nerdlicht/docker-container
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add Git stuff

Browse Source
This commit is contained in:
Sönke Domröse
2025-04-09 07:09:53 -05:00
parent 0bf105f83e
commit e0ae8f2bed
23 changed files with 820 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
automatic-ripping-machine/README.md Normal file
View File

@@ -0,0 +1,5 @@
sudo apt install wget lsscsi
lsscsi -g
wget https://raw.githubusercontent.com/automatic-ripping-machine/automatic-ripping-machine/main/scripts/docker-setup.sh
sudo chmod +x docker-setup.sh

102
automatic-ripping-machine/docker-setup.sh Executable file
View File

@@ -0,0 +1,102 @@
#!/usr/bin/env bash
set -eo pipefail
RED='\033[1;31m'
NC='\033[0m' # No Color
FORK=automaticrippingmachine
TAG=latest
function usage() {
echo -e "\nUsage: docker_setup.sh [OPTIONS]"
echo -e " -f <fork>\tSpecify the fork to pull from on DockerHub. \n\t\tDefault is \"$FORK\""
echo -e " -t <tag>\tSpecify the tag to pull from on DockerHub. \n\t\tDefault is \"$TAG\""
}
while getopts 'f:t:' OPTION
do
case $OPTION in
f) FORK=$OPTARG
;;
t) TAG=$OPTARG
;;
?) usage
exit 2
;;
esac
done
IMAGE="$FORK/automatic-ripping-machine:$TAG"
function install_reqs() {
apt update -y && apt upgrade -y
apt install -y curl lsscsi
}
function add_arm_user() {
echo -e "${RED}Adding arm user${NC}"
# create arm group if it doesn't already exist
if ! [[ "$(getent group arm)" ]]; then
groupadd arm
else
echo -e "${RED}arm group already exists, skipping...${NC}"
fi
# create arm user if it doesn't already exist
if ! id arm >/dev/null 2>&1; then
useradd -m arm -g arm
passwd arm
else
echo -e "${RED}arm user already exists, skipping...${NC}"
fi
usermod -aG cdrom,video arm
}
function launch_setup() {
# install docker
if [ -e /usr/bin/docker ]; then
echo -e "${RED}Docker installation detected, skipping...${NC}"
echo -e "${RED}Adding user arm to docker user group${NC}"
usermod -aG docker arm
else
echo -e "${RED}Installing Docker${NC}"
# the convenience script auto-detects OS and handles install accordingly
curl -sSL https://get.docker.com | bash
echo -e "${RED}Adding user arm to docker user group${NC}"
usermod -aG docker arm
fi
}
function pull_image() {
echo -e "${RED}Pulling image from $IMAGE${NC}"
sudo -u arm docker pull "$IMAGE"
}
function setup_mountpoints() {
echo -e "${RED}Creating mount points${NC}"
for dev in /dev/sr?; do
mkdir -p "/mnt$dev"
done
chown arm:arm /mnt/dev/sr*
}
function save_start_command() {
url="https://raw.githubusercontent.com/automatic-ripping-machine/automatic-ripping-machine/main/scripts/docker/start_arm_container.sh"
cd ~arm
if [ -e start_arm_container.sh ]
then
echo -e "'start_arm_container.sh' already exists. Backing up..."
sudo mv ./start_arm_container.sh ./start_arm_container.sh.bak
fi
sudo -u arm curl -fsSL "$url" -o start_arm_container.sh
chmod +x start_arm_container.sh
sed -i "s|IMAGE_NAME|${IMAGE}|" start_arm_container.sh
}
# start here
install_reqs
add_arm_user
launch_setup
pull_image
setup_mountpoints
save_start_command
echo -e "${RED}Installation complete. A template command to run the ARM container is located in: $(echo ~arm) ${NC}"

