commit current live state

Caddyfile.bak

@@ -0,0 +1,202 @@
+
+auth.domr.ovh,
+auth.home.domroese.eu {
+  tls soenke@domroese.eu
+  reverse_proxy 192.168.1.65:8444
+}
+bookstack.domr.ovh, 
+bookstack.home.domroese.eu {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:6875
+}
+bracket.domr.ovh:443, 
+bracket.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3000
+}
+
+backend.bracket.domr.ovh:443, 
+backend.bracket.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8400
+}
+caddy.domr.ovh, 
+caddy.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8881
+}
+
+api.caddy.domr.ovh, 
+api.caddy.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:2019
+}
+changedetect.domr.ovh:80, 
+changedetect.home.domroese.eu:80,
+changedetect.domr.ovh:443, 
+changedetect.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:5238
+}
+chartbrew.domr.ovh, 
+chartbrew.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4018
+}
+chartbrew.domr.ovh:4019, 
+chartbrew.home.domroese.eu:4019 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4019
+}
+onboarding.domr.ovh,
+onboarding.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8517
+}convertx.domr.ovh,
+convertx.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3410
+}
+todos.domr.ovh,  #donetick
+todos.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:2021
+}
+erugo.domr.ovh, 
+erugo.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:9997
+}
+excalidraw.domr.ovh, 
+excalidraw.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8267
+}
+firefly.domr.ovh, 
+firefly.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8950
+}
+rss.domr.ovh, 
+rss.home.domroese.eu {
+    tls soenke@domroese.eu
+    reverse_proxy 192.168.1.65:8884
+}
+git.domr.ovh, 
+git.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.194:8418
+}
+guac.domr.ovh, 
+guac.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:6080
+}
+homarr.domr.ovh, 
+homarr.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:7575
+}
+homepage.domr.ovh:80, 
+homepage.domr.ovh:443, 
+homepage.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3891
+}
+ittools.domr.ovh:443, 
+ittools.home.domroese.eu:443,
+ittools.domr.ovh:80, 
+ittools.home.domroese.eu:80 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:9080
+}
+jenkins.domr.ovh, 
+jenkins.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8040
+}
+kopia.domr.ovh, 
+kopia.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:51515
+}
+mealie.domr.ovh, 
+mealie.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:9925
+}
+memos.domr.ovh, 
+memos.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:5230
+}
+ntfy.domr.ovh  {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8234
+}
+chat.domr.ovh, 
+chat.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:1180
+}omnitools.domr.ovh, 
+omnitools.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8579
+}
+paperless.domr.ovh:443, 
+paperless.home.domroese.eu:443,
+paperless.domr.ovh:80, 
+paperless.home.domroese.eu:80 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:1000
+}
+pihole.domr.ovh, 
+pihole.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:2000
+}
+
+
+plantit.domr.ovh, 
+plantit.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3632
+}
+
+api.plantit.domr.ovh, 
+api.plantit.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8632
+}
+shiori.domr.ovh, 
+shiori.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:2661
+}
+speedtesttracker.domr.ovh, 
+speedtesttracker.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:1378
+}
+pdf.domr.ovh, 
+pdf.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3614
+}
+uptimekuma.domr.ovh, 
+uptimekuma.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8030
+}
+vault.domr.ovh:443, 
+vault.home.domroese.eu:443,
+vault.domr.ovh:80, 
+vault.home.domroese.eu:80 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4080
+}
+wallos.domr.ovh, 
+wallos.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8282
+}

README.md

@@ -7,7 +7,28 @@ Docker Container
 ```
 docker ps --format '{{.Names}}|{{.Status}}' | column -t -s "|"
 ```
+### addresspool full:
 
+edit /etc/docker/daemon.json
+```
+{
+  "default-address-pools": [
+    {
+      "base" : "172.16.0.0/12",
+      "size" : 24
+    }
+  ]
+}
+```
+
+#### Env-Vars
+/etc/environment
+```
+SYSTEM_EMAIL_USER="some@thing.de"
+SYSTEM_EMAIL_PASSSWORD="asdf"
+SYSTEM_EMAIL_SMTP_HOST="mail.ovh.net"
+SYSTEM_EMAIL_SMTP_PORT="465"
+```
 
 ### SMTP Settings
 

authentik/docker-compose.yml

@@ -26,6 +26,14 @@ services:
       kuma.authentik.http.name: 'Authentik'
       kuma.authentik.http.url: 'https://auth.domr.ovh'
       kuma.authentik.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "homelab", "value": "" }]'
+      homepage.group: Hosting
+      homepage.name: Authentik
+      homepage.icon: authentik.png
+      homepage.href: https://auth.domr.ovh/
+      homepage.description: Authentik Oauth2 Service
+      homepage.widget.type: authentik
+      homepage.widget.url: https://auth.domr.ovh/
+      homepage.widget.key: slGO2rsG4xTObyuzRYPEe4Gs92X8TeNblIYOstX0rCID1WEv6wT5wkz4filJ
 
   redis:
     image: docker.io/library/redis:alpine

beszel/Caddyfilepart

@@ -0,0 +1,5 @@
+beszel.domr.ovh,
+beszel.home.domroese.eu {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:7090
+}

beszel/docker-compose.yml

@@ -0,0 +1,9 @@
+services:
+  beszel:
+    image: henrygd/beszel
+    container_name: beszel
+    restart: unless-stopped
+    ports:
+      - 7090:8090
+    volumes:
+      - /home/soenke/docker-data/beszel/beszel_data:/beszel_data

bitly/Caddyfilepart

@@ -0,0 +1,5 @@
+bit.domr.ovh,
+bit.home.domroese.eu {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4489
+}

bitly/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  app:
+    container_name: bit
+    build: .
+    environment:
+      ENV: production
+      ADMIN_NAME: 'soenke'
+      ADMIN_API_KEY: 'J9lLSlJyZcmuPZfN+SM98NpxE8riLVUwZGA0VLwnVPM='
+    ports:
+      - 4489:4000
+    volumes:
+      - sqlite_data:/app/sqlite
+
+volumes:
+  sqlite_data:

caddy/Caddyfile

@@ -1,9 +1,26 @@
+
+
 auth.domr.ovh,
 auth.home.domroese.eu {
   tls soenke@domroese.eu
   reverse_proxy 192.168.1.65:8444
 }
 
+
+
+
+beszel.domr.ovh,
+beszel.home.domroese.eu {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:7090
+}
+
+bit.domr.ovh,
+bit.home.domroese.eu {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4489
+}
+
 bookstack.domr.ovh, 
 bookstack.home.domroese.eu {
     tls soenke@domroese.eu        
@@ -21,6 +38,7 @@ backend.bracket.home.domroese.eu:443 {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:8400
 }
+
 caddy.domr.ovh, 
 caddy.home.domroese.eu:443 {
     tls soenke@domroese.eu        
@@ -33,6 +51,7 @@ api.caddy.home.domroese.eu:443 {
     reverse_proxy 192.168.1.65:2019
 }
 
+
 changedetect.domr.ovh:80, 
 changedetect.home.domroese.eu:80,
 changedetect.domr.ovh:443, 
@@ -46,7 +65,6 @@ chartbrew.home.domroese.eu:443 {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:4018
 }
-
 chartbrew.domr.ovh:4019, 
 chartbrew.home.domroese.eu:4019 {
     tls soenke@domroese.eu        
@@ -58,13 +76,24 @@ onboarding.home.domroese.eu:443 {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:8517
 }
-
 convertx.domr.ovh,
 convertx.home.domroese.eu:443 {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:3410
 }
 
