commit 09fbf067193262cceaaab3fa94368fcf52336447 Author: L4RM4ND <21357789+l4rm4nd@users.noreply.github.com> Date: Wed Feb 15 22:45:31 2023 +0100 clean commit diff --git a/0_skeleton/README.md b/0_skeleton/README.md new file mode 100644 index 0000000..1880bbc --- /dev/null +++ b/0_skeleton/README.md @@ -0,0 +1,3 @@ +# Reference + +This is an example skeleton to use. Usually combined with Traefik as reverse proxy. diff --git a/0_skeleton/docker-compose.yml b/0_skeleton/docker-compose.yml new file mode 100644 index 0000000..f825b4e --- /dev/null +++ b/0_skeleton/docker-compose.yml @@ -0,0 +1,28 @@ +version: '3.3' + +services: + example: + image: user/image:tag + container_name: example-container-name + restart: unless-stopped + #ports: + # - 8080:2368 + volumes: + - /mnt/docker-volumes/example:/example + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + networks: + - proxy + #labels: + # - traefik.enable=true + # - traefik.http.routers.CHANGEME.rule=Host(`service.example.com`) + # - traefik.http.services.CHANGEME.loadbalancer.server.port=8080 + # - traefik.docker.network=proxy + # # Part for local lan services only; disable to expose externally + # - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file + +networks: + proxy: + external: true diff --git a/README.md b/README.md new file mode 100644 index 0000000..c9b897f --- /dev/null +++ b/README.md @@ -0,0 +1,123 @@ +# Compose-Examples +Various Docker Compose examples of selfhosted projects. + +- Volume bind mounts are assumed to be located at `/mnt/docker-volumes//` +- Docker networks are not hardcoded and may have to be created or defined manually +- Example config files are provided but not yet located in the correct volume bind mount path. Adjust! +- Default credentials should be adjusted to your needs + +Otherwise, it should be a matter of: +```` +git clone https://github.com/Haxxnet/Compose-Examples && cd Compose-Examples +cd +docker compose up -d +```` + +## Dashboards +- [Homepage](homepage) +- [Homer](homer) +- [Dashy](dashy) +- [Homarr](homarr) +- [Flame](flame) +- [Heimdall](heimdall) + +## Password Management +- [Vaultwarden](vaultwarden) +- [Bitwarden Unified](bitwarden-unified) + +## Reverse Proxies +- [Traefik](traefik) +- [Nginx Proxy Manager](nginx-proxy-manager) +- [Caddy](caddy) + +## Virtual Private Network (VPN) +- [wg-easy](wg-easy) +- ~~[Netbird](TBD)~~ +- ~~[Firezone](TBD)~~ +- ~~[Wireguard](TBD)~~ + +## Domain Name Service (DNS) +- [Adguard Home](adguard-home) +- [Adguard Home Sync](adguard-home-sync) +- [Technitium DNS](technitium-dns) +- [Pihole](pihole) +- [Cloudflare DDNS](cloudflare-ddns) + +## Repository Management & Coding +- [Gitea](gitea) +- [Drone](drone) +- [Code Server](code-server) +- [Obsidian-Remote](obsidian-remote) +- ~~[Onedev](TBD)~~ +- ~~[Gitlab](TBD)~~ + +## Monitoring +- [Watchtower](watchtower) +- [Portainer Enterprise](portainer-ee) +- [Uptimekuma](uptimekuma) +- [Changedetection](changedetection) +- [Grafana Stack](grafana-monitoring) +- [Speedtest-Tracker](speedtest-tracker) +- [Openspeedtest](openspeedtest) +- [Goaccess for Nginx Proxy Manager](nginx-proxy-manager-goaccess) +- [WatchYourLAN](watchyourlan) +- [Network-Multitool](network-multitool) + +## Recipe Managers +- [Tandoor](tandoor) +- [Mealie](mealie) + +## Media Management +- [Immich](immich) +- [Photoprism](photoprism) +- [Deemix](deemix) +- [Papermerge](papermerge) +- [Paperless NGX](paperless-ngx) + +## File Sharing +- [PrivateBin](privatebin) +- [Nextcloud](nextcloud) +- [Pwndrop](pwndrop) +- [Seafile](seafile) +- [Droppy](droppy) +- [SFTPGo](sftpgo) +- [Gokapi](gokapi) +- [Projectsend](projectsend) + +## Publishing, Writing, Hosting +- [Excalidraw](excalidraw) +- [Overleaf](overleaf) +- [Ghost CMS](ghost) +- [Nginx + PHP](nginx-php) + +## Analytics +- [Matomo](matomo) +- [Plausible](plausible) + +## Security & Vulnerability Management +- [Nessus](nessus) +- [Greenbone](greenbone) +- [SonarQube](sonarqube) +- [Fail2ban](fail2ban) + +## Internet of Things / Smart Home +- [Home Assistant](homeassistant) + +## Asset Management +- [Domainmod](domainmod) +- [Snipe-IT](snipe-it) + +## Backups +- [Duplicati](duplicati) +- [Duplicacy](duplicacy) + +## Wiki & Knowledge Base +- [Bookstack](bookstack) +- [Answer](answer) +- [Wiki.js](wikijs) +- [Obsidian-Remote](obsidian-remote) + +## Finance +- [TRSync](trsync) +- [Money-Balancer](money-balancer) +- [Firefly III](firefly-iii) diff --git a/adguard-home-sync/README.md b/adguard-home-sync/README.md new file mode 100644 index 0000000..fa9a607 --- /dev/null +++ b/adguard-home-sync/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/bakito/adguardhome-sync diff --git a/adguard-home-sync/docker-compose.yml b/adguard-home-sync/docker-compose.yml new file mode 100644 index 0000000..b9bc88e --- /dev/null +++ b/adguard-home-sync/docker-compose.yml @@ -0,0 +1,21 @@ +version: "2.1" +services: + adguardhome-sync: + image: linuxserver/adguardhome-sync + container_name: adguardhome-sync + hostname: adguardhome-sync + environment: + - ORIGIN_URL=http://10.10.10.10:8080 # your main adguard instance for synchronization + - ORIGIN_USERNAME=admin1 + - ORIGIN_PASSWORD=password1 + - REPLICA_URL=http://20.20.20.20:8080 # your replica adguard instance to be synced with main instance + - REPLICA_USERNAME=admin2 + - REPLICA_PASSWORD=password2 + - CRON=*/30 * * * * # run every 30 minute; see https://crontab.guru/ + - RUNONSTART=true + - TZ=Europe/Berlin + - PUID=1000 + - PGID=1000 + restart: unless-stopped + volumes: + - /mnt/docker-volumes/adguard-home-sync:/config diff --git a/adguard-home/README.md b/adguard-home/README.md new file mode 100644 index 0000000..e9fb6eb --- /dev/null +++ b/adguard-home/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/AdguardTeam/AdGuardHome diff --git a/adguard-home/docker-compose.yml b/adguard-home/docker-compose.yml new file mode 100644 index 0000000..49bb093 --- /dev/null +++ b/adguard-home/docker-compose.yml @@ -0,0 +1,15 @@ +version: "3" + +services: + adguard: + container_name: adguard + hostname: adguard + image: adguard/adguardhome:latest + ports: + - 53:53/tcp + - 8080:80/tcp + - 53:53/udp + restart: unless-stopped + volumes: + - /mnt/docker-volumes/adguard-home/work:/opt/adguardhome/work + - /mnt/docker-volumes/adguard-home/conf:/opt/adguardhome/conf diff --git a/answer/README.md b/answer/README.md new file mode 100644 index 0000000..ea2fbbb --- /dev/null +++ b/answer/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/answerdev/answer diff --git a/answer/docker-compose.yml b/answer/docker-compose.yml new file mode 100644 index 0000000..01f6938 --- /dev/null +++ b/answer/docker-compose.yml @@ -0,0 +1,10 @@ +version: "3" +services: + answer: + container_name: answer + image: answerdev/answer + ports: + - '9080:80' + restart: unless-stopped + volumes: + - /mnt/docker-volumes/answer/data:/data diff --git a/bitwarden-unified/README.md b/bitwarden-unified/README.md new file mode 100644 index 0000000..b5e9d32 --- /dev/null +++ b/bitwarden-unified/README.md @@ -0,0 +1,3 @@ +# Reference + +https://bitwarden.com/help/install-and-deploy-unified-beta/ diff --git a/bitwarden-unified/docker-compose.yml b/bitwarden-unified/docker-compose.yml new file mode 100644 index 0000000..5156b9a --- /dev/null +++ b/bitwarden-unified/docker-compose.yml @@ -0,0 +1,28 @@ +--- +version: "3.8" + +services: + bitwarden: + container_name: bitwarden_unified + depends_on: + - db + env_file: + - settings.env + image: bitwarden/self-host:beta + restart: always + ports: + - "8888:80" + volumes: + - /mnt/docker-volumes/bitwarden-unified/data:/etc/bitwarden + + db: + environment: + MARIADB_USER: "bitwarden" + MARIADB_PASSWORD: "Secure_MariaDB_Password1" + MARIADB_DATABASE: "bitwarden_vault" + MARIADB_RANDOM_ROOT_PASSWORD: "true" + image: mariadb:10 + container_name: bitwarden_unified_db + restart: always + volumes: + - /mnt/docker-volumes/bitwarden-unified/mariadb:/var/lib/mysql diff --git a/bitwarden-unified/settings.env b/bitwarden-unified/settings.env new file mode 100644 index 0000000..44e50e9 --- /dev/null +++ b/bitwarden-unified/settings.env @@ -0,0 +1,61 @@ +##################### +# Required Settings # +##################### + +# Server hostname +BW_DOMAIN=bitwarden.example.com + +# Database +# Available providers are sqlserver, postgresql, or mysql/mariadb +BW_DB_PROVIDER=mysql +BW_DB_SERVER=db +BW_DB_DATABASE=bitwarden_vault +BW_DB_USERNAME=bitwarden +BW_DB_PASSWORD=Secure_MariaDB_Password1 + +# Installation information +# Get your ID and key from https://bitwarden.com/host/ +BW_INSTALLATION_ID=xxxxxxxx-xxxxxxxx-xxxxxxxxx-xxxxxxxxxxx # change this !!! +BW_INSTALLATION_KEY=MyInstallationkey # change this !!! + +##################### +# Optional Settings # +##################### +# Learn more here: https://bitwarden.com/help/environment-variables/ + +# SSL +#BW_ENABLE_SSL=true +#BW_ENABLE_SSL_CA=true +#BW_SSL_CERT=ssl.crt +#BW_SSL_KEY=ssl.key +#BW_SSL_CA_CERT=ca.crt + +# Services +# Some services, namely for enterprise use cases, are disabled by default. Defaults shown below. +#BW_ENABLE_ADMIN=true +#BW_ENABLE_API=true +#BW_ENABLE_EVENTS=false +#BW_ENABLE_ICONS=true +#BW_ENABLE_IDENTITY=true +#BW_ENABLE_NOTIFICATIONS=true +#BW_ENABLE_SCIM=false +#BW_ENABLE_SSO=false + +#BW_ICONS_PROXY_TO_CLOUD=false + +# Mail +#globalSettings__mail__replyToEmail=noreply@$BW_DOMAIN +#globalSettings__mail__smtp__host=smtphost.example.com +#globalSettings__mail__smtp__port=587 +#globalSettings__mail__smtp__ssl=false +#globalSettings__mail__smtp__username=smtpusername +#globalSettings__mail__smtp__password=smtppassword + +# Yubikey +#globalSettings__yubico__clientId=REPLACE +#globalSettings__yubico__key=REPLACE + +# Other +#globalSettings__disableUserRegistration=true +#globalSettings__hibpApiKey=REPLACE +#adminSettings__admins="admin1@email.com,admin2@email.com" diff --git a/bookstack/README.md b/bookstack/README.md new file mode 100644 index 0000000..0c8c1e4 --- /dev/null +++ b/bookstack/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/linuxserver/docker-bookstack diff --git a/bookstack/docker-compose.yml b/bookstack/docker-compose.yml new file mode 100644 index 0000000..3fc716a --- /dev/null +++ b/bookstack/docker-compose.yml @@ -0,0 +1,38 @@ +version: "3" + +services: + bookstack: + image: linuxserver/bookstack + container_name: bookstack + hostname: bookstack + environment: + - PUID=1000 + - PGID=1000 + - APP_URL=https://wiki.example.com # change this + - DB_HOST=bookstack_db + - DB_USER=bookstack + - DB_PASS=USERPW1 + - DB_DATABASE=bookstackapp + volumes: + - /mnt/docker-volumes/bookstack/config:/config + restart: unless-stopped + ports: + - 8099:80 + depends_on: + - bookstack_db + + bookstack_db: + image: linuxserver/mariadb + container_name: bookstack_db + hostname: bookstack_db + environment: + - PUID=1000 + - PGID=1000 + - MYSQL_ROOT_PASSWORD=ROOTPW + - TZ=Europe/Berlin + - MYSQL_DATABASE=bookstackapp + - MYSQL_USER=bookstack + - MYSQL_PASSWORD=USERPW1 + volumes: + - /mnt/docker-volumes/bookstack/mariadb-config:/config + restart: unless-stopped diff --git a/caddy/CaddyFile b/caddy/CaddyFile new file mode 100644 index 0000000..be1952e --- /dev/null +++ b/caddy/CaddyFile @@ -0,0 +1,4 @@ +service.example.com { + encode zstd gzip + reverse_proxy nginx:80 +} diff --git a/caddy/README.md b/caddy/README.md new file mode 100644 index 0000000..afeabb9 --- /dev/null +++ b/caddy/README.md @@ -0,0 +1,3 @@ +# References + +https://github.com/caddyserver/caddy diff --git a/caddy/docker-compose.yml b/caddy/docker-compose.yml new file mode 100644 index 0000000..5c294cc --- /dev/null +++ b/caddy/docker-compose.yml @@ -0,0 +1,15 @@ +version: "3.7" +services: + caddy: + image: caddy:latest + container_name: caddy + restart: unless-stopped + environment: + - TZ=Europe/Berlin + ports: + - "80:80" + - "443:443" + volumes: + - /mnt/docker-volumes/caddy/CaddyFile:/etc/caddy/Caddyfile + - /mnt/docker-volumes/caddy/data:/data + - /mnt/docker-volumes/caddy/config:/config diff --git a/changedetection/README.md b/changedetection/README.md new file mode 100644 index 0000000..3a30c23 --- /dev/null +++ b/changedetection/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/linuxserver/docker-changedetection.io diff --git a/changedetection/docker-compose.yml b/changedetection/docker-compose.yml new file mode 100644 index 0000000..165971d --- /dev/null +++ b/changedetection/docker-compose.yml @@ -0,0 +1,21 @@ +version: "2.1" +services: + changedetection: + image: lscr.io/linuxserver/changedetection.io:latest + container_name: changedetection + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - /mnt/docker-volumes/changedetection/config:/config + ports: + - 5000:5000 + restart: unless-stopped + #labels: + # - traefik.enable=true + # - traefik.http.routers.changedetection.rule=Host(`changedetection.example.com`) + # - traefik.http.services.changedetection.loadbalancer.server.port=5000 + # - traefik.docker.network=proxy + # # Part for local lan services only; disable to expose externally + # - traefik.http.routers.changedetection.middlewares=local-ipwhitelist@file,basic-auth@file diff --git a/cloudflare-ddns/README.md b/cloudflare-ddns/README.md new file mode 100644 index 0000000..a8e5e2d --- /dev/null +++ b/cloudflare-ddns/README.md @@ -0,0 +1,3 @@ +# Reference + +https://hub.docker.com/r/oznu/cloudflare-ddns/ diff --git a/cloudflare-ddns/docker-compose.yml b/cloudflare-ddns/docker-compose.yml new file mode 100644 index 