152
guacamole-docker-compose/README.md Normal file
View File

@@ -0,0 +1,152 @@
# Guacamole with docker compose
This is a small documentation how to run a fully working **Apache Guacamole (incubating)** instance with docker (docker compose). The goal of this project is to make it easy to test Guacamole.
## About Guacamole
Apache Guacamole (incubating) is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. It is called clientless because no plugins or client software are required. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.
It supports RDP, SSH, Telnet and VNC and is the fastest HTML5 gateway I know. Checkout the projects [homepage](https://guacamole.incubator.apache.org/) for more information.
## Prerequisites
You need a working **docker** installation and **docker compose** running on your machine.
## Quick start
Clone the GIT repository and start guacamole:
~~~bash
git clone "https://github.com/boschkundendienst/guacamole-docker-compose.git"
cd guacamole-docker-compose
./prepare.sh
docker compose up -d
~~~
Your guacamole server should now be available at `https://ip of your server:8443/`. The default username is `guacadmin` with password `guacadmin`.
## Details
To understand some details let's take a closer look at parts of the `docker-compose.yml` file:
### Networking
The following part of docker-compose.yml will create a network with name `guacnetwork_compose` in mode `bridged`.
~~~python
...
# networks
# create a network 'guacnetwork_compose' in mode 'bridged'
networks:
guacnetwork_compose:
driver: bridge
...
~~~
### Services
#### guacd
The following part of docker-compose.yml will create the guacd service. guacd is the heart of Guacamole which dynamically loads support for remote desktop protocols (called "client plugins") and connects them to remote desktops based on instructions received from the web application. The container will be called `guacd_compose` based on the docker image `guacamole/guacd` connected to our previously created network `guacnetwork_compose`. Additionally we map the 2 local folders `./drive` and `./record` into the container. We can use them later to map user drives and store recordings of sessions.
~~~python
...
services:
# guacd
guacd:
container_name: guacd_compose
image: guacamole/guacd
networks:
guacnetwork_compose:
restart: always
volumes:
- ./drive:/drive:rw
- ./record:/record:rw
...
~~~
#### PostgreSQL
The following part of docker-compose.yml will create an instance of PostgreSQL using the official docker image. This image is highly configurable using environment variables. It will for example initialize a database if an initialization script is found in the folder `/docker-entrypoint-initdb.d` within the image. Since we map the local folder `./init` inside the container as `docker-entrypoint-initdb.d` we can initialize the database for guacamole using our own script (`./init/initdb.sql`). You can read more about the details of the official postgres image [here](http://).
~~~python
...
postgres:
container_name: postgres_guacamole_compose
environment:
PGDATA: /var/lib/postgresql/data/guacamole
POSTGRES_DB: guacamole_db
POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234
POSTGRES_USER: guacamole_user
image: postgres
networks:
guacnetwork_compose:
restart: always
volumes:
- ./init:/docker-entrypoint-initdb.d:ro
- ./data:/var/lib/postgresql/data:rw
...
~~~
#### Guacamole
The following part of docker-compose.yml will create an instance of guacamole by using the docker image `guacamole` from docker hub. It is also highly configurable using environment variables. In this setup it is configured to connect to the previously created postgres instance using a username and password and the database `guacamole_db`. Port 8080 is only exposed locally! We will attach an instance of nginx for public facing of it in the next step.
~~~python
...
guacamole:
container_name: guacamole_compose
depends_on:
- guacd
- postgres
environment:
GUACD_HOSTNAME: guacd
POSTGRES_DATABASE: guacamole_db
POSTGRES_HOSTNAME: postgres
POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234
POSTGRES_USER: guacamole_user
image: guacamole/guacamole
links:
- guacd
networks:
guacnetwork_compose:
ports:
- 8080/tcp
restart: always
...
~~~
#### nginx
The following part of docker-compose.yml will create an instance of nginx that maps the public port 8443 to the internal port 443. The internal port 443 is then mapped to guacamole using the `./nginx/templates/guacamole.conf.template` file. The container will use the previously generated (`prepare.sh`) self-signed certificate in `./nginx/ssl/` with `./nginx/ssl/self-ssl.key` and `./nginx/ssl/self.cert`.
~~~python
...
# nginx
nginx:
container_name: nginx_guacamole_compose
restart: always
image: nginx
volumes:
- ./nginx/templates:/etc/nginx/templates:ro
- ./nginx/ssl/self.cert:/etc/nginx/ssl/self.cert:ro
- ./nginx/ssl/self-ssl.key:/etc/nginx/ssl/self-ssl.key:ro
ports:
- 8443:443
links:
- guacamole
networks:
guacnetwork_compose:
...
~~~
## prepare.sh
`prepare.sh` is a small script that creates `./init/initdb.sql` by downloading the docker image `guacamole/guacamole` and start it like this:
~~~bash
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > ./init/initdb.sql
~~~
It creates the necessary database initialization file for postgres.
`prepare.sh` also creates the self-signed certificate `./nginx/ssl/self.cert` and the private key `./nginx/ssl/self-ssl.key` which are used
by nginx for https.
## reset.sh
To reset everything to the beginning, just run `./reset.sh`.
## WOL
Wake on LAN (WOL) does not work and I will not fix that because it is beyound the scope of this repo. But [zukkie777](https://github.com/zukkie777) who also filed [this issue](https://github.com/boschkundendienst/guacamole-docker-compose/issues/12) fixed it. You can read about it on the [Guacamole mailing list](http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/How-to-docker-composer-for-WOL-td9164.html)
**Disclaimer**
Downloading and executing scripts from the internet may harm your computer. Make sure to check the source of the scripts before executing them!