+dashy.domr.ovh,  #donetick
+dashy.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8832
+}
+
+dockpeek.domr.ovh, 
+dockpeek.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:3420
+}
+
 todos.domr.ovh,  #donetick
 todos.home.domroese.eu:443 {
     tls soenke@domroese.eu        
@@ -95,6 +124,7 @@ rss.home.domroese.eu {
     reverse_proxy 192.168.1.65:8884
 }
 
+
 git.domr.ovh, 
 git.home.domroese.eu {
     tls soenke@domroese.eu 
@@ -107,12 +137,24 @@ guac.home.domroese.eu {
     reverse_proxy 192.168.1.65:6080
 }
 
+haus.domr.ovh,
+haus.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8472
+}
+
 homarr.domr.ovh, 
 homarr.home.domroese.eu:443 {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:7575
 }
 
+homebox.domr.ovh, 
+homebox.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3100
+}
+
 homepage.domr.ovh:80, 
 homepage.domr.ovh:443, 
 homepage.home.domroese.eu:443 {
@@ -120,6 +162,12 @@ homepage.home.domroese.eu:443 {
     reverse_proxy 192.168.1.65:3891
 }
 
+huly.domr.ovh,
+huly.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8087
+}
+
 ittools.domr.ovh:443, 
 ittools.home.domroese.eu:443,
 ittools.domr.ovh:80, 
@@ -140,6 +188,7 @@ kopia.home.domroese.eu {
     reverse_proxy 192.168.1.65:51515
 }
 
+
 mealie.domr.ovh, 
 mealie.home.domroese.eu:443 {
     tls soenke@domroese.eu        
@@ -152,6 +201,23 @@ memos.home.domroese.eu:443 {
     reverse_proxy 192.168.1.65:5230
 }
 
+
+
+
+
+nas.domr.ovh, 
+nas.home.domroese.eu {
+    tls soenke@domroese.eu {
+        client_auth {
+            mode request
+        }
+    }
+    reverse_proxy https://192.168.1.194:5001 {
+        transport http {
+                tls_insecure_skip_verify # Disable TLS Verification, as we don't have a real certificate on the nas
+        }
+    }
+}
 ntfy.domr.ovh  {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:8234
@@ -162,7 +228,6 @@ chat.home.domroese.eu:443 {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:1180
 }
-
 omnitools.domr.ovh, 
 omnitools.home.domroese.eu:443 {
     tls soenke@domroese.eu        
@@ -177,12 +242,15 @@ paperless.home.domroese.eu:80 {
     reverse_proxy 192.168.1.65:1000
 }
 
+
 pihole.domr.ovh, 
 pihole.home.domroese.eu {
     tls soenke@domroese.eu 
     reverse_proxy 192.168.1.65:2000
 }
 
+
+
 plantit.domr.ovh, 
 plantit.home.domroese.eu:443 {
     tls soenke@domroese.eu        
@@ -195,24 +263,48 @@ api.plantit.home.domroese.eu:443 {
     reverse_proxy 192.168.1.65:8632
 }
 
+portracker.domr.ovh,
+portracker.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4999
+}
+
+
+
+
+rwmarkable.domr.ovh, 
+rwmarkable.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:1235
+}
+
+
+
 shiori.domr.ovh, 
 shiori.home.domroese.eu:443 {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:2661
 }
 
+sparkyfitness.domr.ovh {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3942
+}
+
 speedtesttracker.domr.ovh, 
 speedtesttracker.home.domroese.eu:443 {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:1378
 }
 
+
 pdf.domr.ovh, 
 pdf.home.domroese.eu:443 {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:3614
 }
 
+
 uptimekuma.domr.ovh, 
 uptimekuma.home.domroese.eu {
     tls soenke@domroese.eu 
@@ -227,8 +319,21 @@ vault.home.domroese.eu:80 {
     reverse_proxy 192.168.1.65:4080
 }
 
+vikunja.domr.ovh {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3456
+}
+
+
 wallos.domr.ovh, 
 wallos.home.domroese.eu:443 {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:8282
 }
+
+yopass.domr.ovh,
+yopass.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8667
+}
+

caddy/Caddyfile.bak

@@ -1,23 +1,119 @@
-nas.domr.ovh, 
+
-nas.home.domroese.eu {
+
-    tls soenke@domroese.eu {
+auth.domr.ovh,
-	client_auth {
+auth.home.domroese.eu {
-		mode request
+  tls soenke@domroese.eu
-	}
+  reverse_proxy 192.168.1.65:8444
-    }
-    reverse_proxy https://192.168.1.194:5001 {
-	transport http {
-	        tls_insecure_skip_verify # Disable TLS Verification, as we don't have a real certificate on the nas
-	}
-    }
 }
 
+
+
+
+
+
 bookstack.domr.ovh, 
 bookstack.home.domroese.eu {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:6875
 }
 
+bracket.domr.ovh:443, 
+bracket.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3000
+}
+
+backend.bracket.domr.ovh:443, 
+backend.bracket.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8400
+}
+
+caddy.domr.ovh, 
+caddy.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8881
+}
+
+api.caddy.domr.ovh, 
+api.caddy.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:2019
+}
+
+
+changedetect.domr.ovh:80, 
+changedetect.home.domroese.eu:80,
+changedetect.domr.ovh:443, 
+changedetect.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:5238
+}
+
+chartbrew.domr.ovh, 
+chartbrew.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4018
+}
+chartbrew.domr.ovh:4019, 
+chartbrew.home.domroese.eu:4019 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4019
+}
+
+onboarding.domr.ovh,
+onboarding.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8517
+}
+convertx.domr.ovh,
+convertx.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3410
+}
+
+dashy.domr.ovh,  #donetick
+dashy.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8832
+}
+
+dockpeek.domr.ovh, 
+dockpeek.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:3420
+}
+
+todos.domr.ovh,  #donetick
+todos.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:2021
+}
+
+erugo.domr.ovh, 
+erugo.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:9997
+}
+
+excalidraw.domr.ovh, 
+excalidraw.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8267
+}
+
+firefly.domr.ovh, 
+firefly.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8950
+}
+
+rss.domr.ovh, 
+rss.home.domroese.eu {
+    tls soenke@domroese.eu
+    reverse_proxy 192.168.1.65:8884
+}
+
 
 git.domr.ovh, 
 git.home.domroese.eu {
@@ -31,28 +127,33 @@ guac.home.domroese.eu {
     reverse_proxy 192.168.1.65:6080
 }
 
-rss.domr.ovh, 
+
-rss.home.domroese.eu {
+homarr.domr.ovh, 
+homarr.home.domroese.eu:443 {
     tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8884
+    reverse_proxy 192.168.1.65:7575
 }
 
-morphos.domr.ovh, 
+homebox.domr.ovh, 
-morphos.home.domroese.eu {
+homebox.home.domroese.eu:443 {
     tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8020
+    reverse_proxy 192.168.1.65:3100
 }
 
-uptimekuma.domr.ovh, 
+homepage.domr.ovh:80, 
-uptimekuma.home.domroese.eu {
+homepage.domr.ovh:443, 
+homepage.home.domroese.eu:443 {
     tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8030
+    reverse_proxy 192.168.1.65:3891
 }
 
