && \
Expand Down
2 changes: 1 addition & 1 deletion docker/caddy/docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
services:
caddy:
image: ghcr.io/caddybuilds/caddy-cloudflare:latest
image: ghcr.io/caddybuilds/caddy-cloudflare:latest@sha256:62639363ceb043393da9c3895d7c97a9a49ccf840bea0cc7e6479465d12ade96
container_name: caddy
restart: unless-stopped
ports:
Expand Down
10 changes: 5 additions & 5 deletions docker/immich/docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ services:
UMASK_SET: "002"
healthcheck:
disable: false
image: ghcr.io/immich-app/immich-machine-learning:v1.138.0
image: ghcr.io/immich-app/immich-machine-learning:v1.138.0@sha256:25fca00128f10444303c93829516927bd14804ccbe9b7450eb41c64c722c5ac4
platform: linux/amd64
privileged: false
restart: unless-stopped
Expand All @@ -30,7 +30,7 @@ services:
nocopy: false

database:
image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0@sha256:c570d9e1c2494f65d2a0a379a7f6df66e8441964254a30aa62cc58e8ebf1dee0
environment:
NVIDIA_VISIBLE_DEVICES: void
POSTGRES_DB: ${POSTGRES_DB}
Expand All @@ -52,7 +52,7 @@ services:
type: bind

pgvecto:
image: tensorchord/pgvecto-rs:pg15-v0.2.0
image: tensorchord/pgvecto-rs:pg15-v0.2.0@sha256:104a26ad4d0446c54a46d3a694c6193ef018c5ad4f9d9faf7765ab09cb9ffe06
cap_drop:
- ALL
environment:
Expand Down Expand Up @@ -161,7 +161,7 @@ services:
UMASK_SET: "002"
healthcheck:
disable: false
image: ghcr.io/immich-app/immich-server:v1.138.0
image: ghcr.io/immich-app/immich-server:v1.138.0@sha256:12cee930e2cc211a95acae12ad780c0b2eecaea0479a06e255c73a4deb0b3efb
#platform: linux/amd64
#ports:
# - mode: ingress
Expand Down Expand Up @@ -227,7 +227,7 @@ services:
- "traefik.http.services.immich-dashboard.loadbalancer.server.port=30041"

traefik:
image: traefik:v3.5.0
image: traefik:v3.5.0@sha256:4e7175cfe19be83c6b928cae49dde2f2788fb307189a4dc9550b67acf30c11a5
container_name: traefik
restart: unless-stopped
#read_only: true
Expand Down
4 changes: 2 additions & 2 deletions docker/kestra/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ volumes:

services:
postgres:
image: postgres
image: postgres@sha256:4aabea78cf39b90e834caf3af7d602a18565f6fe2508705c8d01aa63245c2e20
volumes:
- postgres-data:/var/lib/postgresql/data
environment:
Expand All @@ -22,7 +22,7 @@ services:
retries: 10