148
guacamole-docker-compose/docker-compose.yml Normal file
View File

@@ -0,0 +1,148 @@
####################################################################################
# docker-compose file for Apache Guacamole
# created by PCFreak 2017-06-28
#
# Apache Guacamole is a clientless remote desktop gateway. It supports standard
# protocols like VNC, RDP, and SSH. We call it clientless because no plugins or
# client software are required. Thanks to HTML5, once Guacamole is installed on
# a server, all you need to access your desktops is a web browser.
####################################################################################
#
# What does this file do?
#
# Using docker-compose it will:
#
# - create a network 'guacnetwork_compose' with the 'bridge' driver.
# - create a service 'guacd_compose' from 'guacamole/guacd' connected to 'guacnetwork_compose'
# - create a service 'postgres_guacamole_compose' (1) from 'postgres' connected to 'guacnetwork_compose'
# - create a service 'guacamole_compose' (2) from 'guacamole/guacamole/' conn. to 'guacnetwork_compose'
# - create a service 'nginx_guacamole_compose' (3) from 'nginx' connected to 'guacnetwork_compose'
#
# (1)
# DB-Init script is in './init/initdb.sql' it has been created executing
# 'docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > ./init/initdb.sql'
# once.
# DATA-DIR is in './data'
# If you want to change the DB password change all lines with 'POSTGRES_PASSWORD:' and
# change it to your needs before first start.
# To start from scratch delete './data' dir completely
# './data' will hold all data after first start!
# The initdb.d scripts are only executed the first time the container is started
# (and the database files are empty). If the database files already exist then the initdb.d
# scripts are ignored (e.g. when you mount a local directory or when docker-compose saves
# the volume and reuses it for the new container).
#
# !!!!! MAKE SURE your folder './init' is executable (chmod +x ./init)
# !!!!! or 'initdb.sql' will be ignored!
#
# './data' will hold all data after first start!
#
# (2)
# Make sure you use the same value for 'POSTGRES_USER' and 'POSTGRES_PASSWORD'
# as configured under (1)
#
# (3)
# ./nginx/templates folder will be mapped read-only into the container at /etc/nginx/templates
# and according to the official nginx container docs the guacamole.conf.template will be
# placed in /etc/nginx/conf.d/guacamole.conf after container startup.
# ./nginx/ssl will be mapped into the container at /etc/nginx/ssl
# prepare.sh creates a a self-signed certificate. If you want to use your own certs
# just remove the part that generates the certs from prepare.sh and replace
# 'self-ssl.key' and 'self.cert' with your certificate.
# nginx will export port 8443 to the outside world, make sure that this port is reachable
# on your system from the "outside world". All other traffic is only internal.
#
# You could remove the entire 'nginx' service from this file if you want to use your own
# reverse proxy in front of guacamole. If doing so, make sure you change the line
# from - 8080/tcp
# to - 8080:8080/tcp
# within the 'guacamole' service. This will expose the guacamole webinterface directly
# on port 8080 and you can use it for your own purposes.
# Note: Guacamole is available on :8080/guacamole, not /.
#
# !!!!! FOR INITAL SETUP (after git clone) run ./prepare.sh once
#
# !!!!! FOR A FULL RESET (WILL ERASE YOUR DATABASE, YOUR FILES, YOUR RECORDS AND CERTS) DO A
# !!!!! ./reset.sh
#
#
# The initial login to the guacamole webinterface is:
#
# Username: guacadmin
# Password: guacadmin
#
# Make sure you change it immediately!
#
# version date comment
# 0.1 2017-06-28 initial release
# 0.2 2017-10-09 minor fixes + internal GIT push
# 0.3 2017-10-09 minor fixes + public GIT push
# 0.4 2019-08-14 creating of ssl certs now in prepare.sh
# simplified nginx startup commands
# 0.5 2023-02-24 nginx now uses a template + some minor changes
# 0.6 2023-03-23 switched to postgres 15.2-alpine
# 0.61 2024-07-27 fix networks + version 3.0
# 0.62 2024-07-27 fix
#####################################################################################
#the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
#version: '3.0'
# networks
# create a network 'guacnetwork_compose' in mode 'bridged'
networks:
guacnetwork_compose:
driver: bridge
# services
services:
# guacd
guacd:
container_name: guacd_compose
image: guacamole/guacd
networks:
- guacnetwork_compose
restart: always
volumes:
- /home/soenke/docker-data/guacamole-docker-compose/drive:/drive:rw
- /home/soenke/docker-data/guacamole-docker-compose/record:/record:rw
# postgres
postgres:
container_name: postgres_guacamole_compose
environment:
PGDATA: /var/lib/postgresql/data/guacamole
POSTGRES_DB: guacamole_db
POSTGRES_PASSWORD: 'ChooseYourOwnPasswordHere1234'
POSTGRES_USER: guacamole_user
image: postgres:15.2-alpine
networks:
- guacnetwork_compose
restart: always
volumes:
- /home/soenke/docker-data/guacamole-docker-compose/init:/docker-entrypoint-initdb.d:z
- /home/soenke/docker-data/guacamole-docker-compose/data:/var/lib/postgresql/data:Z
# guacamole
guacamole:
container_name: guacamole_compose
depends_on:
- guacd
- postgres
environment:
GUACD_HOSTNAME: guacd
POSTGRES_DATABASE: guacamole_db
POSTGRES_HOSTNAME: postgres
POSTGRES_PASSWORD: 'ChooseYourOwnPasswordHere1234'
POSTGRES_USER: guacamole_user
image: guacamole/guacamole
networks:
- guacnetwork_compose
volumes:
- /home/soenke/docker-data/guacamole-docker-compose/record:/record:rw
ports:
## enable next line if not using nginx
- 6080:8080/tcp # Guacamole is on :6080/guacamole, not /.
## enable next line when using nginx
## - 8080/tcp
restart: always