-kopia.domr.ovh, 
+
-kopia.home.domroese.eu {
+ittools.domr.ovh:443, 
+ittools.home.domroese.eu:443,
+ittools.domr.ovh:80, 
+ittools.home.domroese.eu:80 {
     tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:51515
+    reverse_proxy 192.168.1.65:9080
 }
 
 jenkins.domr.ovh, 
@@ -61,10 +162,56 @@ jenkins.home.domroese.eu {
     reverse_proxy 192.168.1.65:8040
 }
 
-pihole.domr.ovh, 
+kopia.domr.ovh, 
-pihole.home.domroese.eu {
+kopia.home.domroese.eu {
     tls soenke@domroese.eu 
-    reverse_proxy 192.168.1.65:2000
+    reverse_proxy 192.168.1.65:51515
+}
+
+
+mealie.domr.ovh, 
+mealie.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:9925
+}
+
+memos.domr.ovh, 
+memos.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:5230
+}
+
+
+
+
+
+nas.domr.ovh, 
+nas.home.domroese.eu {
+    tls soenke@domroese.eu {
+        client_auth {
+            mode request
+        }
+    }
+    reverse_proxy https://192.168.1.194:5001 {
+        transport http {
+                tls_insecure_skip_verify # Disable TLS Verification, as we don't have a real certificate on the nas
+        }
+    }
+}
+ntfy.domr.ovh  {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8234
+}
+
+chat.domr.ovh, 
+chat.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:1180
+}
+omnitools.domr.ovh, 
+omnitools.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8579
 }
 
 paperless.domr.ovh:443, 
@@ -75,86 +222,14 @@ paperless.home.domroese.eu:80 {
     reverse_proxy 192.168.1.65:1000
 }
 
-ittools.domr.ovh:443, 
+
-ittools.home.domroese.eu:443,
+pihole.domr.ovh, 
-ittools.domr.ovh:80, 
+pihole.home.domroese.eu {
-ittools.home.domroese.eu:80 {
     tls soenke@domroese.eu 
-    reverse_proxy 192.168.1.65:9080
+    reverse_proxy 192.168.1.65:2000
 }
 
-vault.domr.ovh:443, 
-vault.home.domroese.eu:443,
-vault.domr.ovh:80, 
-vault.home.domroese.eu:80 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:4080
-}
 
-chat.domr.ovh, 
-chat.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:1180
-}
-budibase.domr.ovh, 
-budibase.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:10000
-}
-
-erugo.domr.ovh, 
-erugo.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:9997
-}
-
-excalidraw.domr.ovh, 
-excalidraw.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8267
-}
-homarr.domr.ovh, 
-homarr.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:7575
-}
-
-homepage.domr.ovh:80, 
-homepage.domr.ovh:443, 
-homepage.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:3891
-}
-
-mealie.domr.ovh, 
-mealie.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:9925
-}
-
-omnitools.domr.ovh, 
-omnitools.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8579
-}
-
-shiori.domr.ovh, 
-shiori.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:2661
-}
-
-wallos.domr.ovh, 
-wallos.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8282
-}
-
-firefly.domr.ovh, 
-firefly.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8950
-}
 
 plantit.domr.ovh, 
 plantit.home.domroese.eu:443 {
@@ -168,59 +243,27 @@ api.plantit.home.domroese.eu:443 {
     reverse_proxy 192.168.1.65:8632
 }
 
-bracket.domr.ovh:443, 
+
-bracket.home.domroese.eu:443 {
+
+
+
+rwmarkable.domr.ovh, 
+rwmarkable.home.domroese.eu {
     tls soenke@domroese.eu 
-    reverse_proxy 192.168.1.65:3000
+    reverse_proxy 192.168.1.65:1235
 }
 
-backend.bracket.domr.ovh:443, 
+
-backend.bracket.home.domroese.eu:443 {
+
+shiori.domr.ovh, 
+shiori.home.domroese.eu:443 {
     tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8400
+    reverse_proxy 192.168.1.65:2661
 }
 
-changedetect.domr.ovh:80, 
+sparkyfitness.domr.ovh {
-changedetect.home.domroese.eu:80,
-changedetect.domr.ovh:443, 
-changedetect.home.domroese.eu:443 {
     tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:5238
+    reverse_proxy 192.168.1.65:3942
-}
-
-auth.domr.ovh, 
-auth.home.domroese.eu {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8444
-}
-
-chartbrew.domr.ovh, 
-chartbrew.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:4018
-}
-chartbrew.domr.ovh:4019, 
-chartbrew.home.domroese.eu:4019 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:4019
-}
-
-caddy.domr.ovh, 
-caddy.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8881
-}
-
-api.caddy.domr.ovh, 
-api.caddy.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:2019
-}
-
-onboarding.domr.ovh, 
-onboarding.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8517
 }
 
 speedtesttracker.domr.ovh, 
@@ -229,11 +272,6 @@ speedtesttracker.home.domroese.eu:443 {
     reverse_proxy 192.168.1.65:1378
 }
 
-todos.domr.ovh,  #donetick
-todos.home.domroese.eu:443 {
-    tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:2021
-}
 
 pdf.domr.ovh, 
 pdf.home.domroese.eu:443 {
@@ -241,21 +279,36 @@ pdf.home.domroese.eu:443 {
     reverse_proxy 192.168.1.65:3614
 }
 
-convertx.domr.ovh,
+
-convertx.home.domroese.eu:443 {
+uptimekuma.domr.ovh, 
+uptimekuma.home.domroese.eu {
     tls soenke@domroese.eu 
-    reverse_proxy 192.168.1.65:3410
+    reverse_proxy 192.168.1.65:8030
 }
 
-memos.domr.ovh, 
+vault.domr.ovh:443, 
-memos.home.domroese.eu:443 {
+vault.home.domroese.eu:443,
+vault.domr.ovh:80, 
+vault.home.domroese.eu:80 {
     tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:5230
+    reverse_proxy 192.168.1.65:4080
+}
+
+vikunja.domr.ovh {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3456
 }
 
 
-ntfy.domr.ovh  {
+wallos.domr.ovh, 
+wallos.home.domroese.eu:443 {
     tls soenke@domroese.eu        
-    reverse_proxy 192.168.1.65:8234
+    reverse_proxy 192.168.1.65:8282
+}
+
+yopass.domr.ovh,
+yopass.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8667
 }
 