0000000..b8e3f0d --- /dev/null +++ b/cloudflare-ddns/docker-compose.yml @@ -0,0 +1,9 @@ +version: '3.7' +services: + ddns: + image: oznu/cloudflare-ddns:latest + restart: unless-stopped + environment: + - API_KEY=MyCloudflareApiToken # change this + - ZONE=example.com + - SUBDOMAIN=* # either subdomain or wildcard * to update root domain diff --git a/code-server/README.md b/code-server/README.md new file mode 100644 index 0000000..2a5471d --- /dev/null +++ b/code-server/README.md @@ -0,0 +1,5 @@ +# Reference + +https://github.com/linuxserver/docker-code-server + + diff --git a/code-server/docker-compose.yml b/code-server/docker-compose.yml new file mode 100644 index 0000000..4a9bf03 --- /dev/null +++ b/code-server/docker-compose.yml @@ -0,0 +1,20 @@ +--- +version: "2.1" +services: + code-server: + image: lscr.io/linuxserver/code-server:latest + container_name: code-server + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - PASSWORD=MyStrongLoginPassword + - SUDO_PASSWORD=MyOptionalStrongSudoPassword #optional + #- SUDO_PASSWORD_HASH= #optional + - PROXY_DOMAIN=vscode.example.com #optional + - DEFAULT_WORKSPACE=/config/workspace #optional + volumes: + - /mnt/docker-volumes/vscode/config:/config + ports: + - 8443:8443 + restart: unless-stopped diff --git a/dashy/README.md b/dashy/README.md new file mode 100644 index 0000000..230aa46 --- /dev/null +++ b/dashy/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/Lissy93/dashy \ No newline at end of file diff --git a/dashy/docker-compose.yml b/dashy/docker-compose.yml new file mode 100644 index 0000000..58bdd29 --- /dev/null +++ b/dashy/docker-compose.yml @@ -0,0 +1,21 @@ +--- +version: "3.8" +services: + dashy: + container_name: dashy + hostname: dashy + image: lissy93/dashy + volumes: + - /mnt/docker-volumes/dashy/config/config.yml:/app/public/conf.yml + - /mnt/docker-volumes/dashy/icons:/app/public/item-icons + environment: + - NODE_ENV=production + - UID=1000 + - GID=1000 + restart: unless-stopped + healthcheck: + test: ['CMD', 'node', '/app/services/healthcheck'] + interval: 1m30s + timeout: 10s + retries: 3 + start_period: 40s diff --git a/deemix/README.md b/deemix/README.md new file mode 100644 index 0000000..f1dc8e5 --- /dev/null +++ b/deemix/README.md @@ -0,0 +1,3 @@ +# Reference + +https://gitlab.com/Bockiii/deemix-docker diff --git a/deemix/docker-compose.yml b/deemix/docker-compose.yml new file mode 100644 index 0000000..27ceafe --- /dev/null +++ b/deemix/docker-compose.yml @@ -0,0 +1,14 @@ +version: "3" + +services: + deemix: + container_name: deemix + environment: + - PUID=1000 + - PGID=1000 + hostname: deemix + image: registry.gitlab.com/bockiii/deemix-docker:latest + restart: unless-stopped + volumes: + - /mnt/docker-volumes/deemix/config:/config + - /mnt/docker-volumes/deemix/downloads:/downloads diff --git a/domainmod/README.md b/domainmod/README.md new file mode 100644 index 0000000..4a4b81e --- /dev/null +++ b/domainmod/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/domainmod/domainmod \ No newline at end of file diff --git a/domainmod/docker-compose.yml b/domainmod/docker-compose.yml new file mode 100644 index 0000000..8b6a1ec --- /dev/null +++ b/domainmod/docker-compose.yml @@ -0,0 +1,40 @@ +--- +version: '3.7' +services: + app: + image: domainmod/domainmod:latest + container_name: domainmod_app + hostname: domainmod_app + depends_on: + - db + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - DOMAINMOD_WEB_ROOT= + - DOMAINMOD_DATABASE_HOST=db + - DOMAINMOD_DATABASE=domainmod + - DOMAINMOD_USER=domainmod + - DOMAINMOD_PASSWORD=password1 + volumes: + - /mnt/docker-volumes/domainmod/app:/var/www/html + ports: + - 8080:80 + restart: unless-stopped + + db: + image: ghcr.io/linuxserver/mariadb:alpine + container_name: domainmod_db + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - MYSQL_DATABASE=domainmod + - MYSQL_USER=domainmod + - MYSQL_PASSWORD=password1 + - MYSQL_ROOT_PASSWORD=password2 + volumes: + - /mnt/docker-volumes/domainmod/database:/config + #ports: + # - 3306 + restart: unless-stopped diff --git a/drone/README.md b/drone/README.md new file mode 100644 index 0000000..c4621df --- /dev/null +++ b/drone/README.md @@ -0,0 +1,3 @@ +# References + +https://github.com/harness/drone diff --git a/drone/docker-compose.yml b/drone/docker-compose.yml new file mode 100644 index 0000000..ebcc3df --- /dev/null +++ b/drone/docker-compose.yml @@ -0,0 +1,55 @@ +version: "3.7" + +services: + drone-server: + image: drone/drone:latest + container_name: drone-server + restart: unless-stopped + dns: + - 192.168.178.100 # specify your internal dns server for proper dns lookups; especially if you are using https and hostnames + volumes: + - /mnt/docker-volumes/drone/data:/var/lib/drone + #- /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - DRONE_DEBUG=true + #- DRONE_ADMIN=droneadm + #- DRONE_USER_CREATE=username:droneadm,admin:true + - DRONE_SERVER_PORT=:80 + - DRONE_DATABASE_DRIVER=sqlite3 + - DRONE_GIT_ALWAYS_AUTH=false + - DRONE_GITEA_SERVER=https://git.domain.tld # change this to your gitea instance + - DRONE_RPC_SECRET=8aff725d2e16ef31fbc42 + - DRONE_SERVER_HOST=drone.domain.tld # change this to your drone instance + - DRONE_HOST=https://drone.domain.tld # change this to your drone instance; adjust http/https + - DRONE_SERVER_PROTO=https # adjust http/https + - DRONE_TLS_AUTOCERT=false + - DRONE_AGENTS_ENABLED=true + - DRONE_GITEA_CLIENT_ID=XXX-XXX # change this to your client ID from Gitea; see https://docs.drone.io/server/provider/gitea/ + - DRONE_GITEA_CLIENT_SECRET=XXX-XXX # change this to your client secret from Gitea; see https://docs.drone.io/server/provider/gitea/ + networks: + - proxy + labels: + - traefik.enable=true + - traefik.http.routers.drone-server.rule=Host(`drone.domain.tld`) + - traefik.http.services.drone-server.loadbalancer.server.port=80 + - traefik.docker.network=proxy + # Part for local lan services only; disable to expose externally + - traefik.http.routers.drone-server.middlewares=local-ipwhitelist@file + + drone-agent: + image: drone/agent:1.2.1 + command: agent + restart: unless-stopped + container_name: drone-agent + volumes: + - /var/run/docker.sock:/var/run/docker.sock # optional; necessary if you run docker runners and need access to docker socket + environment: + - DRONE_RPC_SERVER=http://drone-server:80 + - DRONE_RPC_SECRET=8aff725d2e16ef31fbc42 + - DRONE_RUNNER_CAPACITY=2 + networks: + - proxy + +networks: + proxy: + external: true diff --git a/droppy/README.md b/droppy/README.md new file mode 100644 index 0000000..b79b633 --- /dev/null +++ b/droppy/README.md @@ -0,0 +1,3 @@ +# References + +https://github.com/silverwind/droppy diff --git a/droppy/docker-compose.yml b/droppy/docker-compose.yml new file mode 100644 index 0000000..1ff057d --- /dev/null +++ b/droppy/docker-compose.yml @@ -0,0 +1,16 @@ +version: '2' + +services: + droppy: + container_name: droppy + image: silverwind/droppy + ports: + - 8989:8989 + volumes: + - /mnt/docker-volumes/droppy/config:/config + - /path/to/my/data/for/sharing:/files # path to shared files + environment: + - UID=1000 + - GID=1000 + - TZ="Europe/Berlin" + restart: unless-stopped diff --git a/duplicacy/README.md b/duplicacy/README.md new file mode 100644 index 0000000..eb7f9e4 --- /dev/null +++ b/duplicacy/README.md @@ -0,0 +1,4 @@ +# References + +- https://hub.docker.com/r/saspus/duplicacy-web +- https://spin.atomicobject.com/2021/02/06/duplicacy-docker-image/ diff --git a/duplicacy/docker-compose.yml b/duplicacy/docker-compose.yml new file mode 100644 index 0000000..4da7fa8 --- /dev/null +++ b/duplicacy/docker-compose.yml @@ -0,0 +1,19 @@ +--- +version: '3.7' + +services: + duplicacy-web: + container_name: duplicacy-web + image: saspus/duplicacy-web:v1.4.1 + environment: + - USR_ID=1000 # user account id on the system + - GRP_ID=1000 # group id on the system + - TZ=Europe/Berlin + ports: + - "3875:3875/tcp" + volumes: + - /mnt/docker-volumes/duplicacy-web/config:/config + - /mnt/docker-volumes/duplicacy-web/logs:/logs + - /mnt/docker-volumes/duplicacy-web/cache:/cache + - /path/to/my/data/dir1:/data/dir1:ro # 1st path to your data for backup + - /path/to/my/data/dir2:/data/dir2:ro # 2nd path to your data for backup diff --git a/duplicati/README.md b/duplicati/README.md new file mode 100644 index 0000000..ad35198 --- /dev/null +++ b/duplicati/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/duplicati/duplicati \ No newline at end of file diff --git a/duplicati/docker-compose.yml b/duplicati/docker-compose.yml new file mode 100644 index 0000000..463e8dd --- /dev/null +++ b/duplicati/docker-compose.yml @@ -0,0 +1,28 @@ +version: "3" + +services: + duplicati: + container_name: duplicati + entrypoint: + - /init + ports: + - 8200:8200 # MGMT UI + environment: + - PUID=0 + - PGID=1000 + - TZ=Europe/Berlin + hostname: duplicati + image: linuxserver/duplicati:latest + #labels: + # - com.centurylinklabs.watchtower.enable=false + # - traefik.enable=true + # - traefik.http.routers.duplicati.rule=Host(`duplicati.example.com`) + # - traefik.http.services.duplicati.loadbalancer.server.port=8200 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.routers.duplicati.middlewares=local-ipwhitelist@file + restart: unless-stopped + volumes: + - /mnt/docker-volumes/duplicati/backups:/backups + - /mnt/docker-volumes/duplicati/config:/config + - /path/to/my/data/to/backup:/source # change this diff --git a/excalidraw/README.md b/excalidraw/README.md new file mode 100644 index 0000000..ea5e923 --- /dev/null +++ b/excalidraw/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/excalidraw/excalidraw \ No newline at end of file diff --git a/excalidraw/docker-compose.yml b/excalidraw/docker-compose.yml new file mode 100644 index 0000000..7087f96 --- /dev/null +++ b/excalidraw/docker-compose.yml @@ -0,0 +1,32 @@ +version: "3.8" + +services: + excalidraw: + container_name: excalidraw + image: excalidraw/excalidraw:latest + ports: + - "3000:80" + restart: unless-stopped + stdin_open: true + healthcheck: + disable: true + environment: + - NODE_ENV=production + networks: + - proxy + #volumes: + # - ./:/opt/node_app/app:delegated + # - ./package.json:/opt/node_app/package.json + # - ./yarn.lock:/opt/node_app/yarn.lock + # - notused:/opt/node_app/app/node_modules + #labels: + # - traefik.enable=true + # - traefik.http.routers.excalidraw.rule=Host(`draw.example.com`) + # - traefik.http.services.excalidraw.loadbalancer.server.port=80 + # - traefik.docker.network=proxy + # # Part for local lan services only; disable to expose externally + # - traefik.http.routers.excalidraw.middlewares=local-ipwhitelist@file + +networks: + proxy: + external: true diff --git a/fail2ban/README.md b/fail2ban/README.md new file mode 100644 index 0000000..0f53c4a --- /dev/null +++ b/fail2ban/README.md @@ -0,0 +1,6 @@ +# Reference + +- https://github.com/crazy-max/docker-fail2ban +- https://blog.lrvt.de/configuring-fail2ban-with-traefik/ +- https://blog.lrvt.de/fail2ban-with-nginx-proxy-manager/ +- https://github.com/l4rm4nd/F2BFilters diff --git a/fail2ban/docker-compose.yml b/fail2ban/docker-compose.yml new file mode 100644 index 0000000..fcaf19a --- /dev/null +++ b/fail2ban/docker-compose.yml @@ -0,0 +1,18 @@ +version: "3" + +services: + fail2ban: + container_name: fail2ban + cap_add: + - NET_ADMIN + - NET_RAW + environment: + - TZ=Europe/Berlin + - F2B_DB_PURGE_AGE=14d + image: crazymax/fail2ban:latest + network_mode: host + restart: unless-stopped + volumes: + - /mnt/docker-volumes/fail2Ban/data:/data + - /path/to/my/logs/to/monitor:/var/log + #- /mnt/docker-volumes/traefik/logs:/var/log/traefik diff --git a/firefly-iii/.env b/firefly-iii/.env new file mode 100644 index 0000000..d4811a7 --- /dev/null +++ b/firefly-iii/.env @@ -0,0 +1,316 @@ +# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation. +# Never set it to "testing". +APP_ENV=local + +# Set to true if you want to see debug information in error screens. +APP_DEBUG=false + +# This should be your email address. +# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE +# The variable is used in some errors shown to users who aren't admin. +SITE_OWNER=mail@example.com + +# The encryption key for your sessions. Keep this very secure. +# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it. +# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE +# +# Avoid the "#" character in your APP_KEY, it may break things. +# +APP_KEY=SomeRandomStringOf32CharsExactly + +# Firefly III will launch using this language (for new users and unauthenticated visitors) +# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang +# +# If text is still in English, remember that not everything may have been translated. +DEFAULT_LANGUAGE=en_US + +# The locale defines how numbers are formatted. +# by default this value is the same as whatever the language is. +DEFAULT_LOCALE=equal + +# Change this value to your preferred time zone. +# Example: Europe/Amsterdam +# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +TZ=Europe/Berlin + +# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy. +# Set it to ** and reverse proxies work just fine. +TRUSTED_PROXIES=* + +# The log channel defines where your log entries go to. +# Several other options exist. You can use 'single' for one big fat error log (not recommended). +# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself. +# A rotating log option is 'daily', creates 5 files that (surprise) rotate. +# A cool