28
guacamole-docker-compose/nginx/ssl/self-ssl.key Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCtCPsfamFqEVwx
9Qxlz+VLU5j2Z5+hLzNkf5BVr6VGl/ovg9/lUNCtiFP73GGaCin5gd+Cof8xoiq/
+xOpoqp8cMyEhvr2CxVJISVyVqQl5YqqLDvgjcfSXKH9XQrFPmDHZrWK6E0tYh3y
veuy5pxgVmc7ob4VPbFEhQJjDW7fQNXc+xB5UIZL/GBSFE3DTrtfi17WN1Dyydms
NG1W6wgNtIj9WyXx6TUR4EANpEB9B3pvuBXqqgYRS+DS9TeXx+do+MWRcHlsyhci
MMU97Ar7Avc9C9M483p58zB3mCksAHOw21am2kM3owEbZanVvcJM5CiVGTYS+tXf
isK83BMNAgMBAAECggEAG7kIouvkV54Ya1ibd+RrFDp8k13e0XBCh6N4eIH/tOO8
jchPIupjxKnG6t9QM+HU/8izCrbxr/4PY1rSt6b8MZvQ6JrHsovsCR9qZHtFKV0x
bjpQDZYpoaZ9vZ4ej6OC1e+6vlqhotfJfI65KJySCU1OlNtBHR4ZPKUi0MPiM5pn
096uQ41gZnzCtlvn7BUruvqYXaA1/WQ6i255ToHcvOHfMD1x9vjh+40Jnh+n85AI
0qTR7v9n27OTXZeVi8SNj5O0TduI+Cj9YyUBxn8V1bq/GOXWVcpk/M4mUnsM1G33
+1XZ1OsFU4HqyKvtrbi9EIMye60uzYXZmtGj/bHn8QKBgQDqbnTcBDBSbEp8JGmt
ziqRwJQ+4dYGgaKS/KCxmVnZbyWyDoTVsNpj02ETQcYAiNv3zPKRMYQWhAM5+Lvh
rS8n8iKi3rp2eIydwuG4t5+j+woCd8i2MZeaUxCK2K6khoNjYjK2RX0rWwjNE8IC
ZU1wlSsAmjiJgBdvI6CY048XGwKBgQC89HX2xJ3QgBffOeQCv93aO6Ef8wAqnDRx
gdBHE/5UZEXK4tOHcUNDCzkf2Jzbt+aNM1v7zeNa2Y+r/iNp7LDmw1yfr38iXTm7
AKb+M2HZeRU3xzCaQiXgj76VnInEPqFVIJUw19WT8qlDeRdCjzKEyiYdYJplgq70
a3nYZcrY9wKBgQCFHErGUqqNYme4rYRD5/hL4ilKuzinYRxKkZ88uHJH/9BLlere
2xhl7jQElygyTYN45KomvxLdJgAe/pjPv2IzME1yZT1C35gYS/uWwsymc3hvhkw1
B1upiNivvfEMAkTAPZXF4Rb9cydAKqPScGrULh7IrMjFajHkLTqXDCkHWQKBgBoE
jzmrWQ+ck6zpC7xVLvcdvtHnY956I759YXBoEF0OcY2+LeI4dkqFARihevfGGrjW
mZPShbu8uUu1cqrjLHiZ7ecPAzJ4I7rcHCJkcNTBF2rWwpp7ATwqjtOK+m1LMmvG
UMSo83+rqiLgSZOgpBQkwZrJ8niHxg9hvSVO3t+BAoGBALPYDejTZBO9NLNQt5mS
6L69jQLM7D5JEI5z/v7L+xhgov5w9IXRGQCw5YW3xXrf3RsljJHusKBk+iGhNuQG
mZyhNjR9HJbTooDOfHRD2E1mR/wvvzr4U1fIepLDOEc7Z5h62YwpLRRybWDSwR2W
PZNkyIMprTJ7rmIquXFrbp3r
-----END PRIVATE KEY-----