caddy/Caddyfile.bak.möp

@@ -0,0 +1,234 @@
+auth.domr.ovh,
+auth.home.domroese.eu {
+  tls soenke@domroese.eu
+  reverse_proxy 192.168.1.65:8444
+}
+
+bookstack.domr.ovh, 
+bookstack.home.domroese.eu {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:6875
+}
+
+bracket.domr.ovh:443, 
+bracket.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3000
+}
+
+backend.bracket.domr.ovh:443, 
+backend.bracket.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8400
+}
+caddy.domr.ovh, 
+caddy.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8881
+}
+
+api.caddy.domr.ovh, 
+api.caddy.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:2019
+}
+
+changedetect.domr.ovh:80, 
+changedetect.home.domroese.eu:80,
+changedetect.domr.ovh:443, 
+changedetect.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:5238
+}
+
+chartbrew.domr.ovh, 
+chartbrew.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4018
+}
+
+chartbrew.domr.ovh:4019, 
+chartbrew.home.domroese.eu:4019 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4019
+}
+
+onboarding.domr.ovh,
+onboarding.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8517
+}
+
+convertx.domr.ovh,
+convertx.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3410
+}
+
+todos.domr.ovh,  #donetick
+todos.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:2021
+}
+
+erugo.domr.ovh, 
+erugo.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:9997
+}
+
+excalidraw.domr.ovh, 
+excalidraw.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8267
+}
+
+firefly.domr.ovh, 
+firefly.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8950
+}
+
+rss.domr.ovh, 
+rss.home.domroese.eu {
+    tls soenke@domroese.eu
+    reverse_proxy 192.168.1.65:8884
+}
+
+git.domr.ovh, 
+git.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.194:8418
+}
+
+guac.domr.ovh, 
+guac.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:6080
+}
+
+homarr.domr.ovh, 
+homarr.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:7575
+}
+
+homepage.domr.ovh:80, 
+homepage.domr.ovh:443, 
+homepage.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3891
+}
+
+ittools.domr.ovh:443, 
+ittools.home.domroese.eu:443,
+ittools.domr.ovh:80, 
+ittools.home.domroese.eu:80 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:9080
+}
+
+jenkins.domr.ovh, 
+jenkins.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8040
+}
+
+kopia.domr.ovh, 
+kopia.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:51515
+}
+
+mealie.domr.ovh, 
+mealie.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:9925
+}
+
+memos.domr.ovh, 
+memos.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:5230
+}
+
+ntfy.domr.ovh  {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8234
+}
+
+chat.domr.ovh, 
+chat.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:1180
+}
+
+omnitools.domr.ovh, 
+omnitools.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8579
+}
+
+paperless.domr.ovh:443, 
+paperless.home.domroese.eu:443,
+paperless.domr.ovh:80, 
+paperless.home.domroese.eu:80 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:1000
+}
+
+pihole.domr.ovh, 
+pihole.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:2000
+}
+
+plantit.domr.ovh, 
+plantit.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3632
+}
+
+api.plantit.domr.ovh, 
+api.plantit.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8632
+}
+
+shiori.domr.ovh, 
+shiori.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:2661
+}
+
+speedtesttracker.domr.ovh, 
+speedtesttracker.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:1378
+}
+
+pdf.domr.ovh, 
+pdf.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3614
+}
+
+uptimekuma.domr.ovh, 
+uptimekuma.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8030
+}
+
+vault.domr.ovh:443, 
+vault.home.domroese.eu:443,
+vault.domr.ovh:80, 
+vault.home.domroese.eu:80 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4080
+}
+
+wallos.domr.ovh, 
+wallos.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8282
+}

changedetect/docker-compose.yaml

@@ -7,7 +7,7 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=Etc/UTC
-      - BASE_URL= #optional
+      - BASE_URL= https://changedetect.domr.ovh/
       - PLAYWRIGHT_DRIVER_URL= #optional
     volumes:
       - /home/soenke/docker-data/changedetect/config:/config

chartbrew/docker-compose.yaml

@@ -17,14 +17,14 @@ services:
       - CB_API_PORT=4019
       - CB_API_HOST=0.0.0.0
       - CB_ENCRYPTION_KEY=iuGSZWEs2+SjkrW15a468gIG8089pEUDfZ4XVZD0772TQCTj/kac1Oz7noOge+WRcdj6W8Q0JfqfVXBUPXHuPzAm2fBBRC9xjCdVqbAYk/0=
-      - CB_MAIL_HOST =  ${SYSTEM_EMAIL_USER}
+      - CB_MAIL_HOST=${SYSTEM_EMAIL_USER}
-      - CB_MAIL_USER =  ${SYSTEM_EMAIL_PASSSWORD}
+      - CB_MAIL_USER=${SYSTEM_EMAIL_PASSSWORD}
-      - CB_MAIL_PASS =  ${SYSTEM_EMAIL_SMTP_HOST}
+      - CB_MAIL_PASS=${SYSTEM_EMAIL_SMTP_HOST}
-      - CB_MAIL_PORT = ${SYSTEM_EMAIL_SMTP_PORT}
+      - CB_MAIL_PORT=${SYSTEM_EMAIL_SMTP_PORT}
-      - CB_MAIL_SECURE = ${SYSTEM_EMAIL_SMTP_SECURITY}
+      - CB_MAIL_SECURE=${SYSTEM_EMAIL_SMTP_SECURITY}
-      - CB_ADMIN_MAIL = soenke@domroese.eu
+      - CB_ADMIN_MAIL=soenke@domroese.eu
-      - CB_OPENAI_API_KEY = 
+      - CB_OPENAI_API_KEY=
-      - CB_OPENAI_MODEL = 
+      - CB_OPENAI_MODEL=
     ports:
       - '4018:4018'
       - '4019:4019'

dashy/Caddyfilepart

@@ -0,0 +1,5 @@
+dashy.domr.ovh,  #donetick
+dashy.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8832
+}

dashy/docker-compose.yml

@@ -0,0 +1,10 @@
+services:
+    dashy:
+        image: 'lissy93/dashy:latest'
+        restart: always
+        container_name: dashy
+        volumes:
+            - '/home/soenke/docker-data/dashy/:/app/user-data/'
+        ports:
+            - '8832:8080'
+

dockpeek/Caddyfilepart

@@ -0,0 +1,5 @@
+dockpeek.domr.ovh, 
+dockpeek.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:3420
+}

dockpeek/docker-compose.yml

@@ -0,0 +1,13 @@
+services:
+  dockpeek:
+    image: ghcr.io/dockpeek/dockpeek:latest
+    container_name: dockpeek
+    environment:
+      - SECRET_KEY=saljfbhwkhsjgbwjlefn   # Set secret key
+      - USERNAME=soenke         # Change default username
+      - PASSWORD=Diavid9600             # Change default password
+    ports:
+      - "3420:8000"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    restart: unless-stopped

haus/Caddyfilepart

@@ -0,0 +1,5 @@
+haus.domr.ovh,
+haus.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8472
+}

haus/docker-compose.yml

@@ -0,0 +1,9 @@
+services:
+  timesy:
+    image: ghcr.io/awwwsm/haus
+    logging:
+      options:
+        max-size: 1g
+    restart: always
+    ports:
+      - '8472:8080'

homebox/Caddyfilepart

@@ -0,0 +1,5 @@
+homebox.domr.ovh, 
+homebox.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3100
+}

homebox/docker-compose.yaml

@@ -0,0 +1,24 @@
+services:
+  homebox:
+    image: ghcr.io/hay-kot/homebox:latest
+    #   image: ghcr.io/hay-kot/homebox:latest-rootless
+    container_name: homebox
+    restart: always
+    environment:
+      - HBOX_LOG_LEVEL=info
+      - HBOX_LOG_FORMAT=text
+      - HBOX_WEB_MAX_UPLOAD_SIZE=10
+    volumes:
+      - /home/soenke/docker-data/homebox/data:/data/
+    ports:
+      - 3100:7745
+    labels:
+      kuma.tools.tag.name: 'Tools'
+      kuma.tools.tag.color: '#FF9900'
+      kuma.homelab.tag.name: 'Homelab'
+      kuma.homelab.tag.color: '#FF9955'
+      kuma.organization.tag.name: 'Organization'
+      kuma.organization.tag.color: '#FF99AA'
+      kuma.homarr.http.name: 'HomeBox'
+      kuma.homarr.http.url: 'https://homebox.domr.ovh/'
+      kuma.homarr.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'