kestra:
image: kestra/kestra:latest
image: kestra/kestra:latest@sha256:956f128e7ed6665feb56eb007f4939514c5b25ed0500c74d405f11be1a6ac090
pull_policy: always
# Note that this setup with a root user is intended for development purpose.
# Our base image runs without root, but the Docker Compose implementation needs root to access the Docker socket
Expand Down
2 changes: 1 addition & 1 deletion docker/mafl/docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
services:
mafl:
image: hywax/mafl
image: hywax/mafl@sha256:2c89020be334b341da41a6b95830b1b52b1b9f43c9f16d09c0ab4e9dad3ea4ad
container_name: mafl
restart: unless-stopped
volumes:
Expand Down
2 changes: 1 addition & 1 deletion docker/minio/docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
services:
minio:
image: quay.io/minio/minio:RELEASE.2025-03-12T18-04-18Z
image: quay.io/minio/minio:RELEASE.2025-03-12T18-04-18Z@sha256:46b3009bf7041eefbd90bd0d2b38c6ddc24d20a35d609551a1802c558c1c958f
command: server /data --console-address ":9002"
restart: unless-stopped
ports:
Expand Down
2 changes: 1 addition & 1 deletion docker/pocket-id/docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
services:
pocket-id:
image: ghcr.io/pocket-id/pocket-id
image: ghcr.io/pocket-id/pocket-id@sha256:a2a38a96699d7483d65b5849b015d954f294938306a03a9c0699bc5b79554e86
container_name: pocket-id
restart: unless-stopped
environment:
Expand Down
2 changes: 1 addition & 1 deletion docker/portainer/docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
services:
portainer:
image: portainer/portainer-ce:latest
image: portainer/portainer-ce:latest@sha256:5f9b4bda5582fc72c07d730f86168205f4042d82c9cde011c9146b12496e4625
container_name: portainer
restart: unless-stopped
ports:
Expand Down
2 changes: 1 addition & 1 deletion docker/semaphore/docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
services:
semaphore:
image: semaphoreui/semaphore:v2.13.1
image: semaphoreui/semaphore:v2.13.1@sha256:db69c024e924bd2ac158b1e5e3534d1d7b60dc22ea232b050ec7eee28af34471
container_name: semaphore
environment:
TZ: Europe/Berlin
Expand Down
2 changes: 1 addition & 1 deletion docker/upsnap/docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
services:
upsnap:
container_name: upsnap
image: ghcr.io/seriousm4x/upsnap:5
image: ghcr.io/seriousm4x/upsnap:5@sha256:92ac19e946e2a4fffbd5049ff230485cbceacd002696a9ca8d4f5449f27d7c5d
network_mode: host
restart: unless-stopped
volumes:
Expand Down
2 changes: 1 addition & 1 deletion immich/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM debian:trixie-slim
FROM debian:trixie-slim@sha256:28de0877c2189802884ccd20f15ee41c203573bd87bb6b883f5f46362d24c5c2

RUN apt-get update && \
apt-get install -y \
Expand Down
2 changes: 1 addition & 1 deletion k8s/linkding/base/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
spec:
containers:
- name: linkding
image: sissbruecker/linkding:latest
image: sissbruecker/linkding:latest@sha256:61b2eb9eed8e5772a473fb7f1f8923e046cb8cbbeb50e88150afd5ff287d4060
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9090
Expand Down
2 changes: 1 addition & 1 deletion k8s/lldap/base/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
spec:
containers:
- name: lldap
image: lldap/lldap:stable-alpine
image: lldap/lldap:stable-alpine@sha256:2a8454b668c1aba7157e832eab0e242e1e7eb5fb7591d7e7774ba05286511ca8
imagePullPolicy: IfNotPresent
ports:
- name: http
Expand Down
2 changes: 1 addition & 1 deletion k8s/lldap/overlays/production/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,4 @@ namespace: lldap