25
guacamole-docker-compose/nginx/ssl/self.cert Normal file
View File

@@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIUVv9uwr0PLv9CH4tbSVuiMRO4nPUwDQYJKoZIhvcNAQEL
BQAwgaQxCzAJBgNVBAYTAkRFMQswCQYDVQQIDAJCWTEWMBQGA1UEBwwNSGludGVy
dHVwZmluZzERMA8GA1UECgwIRG9yZndpcnQxDjAMBgNVBAsMBVRoZWtlMSEwHwYD
VQQDDBh3d3cuY3JlYXRleW91cm93bi5kb21haW4xKjAoBgkqhkiG9w0BCQEWG2Rv
Y2tlckBjcmVhdGV5b3Vyb3duLmRvbWFpbjAeFw0yNDEyMzExNDU3MzRaFw0yNTAx
MzAxNDU3MzRaMIGkMQswCQYDVQQGEwJERTELMAkGA1UECAwCQlkxFjAUBgNVBAcM
DUhpbnRlcnR1cGZpbmcxETAPBgNVBAoMCERvcmZ3aXJ0MQ4wDAYDVQQLDAVUaGVr
ZTEhMB8GA1UEAwwYd3d3LmNyZWF0ZXlvdXJvd24uZG9tYWluMSowKAYJKoZIhvcN
AQkBFhtkb2NrZXJAY3JlYXRleW91cm93bi5kb21haW4wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCtCPsfamFqEVwx9Qxlz+VLU5j2Z5+hLzNkf5BVr6VG
l/ovg9/lUNCtiFP73GGaCin5gd+Cof8xoiq/+xOpoqp8cMyEhvr2CxVJISVyVqQl
5YqqLDvgjcfSXKH9XQrFPmDHZrWK6E0tYh3yveuy5pxgVmc7ob4VPbFEhQJjDW7f
QNXc+xB5UIZL/GBSFE3DTrtfi17WN1DyydmsNG1W6wgNtIj9WyXx6TUR4EANpEB9
B3pvuBXqqgYRS+DS9TeXx+do+MWRcHlsyhciMMU97Ar7Avc9C9M483p58zB3mCks
AHOw21am2kM3owEbZanVvcJM5CiVGTYS+tXfisK83BMNAgMBAAGjUzBRMB0GA1Ud
DgQWBBT0qKLiWEWgk98qceU/KyaviAEa8DAfBgNVHSMEGDAWgBT0qKLiWEWgk98q
ceU/KyaviAEa8DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAc
TOjLO2dLq7u2JPYZZRCfNoLIQyLpCEMbQ4fPiTUP72AZ56Dd4nHyl6O/ZIEN+r9C
O230zhb3OS+/6D0YpUDEIxbWdu5Y29Y75Ieh1AQJh9MO5rmHphWag1+x3w9OoEUr
+DuYKKvkWOyHkQqvOXfVJ21KbOhccr41VKo+AWb+2M7uApOstF5/r2llojEVZmbS
pFMJK0UU7y7er5MGcH4TNa1umzcHrjfXlAd15iF5tKH+WA0CU1fNd9KMbCyy+vkU
Fu3mixXmn9tOCweNdzIQx4wLvHV34d0XMMaGpzrF1QQ47xmlWdzKJ9p2qomRyN79
t9Nv0d6bagcrLSe23VgG
-----END CERTIFICATE-----