option is 'papertrail' for cloud logging +# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time. +LOG_CHANNEL=stack + +# +# Used when logging to papertrail: +# +PAPERTRAIL_HOST= +PAPERTRAIL_PORT= + +# Log level. You can set this from least severe to most severe: +# debug, info, notice, warning, error, critical, alert, emergency +# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably +# nothing will get logged, ever. +APP_LOG_LEVEL=notice + +# Audit log level. +# Set this to "emergency" if you dont want to store audit logs, leave on info otherwise. +AUDIT_LOG_LEVEL=info + +# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III +# For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +# Use "pgsql" for PostgreSQL +# Use "mysql" for MySQL and MariaDB. +# Use "sqlite" for SQLite. +DB_CONNECTION=mysql +DB_HOST=db +DB_PORT=3306 +DB_DATABASE=firefly +DB_USERNAME=firefly +DB_PASSWORD=MySecretDatabasePassword +# leave empty or omit when not using a socket connection +DB_SOCKET= + +# MySQL supports SSL. You can configure it here. +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MYSQL_USE_SSL=false +MYSQL_SSL_VERIFY_SERVER_CERT=true +# You need to set at least of these options +MYSQL_SSL_CAPATH=/etc/ssl/certs/ +MYSQL_SSL_CA= +MYSQL_SSL_CERT= +MYSQL_SSL_KEY= +MYSQL_SSL_CIPHER= + +# PostgreSQL supports SSL. You can configure it here. +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +PGSQL_SSL_MODE=prefer +PGSQL_SSL_ROOT_CERT=null +PGSQL_SSL_CERT=null +PGSQL_SSL_KEY=null +PGSQL_SSL_CRL_FILE=null + +# more PostgreSQL settings +PGSQL_SCHEMA=public + +# If you're looking for performance improvements, you could install memcached or redis +CACHE_DRIVER=file +SESSION_DRIVER=file + +# If you set either of the options above to 'redis', you might want to update these settings too +# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or +# REDIS_PORT_FILE to set the value from a file instead of from an environment variable + +# can be tcp, unix or http +REDIS_SCHEME=tcp + +# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise. +REDIS_PATH= + +# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise. +REDIS_HOST=127.0.0.1 +REDIS_PORT=6379 + +# Use only with Redis 6+ with proper ACL set. Leave empty otherwise. +REDIS_USERNAME= +REDIS_PASSWORD= + +# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly. +REDIS_DB="0" +REDIS_CACHE_DB="1" + +# Cookie settings. Should not be necessary to change these. +# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set +# the value from a file instead of from an environment variable +# Setting samesite to "strict" may give you trouble logging in. +COOKIE_PATH="/" +COOKIE_DOMAIN= +COOKIE_SECURE=false +COOKIE_SAMESITE=lax + +# If you want Firefly III to email you, update these settings +# For instructions, see: https://docs.firefly-iii.org/advanced-installation/email +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MAIL_MAILER=log +MAIL_HOST=null +MAIL_PORT=2525 +MAIL_FROM=changeme@example.com +MAIL_USERNAME=null +MAIL_PASSWORD=null +MAIL_ENCRYPTION=null + +# Other mail drivers: +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MAILGUN_DOMAIN= +MAILGUN_SECRET= + +# If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net +# If you use Docker or similar, you can set this variable from a file by appending it with _FILE +MAILGUN_ENDPOINT=api.mailgun.net + +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MANDRILL_SECRET= +SPARKPOST_SECRET= + +# Firefly III can send you the following messages. +SEND_ERROR_MESSAGE=true + +# These messages contain (sensitive) transaction information: +SEND_REPORT_JOURNALS=true + +# Set this value to true if you want to set the location +# of certain things, like transactions. Since this involves an external service, it's optional +# and disabled by default. +ENABLE_EXTERNAL_MAP=false + +# Set this value to true if you want Firefly III to download currency exchange rates +# from the internet. These rates are hosted by the creator of Firefly III inside +# an Azure Storage Container. +# Not all currencies may be available. Rates may be wrong. +ENABLE_EXTERNAL_RATES=false + +# The map will default to this location: +MAP_DEFAULT_LAT=51.983333 +MAP_DEFAULT_LONG=5.916667 +MAP_DEFAULT_ZOOM=6 + +# +# Firefly III authentication settings +# + +# +# Firefly III supports a few authentication methods: +# - 'web' (default, uses built in DB) +# - 'remote_user_guard' for Authelia etc +# Read more about these settings in the documentation. +# https://docs.firefly-iii.org/advanced-installation/authentication +# +# LDAP is no longer supported :( +# +AUTHENTICATION_GUARD=web + +# +# Remote user guard settings +# +AUTHENTICATION_GUARD_HEADER=REMOTE_USER +AUTHENTICATION_GUARD_EMAIL= + +# +# Firefly III generates a basic keypair for your OAuth tokens. +# If you want, you can overrule the key with your own (secure) value. +# It's also possible to set PASSPORT_PUBLIC_KEY_FILE or PASSPORT_PRIVATE_KEY_FILE +# if you're using Docker secrets or similar solutions for secret management +# +PASSPORT_PRIVATE_KEY= +PASSPORT_PUBLIC_KEY= + +# +# Extra authentication settings +# +CUSTOM_LOGOUT_URL= + +# You can disable the X-Frame-Options header if it interferes with tools like +# Organizr. This is at your own risk. Applications running in frames run the risk +# of leaking information to their parent frame. +DISABLE_FRAME_HEADER=false + +# You can disable the Content Security Policy header when you're using an ancient browser +# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really) +# This leaves you with the risk of not being able to stop XSS bugs should they ever surface. +# This is at your own risk. +DISABLE_CSP_HEADER=false + +# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here. +# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to. +# Do not prepend the TRACKER_URL with http:// or https:// +# The only tracker supported is Matomo. +# You can set the following variables from a file by appending them with _FILE: +TRACKER_SITE_ID= +TRACKER_URL= + +# +# Firefly III supports webhooks. These are security sensitive and must be enabled manually first. +# +ALLOW_WEBHOOKS=false + +# +# The static cron job token can be useful when you use Docker and wish to manage cron jobs. +# 1. Set this token to any 32-character value (this is important!). +# 2. Use this token in the cron URL instead of a user's command line token. +# +# For more info: https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/ +# +# You can set this variable from a file by appending it with _FILE +# +STATIC_CRON_TOKEN= + +# You can fine tune the start-up of a Docker container by editing these environment variables. +# Use this at your own risk. Disabling certain checks and features may result in lots of inconsistent data. +# However if you know what you're doing you can significantly speed up container start times. +# Set each value to true to enable, or false to disable. + +# Set this to true to build all locales supported by Firefly III. +# This may take quite some time (several minutes) and is generally not recommended. +# If you wish to change or alter the list of locales, start your Docker container with +# `docker run -v locale.gen:/etc/locale.gen -e DKR_BUILD_LOCALE=true` +# and make sure your preferred locales are in your own locale.gen. +DKR_BUILD_LOCALE=false + +# Check if the SQLite database exists. Can be skipped if you're not using SQLite. +# Won't significantly speed up things. +DKR_CHECK_SQLITE=true + +# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists +# and is up to date. +DKR_RUN_MIGRATION=true + +# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date +# with the latest fixes (outside of migrations!) +DKR_RUN_UPGRADE=true + +# Verify database integrity. Includes all data checks and verifications. +# Disabling this makes Firefly III assume your DB is intact. +DKR_RUN_VERIFY=true + +# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state. +# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues. +DKR_RUN_REPORT=true + +# Generate OAuth2 keys. +# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if) +# you had previously generated keys already and they're stored in your database for restoration. +DKR_RUN_PASSPORT_INSTALL=true + +# Leave the following configuration vars as is. +# Unless you like to tinker and know what you're doing. +APP_NAME=FireflyIII +BROADCAST_DRIVER=log +QUEUE_DRIVER=sync +CACHE_PREFIX=firefly +PUSHER_KEY= +IPINFO_TOKEN= +PUSHER_SECRET= +PUSHER_ID= +DEMO_USERNAME= +DEMO_PASSWORD= +IS_HEROKU=false +FIREFLY_III_LAYOUT=v1 + +# +# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable. +# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking. +# This configuration value WILL NOT HELP. +# +# Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff. +# +# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else. +# So when configuring anything WEB related this variable doesn't do anything. Nothing +# +# If you're stuck I understand you get desperate but look SOMEWHERE ELSE. +# +APP_URL=http://localhost diff --git a/firefly-iii/README.md b/firefly-iii/README.md new file mode 100644 index 0000000..2d0aff9 --- /dev/null +++ b/firefly-iii/README.md @@ -0,0 +1,4 @@ +# References + +- https://github.com/firefly-iii/docker +- https://docs.firefly-iii.org/firefly-iii/installation/docker/ diff --git a/firefly-iii/docker-compose.yml b/firefly-iii/docker-compose.yml new file mode 100644 index 0000000..9ea0993 --- /dev/null +++ b/firefly-iii/docker-compose.yml @@ -0,0 +1,26 @@ +version: '3.3' + +services: + app: + image: fireflyiii/core:latest + container_name: firefly + restart: unless-stopped + volumes: + - /mnt/docker-volumes/firefly/upload:/var/www/html/storage/upload + env_file: .env + ports: + - 80:8080 + depends_on: + - db + + db: + image: mariadb + container_name: firefly-db + restart: unless-stopped + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + - MYSQL_USER=firefly + - MYSQL_PASSWORD=MySecretDatabasePassword # if changed --> also update in .env file + - MYSQL_DATABASE=firefly + volumes: + - /mnt/docker-volumes/firefly/mysql:/var/lib/mysql diff --git a/flame/README.md b/flame/README.md new file mode 100644 index 0000000..ee5c8ca --- /dev/null +++ b/flame/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/pawelmalak/flame \ No newline at end of file diff --git a/flame/docker-compose.yml b/flame/docker-compose.yml new file mode 100644 index 0000000..a6d900c --- /dev/null +++ b/flame/docker-compose.yml @@ -0,0 +1,14 @@ +version: '3.6' + +services: + flame: + image: pawelmalak/flame + container_name: flame + volumes: + - /mnt/docker-volumes/flame:/app/data + #- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration + ports: + - 5005:5005 + environment: + - PASSWORD=MyStrongLoginPassword + restart: unless-stopped diff --git a/ghost/README.md b/ghost/README.md new file mode 100644 index 0000000..265025a --- /dev/null +++ b/ghost/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/TryGhost/Ghost \ No newline at end of file diff --git a/ghost/docker-compose-rpi-arm.yml b/ghost/docker-compose-rpi-arm.yml new file mode 100644 index 0000000..c7861d1 --- /dev/null +++ b/ghost/docker-compose-rpi-arm.yml @@ -0,0 +1,41 @@ +version: '3.3' + +services: + blog: + image: ghost:5 + container_name: ghost + restart: always + ports: + - 8080:2368 + volumes: + - /mnt/docker-volumes/ghost/content:/var/lib/ghost/content + environment: + # see https://ghost.org/docs/config/#configuration-options + database__client: mysql + database__connection__host: database + database__connection__user: ghost_dbuser + database__connection__password: SecureDatabasePassword + database__connection__database: ghost + url: https://blog.example.com + NODE_ENV: production + #mail__transport: SMTP + #mail__options__host: smtp.google.com + #mail__options__port: 587 + #mail__options__auth__user: blog@example.com + #mail__options__auth__pass: SecureSmtpPassword + #mail__from: My Blog + + database: + image: linuxserver/mariadb + container_name: ghost-db + environment: + - PUID=1000 + - PGID=1000 + - MYSQL_ROOT_PASSWORD=SecureDatabaseRootPassword + - TZ=Europe/Berlin + - MYSQL_DATABASE=ghost + - MYSQL_USER=ghost_dbuser + - MYSQL_PASSWORD=SecureDatabasePassword + volumes: + - /mnt/docker-volumes/ghost/mariadb/config:/config + restart: unless-stopped diff --git a/ghost/docker-compose.yml b/ghost/docker-compose.yml new file mode 100644 index 0000000..6781ff6 --- /dev/null +++ b/ghost/docker-compose.yml @@ -0,0 +1,47 @@ +version: '3.3' + +services: + blog: + image: ghost:5 + container_name: ghost + restart: always + ports: + - 8080:2368 + volumes: + - /mnt/docker-volumes/ghost/content:/var/lib/ghost/content + environment: + # see https://ghost.org/docs/config/#configuration-options + database__client: mysql + database__connection__host: database + database__connection__user: root + database__connection__password: MyStrongDatabasePassword + database__connection__database: ghost + url: https://blog.example.com # change this + NODE_ENV: production + #mail__transport: SMTP + #mail__options__host: smtp.gmail.com + #mail__options__port: 587 + #mail__options__auth__user: blog@example.com + #mail__options__auth__pass: MyStrongSmtpLoginPassword + #mail__from: Ghost Blog + #labels: + # - traefik.enable=true + # - traefik.http.routers.ghost.rule=Host(`blog.example.com`) + # - traefik.http.services.ghost.loadbalancer.server.port=2368 + # - traefik.docker.network=proxy + # # Part for local lan services only + # #- traefik.http.routers.ghost.middlewares=external-secure@file + + database: + image: mysql:8 + container_name: ghost_db + restart: always + volumes: + - /mnt/docker-volumes/ghost/mysql:/var/lib/mysql + #ports: + # - "13928:3306" + environment: + MYSQL_ROOT_PASSWORD: AnotherStrongDatabasePasswordForRootUser + MYSQL_DATABASE: ghost + MYSQL_USER: user + MYSQL_PASSWORD: MyStrongDatabasePassword diff --git a/gitea/README.md b/gitea/README.md new file mode 100644 index 0000000..1104f09 --- /dev/null +++ b/gitea/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/go-gitea/gitea \ No newline at end of file diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml new file mode 100644 index 0000000..c71440c --- /dev/null +++ b/gitea/docker-compose.yml @@ -0,0 +1,23 @@ +version: "3" + +services: + gitea: + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + hostname: gitea + ports: + - 3000:3000 #webgui + - 2222:22 #ssh + image: gitea/gitea:latest + restart: unless-stopped + volumes: + - /mnt/docker-volumes/gitea/data:/data + #labels: + # - traefik.enable=true + # - traefik.http.routers.gitea.rule=Host(`git.example.com`) + # - traefik.http.services.gitea.