refactor: remove unused backup services and update environment configurations

docker-compose.override.yml

@@ -46,71 +46,6 @@ services:
     networks:
       - backend
 
-  backup:
-    image: registry.git.base23.de/base23/backup/resticker:${RESTICKER_TAG:?RESTICKER_TAG is not configured}
-    restart: unless-stopped
-    environment:
-      PRE_COMMANDS: |-
-        cd /compose-project/
-        [[ $($(docker compose &>/dev/null); echo "$?") -eq 0 ]] || apk add --no-cache docker-cli-compose
-        docker compose exec -T postgresql pg_dump -U ${PG_USER:-authentik} -d ${PG_DB:-authentik} -f /var/lib/postgresql/backups/${PG_DB:-authentik}.sql
-      RUN_ON_STARTUP: "false"
-      BACKUP_CRON: "00 32 2 * * *"
-      RESTIC_REPOSITORY: sftp://${RESTIC_REPO_USER:?Restic repository user is required}@${RESTIC_REPO_ADDRESS:?Restic repository address is requried}:${RESTIC_REPO_PORT:?Restic repository port is required}//backup
-      RESTIC_PASSWORD: '${RESTIC_REPO_PASSWORD:?Restic repository password is required}'
-      RESTIC_BACKUP_SOURCES: /var/lib/postgresql/backups /var/lib/authentik/backups /var/lib/lego/backups
-      RESTIC_BACKUP_ARGS: >-
-        --tag ${RESTIC_TAG:?Restic tag is required}
-        --verbose
-      RESTIC_FORGET_ARGS: >-
-        --keep-last 10
-        --keep-daily 7
-        --keep-weekly 5
-        --keep-monthly 12
-      TZ: Europe/Berlin
-    volumes:
-      - ./data/restic/ssh/:/run/secrets/.ssh:ro
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ./docker-compose.yml:/compose-project/docker-compose.yml:ro
-      - ./.env:/compose-project/.env:ro
-      - backups_db:/var/lib/postgresql/backups:ro
-      - ./data/authentik/certs:/var/lib/authentik/backups/certs:ro
-      - ./data/authentik/custom-templates:/var/lib/authentik/backups/templates:ro
-      - ./data/authentik/media:/var/lib/authentik/backups/media:ro
-      - ./data/.lego:/var/lib/lego/backups:ro
-
-  prune-backup:
-    image: registry.git.base23.de/base23/backup/resticker:${RESTICKER_TAG:?RESTICKER_TAG is not configured}
-    restart: unless-stopped
-    environment:
-      SKIP_INIT: "true"
-      RUN_ON_STARTUP: "false"
-      PRUNE_CRON: "00 47 3 * * *"
-      RESTIC_REPOSITORY: sftp://${RESTIC_REPO_USER:?Restic repository user is required}@${RESTIC_REPO_ADDRESS:?Restic repository address is requried}:${RESTIC_REPO_PORT:?Restic repository port is required}//backup
-      RESTIC_PASSWORD: '${RESTIC_REPO_PASSWORD:?Restic repository password is required}'
-      TZ: Europe/Berlin
-    volumes:
-      - ./data/restic/ssh/:/run/secrets/.ssh:ro
-
-  # prüft ob backups noch in Ordnung sind, evtl. erweitern zum prüfen der Daten
-  check-backup:
-    image: registry.git.base23.de/base23/backup/resticker:${RESTICKER_TAG:?RESTICKER_TAG is not configured}
-    restart: unless-stopped
-    environment:
-      #RUN_ON_STARTUP: "true"
-      SKIP_INIT: "true"
-      CHECK_CRON: "00 08 04 * * *"
-      RESTIC_REPOSITORY: sftp://${RESTIC_REPO_USER:?Restic repository user is required}@${RESTIC_REPO_ADDRESS:?Restic repository address is requried}:${RESTIC_REPO_PORT:?Restic repository port is required}//backup
-      RESTIC_PASSWORD: ${RESTIC_REPO_PASSWORD}
-      #POST_COMMANDS_FAILURE: echo "Post Command Failure test" > /restic/message
-      TZ: Europe/Berlin
-    volumes:
-      - ./data/restic/ssh/:/run/secrets/.ssh:ro
-
-  restore-cli:
-    image: registry.git.base23.de/base23/backup/resticker:${RESTICKER_TAG:?RESTICKER_TAG is not configured}
-    entrypoint: /entrypoint-restore
-
 volumes:
   backups_db:
     driver: local