42
guacamole-docker-compose/nginx/templates/guacamole.conf.template Normal file
View File

@@ -0,0 +1,42 @@
### BBB
server {
listen 443 ssl;
http2 on;
server_name localhost;
ssl_certificate /etc/nginx/ssl/self.cert;
ssl_certificate_key /etc/nginx/ssl/self-ssl.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling off;
ssl_stapling_verify off;
location / {
proxy_pass http://guacamole:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cookie_path /guacamole/ /;
access_log off;
# allow large uploads (default=1m)
# 4096m = 4GByte
client_max_body_size 4096m;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

18
guacamole-docker-compose/prepare.sh Executable file
View File

@@ -0,0 +1,18 @@
#!/bin/sh
#
# check if docker is running
if ! (docker ps >/dev/null 2>&1)
then
echo "docker daemon not running, will exit here!"
exit
fi
echo "Preparing folder init and creating ./init/initdb.sql"
mkdir ./init >/dev/null 2>&1
mkdir -p ./nginx/ssl >/dev/null 2>&1
chmod -R +x ./init
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > ./init/initdb.sql
echo "done"
echo "Creating SSL certificates"
openssl req -nodes -newkey rsa:2048 -new -x509 -keyout nginx/ssl/self-ssl.key -out nginx/ssl/self.cert -subj '/C=DE/ST=BY/L=Hintertupfing/O=Dorfwirt/OU=Theke/CN=www.createyourown.domain/emailAddress=docker@createyourown.domain'
echo "You can use your own certificates by placing the private key in nginx/ssl/self-ssl.key and the cert in nginx/ssl/self.cert"
echo "done"

13
guacamole-docker-compose/reset.sh Executable file
View File

@@ -0,0 +1,13 @@
#!/bin/bash
echo "This will delete your existing database (./data/)"
echo " delete your recordings (./record/)"
echo " delete your drive files (./drive/)"
echo " delete your certs files (./nginx/ssl/)"
echo ""
read -p "Are you sure? " -n 1 -r
echo "" # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]; then # do dangerous stuff
chmod -R +x -- ./init
sudo rm -r -f ./data/ ./drive/ ./record/ ./nginx/ssl/
fi

10
ittools/docker-compose.yml Normal file
View File

@@ -0,0 +1,10 @@
services:
it-tools:
container_name: it-tools
restart: unless-stopped
ports:
- 9080:80
environment:
- UID=1000
- GID=1000
image: 'corentinth/it-tools:latest'

2
jenkins/.env Normal file
View File

@@ -0,0 +1,2 @@
JENKINS_HOME_PATH=/home/soenke/docker-data/jenkins/jenkins_sandbox_home
JENKINS_AGENT_SSH_PUBLIC_KEY="<< leave empty for now >>"

65
jenkins/README.md Normal file
View File

@@ -0,0 +1,65 @@
# Jenkins with Docker Compose
Jenkins docker compose file (and instructions) to configure your jenkins controller and agent.
## Configuring Jenkins
1. Create the **jenkins_home** folder in your local environment
```
mkdir jenkins_sandbox_home
```
2. Create a file named **.env** and add the following:
```yml
JENKINS_HOME_PATH=/home/user/jenkins_sandbox_home # your local jenkins_home path.
JENKINS_AGENT_SSH_PUBLIC_KEY=<< leave empty for now >>
```
3. Run Jenkins controller:
```bash
docker-compose up -d
```
4. Get the password to proceed installation:
```bash
docker logs jenkins_sandbox | less
```
5. Go to <http://localhost:8080/> and enter the password.
6. Select **Install Suggested Plugins**, create the **admin** user and password, and leave the Jenkins URL <http://localhost:8080/>.
## Configuring Jenkins Agent
1. Use ssh-keygen to create a new key pair:
```bash
ssh-keygen -t rsa -f jenkins_key
```
2. Go to Jenkins and click **Manage jenkins** > **Manage credentials**.
3. Under **Stores scoped to Jenkins**, click **Global credentials**, next click **Add credentials** and set the following options:
- Select **SSH Username with private key**.
- Limit the scope to **System**.
- Give the credential an **ID**.
- Provide a **description**.
- Enter a **username**.
- Under Private Key check **Enter directly**.
- Paste the content of private key in the text box.
4. Click **Ok** to save.
5. Paste the public key on the **JENKINS_AGENT_SSH_PUBLIC_KEY** variable, in the **.env** file.
6. Recreate the services:
```bash
docker-compose down
docker-compose up -d
```