homepage/docker-compose.yml

@@ -1,4 +1,18 @@
 services:
+  dockerproxy:
+    image: ghcr.io/tecnativa/docker-socket-proxy:latest
+    container_name: dockerproxy
+    environment:
+      - CONTAINERS=1 # Allow access to viewing containers
+      - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
+      - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
+      - POST=0 # Disallow any POST operations (effectively read-only)
+    ports:
+      - 127.0.0.1:2375:2375
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
+    restart: unless-stopped
+    
   homepage:
     image: ghcr.io/gethomepage/homepage:latest
     container_name: homepage
@@ -19,3 +33,4 @@ services:
       kuma.homepage.http.name: 'homepage'
       kuma.homepage.http.url: 'https://homepage.domr.ovh/'
       kuma.homepage.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
+      

huly/.env

@@ -0,0 +1,2 @@
+SERVER_ADDRESS=https://huly.domr.ovh
+HULY_VERSION=7

huly/Caddyfilepart

@@ -0,0 +1,5 @@
+huly.domr.ovh,
+huly.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8087
+}

huly/docker-compose.yml

@@ -0,0 +1,157 @@
+version: "3"
+services:
+  mongodb:
+    image: "mongo:7-jammy"
+    container_name: mongodb
+    environment:
+      - PUID=1000
+      - PGID=1000
+    volumes:
+      - /home/soenke/docker-data/huly/db:/data/db
+    ports:
+      - 27017:27017
+    restart: unless-stopped
+  minio:
+    image: "minio/minio"
+    command: server /data --address ":9000" --console-address ":9001"
+    ports:
+      - 9000:9000
+      - 9001:9001
+    volumes:
+      - /home/soenke/docker-data/huly/files:/data
+    restart: unless-stopped
+  elastic:
+    image: "elasticsearch:7.14.2"
+    command: |
+      /bin/sh -c "./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment;
+      /usr/local/bin/docker-entrypoint.sh eswrapper"
+    volumes:
+      - /home/soenke/docker-data/huly/elastic:/usr/share/elasticsearch/data
+    ports:
+      - 9200:9200
+    environment:
+      - ELASTICSEARCH_PORT_NUMBER=9200
+      - BITNAMI_DEBUG=true
+      - discovery.type=single-node
+      - ES_JAVA_OPTS=-Xms1024m -Xmx1024m
+      - http.cors.enabled=true
+      - http.cors.allow-origin=http://localhost:8082
+    healthcheck:
+      interval: 20s
+      retries: 10
+      test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'
+    restart: unless-stopped
+  account:
+    image: hardcoreeng/account:${HULY_VERSION}
+    links:
+      - mongodb
+      - minio
+    ports:
+      - 3000:3000
+    environment:
+      - SERVER_PORT=3000
+      - SERVER_SECRET=secret
+      - MONGO_URL=mongodb://mongodb:27017
+      - TRANSACTOR_URL=ws://transactor:3333;ws://${SERVER_ADDRESS}:3333
+      - MINIO_ENDPOINT=minio
+      - MINIO_ACCESS_KEY=minioadmin
+      - MINIO_SECRET_KEY=minioadmin
+      - FRONT_URL=http://front:8080
+      - INIT_WORKSPACE=demo-tracker
+      - MODEL_ENABLED=*
+      - ACCOUNTS_URL=http://${SERVER_ADDRESS}:3000
+      - ACCOUNT_PORT=3000
+    restart: unless-stopped
+  front:
+    image: hardcoreeng/front:${HULY_VERSION}
+    links:
+      - mongodb
+      - minio
+      - elastic
+      - collaborator
+      - transactor
+    ports:
+      - 8087:8080
+    environment:
+      - SERVER_PORT=8080
+      - SERVER_SECRET=secret
+      - ACCOUNTS_URL=http://${SERVER_ADDRESS}:3000
+      - REKONI_URL=http://${SERVER_ADDRESS}:4004
+      - CALENDAR_URL=http://${SERVER_ADDRESS}:8095
+      - GMAIL_URL=http://${SERVER_ADDRESS}:8088
+      - TELEGRAM_URL=http://${SERVER_ADDRESS}:8086
+      - UPLOAD_URL=/files
+      - ELASTIC_URL=http://elastic:9200
+      - COLLABORATOR_URL=ws://${SERVER_ADDRESS}:3078
+      - COLLABORATOR_API_URL=http://${SERVER_ADDRESS}:3078
+      - MINIO_ENDPOINT=minio
+      - MINIO_ACCESS_KEY=minioadmin
+      - MINIO_SECRET_KEY=minioadmin
+      - MONGO_URL=mongodb://mongodb:27017
+      - TITLE=Huly Self Hosted
+      - DEFAULT_LANGUAGE=en
+      - LAST_NAME_FIRST=true
+    restart: unless-stopped
+  collaborator:
+    image: hardcoreeng/collaborator:${HULY_VERSION}
+    links:
+      - mongodb
+      - minio
+      - transactor
+    ports:
+      - 3078:3078
+    environment:
+      - COLLABORATOR_PORT=3078
+      - SECRET=secret
+      - ACCOUNTS_URL=http://account:3000
+      - UPLOAD_URL=/files
+      - MONGO_URL=mongodb://mongodb:27017
+      - MINIO_ENDPOINT=minio
+      - MINIO_ACCESS_KEY=minioadmin
+      - MINIO_SECRET_KEY=minioadmin
+    restart: unless-stopped
+  transactor:
+    image: hardcoreeng/transactor:${HULY_VERSION}
+    links:
+      - mongodb
+      - elastic
+      - minio
+      - rekoni
+      - account
+    ports:
+      - 3333:3333
+    environment:
+      - SERVER_PORT=3333
+      - SERVER_SECRET=secret
+      - SERVER_CURSOR_MAXTIMEMS=30000
+      - ELASTIC_URL=http://elastic:9200
+      - ELASTIC_INDEX_NAME=huly_storage_index
+      - MONGO_URL=mongodb://mongodb:27017
+      - METRICS_CONSOLE=false
+      - METRICS_FILE=metrics.txt
+      - MINIO_ENDPOINT=minio
+      - MINIO_ACCESS_KEY=minioadmin
+      - MINIO_SECRET_KEY=minioadmin
+      - REKONI_URL=http://rekoni:4004
+      - FRONT_URL=http://${SERVER_ADDRESS}:8087
+      - SERVER_PROVIDER=ws
+      - ACCOUNTS_URL=http://account:3000
+      - LAST_NAME_FIRST=true
+      - UPLOAD_URL=http://${SERVER_ADDRESS}/files
+    restart: unless-stopped
+  rekoni:
+    image: hardcoreeng/rekoni-service:${HULY_VERSION}
+    ports:
+      - 4004:4004
+    environment:
+      - SECRET=secret
+    deploy:
+      resources:
+        limits:
+          memory: 500M
+    restart: unless-stopped
+volumes:
+  db:
+  files:
+  elastic:
+  etcd:

jenkins/docker-compose.yml

@@ -19,7 +19,7 @@ services:
       kuma.organization.tag.name: 'Organization'
       kuma.organization.tag.color: '#FF99AA'
       kuma.jenkins.http.name: 'jenkins'
-      kuma.jenkins.http.url: 'https://jenkins.domr.ovh/'
+      kuma.jenkins.http.url: 'https://jenkins.domr.ovh/login'
       kuma.jenkins.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
       
   agent:

kopia/docker-compose.yml

@@ -38,6 +38,6 @@ services:
             kuma.organization.tag.name: 'Organization'
             kuma.organization.tag.color: '#FF99AA'
             kuma.kopia.http.name: 'kopia'
-            kuma.kopia.http.url: 'https://kopia.domr.ovh/'
+            kuma.kopia.http.url: 'https://kopia.domr.ovh/repo'
             kuma.kopia.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "homelab", "value": "" }]'
 

move_ssd.md

@@ -0,0 +1,123 @@
+Step-by-Step Instructions
+📀 1. Clone the OS to the New SSD
+
+We’ll start by cloning your OS from /dev/nvme0 to the new SSD (/dev/nvme1).
+a) Partition and Format the New SSD
+
+First, partition the new SSD (/dev/nvme1) and create the root partition:
+
+# Launch fdisk to partition the new SSD
+sudo fdisk /dev/nvme1
+
+    Type g to create a GPT partition table (if it's not already).
+
+    Type n to create a new partition, use the entire disk.
+
+    Type w to write the partition table.
+
+Then, format the new partition (/dev/nvme1p1):
+
+sudo mkfs.ext4 /dev/nvme1p1
+
+b) Mount the New SSD
+
+Create a mount point and mount the new SSD:
+
+sudo mkdir /mnt/ssd
+sudo mount /dev/nvme1p1 /mnt/ssd
+
+c) Clone the OS from /dev/nvme0 to /dev/nvme1
+
+Now, we’ll copy the entire root filesystem, excluding /home, to the new SSD:
+
+sudo rsync -aAXv / --exclude=/home --exclude=/proc --exclude=/sys \
+--exclude=/dev --exclude=/run --exclude=/mnt --exclude=/tmp \
+/mnt/ssd/
+###################################################################################################
+This command copies the entire OS and system data but excludes /home, as we’ll sync that separately later.
+🧩 2. Prepare the New SSD to Boot
+a) Mount Necessary Filesystems and Chroot
+
+To make the new installation bootable, we need to bind mount critical filesystems and chroot into the new root.
+
+for dir in dev proc sys; do
+sudo mount --bind /$dir /mnt/ssd/$dir
+done
+
+If you are using UEFI, you might also need to mount the EFI partition:
+
+sudo mount /dev/nvme0p1 /mnt/ssd/boot/efi  # Adjust if needed
+
+Now, enter the chroot environment:
+
+sudo chroot /mnt/ssd
+
+b) Update /etc/fstab
+
+Make sure /etc/fstab points to the correct root filesystem and removes any /home partition references.
+
+blkid  # Get the UUID of /dev/nvme1p1
+nano /etc/fstab
+
+Ensure the / entry is updated to use the new SSD, for example:
+
+UUID=<new-uuid>  /  ext4  defaults  0 1
+
+And remove or comment out any /home partition entry.
+c) Install GRUB on the New SSD
+
+Now install GRUB to make the system bootable from /dev/nvme1.
+
+grub-install /dev/nvme1
+update-grub
+exit
+
+🔄 3. Reboot from the New SSD
+
+    Reboot the system.
+
+    Go into BIOS/UEFI and set /dev/nvme1 as the primary boot drive.
+
+    Boot into the new SSD.
+
+📁 4. Sync /home from /dev/sda (Old Home Drive)
+
+Now, we’ll sync the /home data from the old drive (/dev/sda) onto the new root partition.
+a) Mount the Old /home Drive
+
+First, mount /dev/sda (the old /home drive):
+
+sudo mount /dev/sda1 /mnt/oldhome
+
+b) Sync /home to the New SSD
+
+Now, copy the /home data:
+
+sudo rsync -aAXv /mnt/oldhome/ /home/
+
+Make sure /home is mounted correctly on /dev/nvme1p1 (the new SSD) by checking with df -h or lsblk.
+🧹 5. Cleanup (Optional)
+
+Once you verify everything works as expected:
+
+    Remove /home entry from /etc/fstab if it exists.
+
+    You can either repurpose or wipe the old drives (/dev/nvme0 and /dev/sda).
+
+    Confirm everything is working fine and you’re now booting from /dev/nvme1.
+
+✅ Final Checks
+
+    Check disk usage:
+
+df -h
+
+    Verify partitioning:
+
+lsblk
+
+    Verify boot order in BIOS/UEFI to make sure you're booting from /dev/nvme1.
+
+This approach ensures you move everything safely, with minimal risk of data loss.
+
+Let me know if you encounter any issues or need further clarification!

mysql/mysql.sock

@@ -0,0 +1 @@
+/var/run/mysqld/mysqld.sock

pihole/Caddyfilepart

@@ -0,0 +1,7 @@
+pihole.domr.ovh, 
+pihole.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:2000
+}
+
+

pihole/docker-compose.yml

@@ -0,0 +1,33 @@
+# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
+services:
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:latest
+    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
+      - "2000:80/tcp"
+    environment:
+      TZ: 'Europe/Berlin'
+      WEBPASSWORD: 'Diavid9600'
+    # Volumes store your data between container upgrades
+    volumes:
+      - '/home/soenke/docker-data/pihole/etc-pihole:/etc/pihole'
+      - '/home/soenke/docker-data/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+    cap_add:
+      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
+    restart: unless-stopped
+    labels:
+      kuma.tools.tag.name: 'Tools'
+      kuma.tools.tag.color: '#FF9900'
+      kuma.homelab.tag.name: 'Homelab'
+      kuma.homelab.tag.color: '#FF9955'
+      kuma.organization.tag.name: 'Organization'
+      kuma.organization.tag.color: '#FF99AA'
+      kuma.pihole.http.name: 'pihole'
+      kuma.pihole.http.url: 'https://pihole.domr.ovh/'
+      kuma.pihole.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
+

pihole/etc-pihole/adlists.list

@@ -0,0 +1 @@
+https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

pihole/etc-pihole/dns-servers.conf

@@ -0,0 +1,9 @@
+Google (ECS, DNSSEC);8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860:0:0:0:0:8844
+OpenDNS (ECS, DNSSEC);208.67.222.222;208.67.220.220;2620:119:35::35;2620:119:53::53
+Level3;4.2.2.1;4.2.2.2;;
+Comodo;8.26.56.26;8.20.247.20;;
+DNS.WATCH (DNSSEC);84.200.69.80;84.200.70.40;2001:1608:10:25:0:0:1c04:b12f;2001:1608:10:25:0:0:9249:d69b
+Quad9 (filtered, DNSSEC);9.9.9.9;149.112.112.112;2620:fe::fe;2620:fe::9
+Quad9 (unfiltered, no DNSSEC);9.9.9.10;149.112.112.10;2620:fe::10;2620:fe::fe:10
+Quad9 (filtered, ECS, DNSSEC);9.9.9.11;149.112.112.11;2620:fe::11;2620:fe::fe:11
+Cloudflare (DNSSEC);1.1.1.1;1.0.0.1;2606:4700:4700::1111;2606:4700:4700::1001