images:
- name: lldap/lldap:latest
newTag: stable
newTag: stable@sha256:2a8454b668c1aba7157e832eab0e242e1e7eb5fb7591d7e7774ba05286511ca8
2 changes: 1 addition & 1 deletion k8s/mafl/base/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ spec:
spec:
containers:
- name: mafl
image: hywax/mafl:latest
image: hywax/mafl:latest@sha256:2c89020be334b341da41a6b95830b1b52b1b9f43c9f16d09c0ab4e9dad3ea4ad
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
Expand Down
2 changes: 1 addition & 1 deletion k8s/opengist/base/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ spec:
dnsPolicy: ClusterFirst
containers:
- name: opengist
image: ghcr.io/thomiceli/opengist:latest
image: ghcr.io/thomiceli/opengist:latest@sha256:dddc26031d1320ebb4bc5b913b3c42a9cb84c7528192d387f99ddcbbe57b0085
imagePullPolicy: IfNotPresent
env:
- name: TZ
Expand Down
2 changes: 1 addition & 1 deletion k8s/papra/base/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ spec:
dnsPolicy: ClusterFirst
containers:
- name: papra
image: ghcr.io/papra-hq/papra:latest
image: ghcr.io/papra-hq/papra:latest@sha256:a7a42e228f73f229d1e2dcd53de7b67503f1756d1aa3a894ab175dba8030c0e8
imagePullPolicy: IfNotPresent
env:
- name: TZ
Expand Down
2 changes: 1 addition & 1 deletion k8s/papra/overlays/production/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@ resources:
# https://github.com/thomiceli/opengist/releases
images:
- name: ghcr.io/papra-hq/papra
newTag: latest
newTag: latest@sha256:a7a42e228f73f229d1e2dcd53de7b67503f1756d1aa3a894ab175dba8030c0e8
2 changes: 1 addition & 1 deletion k8s/subscription-manager/base/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ spec:
spec:
containers:
- name: subscription-manager
image: dh1011/subscription-manager:latest
image: dh1011/subscription-manager:latest@sha256:c31e59992cc445236e48260ed5a6574d083856926a1a9c50be28b2b71b8e50bc
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
restartPolicy: Never
containers:
- name: backup-vault-export
image: ghcr.io/tryrocket-cloud/home-ops:toolkit
image: ghcr.io/tryrocket-cloud/home-ops:toolkit@sha256:d3079202f3f0eef98a01fd88781135e5dab4b74ed0b48075f94f01aec4553a02
imagePullPolicy: Always
env:
- name: RESTIC_CACHE_DIR
Expand Down
2 changes: 1 addition & 1 deletion k8s/vault/export-and-backup/base/cronjob.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
restartPolicy: Never
initContainers:
- name: export-hashicorp-vault
image: ghcr.io/jonasvinther/medusa:latest
image: ghcr.io/jonasvinther/medusa:latest@sha256:bc4696d3328bed5a0712318d643766e36c87d2ae836d14170d010df6abf0447d
imagePullPolicy: IfNotPresent
command: ["./medusa", "export", "$(VAULT_PATH)", "-o", "/export/vault-export.json"]
env:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
spec:
containers:
- name: ionos-com-objectstorage-eu-central-3-s3-kopia-backup
image: ghcr.io/tryrocket-cloud/tryrocket-cloud:backup
image: ghcr.io/tryrocket-cloud/tryrocket-cloud:backup@sha256:4c4de26939eefb64f6a91430b38760f2364fda65e5ec3c787eb79fc4e53a6a36
imagePullPolicy: Always
env:
- name: EXPORT_JSON
Expand Down Expand Up @@ -60,7 +60,7 @@ spec:
mountPath: /export
readOnly: true
- name: ionos-com-objectstorage-eu-central-3-s3-restic-backup
image: ghcr.io/tryrocket-cloud/tryrocket-cloud:backup
image: ghcr.io/tryrocket-cloud/tryrocket-cloud:backup@sha256:4c4de26939eefb64f6a91430b38760f2364fda65e5ec3c787eb79fc4e53a6a36
imagePullPolicy: Always
env:
- name: EXPORT_JSON
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
spec:
containers:
- name: truenas-tryrocket-cloud-objectstorage-backup
image: ghcr.io/tryrocket-cloud/tryrocket-cloud:backup
image: ghcr.io/tryrocket-cloud/tryrocket-cloud:backup@sha256:4c4de26939eefb64f6a91430b38760f2364fda65e5ec3c787eb79fc4e53a6a36
imagePullPolicy: Always
env:
- name: VAULT_EXPORT_JSON
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
restartPolicy: Never
initContainers:
- name: export-hashicorp-vault
image: ghcr.io/jonasvinther/medusa:latest
image: ghcr.io/jonasvinther/medusa:latest@sha256:bc4696d3328bed5a0712318d643766e36c87d2ae836d14170d010df6abf0447d
imagePullPolicy: IfNotPresent
command: ["./medusa", "export", "$(VAULT_PATH)", "-o", "/export/vault-export.json"]
env:
Expand All @@ -36,7 +36,7 @@ spec:

containers:
- name: ionos-com-objectstorage-eu-central-3-s3-kopia-backup
image: ghcr.io/tryrocket-cloud/tryrocket-cloud:backup
image: ghcr.io/tryrocket-cloud/tryrocket-cloud:backup@sha256:4c4de26939eefb64f6a91430b38760f2364fda65e5ec3c787eb79fc4e53a6a36
imagePullPolicy: Always
env:
- name: EXPORT_JSON
Expand Down Expand Up @@ -85,7 +85,7 @@ spec:
# - name: backup-cache-volume
# mountPath: /cache
- name: ionos-com-objectstorage-eu-central-3-s3-restic-backup
image: ghcr.io/tryrocket-cloud/tryrocket-cloud:backup
image: ghcr.io/tryrocket-cloud/tryrocket-cloud:backup@sha256:4c4de26939eefb64f6a91430b38760f2364fda65e5ec3c787eb79fc4e53a6a36
imagePullPolicy: Always
env:
- name: EXPORT_JSON
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ spec:

initContainers:
- name: vaultwarden-export
image: ghcr.io/tryrocket-cloud/home-ops:toolkit-38dfa08a823162b91b8b4b579a025a471c475a33
image: ghcr.io/tryrocket-cloud/home-ops:toolkit-38dfa08a823162b91b8b4b579a025a471c475a33@sha256:0bfead9e4ae9f6b86fc8b14f89cc8a396909dbc9a08acc7246cd60892a3ced84
imagePullPolicy: IfNotPresent
env:
- name: TZ
Expand Down Expand Up @@ -134,7 +134,7 @@ spec:
echo "All jobs finished!"

- name: restic-s3-policy
image: ghcr.io/tryrocket-cloud/home-ops:toolkit-ac3e21cade59942ed7c1ef4a8dc595b3a71d815a
image: ghcr.io/tryrocket-cloud/home-ops:toolkit-ac3e21cade59942ed7c1ef4a8dc595b3a71d815a@sha256:2a9ba7ee98f0af4a7fbad3ef11e8acb388024c2e95936c825fae014b9c8da164
imagePullPolicy: IfNotPresent
env:
- name: TZ
Expand Down Expand Up @@ -177,7 +177,7 @@ spec:

containers:
- name: restic-ionos-backup
image: ghcr.io/tryrocket-cloud/home-ops:toolkit-ac3e21cade59942ed7c1ef4a8dc595b3a71d815a
image: ghcr.io/tryrocket-cloud/home-ops:toolkit-ac3e21cade59942ed7c1ef4a8dc595b3a71d815a@sha256:2a9ba7ee98f0af4a7fbad3ef11e8acb388024c2e95936c825fae014b9c8da164
imagePullPolicy: IfNotPresent
env:
- name: TZ
Expand Down Expand Up @@ -236,7 +236,7 @@ spec:
run_restic_backup

- name: kopia-ionos-backup
image: ghcr.io/tryrocket-cloud/home-ops:toolkit-ac3e21cade59942ed7c1ef4a8dc595b3a71d815a
image: ghcr.io/tryrocket-cloud/home-ops:toolkit-ac3e21cade59942ed7c1ef4a8dc595b3a71d815a@sha256:2a9ba7ee98f0af4a7fbad3ef11e8acb388024c2e95936c825fae014b9c8da164
imagePullPolicy: IfNotPresent
env:
- name: TZ
Expand Down Expand Up @@ -302,7 +302,7 @@ spec:
run_kopia_backup

- name: deny-all-s3-policy
image: ghcr.io/tryrocket-cloud/home-ops:toolkit-ac3e21cade59942ed7c1ef4a8dc595b3a71d815a
image: ghcr.io/tryrocket-cloud/home-ops:toolkit-ac3e21cade59942ed7c1ef4a8dc595b3a71d815a@sha256:2a9ba7ee98f0af4a7fbad3ef11e8acb388024c2e95936c825fae014b9c8da164
volumeMounts:
- name: signals
mountPath: /signals
Expand Down
Loading
Loading