23
jenkins/docker-compose.yml Normal file
View File

@@ -0,0 +1,23 @@
# Jenkins Sandbox
version: "3"
services:
jenkins:
image: jenkins/jenkins:lts
container_name: jenkins_sandbox
privileged: true
user: root
ports:
- 8040:8080
- 50000:50000
volumes:
- ${JENKINS_HOME_PATH}:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
agent:
image: jenkins/ssh-agent:jdk11
container_name: jenkins_sandbox_agent
privileged: true
user: root
expose:
- 22
environment:
- JENKINS_AGENT_SSH_PUBKEY=${JENKINS_AGENT_SSH_PUBLIC_KEY}

33
kopia/docker-compose.yml Normal file
View File

@@ -0,0 +1,33 @@
services:
kopia:
image: kopia/kopia:latest
hostname: Hostname
container_name: Kopia
restart: unless-stopped
ports:
- 51515:51515
# Setup the server that provides the web gui
command:
- server
- start
- --disable-csrf-token-checks
- --insecure
- --address=0.0.0.0:51515
- --server-username=Soenke
- --server-password=Diavid9600
environment:
# Set repository password
KOPIA_PASSWORD: "Diavid9600!9600"
USER: "Soenke"
volumes:
# Mount local folders needed by kopia
- /home/soenke/docker-data/kopia/config:/app/config
- /home/soenke/docker-data/kopia/cache:/app/cache
- /home/soenke/docker-data/kopia/logs:/app/logs
# Mount local folders to snapshot
- /home/soenke/docker-data/kopia/data:/data:ro
# Mount repository location
- /home/soenke/docker-data/kopia/repository:/repository
# Mount path for browsing mounted snaphots
- /home/soenke/docker-data/kopia/tmp:/tmp:shared

1
morphos Submodule

Submodule morphos added at 13ee176a27

5
ollama/README.md Normal file
View File

@@ -0,0 +1,5 @@
docker run -d -v ollama:/root/.ollama -p 11434:11434 --name ollama ollama/ollama --restart unless-stopped
docker run -d -p 1180:8080 --add-host=host.docker.internal:host-gateway -v open-webui:/app/backend/data --name open-webui --restart always ghcr.io/open-webui/open-webui:main
docker exec -it ollama ollama run llama3.2-vision:11b

21
ollama/docker-compose.yml Normal file
View File

@@ -0,0 +1,21 @@
services:
ollama:
restart: always
image: ollama/ollama
container_name: ollama
ports:
- 11434:11434
volumes:
- /home/soenke/docker-data/ollama/ollama:/root/.ollama
open-webui:
image: "ghcr.io/open-webui/open-webui:main"
restart: always
container_name: open-webui
volumes:
- /home/soenke/docker-data/ollama/open-webui:/app/backend/data
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- 1180:8080

1
paperless/.env Normal file
View File

@@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=paperless

14
paperless/docker-compose.env Normal file
View File

@@ -0,0 +1,14 @@
PAPERLESS_SECRET_KEY="UkvhWQ5frosxA%JKY5XGGtVABxjD87QKRqNX4uM&F8UsFh@MkQYZ@4bkCwJmazLKen346zbZA$q$DaKZB*wrF8g&8uyycigab67uTNGa5TirFA7UHSQF2qLG%fj7Kp$9"
PAPERLESS_URL=https://paperless.home.domroese.eu
PAPERLESS_ALLOWED_HOSTS=paperless.home.domroese.eu
PAPERLESS_CSRF_TRUSTED_ORIGINS=['https://paperless.home.domroese.eu']
PAPERLESS_CORS_ALLOWED_HOSTS=https://paperless.home.domroese.eu
PAPERLESS_ADMIN_MAIL=soenke@domroese.eu
PAPERLESS_CONSUMER_ENABLE_BARCODES=true
PAPERLESS_TIME_ZONE=Europe/Berlin
PAPERLESS_OCR_LANGUAGE=deu
PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE=true
PAPERLESS_CONSUMER_ASN_BARCODE_PREFIX=ASN
#PAPERLESS_SECRET_KEY="3~Yfqa)`lqqv1\"I#[1<zztr'5Nz5<;NkS<jyQ}AK?#}D33bR(\",?JOq@P7(Z\"#Hz\"

