Merge branch 'master' of github.com:funkypenguin/geek-cookbook

README.md

@@ -35,4 +35,4 @@ See [my Patreon page](https://www.patreon.com/funkypenguin) for details!
 
 ### Hire me 🏢
 
-Need some system design work done? I do freelance consulting - [contact](https://www.funkypenguin.co.nz/contact/) me for details.
+Need some system design work done? I do freelance consulting - [contact](mailto:davidy@funypenguin.co.nz) me for details.

manuscript/ha-docker-swarm/traefik-forward-auth.md

@@ -52,7 +52,7 @@ This is a small container, you can simply add the following content to the exist
 
 ```
   traefik-forward-auth:
-    image: thomseddon/traefik-forward-auth
+    image: funkypenguin/traefik-forward-auth
     env_file: /var/data/config/traefik/traefik-forward-auth.env
     networks:
       - traefik_public
@@ -113,4 +113,4 @@ What have we achieved? By adding an additional three simple labels to any servic
 1. Traefik forward auth replaces the use of [oauth_proxy containers](/reference/oauth_proxy/) found in some of the existing recipes
 2. [@thomaseddon's original version](https://github.com/thomseddon/traefik-forward-auth) of traefik-forward-auth only works with Google currently, but I've created a [fork](https://www.github.com/funkypenguin/traefik-forward-auth) of a [fork](https://github.com/noelcatt/traefik-forward-auth), which implements generic OIDC providers.
 3. I reviewed several implementations of forward authenticators for Traefik, but found most to be rather heavy-handed, or specific to a single auth provider. @thomaseddon's go-based docker image is 7MB in size, and with the generic OIDC patch (above), it can be extended to work with any OIDC provider.
-4. No, not github natively, but you can ferderate GitHub into KeyCloak, and then use KeyCloak as the OIDC provider.
+4. No, not github natively, but you can ferderate GitHub into KeyCloak, and then use KeyCloak as the OIDC provider.

manuscript/ha-docker-swarm/traefik-forward-auth/keycloak.md

@@ -43,7 +43,7 @@ CLIENT_SECRET=<your keycloak client secret>
 OIDC_ISSUER=https://<your keycloak URL>/auth/realms/master
 SECRET=<a random string to secure your cookie>
 AUTH_HOST=<the FQDN to use for your auth host>
-COOKIE_DOMAINS=<the root FQDN of your domain>
+COOKIE_DOMAIN=<the root FQDN of your domain>
 ```
 