docker-compose.prod.yml

@@ -1,55 +0,0 @@
----
-
-services:
-  server:
-    environment:
-      B23_ALLOW_UP: "true"
-    networks:
-      - backend
-      - frontend
-
-  nginx:
-    build:
-      context: ./docker/nginx
-      dockerfile: Dockerfile
-      args:
-        IMAGE: "nginxinc/nginx-unprivileged:${NGINX_UNPRIVILEGED_TAG:?NGINX_UNPRIVILEGED_TAG is not configured}"
-        IMG_TITLE: "nginx-unprivileged-base23"
-        IMAGE_VERSION: "COMPOSE"
-    depends_on:
-      server:
-        condition: service_healthy
-    environment:
-      - NGINX_HTTP_PORT=${NGINX_HTTP_PORT:-8080}
-      - NGINX_HTTPS_PORT=${NGINX_HTTPS_PORT:-8443}
-      - NGINX_RESOLVER=${NGINX_RESOLVER:-127.0.0.11}
-      - NGINX_SERVERNAME=${NGINX_SERVERNAME:?Server name is required}
-      - NGINX_SSL_SESSION_TIMEOUT=${NGINX_SSL_SESSION_TIMEOUT:-1d}
-      - NGINX_SSL_SESSION_CACHE=${NGINX_SSL_SESSION_CACHE:-shared:MozSSL:10m}
-      - NGINX_SSL_PROTOCOLS=${NGINX_SSL_PROTOCOLS:-TLSv1.2 TLSv1.3}
-      - NGINX_SSL_CIPHERS=${NGINX_SSL_CIPHERS:-ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305}
-      - NGINX_SSL_PREFER_SERVER_CIPHERS=${NGINX_SSL_PREFER_SERVER_CIPHERS:-off}
-      - NGINX_HEADER_STRICT_TRANSPORT_SECURITY=${NGINX_HEADER_STRICT_TRANSPORT_SECURITY:-'"max-age=63072000" always'}
-      - NGINX_SSL_STAPLING=${NGINX_SSL_STAPLING:-on}
-      - NGINX_SSL_STAPLING_VERIFY=${NGINX_SSL_STAPLING_VERIFY:-on}
-    volumes:
-      - ./data/nginx/default.conf.template:/etc/nginx/templates/default.conf.template:ro
-      - ./data/nginx/dhparams.pem:/etc/nginx/ssl/dhparams.pem:ro
-      - ./data/nginx/certs:/etc/nginx/ssl/certs:ro
-      - ./data/nginx/acme:/var/www/letsencrypt:ro
-    ports:
-      - target: 8080
-        published: "80"
-        protocol: tcp
-        app_protocol: http # Docker Compose 2.26.0
-        mode: ingress
-      - target: 8443
-        published: "443"
-        protocol: tcp
-        app_protocol: https # Docker Compose 2.26.0
-        mode: ingress
-    networks:
-      - frontend
-
-networks:
-  frontend:

docker-compose.test.yml

@@ -1,22 +0,0 @@
----
-services:
-  server:
-    environment:
-      B23_ALLOW_UP: "true"
-    networks:
-      - backend
-      - web
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.sso.entrypoints=websecure"
-      - "traefik.http.routers.sso.rule=Host(`${PUBLIC_DOMAIN}`)" # change hostname!
-      - "traefik.http.routers.sso.tls=true"
-      - "traefik.http.routers.sso.tls.certresolver=pdns"
-      - "traefik.http.routers.sso.tls.domains[0].main=*.test.base23.de"
-      - "traefik.http.routers.sso.middlewares=secHeaders@file,hsts-header@file"
-      - "traefik.http.services.sso.loadbalancer.server.port=9443" # set port the container listenes to
-      - "traefik.http.services.sso.loadbalancer.server.scheme=https"
-
-networks:
-  web:
-    external: true

env.prod.template

@@ -1,14 +1,12 @@
 # SETTINGS from env.template
 # Misc configuration
-PUBLIC_DOMAIN=sso.base23.de
-COMPOSE_PROJECT_NAME=sso-base23-de
+PUBLIC_DOMAIN=sso.s1q.dev
+COMPOSE_PROJECT_NAME=sso-s1q-dev
 
 # Server Versions
 AUTHENTIK_TAG=2025.6.4
 POSTGRES_TAG=16.9-alpine
 REDIS_TAG=8.0-alpine
-RESTICKER_TAG=0.0.2-restic0.17.0
-NGINX_UNPRIVILEGED_TAG=1.27.2-bookworm
 