98
paperless/docker-compose.yml Normal file
View File

@@ -0,0 +1,98 @@
# Docker Compose file for running paperless from the docker container registry.
# This file contains everything paperless needs to run.
# Paperless supports amd64, arm and arm64 hardware.
#
# All compose files of paperless configure paperless in the following way:
#
# - Paperless is (re)started on system boot, if it was running before shutdown.
# - Docker volumes for storing data are managed by Docker.
# - Folders for importing and exporting files are created in the same directory
# as this file and mounted to the correct folders inside the container.
# - Paperless listens on port 8000.
#
# In addition to that, this Docker Compose file adds the following optional
# configurations:
#
# - Instead of SQLite (default), PostgreSQL is used as the database server.
# - Apache Tika and Gotenberg servers are started with paperless and paperless
# is configured to use these services. These provide support for consuming
# Office documents (Word, Excel, Power Point and their LibreOffice counter-
# parts.
#
# To install and update paperless with this file, do the following:
#
# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env'
# and '.env' into a folder.
# - Run 'docker compose pull'.
# - Run 'docker compose run --rm webserver createsuperuser' to create a user.
# - Run 'docker compose up -d'.
#
# For more extensive installation and update instructions, refer to the
# documentation.
version: "3.4"
services:
broker:
image: docker.io/library/redis:7
restart: unless-stopped
volumes:
- redisdata:/data
db:
image: docker.io/library/postgres:15
restart: unless-stopped
volumes:
- /home/soenke/docker-data/paperless/db:/var/lib/postgresql/data
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperless
POSTGRES_PASSWORD: paperless
webserver:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
restart: unless-stopped
depends_on:
- db
- broker
- gotenberg
- tika
ports:
- "1000:8000"
healthcheck:
test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"]
interval: 30s
timeout: 10s
retries: 5
volumes:
#- ./data:/usr/src/paperless/data
#- ./media:/usr/src/paperless/media
#- ./export:/usr/src/paperless/export
- /home/soenke/docker-data/paperless/data:/usr/src/paperless/data
- /home/soenke/docker-data/paperless/media:/usr/src/paperless/media
- /home/soenke/docker-data/paperless/export:/usr/src/paperless/export
- /opt/paperless/paperless-ngx/consume:/usr/src/paperless/consume
env_file: docker-compose.env
environment:
PAPERLESS_REDIS: redis://broker:6379
PAPERLESS_DBHOST: db
PAPERLESS_TIKA_ENABLED: 1
PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
PAPERLESS_TIKA_ENDPOINT: http://tika:9998
gotenberg:
image: docker.io/gotenberg/gotenberg:7.10
restart: unless-stopped
# The gotenberg chromium route is used to convert .eml files. We do not
# want to allow external content like tracking pixels or even javascript.
command:
- "gotenberg"
- "--chromium-disable-javascript=true"
- "--chromium-allow-list=file:///tmp/.*"
tika:
image: ghcr.io/paperless-ngx/tika:latest
restart: unless-stopped
volumes:
redisdata:

3
paperless/export.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
cd /home/soenke/docker/paperless/
docker compose exec -T webserver document_exporter /home/soenke/docker-data/paperless/export -z

9
uptimekuma/docker-compose.yml Normal file
View File

@@ -0,0 +1,9 @@
services:
uptime-kuma:
image: 'louislam/uptime-kuma:latest'
container_name: uptime-kuma
volumes:
- /home/soenke/docker-data/uptimekuma/data:/app/data
ports:
- '8030:3001'
restart: always

2
vaultwarden/README.md Normal file
View File

@@ -0,0 +1,2 @@
docker pull vaultwarden/server:latest
docker run -d --name vaultwarden -v /vw-data/:/data/ -p 4080:80 vaultwarden/server:latest