 ### Prepare the docker service config
@@ -52,7 +52,7 @@ This is a small container, you can simply add the following content to the exist
 
 ```
   traefik-forward-auth:
-    image: thomseddon/traefik-forward-auth
+    image: funkypenguin/traefik-forward-auth
     env_file: /var/data/config/traefik/traefik-forward-auth.env
     networks:
       - traefik_public
@@ -119,4 +119,4 @@ What have we achieved? By adding an additional three simple labels to any servic
 
 ## Chef's Notes 📓
 
-1. KeyCloak is very powerful. You can add 2FA and all other clever things outside of the scope of this simple recipe ;)
+1. KeyCloak is very powerful. You can add 2FA and all other clever things outside of the scope of this simple recipe ;)

manuscript/recipes/autopirate.md

@@ -111,8 +111,8 @@ networks:
 
 Now work your way through the list of tools below, adding whichever tools your want to use, and finishing with the **end** section:
 
-* [SABnzbd](/recipes/autopirate/sabnzbd.md)
-* [NZBGet](/recipes/autopirate/nzbget.md)
+* [SABnzbd](/recipes/autopirate/sabnzbd/)
+* [NZBGet](/recipes/autopirate/nzbget/)
 * [RTorrent](/recipes/autopirate/rtorrent/)
 * [Sonarr](/recipes/autopirate/sonarr/)
 * [Radarr](/recipes/autopirate/radarr/)

manuscript/recipes/bitwarden.md

@@ -57,7 +57,7 @@ Create a docker swarm config file in docker-compose syntax (v3), something like
 version: "3"
 services:
   bitwarden:
-    image: mprasil/bitwarden
+    image: bitwardenrs/server
     env_file: /var/data/config/bitwarden/bitwarden.env
     volumes:
       - /etc/localtime:/etc/localtime:ro
@@ -96,6 +96,6 @@ Once you've created your account, jump over to https://bitwarden.com/#download a
 
 ## Chef's Notes 📓
 
-1. You'll notice we're not using the *official* container images (*[all 6 of them required](https://help.bitwarden.com/article/install-on-premise/#install-bitwarden)!)*, but rather a [more lightweight version ideal for self-hosting](https://hub.docker.com/r/mprasil/bitwarden). All of the elements are contained within a single container, and SQLite is used for the database backend.
+1. You'll notice we're not using the *official* container images (*[all 6 of them required](https://help.bitwarden.com/article/install-on-premise/#install-bitwarden)!)*, but rather a [more lightweight version ideal for self-hosting](https://hub.docker.com/r/bitwardenrs/server). All of the elements are contained within a single container, and SQLite is used for the database backend.
 2. As mentioned above, readers should refer to the [dani-garcia/bitwarden_rs wiki](https://github.com/dani-garcia/bitwarden_rs) for details on customizing the behaviour of Bitwarden.
 3. The inclusion of Bitwarden was due to the efforts of @gkoerk in our [Discord server](http://chat.funkypenguin.co.nz)- Thanks Gerry!

manuscript/recipes/keycloak.md

@@ -14,9 +14,9 @@
 !!! Summary
     Existing:
 
-    * [X] [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
+    * [X] [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph/)
     * [X] [Traefik](/ha-docker-swarm/traefik_public) configured per design
-    * [X] DNS entry for the hostname (_i.e. "keycloak.your-domain.com"_) you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP
+    * [X] DNS entry for the hostname (_i.e. "keycloak.your-domain.com"_) you intend to use, pointed to your [keepalived](/ha-docker-swarm/keepalived/) IP
 
 ## Preparation
 
@@ -144,4 +144,4 @@ Log into your new instance at https://**YOUR-FQDN**, and login with the user/pas
     [![Common Observatory](../images/common_observatory.png)](https://www.observe.global/)
 
 
-## Chef's Notes
+## Chef's Notes

manuscript/recipes/openldap.md

@@ -429,7 +429,7 @@ networks:
 
 ### Launch OpenLDAP stack
 
-Create the auth_internal overlay network, by running ```docker stack deploy auth -c /var/data/config/openldap/auth.yml`, then launch the OpenLDAP stack by running ```docker stack deploy openldap -c /var/data/config/openldap/openldap.yml```
+Create the auth_internal overlay network, by running ```docker stack deploy auth -c /var/data/config/openldap/auth.yml```, then launch the OpenLDAP stack by running ```docker stack deploy openldap -c /var/data/config/openldap/openldap.yml```
 
 Log into your new LAM instance at https://**YOUR-FQDN**.
 
@@ -447,4 +447,4 @@ Create your users using the "**New User**" button.
 
 ## Chef's Notes 📓
 
-1. The KeyCloak](/recipes/keycloak/authenticate-against-openldap/) recipe illustrates how to integrate KeyCloak with your LDAP directory, giving you a cleaner interface to manage users, and a raft of SSO / OAuth features.
+1. [The KeyCloak](/recipes/keycloak/authenticate-against-openldap/) recipe illustrates how to integrate KeyCloak with your LDAP directory, giving you a cleaner interface to manage users, and a raft of SSO / OAuth features.

manuscript/recipes/owntracks.md

@@ -35,9 +35,8 @@ OAUTH2_PROXY_CLIENT_SECRET=
 OAUTH2_PROXY_COOKIE_SECRET=
 
 OTR_USER=recorder
-OTR_PASSWD=yourpassword
-MQTTHOSTNAME=owntracks.example.com
-HOSTLIST=owntracks.example.com
+OTR_PASS=yourpassword
+OTR_HOST=owntracks.example.com
 ```
 
 ### Setup Docker Swarm