pihole/etc-pihole/dnsmasq.conf

@@ -0,0 +1,106 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2025 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Dnsmasq config for Pi-hole's FTLDNS
+#
+##################################################################################
+#                                                                                #
+#                     FILE AUTOMATICALLY POPULATED BY PI-HOLE                    #
+#    ANY CHANGES MADE TO THIS FILE WILL BE LOST WHEN THE CONFIGURATION CHANGES   #
+#                                                                                #
+#            IF YOU WISH TO CHANGE ANY OF THESE VALUES, CHANGE THEM IN           #
+#                             /etc/pihole/pihole.toml                            #
+#                             and restart pihole-FTL                             #
+#                                                                                #
+#           ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
+#                       WITHIN /etc/dnsmasq.d/yourname.conf                      #
+#    (make sure misc.etc_dnsmasq_d is set to true in /etc/pihole/pihole.toml)    #
+#                                                                                #
+#                      Last updated: 2025-03-07 13:21:22 CET                     #
+#                              by FTL version v6.0.2                             #
+#                                                                                #
+##################################################################################
+hostsdir=/etc/pihole/hosts
+
+# Don't read /etc/resolv.conf. Get upstream servers only from the configuration
+no-resolv
+
+# DNS port to be used
+port=53
+
+# List of upstream DNS server
+server=8.8.8.8
+server=8.8.4.4
+
+# Set the size of dnsmasq's cache. The default is 150 names. Setting the cache
+# size to zero disables caching. Note: huge cache size impacts performance
+cache-size=10000
+
+# Return answers to DNS queries from /etc/hosts and interface-name and
+# dynamic-host which depend on the interface over which the query was
+# received. If a name has more than one address associated with it, and
+# at least one of those addresses is on the same subnet as the interface
+# to which the query was sent, then return only the address(es) on that
+# subnet and return all the available addresses otherwise.
+localise-queries
+
+# Enable query logging
+log-queries
+log-async
+
+# Specify the log file to use
+# We set this even if logging is disabled to store warnings
+# and errors in this file. This is useful for debugging.
+log-facility=/var/log/pihole/pihole.log
+
+# Use stale cache entries for a given number of seconds to optimize cache utilization
+# Setting the time to zero will serve stale cache data regardless how long it has expired.
+use-stale-cache=3600
+
+# Listen on one interface
+interface=eth0
+
+# DNS domain for both the DNS and DHCP server
+# This DNS domain in purely local. FTL may answer queries from
+# /etc/hosts or DHCP but should never forward queries on that
+# domain to any upstream servers
+domain=lan
+local=/lan/
+
+# RFC 6761: Caching DNS servers SHOULD recognize
+#     test, localhost, invalid
+# names as special and SHOULD NOT attempt to look up NS records for them, or
+# otherwise query authoritative DNS servers in an attempt to resolve these
+# names.
+server=/test/
+server=/localhost/
+server=/invalid/
+
+# The same RFC requests something similar for
+#     10.in-addr.arpa.      21.172.in-addr.arpa.  27.172.in-addr.arpa.
+#     16.172.in-addr.arpa.  22.172.in-addr.arpa.  28.172.in-addr.arpa.
+#     17.172.in-addr.arpa.  23.172.in-addr.arpa.  29.172.in-addr.arpa.
+#     18.172.in-addr.arpa.  24.172.in-addr.arpa.  30.172.in-addr.arpa.
+#     19.172.in-addr.arpa.  25.172.in-addr.arpa.  31.172.in-addr.arpa.
+#     20.172.in-addr.arpa.  26.172.in-addr.arpa.  168.192.in-addr.arpa.
+# Pi-hole implements this via the dnsmasq option "bogus-priv" above
+# (if enabled!) as this option also covers IPv6.
+
+# OpenWRT furthermore blocks bind, local, onion domains
+# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
+# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
+# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
+server=/bind/
+server=/onion/
+
+# Cache all DNS records
+cache-rr=ANY
+
+# RFC 8482: Providing Minimal-Sized Responses to DNS Queries That Have QTYPE=ANY
+# Filters replies to queries for type ANY. Everything other than A, AAAA, MX and CNAME
+# records are removed. Since ANY queries with forged source addresses can be used in DNS amplification attacks
+# replies to ANY queries can be large) this defangs such attacks, whilst still supporting the
+# one remaining possible use of ANY queries. See RFC 8482 para 4.3 for details.
+filter-rr=ANY
+

pihole/etc-pihole/hosts/custom.list

@@ -0,0 +1,32 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2025 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Custom DNS entries (HOSTS file)
+#
+##################################################################################
+#                                                                                #
+#                     FILE AUTOMATICALLY POPULATED BY PI-HOLE                    #
+#    ANY CHANGES MADE TO THIS FILE WILL BE LOST WHEN THE CONFIGURATION CHANGES   #
+#                                                                                #
+#            IF YOU WISH TO CHANGE ANY OF THESE VALUES, CHANGE THEM IN           #
+#                             /etc/pihole/pihole.toml                            #
+#                             and restart pihole-FTL                             #
+#                                                                                #
+#           ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
+#                       WITHIN /etc/dnsmasq.d/yourname.conf                      #
+#    (make sure misc.etc_dnsmasq_d is set to true in /etc/pihole/pihole.toml)    #
+#                                                                                #
+#                      Last updated: 2025-02-25 07:59:17 CET                     #
+#                              by FTL version v6.0.2                             #
+#                                                                                #
+##################################################################################
+
+213.209.115.117 proxy.voipslb.wtnet.de
+192.168.1.194 asgard.dom.local
+192.168.1.194 dom.local
+192.168.1.194 home.local
+192.168.1.65 home
+
+
+# There are 5 entries in this file

pihole/etc-pihole/listsCache/list.1.raw.githubusercontent.com.domains.etag

@@ -0,0 +1 @@
+W/"8caa9f75b909391b2db18bf240ac07e621dd2e393821d9a4ea052571edb33df9"

pihole/etc-pihole/listsCache/list.1.raw.githubusercontent.com.domains.sha1

@@ -0,0 +1 @@
+2b74510cd4f1dffab5b7dd4f59dcbc00d19ad0d2  /etc/pihole/listsCache/list.1.raw.githubusercontent.com.domains

pihole/etc-pihole/local.list

@@ -0,0 +1 @@
+### Do not modify this file, it will be overwritten by pihole -g

pihole/etc-pihole/logrotate

@@ -0,0 +1,32 @@
+/var/log/pihole/pihole.log {
+    # su #
+    daily
+    copytruncate
+    rotate 5
+    compress
+    delaycompress
+    notifempty
+    nomail
+}
+
+/var/log/pihole/FTL.log {
+    # su #
+    weekly
+    copytruncate
+    rotate 3
+    compress
+    delaycompress
+    notifempty
+    nomail
+}
+
+/var/log/pihole/webserver.log {
+    # su #
+    weekly
+    copytruncate
+    rotate 3
+    compress
+    delaycompress
+    notifempty
+    nomail
+}