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.routers.gitea.middlewares=local-ipwhitelist@file diff --git a/gokapi/README.md b/gokapi/README.md new file mode 100644 index 0000000..0be598d --- /dev/null +++ b/gokapi/README.md @@ -0,0 +1,3 @@ +# References + +https://github.com/Forceu/Gokapi diff --git a/gokapi/docker-compose.yml b/gokapi/docker-compose.yml new file mode 100644 index 0000000..2bdc741 --- /dev/null +++ b/gokapi/docker-compose.yml @@ -0,0 +1,12 @@ +version: "3.7" + +services: + gokapi: + image: f0rc3/gokapi:latest + container_name: gokapi + restart: unless-stopped + ports: + - 53842:53842 + volumes: + - /mnt/docker-volumes/gokapi/data:/app/data + - /mnt/docker-volumes/gokapi/config:/app/config diff --git a/grafana-monitoring/README.md b/grafana-monitoring/README.md new file mode 100644 index 0000000..c3229ce --- /dev/null +++ b/grafana-monitoring/README.md @@ -0,0 +1,3 @@ +# References +- https://blog.lrvt.de/monitoring-dashboard-with-grafana-telegraf-influxdb-and-docker/ +- https://blog.lrvt.de/log-visualization-with-grafana-loki-promtail/ diff --git a/grafana-monitoring/docker-compose.yml b/grafana-monitoring/docker-compose.yml new file mode 100644 index 0000000..d4e8f32 --- /dev/null +++ b/grafana-monitoring/docker-compose.yml @@ -0,0 +1,104 @@ +version: "2" + +services: + + loki: + image: grafana/loki:latest + hostname: loki + container_name: loki + volumes: + - /mnt/docker-volumes/loki:/etc/loki # see example-configs and place loki-config.yml + ports: + - "127.0.0.1:3100:3100" + restart: unless-stopped + user: 1000:1000 + command: -config.file=/etc/loki/loki-config.yml + networks: + - monitoring_default + + promtail: + image: grafana/promtail:latest + container_name: promtail + depends_on: + - loki + hostname: promtail + volumes: + - /var/log:/var/log + - /mnt/docker-volumes/promtail:/etc/promtail # see example-configs and place promtail-config.yml + #- /mnt/docker-volumes/traefik/logs:/var/log/traefik + restart: unless-stopped + command: -config.file=/etc/promtail/promtail-config.yml + networks: + - monitoring_default + + influxdb: + image: influxdb:1.8.10 + container_name: influxdb + hostname: influxdb + restart: unless-stopped + volumes: + - /mnt/docker-volumes/influxdb/data:/var/lib/influxdb + - /mnt/docker-volumes/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf:ro # see example-configs and place infuxdb.conf + - /mnt/docker-volumes/influxdb/init:/docker-entrypoint-initdb.d # see example-configs and place create-database.iql + environment: + - INFLUXDB_ADMIN_USER=admin + - INFLUXDB_ADMIN_PASSWORD=SuperDuperAdminPW + networks: + - monitoring_default + + telegraf: + image: telegraf:latest + restart: unless-stopped + user: telegraf:998 # see: https://www.influxdata.com/blog/docker-run-telegraf-as-non-root/ + container_name: telegraf + hostname: telegraf + dns: + - 1.1.1.1 + - 8.8.8.8 + depends_on: + - influxdb + volumes: + - /mnt/docker-volumes/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro # see example-configs and place telegraf.conf + - /:/hostfs:ro + - /etc:/hostfs/etc:ro + - /proc:/hostfs/proc:ro + - /sys:/hostfs/sys:ro + - /var/run/utmp:/var/run/utmp:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - HOST_ETC=/hostfs/etc + - HOST_PROC=/hostfs/proc + - HOST_SYS=/hostfs/sys + - HOST_MOUNT_PREFIX=/hostfs + networks: + - monitoring_default + + grafana: + container_name: grafana + hostname: grafana + user: 1000:1000 + depends_on: + - influxdb + - loki + - promtail + image: grafana/grafana:latest + restart: unless-stopped + #environment: + # - GF_SERVER_ROOT_URL=https://grafana.example.com # optional + volumes: + - /mnt/docker-volumes/grafana:/var/lib/grafana + #ports: + # - 3000:3000 + networks: + - monitoring_default + #labels: + # - traefik.enable=true + # - traefik.http.routers.grafana.rule=Host(`grafana.example.com`) + # - traefik.http.services.grafana.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.routers.grafana.middlewares=local-ipwhitelist@file + +networks: + monitoring_default: + external: true diff --git a/grafana-monitoring/example-configs/create-database.iql b/grafana-monitoring/example-configs/create-database.iql new file mode 100644 index 0000000..74f347a --- /dev/null +++ b/grafana-monitoring/example-configs/create-database.iql @@ -0,0 +1,3 @@ +CREATE DATABASE telegraf WITH DURATION 31d +CREATE USER telegrafuser WITH PASSWORD 'MyStrongTelegrafPassword' +GRANT ALL ON telegraf to telegrafuser diff --git a/grafana-monitoring/example-configs/influxdb.conf b/grafana-monitoring/example-configs/influxdb.conf new file mode 100644 index 0000000..b51a1b3 --- /dev/null +++ b/grafana-monitoring/example-configs/influxdb.conf @@ -0,0 +1,24 @@ +# Bind address to use for the RPC service for backup and restore. +bind-address = "127.0.0.1:8088" +[meta] + dir = "/var/lib/influxdb/meta" +[data] + dir = "/var/lib/influxdb/data" + wal-dir = "/var/lib/influxdb/wal" + series-id-set-cache-size = 100 +[http] + enabled = true + bind-address = ":8086" + auth-enabled = true +[logging] +[subscriber] +[[graphite]] +[[collectd]] +[[opentsdb]] +[[udp]] +[continuous_queries] +[tls] +[coordinator] +[retention] +[shard-precreation] +[monitor] diff --git a/grafana-monitoring/example-configs/loki-config.yml b/grafana-monitoring/example-configs/loki-config.yml new file mode 100644 index 0000000..4a86a9c --- /dev/null +++ b/grafana-monitoring/example-configs/loki-config.yml @@ -0,0 +1,48 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + grpc_listen_port: 9096 + +common: + path_prefix: /tmp/loki + storage: + filesystem: + chunks_directory: /tmp/loki/chunks + rules_directory: /tmp/loki/rules + replication_factor: 1 + ring: + instance_addr: 127.0.0.1 + kvstore: + store: inmemory + +limits_config: + reject_old_samples: true + reject_old_samples_max_age: 168h + retention_period: 360h + max_query_series: 100000 + max_query_parallelism: 2 + +schema_config: + configs: + - from: 2020-10-24 + store: boltdb-shipper + object_store: filesystem + schema: v11 + index: + prefix: index_ + period: 24h + +query_range: + split_queries_by_interval: 0 + parallelise_shardable_queries: false + +querier: + max_concurrent: 2048 + +frontend: + max_outstanding_per_tenant: 4096 + compress_responses: true + +ruler: + alertmanager_url: http://localhost:9093 diff --git a/grafana-monitoring/example-configs/promtail-config.yml b/grafana-monitoring/example-configs/promtail-config.yml new file mode 100644 index 0000000..92c0276 --- /dev/null +++ b/grafana-monitoring/example-configs/promtail-config.yml @@ -0,0 +1,35 @@ +server: + http_listen_port: 9080 + grpc_listen_port: 0 + +positions: + filename: /tmp/positions.yaml + +clients: + - url: http://loki:3100/loki/api/v1/push + +# local machine logs +scrape_configs: + - job_name: vpn + static_configs: + - targets: + - localhost + labels: + job: vpnlogs + __path__: /var/log/openvpn.log + + - job_name: auth + static_configs: + - targets: + - localhost + labels: + job: authlogs + __path__: /var/log/auth.log + + - job_name: traefik + static_configs: + - targets: + - localhost + labels: + job: traefiklogs + __path__: /var/log/traefik/*.log diff --git a/grafana-monitoring/example-configs/telegraf.conf b/grafana-monitoring/example-configs/telegraf.conf new file mode 100644 index 0000000..227ac93 --- /dev/null +++ b/grafana-monitoring/example-configs/telegraf.conf @@ -0,0 +1,159 @@ +# Telegraf Configuration +# +# Telegraf is entirely plugin driven. All metrics are gathered from the +# declared inputs, and sent to the declared outputs. +# +# Plugins must be declared in here to be active. +# To deactivate a plugin, comment out the name and any variables. +# +# Use 'telegraf -config telegraf.conf -test' to see what metrics a config +# file would generate. +# +# Environment variables can be used anywhere in this config file, simply surround +# them with ${}. For strings the variable must be within quotes (ie, "${STR_VAR}"), +# for numbers and booleans they should be plain (ie, ${INT_VAR}, ${BOOL_VAR}) + + +# CUSTOM Docker +# ------------------------------------ + +[[inputs.net]] + interfaces = ["eth*", "tun0", "docker0", "dockernet*"] + ignore_protocol_stats = false + +#[[inputs.file]] +# files = ["/sys/class/thermal/thermal_zone0/temp"] +# name_override = "cpu_temperature" +# data_format = "value" +# data_type = "integer" + +[[inputs.http_response]] + urls = ["https://reddit.com", "https://google.com"] + method = "HEAD" + follow_redirects = true + +[[inputs.dns_query]] + servers = ["8.8.8.8", "1.1.1.1"] + +# influx v1.8 +[[outputs.influxdb]] + urls = ["http://influxdb:8086"] + database = "telegraf" + username = "telegrafuser" + password = "MyStrongTelegrafPassword" + skip_database_creation = true + +[[inputs.docker]] + endpoint = "unix:///var/run/docker.sock" + gather_services = false + container_name_include = [] + container_name_exclude = [] + timeout = "5s" + docker_label_include = [] + docker_label_exclude = [] + perdevice = true + total = false + +[[inputs.cpu]] + percpu = true + totalcpu = true + collect_cpu_time = false + report_active = false + +[[inputs.disk]] + ignore_fs = ["tmpfs", "devtmpfs", "devfs", "iso9660", "overlay", "aufs", "squashfs"] + +[[inputs.diskio]] + +[[inputs.kernel]] + +[[inputs.mem]] + +[[inputs.processes]] + +[[inputs.swap]] + +[[inputs.system]] + +# -------------------------------------- + +# Global tags can be specified here in key="value" format. +[global_tags] + # dc = "us-east-1" # will tag all metrics with dc=us-east-1 + # rack = "1a" + ## Environment variables can be used as tags, and throughout the config file + # user = "$USER" + +# Configuration for telegraf agent +[agent] + ## Default data collection interval for all inputs + interval = "30s" + + ## Rounds collection interval to 'interval' + ## ie, if interval="10s" then always collect on :00, :10, :20, etc. + round_interval = true + + ## Telegraf will send metrics to outputs in batches of at most + ## metric_batch_size metrics. + ## This controls the size of writes that Telegraf sends to output plugins. + metric_batch_size = 1000 + + ## Maximum number of unwritten metrics per output. Increasing this value + ## allows for longer periods of output downtime without dropping metrics at the + ## cost of higher maximum memory usage. + metric_buffer_limit = 10000 + + ## Collection jitter is used to jitter the collection by a random amount. + ## Each plugin will sleep for a random time within jitter before collecting. + ## This can be used to avoid many plugins querying things like sysfs at the + ## same time, which can have a measurable effect on the system. + collection_jitter = "0s" + + ## Default flushing interval for all outputs. Maximum flush_interval will be + ## flush_interval + flush_jitter + flush_interval = "10s" + ## Jitter the flush interval by a random amount. This is primarily to avoid + ## large write spikes for users running a large number of telegraf instances. + ## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s + flush_jitter = "0s" + + ## By default or when set to "0s", precision will be set to the same + ## timestamp order as the collection interval, with the maximum being 1s. + ## ie, when interval = "10s", precision will be "1s" + ## when interval = "250ms", precision will be "1ms" + ## Precision will NOT be used for service inputs. It is up to each individual + ## service input to set the timestamp at the appropriate precision. + ## Valid time units are "ns", "us" (or "µs"), "ms", "s". + precision = "" + + ## Override default hostname, if empty use os.Hostname() + #hostname = "My-Hostname" + ## If set to true, do no set the "host" tag in the telegraf agent. + omit_hostname = false + + ## Log at debug level. + # debug = false + ## Log only error level messages. + # quiet = false + + ## Log target controls the destination for logs and can be one of "file", + ## "stderr" or, on Windows, "eventlog". When set to "file", the output file + ## is determined by the "logfile" setting. + # logtarget = "file" + + ## Name of the file to be logged to when using the "file" logtarget. If set to + ## the empty string then logs are written to stderr. + # logfile = "" + + ## The logfile will be rotated after the time interval specified. When set + ## to 0 no time based