 # Error reporting & Logging
 AUTHENTIK_ERROR_REPORTING__ENABLED=true
@@ -16,16 +14,16 @@ AUTHENTIK_LOG_LEVEL=warning
 
 # Email configuration
 # SMTP Host Emails are sent to
-AUTHENTIK_EMAIL__HOST=mail.base23.de
+AUTHENTIK_EMAIL__HOST=mail.s1q.dev
 AUTHENTIK_EMAIL__PORT=25
-AUTHENTIK_EMAIL__USERNAME=sso@base23.de
+AUTHENTIK_EMAIL__USERNAME=smtp@s1q.dev
 # Use StartTLS
 AUTHENTIK_EMAIL__USE_TLS=true
 # Use SSL
 AUTHENTIK_EMAIL__USE_SSL=false
 AUTHENTIK_EMAIL__TIMEOUT=10
 # Email address authentik will send from, should have a correct @domain
-AUTHENTIK_EMAIL__FROM=sso@base23.de
+AUTHENTIK_EMAIL__FROM=sso@s1q.dev
 
 # Exposed ports for Authentik -- Ports are note exposed due to traefik setup
 # COMPOSE_PORT_HTTP=80
@@ -42,28 +40,3 @@ GEOIPUPDATE_ACCOUNT_ID=1093308
 # PostgreSQL configuration
 PG_USER=authentik
 PG_DB=authentik
-
-
-# Nginx configuration
-NGINX_HTTP_PORT=8080
-NGINX_HTTPS_PORT=8443
-NGINX_RESOLVER=127.0.0.11
-NGINX_SERVERNAME=sso.base23.de
-
-# NGINX SSL Config for nginx 1.27.2, intermediate config, OpenSSL 3.0.14
-NGINX_SSL_SESSION_TIMEOUT=1d
-NGINX_SSL_SESSION_CACHE='shared:MozSSL:10m' # about 40000 sessions
-NGINX_SSL_PROTOCOLS='TLSv1.2 TLSv1.3'
-NGINX_SSL_CIPHERS='ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305'
-NGINX_SSL_PREFER_SERVER_CIPHERS=off
-NGINX_HEADER_STRICT_TRANSPORT_SECURITY='"max-age=63072000" always'
-NGINX_SSL_STAPLING=on
-NGINX_SSL_STAPLING_VERIFY=on
-
-
-# Restic configuration
-RESTIC_REPO_USER=u291924-sub4
-RESTIC_REPO_ADDRESS=cloud.backup.base23.de
-RESTIC_REPO_PORT=22
-RESTIC_TAG=sso.base23.de
-

env.test.template

@@ -1,13 +1,12 @@
 # SETTINGS from env.template
 # Misc configuration
-PUBLIC_DOMAIN=sso.test.base23.de
-COMPOSE_PROJECT_NAME=sso-base23-de
+PUBLIC_DOMAIN=sso.test.s1q.dev
+COMPOSE_PROJECT_NAME=sso--test-s1q-dev
 
 # Server Versions
 AUTHENTIK_TAG=2025.6.4
 POSTGRES_TAG=16.9-alpine
 REDIS_TAG=8.0-alpine
-RESTICKER_TAG=0.0.2-restic0.17.0
 
 # Error reporting & Logging
 AUTHENTIK_ERROR_REPORTING__ENABLED=true
@@ -15,16 +14,16 @@ AUTHENTIK_LOG_LEVEL=warning
 
 # Email configuration
 # SMTP Host Emails are sent to
-AUTHENTIK_EMAIL__HOST=mail.base23.de
+AUTHENTIK_EMAIL__HOST=mail.s1q.dev
 AUTHENTIK_EMAIL__PORT=25
-AUTHENTIK_EMAIL__USERNAME=sso@base23.de
+AUTHENTIK_EMAIL__USERNAME=sso@s1q.dev
 # Use StartTLS
 AUTHENTIK_EMAIL__USE_TLS=true
 # Use SSL
 AUTHENTIK_EMAIL__USE_SSL=false
 AUTHENTIK_EMAIL__TIMEOUT=10
 # Email address authentik will send from, should have a correct @domain
-AUTHENTIK_EMAIL__FROM=sso@base23.de
+AUTHENTIK_EMAIL__FROM=sso@s1q.dev
 
 # Exposed ports for Authentik -- Ports are note exposed due to traefik setup
 # COMPOSE_PORT_HTTP=80
@@ -41,11 +40,3 @@ GEOIPUPDATE_ACCOUNT_ID=1093308
 # PostgreSQL configuration
 PG_USER=authentik
 PG_DB=authentik
-
-
-# Restic configuration
-RESTIC_REPO_USER=u291924-sub5
-RESTIC_REPO_ADDRESS=cloud.backup.base23.de
-RESTIC_REPO_PORT=22
-RESTIC_TAG=sso.test.base23.de
-