rotation is performed. Logs are rotated only when + ## written to, if there is no log activity rotation may be delayed. + # logfile_rotation_interval = "0d" + + ## The logfile will be rotated when it becomes larger than the specified + ## size. When set to 0 no size based rotation is performed. + # logfile_rotation_max_size = "0MB" + + ## Maximum number of rotated archives to keep, any older logs are deleted. + ## If set to -1, no archives are removed. + # logfile_rotation_max_archives = 5 diff --git a/greenbone/README.md b/greenbone/README.md new file mode 100644 index 0000000..e932b69 --- /dev/null +++ b/greenbone/README.md @@ -0,0 +1,3 @@ +# Reference + +https://hub.docker.com/r/securecompliance/gvm \ No newline at end of file diff --git a/greenbone/docker-compose.yml b/greenbone/docker-compose.yml new file mode 100644 index 0000000..366e1a4 --- /dev/null +++ b/greenbone/docker-compose.yml @@ -0,0 +1,23 @@ +version: "3" +services: + gvm: + image: securecompliance/gvm + volumes: + - /mnt/docker-volumes/greenbone/database:/opt/database + - /mnt/docker-volumes/greenbone/gvm:/var/lib/gvm + - /mnt/docker-volumes/greenbone/plugins:/var/lib/openvas/plugins + environment: + - USERNAME="admin" + - PASSWORD="admin" + - RELAYHOST="smtp.gmail.com" + - SMTPPORT=465 + - AUTO_SYNC=true + - HTTPS=true + - TZ="Europe/Berlin" + - SSHD=false + - DB_PASSWORD="none" + ports: + - "9392:9392" # Web interface + #- "5432:5432" # Access PostgreSQL database from external tools + #- "2222:22" # SSH for remote sensors + restart: unless-stopped diff --git a/heimdall/README.md b/heimdall/README.md new file mode 100644 index 0000000..39c5905 --- /dev/null +++ b/heimdall/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/linuxserver/Heimdall \ No newline at end of file diff --git a/heimdall/docker-compose.yml b/heimdall/docker-compose.yml new file mode 100644 index 0000000..4b2fd28 --- /dev/null +++ b/heimdall/docker-compose.yml @@ -0,0 +1,16 @@ +version: "3" + +services: + heimdall: + container_name: heimdall + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + ports: + - 8099:80 + hostname: heimdall + image: linuxserver/heimdall:latest + restart: unless-stopped + volumes: + - /mnt/docker-volumes/heimdall:/config diff --git a/homarr/README.md b/homarr/README.md new file mode 100644 index 0000000..ee86e0b --- /dev/null +++ b/homarr/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/ajnart/homarr diff --git a/homarr/docker-compose.yml b/homarr/docker-compose.yml new file mode 100644 index 0000000..5d7d236 --- /dev/null +++ b/homarr/docker-compose.yml @@ -0,0 +1,14 @@ +version: '3' +services: + homarr: + container_name: homarr + image: ghcr.io/ajnart/homarr:latest + restart: unless-stopped + environment: + - PASSWORD=MySecureLoginPassword + - TZ="Europe/Berlin" + volumes: + - /mnt/docker-volumes/homarr/configs:/app/data/configs + #- /mnt/docker-volumes/homarr/icons:/app/public/icons # optional for custom icons + ports: + - '7575:7575' diff --git a/homeassistant/README.md b/homeassistant/README.md new file mode 100644 index 0000000..d5d5cf3 --- /dev/null +++ b/homeassistant/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/linuxserver/docker-homeassistant diff --git a/homeassistant/docker-compose.yml b/homeassistant/docker-compose.yml new file mode 100644 index 0000000..4d8592c --- /dev/null +++ b/homeassistant/docker-compose.yml @@ -0,0 +1,18 @@ +--- +version: "2.1" +services: + homeassistant: + image: linuxserver/homeassistant:latest + container_name: homeassistant + network_mode: host + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - /mnt/docker-volumes/homeassistant/config:/config + #ports: + # - 8123:8123 #optional + #devices: + # - /path/to/device:/path/to/device #optional + restart: unless-stopped diff --git a/homepage/README.md b/homepage/README.md new file mode 100644 index 0000000..3df1e68 --- /dev/null +++ b/homepage/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/benphelps/homepage diff --git a/homepage/docker-compose.yml b/homepage/docker-compose.yml new file mode 100644 index 0000000..7aa83b1 --- /dev/null +++ b/homepage/docker-compose.yml @@ -0,0 +1,22 @@ +version: "3.3" +services: + homepage: + image: ghcr.io/benphelps/homepage:latest + container_name: homepage + restart: unless-stopped + ports: + - 3000:3000 + environment: + - PUID=1000 + - PGID=1000 + volumes: + - /mnt/docker-volumes/homepage/config:/app/config # Make sure your local config directory exists + - /mnt/docker-volumes/homepage/icons:/app/public/icons + # - /var/run/docker.sock:/var/run/docker.sock:ro # (optional) For docker integrations + #labels: + # - traefik.enable=true + # - traefik.http.routers.homepage.rule=Host(`home.example.com`) + # - traefik.http.services.homepage.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.routers.homepage.middlewares=local-ipwhitelist@file diff --git a/homer/README.md b/homer/README.md new file mode 100644 index 0000000..6ae92ec --- /dev/null +++ b/homer/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/bastienwirtz/homer diff --git a/homer/docker-compose.yml b/homer/docker-compose.yml new file mode 100644 index 0000000..222577a --- /dev/null +++ b/homer/docker-compose.yml @@ -0,0 +1,12 @@ +version: '3.6' + +services: + homer: + image: b4bz/homer:latest + container_name: homer + volumes: + - /mnt/docker-volumes/homer:/www/assets + restart: unless-stopped + environment: + - UID=1000 + - GID=1000 diff --git a/immich/.env b/immich/.env new file mode 100644 index 0000000..595fd5e --- /dev/null +++ b/immich/.env @@ -0,0 +1,23 @@ +# Database +DB_HOSTNAME=immich-database +DB_USERNAME=postgres +DB_PASSWORD=MySecureDatabasePassword # change this +DB_DATABASE_NAME=immich-psgdb +DB_DATABASE_LOCATION=/mnt/docker-volumes/immich/database # change this + +# Redis +REDIS_HOSTNAME=immich-redis + +# Upload File Config +UPLOAD_LOCATION=/mnt/docker-volumes/immich/uploads # change this + +# JWT SECRET +JWT_SECRET=9C9E6EE5B56F137D2123123123123 # change this to a secure random secret + +# MAPBOX +## ENABLE_MAPBOX is either true of false -> if true, you have to provide MAPBOX_KEY +ENABLE_MAPBOX=false + +# WEB +MAPBOX_KEY= +VITE_SERVER_ENDPOINT=http://localhost:2283/api diff --git a/immich/README.md b/immich/README.md new file mode 100644 index 0000000..f91ce75 --- /dev/null +++ b/immich/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/immich-app/immich diff --git a/immich/docker-compose.yml b/immich/docker-compose.yml new file mode 100644 index 0000000..10d2ab4 --- /dev/null +++ b/immich/docker-compose.yml @@ -0,0 +1,102 @@ +version: "3.8" + +services: + immich-server: + container_name: immich-server + image: altran1502/immich-server:release + entrypoint: ["/bin/sh", "./start-server.sh"] + volumes: + - ${UPLOAD_LOCATION}:/usr/src/app/upload + env_file: + - .env + environment: + - NODE_ENV=production + depends_on: + - redis + - database + restart: unless-stopped + #labels: + # - "com.centurylinklabs.watchtower.enable=true" + + immich-microservices: + container_name: immich-microservices + image: altran1502/immich-server:release + entrypoint: ["/bin/sh", "./start-microservices.sh"] + volumes: + - ${UPLOAD_LOCATION}:/usr/src/app/upload + env_file: + - .env + environment: + - NODE_ENV=production + depends_on: + - redis + - database + restart: unless-stopped + #labels: + # - "com.centurylinklabs.watchtower.enable=true" + + #immich-machine-learning: + # image: altran1502/immich-machine-learning:release + # container_name: immich-ml + # entrypoint: ["/bin/sh", "./entrypoint.sh"] + # volumes: + # - ${UPLOAD_LOCATION}:/usr/src/app/upload + # env_file: + # - .env + # environment: + # - NODE_ENV=production + # depends_on: + # - database + # restart: always + # labels: + # - "com.centurylinklabs.watchtower.enable=true" + + immich-web: + image: altran1502/immich-web:release + container_name: immich-web + entrypoint: ["/bin/sh", "./entrypoint.sh"] + env_file: + - .env + restart: unless-stopped + #labels: + # - "com.centurylinklabs.watchtower.enable=true" + + redis: + container_name: immich-redis + image: redis:6.2 + restart: unless-stopped + #labels: + # - "com.centurylinklabs.watchtower.enable=true" + + database: + container_name: immich-database + image: postgres:14 + env_file: + - .env + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + PG_DATA: /var/lib/postgresql/data + volumes: + - ${DB_DATABASE_LOCATION}:/var/lib/postgresql/data + restart: unless-stopped + #labels: + # - "com.centurylinklabs.watchtower.enable=true" + + immich-proxy: + container_name: immich-proxy + image: altran1502/immich-proxy:release +# ports: +# - 8080:8080 # WEB UI via proxy; do not remove this proxy service, use it! + depends_on: + - immich-server + restart: unless-stopped + #labels: + # - traefik.enable=false + # - traefik.http.routers.immich.rule=Host(`immich.example.com`) + # - traefik.http.services.immich.loadbalancer.server.port=8080 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.routers.immich.middlewares=local-ipwhitelist@file + # - "com.centurylinklabs.watchtower.enable=true" diff --git a/matomo/README.md b/matomo/README.md new file mode 100644 index 0000000..be63aef --- /dev/null +++ b/matomo/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/matomo-org/matomo diff --git a/matomo/db.env b/matomo/db.env new file mode 100644 index 0000000..69b78c3 --- /dev/null +++ b/matomo/db.env @@ -0,0 +1,8 @@ +MYSQL_PASSWORD=makeitup2 +MYSQL_DATABASE=matomo +MYSQL_USER=matomo +MATOMO_DATABASE_ADAPTER=mysql +MATOMO_DATABASE_TABLES_PREFIX=matomo_ +MATOMO_DATABASE_USERNAME=matomo +MATOMO_DATABASE_PASSWORD= +MATOMO_DATABASE_DBNAME=matomo diff --git a/matomo/docker-compose.yml b/matomo/docker-compose.yml new file mode 100644 index 0000000..8496675 --- /dev/null +++ b/matomo/docker-compose.yml @@ -0,0 +1,41 @@ +version: "2" + +services: + matomo: + container_name: matomo + image: matomo + ports: + - 8099:80 + volumes: + - /mnt/docker-volumes/matomo/apache/apache2.conf:/etc/apache2/apache2.conf:ro + - /mnt/docker-volumes/matomo/html:/var/www/html + environment: + - MATOMO_DATABASE_HOST=matomo_db + #- VIRTUAL_HOST=matomo.example.com + #- LETSENCRYPT_HOST=stats.mysite.ext + #- LETSENCRYPT_EMAIL=email@something.ext + env_file: + - ./db.env + depends_on: + - matomo_db + restart: unless-stopped + #labels: + # - traefik.enable=true + # - traefik.http.routers.matomo.rule=Host(`matomo.example.com`) + # - traefik.http.services.matomo.loadbalancer.server.port=80 + # - traefik.docker.network=proxy + # # Part for local lan services only + # # - traefik.http.routers.matomo.middlewares=local-ipwhitelist@file + + + matomo_db: + container_name: matomo_db + image: mariadb + command: --max-allowed-packet=64MB + environment: + - MYSQL_ROOT_PASSWORD=makeitup + env_file: + - ./db.env + restart: unless-stopped + volumes: + - /mnt/docker-volumes/matomo/database:/var/lib/mysql diff --git a/mealie/README.md b/mealie/README.md new file mode 100644 index 0000000..6e9448d --- /dev/null +++ b/mealie/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/hay-kot/mealie diff --git a/mealie/docker-compose.yml b/mealie/docker-compose.yml new file mode 100644 index 0000000..29e8dfc --- /dev/null +++ b/mealie/docker-compose.yml @@ -0,0 +1,14 @@ +version: "3" + +services: + mealie: + container_name: mealie + environment: + - DB_TYPE=sqlite + - PRODUCTION=true + hostname: mealie + image: hkotel/mealie:latest + restart: unless-stopped + volumes: + - /mnt/docker-volumes/mealie:/app/data + working_dir: /app diff --git a/money-balancer/README.de b/money-balancer/README.de new file mode 100644 index 0000000..3578bfc --- /dev/null +++ b/money-balancer/README.de @@ -0,0 +1,3 @@ +# References + +https://github.com/dorianim/money-balancer diff --git a/money-balancer/docker-compose.yml b/money-balancer/docker-compose.yml new file mode 100644 index 0000000..34c2c0a --- /dev/null +++ b/money-balancer/docker-compose.yml @@ -0,0 +1,12 @@ +version: "3" +services: + money-balancer: + image: ghcr.io/dorianim/money-balancer + restart: unless-stopped + container_name: money-balancer + ports: + - 8000:8000 + volumes: + - /mnt/docker-volumes/money-balancer/data:/data + environment: + - JWT_SECRET=ThisIsAVerySecretString # change this diff --git a/nessus/README.md b/nessus/README.md new file mode 100644 index 0000000..f873c97 --- /dev/null +++ b/nessus/README.md @@ -0,0 +1,3 @@ +# Reference + +https://docs.tenable.com/nessus/Content/DeployNessusDocker.htm \ No newline at end of file diff --git a/nessus/docker-compose.yml b/nessus/docker-compose.yml new file mode 100644 index 0000000..f180b24 --- /dev/null +++ b/nessus/docker-compose.yml @@ -0,0 +1,13 @@ +version: "3.7" +services: + nessus: + hostname: nessus + container_name: nessus + image: tenableofficial/nessus:latest + ports: + - 8834:8834/tcp # WEB UI + environment: + - ACTIVATION_CODE=XXX-XXXXX-XXXXX-XXXX # change this + - USERNAME=nessus + - PASSWORD=MyVeryStrongNessusLoginPassword + restart: always diff --git a/network-multitool/README.md b/network-multitool/README.md new file mode 100644 index 0000000..f9217e1 --- /dev/null +++ b/network-multitool/README.md @@ -0,0 +1,3 @@ +# References + +https://hub.docker.com/r/praqma/network-multitool diff --git a/network-multitool/docker-compose.yml b/network-multitool/docker-compose.yml new file mode 100644 index 0000000..825ba22 --- /dev/null +++ b/network-multitool/docker-compose.yml @@ -0,0 +1,10 @@ +version: "3" + +services: + network-multitool: + image: praqma/network-multitool:alpine-extra + container_name: network-multitool + environment: + - HTTP_PORT=9988 # useful to daemonize the container; see https://hub.docker.com/r/praqma/network-multitool + - HTTPS_PORT=9989 # useful to daemonize the container; see https://hub.docker.com/r/praqma/network-multitool + restart: unless-stopped diff --git a/nextcloud/README.md b/nextcloud/README.md new file mode 100644 index 0000000..ea491f2 --- /dev/null +++ b/nextcloud/README.md @@ -0,0 +1,3 @@ +# Reference + +https://hub.docker.com/r/linuxserver/nextcloud \ No newline at end of file diff --git a/nextcloud/docker-compose-redis.yml b/nextcloud/docker-compose-redis.yml new file mode 100644 index 0000000..dbb4476 --- /dev/null +++ b/nextcloud/docker-compose-redis.yml @@ -0,0 +1,43 @@ +services: + nc: + image: nextcloud + container_name: nextcloud + restart: always + ports: + - 8080:80 + volumes: + - /mnt/docker-volumes/nextcloud/apps:/var/www/html/custom_apps + - /mnt/docker-volumes/nextcloud/config:/var/www/html/config + - /mnt/docker-volumes/nextcloud/data:/var/www/html/data + - /mnt/docker-volumes/nextcloud/wwwroot:/var/www/html + #- /mnt/docker-volumes/nextcloud/theme:/var/www/html/themes/ + environment: + - REDIS_HOST=redis + - MYSQL_HOST=db + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_PASSWORD=nextcloud + + redis: + image: redis:alpine + container_name: nextcloud-redis + restart: always + volumes: + - /mnt/docker-volumes/nextcloud/redis:/data + expose: + - 6379 + + db: + image: mariadb:10.5 + container_name: nextcloud-mariadb + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW + restart: always + volumes: + - /mnt/docker-volumes/nextcloud/mysql:/var/lib/mysql + environment: + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_ROOT_PASSWORD=nextcloud + - MYSQL_PASSWORD=nextcloud + expose: + - 3306 diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml new file mode 100644 index 0000000..6caa96b --- /dev/null +++ b/nextcloud/docker-compose.yml @@ -0,0 +1,16 @@ +--- +version: "2.1" +services: + nextcloud: + image: linuxserver/nextcloud:latest + container_name: nextcloud + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - /mnt/docker-volumes/nextcloud/config:/config + - /mnt/docker-volumes/nextcloud/data:/data + ports: + - 9443:443 + restart: unless-stopped diff --git a/nginx-php/README.md b/nginx-php/README.md new file mode 100644 index 0000000..ca4423a --- /dev/null +++ b/nginx-php/README.md @@ -0,0 +1,3 @@ +# Reference + +https://hub.docker.com/_/nginx diff --git a/nginx-php/docker-compose.yml b/nginx-php/docker-compose.yml new file mode 100644 index 0000000..4bd8835 --- /dev/null +++ b/nginx-php/docker-compose.yml @@ -0,0 +1,29 @@ +version: "3" + +services: + web: + image: nginx:latest + hostname: nginx + volumes: + - /mnt/docker-volumes/nginx/www-data:/var/www + - /mnt/docker-volumes/nginx/nginx-conf:/etc/nginx/conf.d + - /mnt/docker-volumes/nginx/logs:/var/log/nginx + links: + - php + container_name: nginx + restart: unless-stopped + #labels: + # - traefik.enable=true + # - traefik.http.routers.nginx.rule=Host(`nginx.example.com`) + # - traefik.http.services.nginx.loadbalancer.server.port=80 + # - traefik.docker.network=proxy + # # Part for local lan services only + # #- traefik.http.routers.nginx.middlewares=error-pages-middleware@docker + php: + image: php:8-fpm-alpine + hostname: php + volumes: + - /mnt/docker-volumes/nginx/www-data:/var/www + container_name: php + restart: unless-stopped + working_dir: /var/www diff --git a/nginx-php/nginx.conf b/nginx-php/nginx.conf new file mode 100644 index 0000000..5b703e8 --- /dev/null +++ b/nginx-php/nginx.conf @@ -0,0 +1,30 @@ +server { + listen 80; + server_name nginx.example.com; + root /var/www/; + index index.html index.php; + + #error_page 404 /error/404.html; + + client_max_body_size 10M; # change this + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + real_ip_header X-Forwarded-For; + proxy_hide_header X-Powered-By; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + location ~ \.php$ { + fastcgi_pass php:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PHP_VALUE "error_log=/etc/nginx/conf.d/php_error.log"; + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + include fastcgi_params; + } + + server_tokens off; + etag off; +} diff --git a/nginx-proxy-manager-goaccess/README.md b/nginx-proxy-manager-goaccess/README.md new file mode 100644 index 0000000..d020d4f --- /dev/null +++ b/nginx-proxy-manager-goaccess/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/xavier-hernandez/goaccess-for-nginxproxymanager diff --git a/nginx-proxy-manager-goaccess/docker-compose.yml b/nginx-proxy-manager-goaccess/docker-compose.yml new file mode 100644 index 0000000..8e9ca2c --- /dev/null +++ b/nginx-proxy-manager-goaccess/docker-compose.yml @@ -0,0 +1,14 @@ +goaccess: + image: xavierh/goaccess-for-nginxproxymanager:latest + container_name: goaccess + restart: always + volumes: + - /mnt/docker-volumes/nginx-proxy-manager/data/logs:/opt/log:ro + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - SKIP_ARCHIVED_LOGS=False #optional + - BASIC_AUTH=False #optional + - BASIC_AUTH_USERNAME=user #optional + - BASIC_AUTH_PASSWORD=pass #optional diff --git a/nginx-proxy-manager/README.md b/nginx-proxy-manager/README.md new file mode 100644 index 0000000..4a6f9c1 --- /dev/null +++ b/nginx-proxy-manager/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/NginxProxyManager/nginx-proxy-manager diff --git a/nginx-proxy-manager/docker-compose.yml b/nginx-proxy-manager/docker-compose.yml new file mode 100644 index 0000000..1a7f60a --- /dev/null +++ b/nginx-proxy-manager/docker-compose.yml @@ -0,0 +1,28 @@ +version: "3" + +services: + npm: + container_name: npm + environment: + - TZ=Europe/Berlin + hostname: npm + user: 0:1000 + networks: + - npm_proxy + image: jc21/nginx-proxy-manager:latest + ports: + - 443:443/tcp # HTTPS + - 81:81/tcp # MGMT UI + - 80:80/tcp # HTTP + restart: unless-stopped + healthcheck: + test: ["CMD", "/bin/check-health"] + interval: 30s + timeout: 3s + volumes: + - /mnt/docker-volumes/nginx-proxy-manager/data:/data + - /mnt/docker-volumes/nginx-proxy-manager/letsencrypt:/etc/letsencrypt + +networks: + npm_proxy: + external: true diff --git a/obsidian-remote/README.md b/obsidian-remote/README.md new file mode 100644 index 0000000..30b33de --- /dev/null +++ b/obsidian-remote/README.md @@ -0,0 +1,3 @@ +# References + +https://github.com/sytone/obsidian-remote diff --git a/obsidian-remote/docker-compose.yml b/obsidian-remote/docker-compose.yml new file mode 100644 index 0000000..1783fb4 --- /dev/null +++ b/obsidian-remote/docker-compose.yml @@ -0,0 +1,19 @@ +version: '3.8' +services: + obsidian: + image: 'ghcr.io/sytone/obsidian-remote:latest' + container_name: obsidian-remote + restart: unless-stopped + ports: + - 8080:8080 # Obsidian Web Interface + #- 27123:27123 # Local REST API Plugin HTTP Server Port + #- 27124:27124 # Local REST API Plugin HTTPS Server Port + volumes: + - /mnt/docker-volumes/obsidian-remote/vaults:/vaults # The location on the host for your Obsidian Vaults + - /mnt/docker-volumes/obsidian-remote/config:/config # The location to store Obsidan configuration and ssh data for obsidian-git + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - DOCKER_MODS=linuxserver/mods:universal-git # Use to add mods to the container like git. + - KEYBOARD=de-de-qwertz # Used to se the keyboard being used for input. E.g. KEYBOARD=en-us-qwerty or KEYBOARD=de-de-qwertz diff --git a/openspeedtest/README.md b/openspeedtest/README.md new file mode 100644 index 0000000..2391b75 --- /dev/null +++ b/openspeedtest/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/openspeedtest/Speed-Test diff --git a/openspeedtest/docker-compose.yml b/openspeedtest/docker-compose.yml new file mode 100644 index 0000000..00e69e5 --- /dev/null +++ b/openspeedtest/docker-compose.yml @@ -0,0 +1,18 @@ +version: "3" +services: + openspeedtest: + image: openspeedtest/latest:latest + container_name: openspeedtest + ports: + - 3380:3000 # HTTP + - 3001:3001 # HTTPS + restart: always + #labels: + # - traefik.enable=true + # - traefik.http.routers.openspeedtest.middlewares=local-ipwhitelist@file, limit + # - traefik.http.routers.openspeedtest.rule=Host(`speedtest.example.com`) + # - traefik.http.services.openspeedtest.loadbalancer.server.port=3000 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=10000000000 + # - traefik.http.middlewares.test-compress.compress=true diff --git a/overleaf/README.md b/overleaf/README.md new file mode 100644 index 0000000..5681263 --- /dev/null +++ b/overleaf/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/overleaf/overleaf diff --git a/overleaf/docker-compose.yml b/overleaf/docker-compose.yml new file mode 100644 index 0000000..d282901 --- /dev/null +++ b/overleaf/docker-compose.yml @@ -0,0 +1,122 @@ +version: '2.2' +services: + sharelatex: + restart: always + image: sharelatex/sharelatex + container_name: sharelatex + depends_on: + mongo: + condition: service_healthy + redis: + condition: service_started + ports: + - 8888:80 + links: + - mongo + - redis + volumes: + - /mnt/docker-volumes/sharelatex/data:/var/lib/sharelatex + ######################################################################## + #### Server Pro: Uncomment the following line to mount the docker #### + #### socket, required for Sibling Containers to work #### + ######################################################################## + # - /var/run/docker.sock:/var/run/docker.sock + environment: + + SHARELATEX_APP_NAME: Overleaf Community Edition + SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex + + # Same property, unfortunately with different names in + # different locations + SHARELATEX_REDIS_HOST: redis + REDIS_HOST: redis + + ENABLED_LINKED_FILE_TYPES: 'project_file,project_output_file' + + # Enables Thumbnail generation using ImageMagick + ENABLE_CONVERSIONS: 'true' + + # Disables email confirmation requirement + EMAIL_CONFIRMATION_DISABLED: 'true' + + # temporary fix for LuaLaTex compiles + # see https://github.com/overleaf/overleaf/issues/695 + TEXMFVAR: /var/lib/sharelatex/tmp/texmf-var + + ## Set for SSL via nginx-proxy + #VIRTUAL_HOST: 103.112.212.22 + + # SHARELATEX_SITE_URL: http://sharelatex.mydomain.com + # SHARELATEX_NAV_TITLE: Our ShareLaTeX Instance + # SHARELATEX_HEADER_IMAGE_URL: http://somewhere.com/mylogo.png + # SHARELATEX_ADMIN_EMAIL: support@it.com + + # SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by ShareLaTeX 2016"},{"text": "Another page I want to link to can be found here"} ]' + # SHARELATEX_RIGHT_FOOTER: '[{"text": "Hello I am on the Right"} ]' + + # SHARELATEX_EMAIL_FROM_ADDRESS: "team@sharelatex.com" + + # SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID: + # SHARELATEX_EMAIL_AWS_SES_SECRET_KEY: + + # SHARELATEX_EMAIL_SMTP_HOST: smtp.mydomain.com + # SHARELATEX_EMAIL_SMTP_PORT: 587 + # SHARELATEX_EMAIL_SMTP_SECURE: false + # SHARELATEX_EMAIL_SMTP_USER: + # SHARELATEX_EMAIL_SMTP_PASS: + # SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true + # SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false + # SHARELATEX_EMAIL_SMTP_NAME: '127.0.0.1' + # SHARELATEX_EMAIL_SMTP_LOGGER: true + # SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by department x" + + ################ + ## Server Pro ## + ################ + + # SANDBOXED_COMPILES: 'true' + + # SANDBOXED_COMPILES_SIBLING_CONTAINERS: 'true' + # SANDBOXED_COMPILES_HOST_DIR: '/var/sharelatex_data/data/compiles' + + # DOCKER_RUNNER: 'false' + + ## Works with test LDAP server shown at bottom of docker compose + # SHARELATEX_LDAP_URL: 'ldap://ldap:389' + # SHARELATEX_LDAP_SEARCH_BASE: 'ou=people,dc=planetexpress,dc=com' + # SHARELATEX_LDAP_SEARCH_FILTER: '(uid={{username}})' + # SHARELATEX_LDAP_BIND_DN: 'cn=admin,dc=planetexpress,dc=com' + # SHARELATEX_LDAP_BIND_CREDENTIALS: 'GoodNewsEveryone' + # SHARELATEX_LDAP_EMAIL_ATT: 'mail' + # SHARELATEX_LDAP_NAME_ATT: 'cn' + # SHARELATEX_LDAP_LAST_NAME_ATT: 'sn' + # SHARELATEX_LDAP_UPDATE_USER_DETAILS_ON_LOGIN: 'true' + + # SHARELATEX_TEMPLATES_USER_ID: "578773160210479700917ee5" + # SHARELATEX_NEW_PROJECT_TEMPLATE_LINKS: '[ {"name":"All Templates","url":"/templates/all"}]' + + + # SHARELATEX_PROXY_LEARN: "true" + + mongo: + restart: always + image: mongo:4.4 + container_name: sharelatex-mongo + expose: + - 27017 + volumes: + - /mnt/docker-volumes/sharelatex/mongo:/data/db + healthcheck: + test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet + interval: 10s + timeout: 10s + retries: 5 + + redis: + restart: always + image: redis:5 + container_name: sharelatex-redis + expose: + - 6379 + volumes: + - /mnt/docker-volumes/sharelatex/redis:/data diff --git a/paperless-ngx/README.md b/paperless-ngx/README.md new file mode 100644 index 0000000..7a8ae45 --- /dev/null +++ b/paperless-ngx/README.md @@ -0,0 +1,3 @@ +# References + +https://hub.docker.com/r/linuxserver/paperless-ngx diff --git a/paperless-ngx/docker-compose.yml b/paperless-ngx/docker-compose.yml new file mode 100644 index 0000000..ddb015d --- /dev/null +++ b/paperless-ngx/docker-compose.yml @@ -0,0 +1,17 @@ +--- +version: "2.1" +services: + paperless-ngx: + image: lscr.io/linuxserver/paperless-ngx:latest + container_name: paperless-ngx + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - REDIS_URL= #optional + volumes: + - /mnt/docker-volumes/paperless-ngx/config:/config + - /mnt/docker-volumes/paperless-ngx/data:/data + ports: + - 8000:8000 + restart: unless-stopped diff --git a/papermerge/README.md b/papermerge/README.md new file mode 100644 index 0000000..1c834e6 --- /dev/null +++ b/papermerge/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/ciur/papermerge diff --git a/papermerge/docker-compose.yml b/papermerge/docker-compose.yml new file mode 100644 index 0000000..1ae5fcb --- /dev/null +++ b/papermerge/docker-compose.yml @@ -0,0 +1,16 @@ +version: "3" + +services: + papermerge: + container_name: papermerge + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + hostname: papermerge + image: linuxserver/papermerge:latest + restart: unless-stopped + volumes: + - /mnt/docker-volumes/papermerge/importer_dir:/mnt/media/importer_dir + - /mnt/docker-volumes/papermerge/config:/config + - /mnt/docker-volumes/papermerge/data:/data diff --git a/photoprism/README.md b/photoprism/README.md new file mode 100644 index 0000000..acdef26 --- /dev/null +++ b/photoprism/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/photoprism/photoprism diff --git a/photoprism/docker-compose.yml b/photoprism/docker-compose.yml new file mode 100644 index 0000000..ec0a374 --- /dev/null +++ b/photoprism/docker-compose.yml @@ -0,0 +1,21 @@ +version: "3" + +services: + photoprism: + container_name: photoprism + environment: + - PHOTOPRISM_ADMIN_PASSWORD=MySecureLoginPasswordForPhotoprism + - PHOTOPRISM_DEBUG=false + - PHOTOPRISM_PUBLIC=false + - PHOTOPRISM_UPLOAD_NSFW=true + - PHOTOPRISM_DETECT_NSFW=false + - PHOTOPRISM_HTTP_HOST=0.0.0.0 + - PHOTOPRISM_HTTP_PORT=2342 + - PHOTOPRISM_DATABASE_DRIVER=sqlite + ports: + - 2342:2342 + image: photoprism/photoprism:latest + restart: unless-stopped + volumes: + - /path/to/my/locally/stored/media/files:/photoprism/originals + - /mnt/docker-volumes/photoprism/storage:/photoprism/storage diff --git a/pihole/README.md b/pihole/README.md new file mode 100644 index 0000000..4705320 --- /dev/null +++ b/pihole/README.md @@ -0,0 +1,3 @@ +# References + +https://hub.docker.com/r/pihole/pihole diff --git a/pihole/docker-compose.yml b/pihole/docker-compose.yml new file mode 100644 index 0000000..fb053b7 --- /dev/null +++ b/pihole/docker-compose.yml @@ -0,0 +1,24 @@ +version: "3" + +# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ +services: + pihole: + container_name: pihole + image: pihole/pihole:latest + # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" + ports: + - "53:53/tcp" # DNS TCP + - "53:53/udp" # DNS UDP + - "80:80/tcp" # WEB ADMIN GUI + #- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server + environment: + TZ: 'Europe/Berlin' + WEBPASSWORD: 'MySecureLoginPasswordForWebApp' + # Volumes store your data between container upgrades + volumes: + - '/mnt/docker-volumes/pihole/data:/etc/pihole' + - '/mnt/docker-volumes/pihole/dnsmasq:/etc/dnsmasq.d' + # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + cap_add: + - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed + restart: unless-stopped diff --git a/plausible/README.md b/plausible/README.md new file mode 100644 index 0000000..39336cc --- /dev/null +++ b/plausible/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/plausible/analytics diff --git a/plausible/docker-compose.yml b/plausible/docker-compose.yml new file mode 100644 index 0000000..b9445c0 --- /dev/null +++ b/plausible/docker-compose.yml @@ -0,0 +1,50 @@ +version: "3.3" +services: + #mail: + # image: bytemark/smtp + # restart: always + # container_name: plausible-smtp + + plausible_db: + # supported versions are 12, 13, and 14 + image: postgres:14-alpine + restart: always + container_name: plausible-db + volumes: + - /mnt/docker-volumes/plausible/database/:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=postgres + + plausible_events_db: + container_name: plausible-events-db + image: clickhouse/clickhouse-server:22.6-alpine + restart: always + volumes: + - /mnt/docker-volumes/plausible/event-data:/var/lib/clickhouse + - /mnt/docker-volumes/plausible/clickhouse/clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro + - /mnt/docker-volumes/plausible/clickhouse/clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro + ulimits: + nofile: + soft: 262144 + hard: 262144 + + plausible: + container_name: plausible + image: plausible/analytics:latest + restart: always + command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run" + depends_on: + - plausible_db + - plausible_events_db + # - mail + ports: + - 8000:8000 # WEB UI + env_file: + - plausible-conf.env + #labels: + # - traefik.enable=true + # - traefik.http.routers.plausible.rule=Host(`plausible.example.com`) + # - traefik.http.services.plausible.loadbalancer.server.port=8000 + # - traefik.docker.network=proxy + # # Part for local lan services only + # # - traefik.http.routers.plausible.middlewares=local-ipwhitelist@file diff --git a/plausible/plausible-conf.env b/plausible/plausible-conf.env new file mode 100644 index 0000000..db0356b --- /dev/null +++ b/plausible/plausible-conf.env @@ -0,0 +1,6 @@ +ADMIN_USER_EMAIL=john.doe@example.com # this is your admin user for login +ADMIN_USER_NAME=superuser # this is your admin username +ADMIN_USER_PWD=MyVeryStrongLoginPasswordForPlausible # change this +BASE_URL=https://plausible.example.com:443 # change this +SECRET_KEY_BASE=9meoKctVLEjZGm+CQwNbgZdAiWnw== # change this to a secure random secret +DISABLE_REGISTRATION=true diff --git a/portainer-ee/README.md b/portainer-ee/README.md new file mode 100644 index 0000000..ab47940 --- /dev/null +++ b/portainer-ee/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/portainer/portainer diff --git a/portainer-ee/docker-compose.yml b/portainer-ee/docker-compose.yml new file mode 100644 index 0000000..18ff288 --- /dev/null +++ b/portainer-ee/docker-compose.yml @@ -0,0 +1,25 @@ +version: '3' + +services: + portainer: + image: portainer/portainer-ee:latest + container_name: portainer-ee + restart: unless-stopped + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - portainer_data:/data + ports: + - 9443:9443 + #labels: + # - traefik.enable=true + # - traefik.http.routers.portainer.rule=Host(`portainer.example.com`) + # - traefik.http.services.portainer.loadbalancer.server.port=9000 + # - traefik.docker.network=proxy + # # Part for local lan services only + # - traefik.http.routers.portainer.middlewares=local-ipwhitelist@file + +volumes: + portainer_data: + external: true + name: portainer_data diff --git a/privatebin/README.md b/privatebin/README.md new file mode 100644 index 0000000..460c35a --- /dev/null +++ b/privatebin/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/PrivateBin/PrivateBin diff --git a/privatebin/configs/config.php b/privatebin/configs/config.php new file mode 100644 index 0000000..2cf5bf5 --- /dev/null +++ b/privatebin/configs/config.php @@ -0,0 +1,208 @@ +;project page." + +; (optional) notice to display +;notice = "Note: Kittens will die if you abuse this service." + +; by default PrivateBin will guess the visitors language based on the browsers +; settings. Optionally you can enable the language selection menu, which uses +; a session cookie to store the choice until the browser is closed. +languageselection = true + +; set the language your installs defaults to, defaults to English +; if this is set and language selection is disabled, this will be the only language +languagedefault = "en" + +; (optional) URL shortener address to offer after a new paste is created +; it is suggested to only use this with self-hosted shorteners as this will leak +; the pastes encryption key +; urlshortener = "https://shortener.example.com/api?link=" + +; (optional) Let users create a QR code for sharing the paste URL with one click. +; It works both when a new paste is created and when you view a paste. +qrcode = true + +; (optional) IP based icons are a weak mechanism to detect if a comment was from +; a different user when the same username was used in a comment. It might be +; used to get the IP of a non anonymous comment poster if the server salt is +; leaked and a SHA256 HMAC rainbow table is generated for all (relevant) IPs. +; Can be set to one these values: "none" / "vizhash" / "identicon" (default). +icon = "identicon" + +; Content Security Policy headers allow a website to restrict what sources are +; allowed to be accessed in its context. You need to change this if you added +; custom scripts from third-party domains to your templates, e.g. tracking +; scripts or run your site behind certain DDoS-protection services. +; Check the documentation at https://content-security-policy.com/ +; Notes: +; - If you use a bootstrap theme, you can remove the allow-popups from the +; sandbox restrictions. +; - By default this disallows to load images from third-party servers, e.g. when +; they are embedded in pastes. If you wish to allow that, you can adjust the +; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images +; for details. +; - The 'unsafe-eval' is used in two cases; to check if the browser supports +; async functions and display an error if not and for Chrome to enable +; webassembly support (used for zlib compression). You can remove it if Chrome +; doesn't need to be supported and old browsers don't need to be warned. +; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads" + +; stay compatible with PrivateBin Alpha 0.19, less secure +; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of +; sha256 in HMAC for the deletion token +; zerobincompatibility = false + +; Enable or disable the warning message when the site is served over an insecure +; connection (insecure HTTP instead of HTTPS), defaults to true. +; Secure transport methods like Tor and I2P domains are automatically whitelisted. +; It is **strongly discouraged** to disable this. +; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information. +httpwarning = true + +; Pick compression algorithm or disable it. Only applies to pastes/comments +; created after changing the setting. +; Can be set to one these values: "none" / "zlib" (default). +; compression = "zlib" + +[expire] +; expire value that is selected per default +; make sure the value exists in [expire_options] +default = "1hour" + +[expire_options] +; Set each one of these to the number of seconds in the expiration period, +; or 0 if it should never expire +5min = 300 +;25min = 1500 +1hour = 3600 +4hours = 14400 +1day = 86400 +;5days = 432000 +1week = 604800 +; Well this is not *exactly* one month, it's 30 days: +;1month = 2592000 +;1year = 31536000 +;never = 0 + +[formatter_options] +; Set available formatters, their order and their labels +plaintext = "Plain Text" +syntaxhighlighting = "Source Code" +markdown = "Markdown" + +[traffic] +; time limit between calls from the same IP address in seconds +; Set this to 0 to disable rate limiting. +limit = 10 + +; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted +; from the rate-limit. Invalid IPs will be ignored. If multiple values are to +; be exempted, the list needs to be comma separated. Leave unset to disable +; exemptions. +; exempted = "1.2.3.4,10.10.10/24" + +; (optional) If you want only some source IP addresses (v4 or v6) or subnets +; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be +; ignored. If multiple values are to be exempted, the list needs to be comma +; separated. Leave unset to allow anyone to create pastes. +; creators = "1.2.3.4,10.10.10/24" + +; (optional) if your website runs behind a reverse proxy or load balancer, +; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR +header = "X_FORWARDED_FOR" + +[purge] +; minimum time limit between two purgings of expired pastes, it is only +; triggered when pastes are created +; Set this to 0 to run a purge every time a paste is created. +limit = 300 + +; maximum amount of expired pastes to delete in one purge +; Set this to 0 to disable purging. Set it higher, if you are running a large +; site +batchsize = 10 + +[model] +; name of data model class to load and directory for storage +; the default model "Filesystem" stores everything in the filesystem +class = Filesystem +[model_options] +dir = PATH "data" + +;[model] +; example of a Google Cloud Storage configuration +;class = GoogleCloudStorage +;[model_options] +;bucket = "my-private-bin" +;prefix = "pastes" + +;[model] +; example of DB configuration for MySQL +;class = Database +;[model_options] +;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8" +;tbl = "privatebin_" ; table prefix +;usr = "privatebin" +;pwd = "Z3r0P4ss" +;opt[12] = true ; PDO::ATTR_PERSISTENT + +;[model] +; example of DB configuration for SQLite +;class = Database +;[model_options] +;dsn = "sqlite:" PATH "data/db.sq3" +;usr = null +;pwd = null +;opt[12] = true ; PDO::ATTR_PERSISTENT + +;[model] +; example of DB configuration for PostgreSQL +;class = Database +;[model_options] +;dsn = "pgsql:host=localhost;dbname=privatebin" +;tbl = "privatebin_" ; table prefix +;usr = "privatebin" +;pwd = "Z3r0P4ss" +;opt[12] = true ; PDO::ATTR_PERSISTENT diff --git a/privatebin/configs/nginx.conf b/privatebin/configs/nginx.conf new file mode 100644 index 0000000..fa07b08 --- /dev/null +++ b/privatebin/configs/nginx.conf @@ -0,0 +1,71 @@ +# Sets the worker threads to the number of CPU cores available in the system for best performance. +# Should be > the number of CPU cores. +# Maximum number of connections = worker_processes * worker_connections +worker_processes auto; + +# Maximum number of open files per worker process. +# Should be > worker_connections. +worker_rlimit_nofile 8192; + +events { + # If you need more connections than this, you start optimizing your OS. + # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests. + # Should be < worker_rlimit_nofile. + worker_connections 8000; +} + +# Log errors and warnings to this file +# This is only used when you don't override it on a server{} level +error_log /dev/stderr warn; + +# The file storing the process ID of the main process +pid /run/nginx.pid; + +# The process is managed in the docker-env +daemon off; + +# Free some CPU cycles +timer_resolution 500ms; + +http { + # Specify MIME types for files. + include mime.types; + default_type application/octet-stream; + + # Update charset_types to match updated mime.types. + # text/html is always included by charset module. + charset_types text/css text/plain text/vnd.wap.wml application/javascript application/json application/rss+xml application/xml; + + # Include $http_x_forwarded_for within default format used in log files + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Hide used software + server_tokens off; + + # Default charset + charset utf-8; + + # How long to allow each connection to stay idle. + # Longer values are better for each individual client, particularly for SSL, + # but means that worker connections are tied up longer. + keepalive_timeout 20s; + + # Speed up file transfers by using sendfile() to copy directly + # between descriptors rather than using read()/write(). + # For performance reasons, on FreeBSD systems w/ ZFS + # this option should be disabled as ZFS's ARC caches + # frequently used files in RAM by default. + sendfile on; + + # Don't send out partial frames; this increases throughput + # since TCP frames are filled up before being sent out. + tcp_nopush on; + + # Allow up to 512 MiB payload, privatebin defaults to 10 MiB. + client_max_body_size 512M; + + # Load even moar configs + include /etc/nginx/http.d/*.conf; +} diff --git a/privatebin/configs/nginx_sites_available_privatebin.conf b/privatebin/configs/nginx_sites_available_privatebin.conf new file mode 100644 index 0000000..cca7903 --- /dev/null +++ b/privatebin/configs/nginx_sites_available_privatebin.conf @@ -0,0 +1,30 @@ +# mysite_nginx.conf + +# the upstream component nginx needs to connect to +upstream privatebin-docker { + server 127.0.0.1:9988; +} + +# configuration of the server +server { + # the port your site will be served on + # the domain name it will serve for + server_name privatebin.example.com + charset utf-8; + + # max upload size + client_max_body_size 0; # adjust to taste + + # Finally, send all non-media requests to the Privatebin server. + # if you use cloudflare, please read this https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-using-cloudflare-for-ddos-protection + location / { + proxy_pass http://privatebin-docker; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_redirect off; + client_max_body_size 0; # adjust to taste + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + } + + #add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; diff --git a/privatebin/configs/php.ini b/privatebin/configs/php.ini new file mode 100644 index 0000000..1e05478 --- /dev/null +++ b/privatebin/configs/php.ini @@ -0,0 +1,64 @@ +; session.use_strict_mode specifies whether the module will use strict session id mode. If this +; mode is enabled, the module does not accept uninitialized session ID. If uninitialized session ID +; is sent from browser, new session ID is sent to browser. Applications are protected from session +; fixation via session adoption with strict mode. Defaults to 0 (disabled). +session.use_strict_mode=On + +; Enable assert() evaluation. +assert.active=Off + +; This determines whether errors should be printed to the screen as part of the output or if they +; should be hidden from the user. Value "stderr" sends the errors to stderr instead of stdout. +display_errors=Off + +; Tells whether script error messages should be logged to the server's error log or error_log. +; You're strongly advised to use error logging in place of error displaying on production web sites. +log_errors=On + + + +; increase size limits +upload_max_filesize=512M +post_max_size=512M +memory_limit = 512M + + +; best practices + +; Disable deprecated short open tags (" # change to your provider account email address. The API token is defined in the docker-compose.yml as environment variable + storage: /etc/traefik/acme.json + dnsChallenge: + provider: cloudflare + # Used to make sure the dns challenge is propagated to the rights dns servers + resolvers: + - "1.1.1.1:53" + - "1.0.0.1:53" diff --git a/trsync/README.de b/trsync/README.de new file mode 100644 index 0000000..c84f610 --- /dev/null +++ b/trsync/README.de @@ -0,0 +1,3 @@ +# References + +https://github.com/l4rm4nd/TRSync diff --git a/trsync/docker-compose.yml b/trsync/docker-compose.yml new file mode 100644 index 0000000..64d4834 --- /dev/null +++ b/trsync/docker-compose.yml @@ -0,0 +1,10 @@ +version: '3.3' +services: + trsync: + image: l4rm4nd/trsync:latest + container_name: trsync + ports: + - '8000:8000' + environment: + - SECRET_KEY=ChooseStrongSecretKeyHere # pls change + - DOMAIN=trsync.example.com # your hostname to put in Django's ALLOW_HOSTS diff --git a/uptimekuma/README.md b/uptimekuma/README.md new file mode 100644 index 0000000..2328d83 --- /dev/null +++ b/uptimekuma/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/louislam/uptime-kuma diff --git a/uptimekuma/docker-compose.yml b/uptimekuma/docker-compose.yml new file mode 100644 index 0000000..87208e0 --- /dev/null +++ b/uptimekuma/docker-compose.yml @@ -0,0 +1,22 @@ +version: "3.8" + +services: + app: + container_name: uptime-kuma + hostname: uptime-kuma + image: louislam/uptime-kuma + restart: always + ports: + - 3001:3001 + dns: + - 1.1.1.1 + - 8.8.8.8 + volumes: + - /mnt/docker-volumes/uptimekuma:/app/data + labels: + - traefik.enable=true + - traefik.http.routers.uptimekuma.rule=Host(`uptimekuma.example.com`) + - traefik.http.services.uptimekuma.loadbalancer.server.port=3001 + - traefik.docker.network=proxy + # Part for local lan services only + #- traefik.http.routers.uptimekuma.middlewares=local-ipwhitelist@file diff --git a/vaultwarden/README.md b/vaultwarden/README.md new file mode 100644 index 0000000..5066aa2 --- /dev/null +++ b/vaultwarden/README.md @@ -0,0 +1,4 @@ +# Reference + +- https://github.com/dani-garcia/vaultwarden +- https://github.com/Bruceforce/vaultwarden-backup diff --git a/vaultwarden/docker-compose.yml b/vaultwarden/docker-compose.yml new file mode 100644 index 0000000..4da15c9 --- /dev/null +++ b/vaultwarden/docker-compose.yml @@ -0,0 +1,67 @@ +version: "3" + +services: + vaultwarden: + container_name: vaultwarden + dns: + - 1.1.1.1 + environment: + #- ADMIN_TOKEN=MySecureAdminTokenPasswordForAdminArea + #- globalSettings__mail__replyToEmail=bitwarden@example.com + #- globalSettings__mail__smtp__host=smtp.gmail.com + #- globalSettings__mail__smtp__username=bitwarden@example.com + #- globalSettings__mail__smtp__password=MyStrongSmtpLoginPassword + #- globalSettings__mail__smtp__ssl=true + #- globalSettings__mail__smtp__port=587 + - globalSettings__disableUserRegistration=true + - LOG_FILE=/data/logs/access.log + - WEBSOCKET_ENABLED=true + - ROCKET_ENV=prod + - ROCKET_WORKERS=10 + - TZ=Europe/Berlin + - LOG_LEVEL=error + - EXTENDED_LOGGING=true + hostname: vaultwarden + ports: + - 8888:80 + image: vaultwarden/server:latest + #labels: + # - com.centurylinklabs.watchtower.monitor-only=true + # - traefik.enable=true + # - traefik.docker.network=proxy + # - traefik.http.routers.vaultwarden.rule=Host(`bitwarden.example.com`) + # - traefik.http.routers.vaultwarden.service=vaultwarden + # - traefik.http.services.vaultwarden.loadbalancer.server.port=80 + # - traefik.http.routers.vaultwarden-ws.rule=Host(`bitwarden.example.com`) && Path(`/notifications/hub`) + # - traefik.http.routers.vaultwarden-ws.service=vaultwarden-ws + # - traefik.http.services.vaultwarden-ws.loadbalancer.server.port=3012 + restart: unless-stopped + volumes: + - /mnt/docker-volumes/vaultwarden/data:/data + - /mnt/docker-volumes/vaultwarden/logs:/data/logs + + # this service will backup your vaultwarden instance corretly + # see https://github.com/Bruceforce/vaultwarden-backup for more information + vaultwarden-backup: + container_name: vaultwarden-backup + hostname: vaultwarden-backup + image: bruceforce/vaultwarden-backup:latest + restart: on-failure + init: true + depends_on: + - vaultwarden + #labels: + # com.centurylinklabs.watchtower.monitor-only: true + volumes: + - /mnt/docker-volumes/vaultwarden/data:/data/ + - /mnt/docker-volumes/vaultwarden/backup:/myBackup + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + environment: + - TIMESTAMP=true + - DELETE_AFTER=30 + - UID=0 + - GID=1000 + - TZ=Europe/Berlin + - BACKUP_DIR=/myBackup + - CRON_TIME=50 3 * * * # see https://crontab.guru/ diff --git a/watchtower/README.md b/watchtower/README.md new file mode 100644 index 0000000..e17af18 --- /dev/null +++ b/watchtower/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/containrrr/watchtower diff --git a/watchtower/docker-compose.yml b/watchtower/docker-compose.yml new file mode 100644 index 0000000..4021605 --- /dev/null +++ b/watchtower/docker-compose.yml @@ -0,0 +1,25 @@ +version: "3.9" + +services: + watchtower: + container_name: watchtower + hostname: watchtower + environment: + #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587 + #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=watchtower@example.com + #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=MyStrongSmtpLoginPassword + #- WATCHTOWER_NOTIFICATION_EMAIL_FROM=watchtower@example.com + #- WATCHTOWER_NOTIFICATION_EMAIL_TO=john.doe@example.com + #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.google.com + #- WATCHTOWER_NOTIFICATIONS=email + - WATCHTOWER_SCHEDULE=0 0 6 * * * # see https://crontab.guru/ + - WATCHTOWER_CLEANUP=true # remove unused images afterwards + image: containrrr/watchtower:latest + labels: + com.centurylinklabs.watchtower: true + restart: always + network_mode: "host" + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + working_dir: / diff --git a/watchyourlan/README.md b/watchyourlan/README.md new file mode 100644 index 0000000..8682450 --- /dev/null +++ b/watchyourlan/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/aceberg/WatchYourLAN diff --git a/watchyourlan/docker-compose.yml b/watchyourlan/docker-compose.yml new file mode 100644 index 0000000..b596492 --- /dev/null +++ b/watchyourlan/docker-compose.yml @@ -0,0 +1,18 @@ +version: "3" +services: + wyl: + image: aceberg/watchyourlan + container_name: watchyourlan + network_mode: "host" + restart: unless-stopped + volumes: + - /mnt/docker-volumes/watchyourlan:/data + environment: + TZ: Europe/Berlin # required: needs your TZ for correct time + IFACE: "ens18" # required: 1 or more interface + DBPATH: "/data/db.sqlite" # optional, default: /data/db.sqlite + GUIIP: "127.0.0.1" # optional, default: localhost + GUIPORT: "8840" # optional, default: 8840 + TIMEOUT: "120" # optional, time in seconds, default: 60 + #SHOUTRRR_URL: "telegram://" # optional, set url to notify + THEME: "darkly" # optional diff --git a/wg-easy/README.md b/wg-easy/README.md new file mode 100644 index 0000000..9abbc1c --- /dev/null +++ b/wg-easy/README.md @@ -0,0 +1,3 @@ +# Reference + +https://github.com/WeeJeWel/wg-easy diff --git a/wg-easy/docker-compose.yml b/wg-easy/docker-compose.yml new file mode 100644 index 0000000..2201afb --- /dev/null +++ b/wg-easy/docker-compose.yml @@ -0,0 +1,27 @@ +version: "3" + +services: + wg-easy: + cap_add: + - NET_ADMIN + - SYS_MODULE + container_name: wg-easy + environment: + - WG_HOST=vpn.example.com # your hostname or ip address + - PASSWORD=MyStrongPasswordForWebUi # change this + - WG_DEFAULT_DNS=1.1.1.1,8.8.8.8 # add your local dns like pihole + hostname: wireguard-easy + image: docker.io/weejewel/wg-easy:latest + ports: + - 51820:51820/udp #VPN + - 51821:51821/tcp #WEBGUI + restart: unless-stopped + volumes: + - /mnt/docker-volumes/wg-easy:/etc/wireguard +# labels: +# - traefik.enable=true +# - traefik.http.routers.wireguard.rule=Host(`vpn.example.com`) +# - traefik.http.services.wireguard.loadbalancer.server.port=51821 +# - traefik.docker.network=proxy +# # Part for local lan services only +# - traefik.http.routers.wireguard.middlewares=local-ipwhitelist@file diff --git a/wikijs/README.md b/wikijs/README.md new file mode 100644 index 0000000..2366a91 --- /dev/null +++ b/wikijs/README.md @@ -0,0 +1,3 @@ +# References + +https://github.com/linuxserver/docker-wikijs diff --git a/wikijs/docker-compose.yml b/wikijs/docker-compose.yml new file mode 100644 index 0000000..ac22007 --- /dev/null +++ b/wikijs/docker-compose.yml @@ -0,0 +1,29 @@ +version: "3" + +services: + wikijs: + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + image: linuxserver/wikijs:latest + container_name: wikijs + restart: unless-stopped + ports: + - 3000:3000 # WEB UI + volumes: + - /mnt/docker-volumes/wikijs/config:/config + - /mnt/docker-volumes/wikijs/data:/data + links: + - db + + db: + environment: + - POSTGRES_PASSWORD=MySecureDatabasePassword + - POSTGRES_USER=wikijs + - POSTGRES_DB=wikijs + container_name: postgresql + image: postgres:13.4-bullseye + restart: unless-stopped + volumes: + - /mnt/docker-volumes/wikijs/database:/var/lib/postgresql/data