pihole/etc-pihole/migration_backup/adlists.list

@@ -0,0 +1 @@
+https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

pihole/etc-pihole/migration_backup_v6/01-pihole.conf

@@ -0,0 +1,37 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Dnsmasq config for Pi-hole's FTLDNS
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+###############################################################################
+#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
+# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
+#                                                                             #
+#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
+#                      /etc/pihole/setupVars.conf                             #
+#                                                                             #
+#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
+#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
+###############################################################################
+
+addn-hosts=/etc/pihole/local.list
+addn-hosts=/etc/pihole/custom.list
+
+
+localise-queries
+
+
+no-resolv
+
+log-queries
+log-facility=/var/log/pihole/pihole.log
+
+log-async
+cache-size=10000
+server=8.8.8.8
+server=8.8.4.4
+interface=eth0

pihole/etc-pihole/migration_backup_v6/06-rfc6761.conf

@@ -0,0 +1,42 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2021 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# RFC 6761 config file for Pi-hole
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+###############################################################################
+#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
+# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
+#                                                                             #
+#             CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE                #
+#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
+###############################################################################
+
+# RFC 6761: Caching DNS servers SHOULD recognize
+#     test, localhost, invalid
+# names as special and SHOULD NOT attempt to look up NS records for them, or
+# otherwise query authoritative DNS servers in an attempt to resolve these
+# names.
+server=/test/
+server=/localhost/
+server=/invalid/
+
+# The same RFC requests something similar for
+#     10.in-addr.arpa.      21.172.in-addr.arpa.  27.172.in-addr.arpa.
+#     16.172.in-addr.arpa.  22.172.in-addr.arpa.  28.172.in-addr.arpa.
+#     17.172.in-addr.arpa.  23.172.in-addr.arpa.  29.172.in-addr.arpa.
+#     18.172.in-addr.arpa.  24.172.in-addr.arpa.  30.172.in-addr.arpa.
+#     19.172.in-addr.arpa.  25.172.in-addr.arpa.  31.172.in-addr.arpa.
+#     20.172.in-addr.arpa.  26.172.in-addr.arpa.  168.192.in-addr.arpa.
+# Pi-hole implements this via the dnsmasq option "bogus-priv" (see
+# 01-pihole.conf) because this also covers IPv6.
+
+# OpenWRT furthermore blocks    bind, local, onion    domains
+# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
+# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
+# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
+server=/bind/
+server=/onion/

pihole/etc-pihole/migration_backup_v6/custom.list

@@ -0,0 +1,5 @@
+213.209.115.117 proxy.voipslb.wtnet.de
+192.168.1.194 asgard.dom.local
+192.168.1.194 dom.local
+192.168.1.194 home.local
+192.168.1.65 home

pihole/etc-pihole/migration_backup_v6/pihole-FTL.conf

@@ -0,0 +1,4 @@
+#; Pi-hole FTL config file
+#; Comments should start with #; to avoid issues with PHP and bash reading this file
+MACVENDORDB=/macvendor.db
+LOCAL_IPV4=0.0.0.0

pihole/etc-pihole/migration_backup_v6/setupVars.conf

@@ -0,0 +1,7 @@
+INSTALL_WEB_INTERFACE=true
+WEBPASSWORD=b9ae8f6ef80e3800730670e95bcc192645b800d4fd10a5f723ac9a9aa55eef02
+PIHOLE_DNS_1=8.8.8.8
+PIHOLE_DNS_2=8.8.4.4
+PIHOLE_INTERFACE=eth0
+QUERY_LOGGING=true
+BLOCKING_ENABLED=true

pihole/etc-pihole/setupVars.conf.update.bak

@@ -0,0 +1,7 @@
+INSTALL_WEB_INTERFACE=true
+WEBPASSWORD=b9ae8f6ef80e3800730670e95bcc192645b800d4fd10a5f723ac9a9aa55eef02
+PIHOLE_DNS_1=8.8.8.8
+PIHOLE_DNS_2=8.8.4.4
+PIHOLE_INTERFACE=eth0
+QUERY_LOGGING=true
+BLOCKING_ENABLED=true

pihole/etc-pihole/tls.crt

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAWagAwIBAgIPODgwNTYxMjM3NjYxOTg5MAoGCCqGSM49BAMCMDExEDAO
+BgNVBAMMB3BpLmhvbGUxEDAOBgNVBAoMB1BpLWhvbGUxCzAJBgNVBAYTAkRFMCAX
+DTI1MDIyNTA2NTkxOVoYDzIwNTUwMjI1MDY1OTE5WjASMRAwDgYDVQQDDAdwaS5o
+b2xlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/f/Z8U9EJXIP7x35VkdOhloOflvu
+z+alAXj1YBegDAeDx5Kyn8nV6BWlUp5P323wQEnn08MfDNsRNQs9M7464sGfXMB+
+pb9aoGtWk8zRimVDdbAa7uAug6VKw6VizSIXo2EwXzAdBgNVHQ4EFgQUDYOSa+kg
+ddGjjx+H+CEDQ9gg2z4wHwYDVR0jBBgwFoAUtFaHpiFbr49DT83v/RvqHGvXNv0w
+CQYDVR0TBAIwADASBgNVHREECzAJggdwaS5ob2xlMAoGCCqGSM49BAMCA2cAMGQC
+MBVUaxx0HbOJbgrkpxH1deFeTliYxxxLT/Al8ZRztqPdlhCkcN7rXRgT1LVsKLj0
+JAIweGllt1mtLIxJYJIkPpIdNJuIXUOVCo0Ksrd9cMTJKHVwHUi68+yrnmLM3AoS
+fCAm
+-----END CERTIFICATE-----

pihole/etc-pihole/tls.pem

@@ -0,0 +1,19 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDCYymusF68i55FXn9YAByWFdkrllGbRrnEjKhnluJE/p9/M49HxniFV
+waDaZMP67YygBwYFK4EEACKhZANiAAT9/9nxT0Qlcg/vHflWR06GWg5+W+7P5qUB
+ePVgF6AMB4PHkrKfydXoFaVSnk/fbfBASefTwx8M2xE1Cz0zvjriwZ9cwH6lv1qg
+a1aTzNGKZUN1sBru4C6DpUrDpWLNIhc=
+-----END EC PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAWagAwIBAgIPODgwNTYxMjM3NjYxOTg5MAoGCCqGSM49BAMCMDExEDAO
+BgNVBAMMB3BpLmhvbGUxEDAOBgNVBAoMB1BpLWhvbGUxCzAJBgNVBAYTAkRFMCAX
+DTI1MDIyNTA2NTkxOVoYDzIwNTUwMjI1MDY1OTE5WjASMRAwDgYDVQQDDAdwaS5o
+b2xlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/f/Z8U9EJXIP7x35VkdOhloOflvu
+z+alAXj1YBegDAeDx5Kyn8nV6BWlUp5P323wQEnn08MfDNsRNQs9M7464sGfXMB+
+pb9aoGtWk8zRimVDdbAa7uAug6VKw6VizSIXo2EwXzAdBgNVHQ4EFgQUDYOSa+kg
+ddGjjx+H+CEDQ9gg2z4wHwYDVR0jBBgwFoAUtFaHpiFbr49DT83v/RvqHGvXNv0w
+CQYDVR0TBAIwADASBgNVHREECzAJggdwaS5ob2xlMAoGCCqGSM49BAMCA2cAMGQC
+MBVUaxx0HbOJbgrkpxH1deFeTliYxxxLT/Al8ZRztqPdlhCkcN7rXRgT1LVsKLj0
+JAIweGllt1mtLIxJYJIkPpIdNJuIXUOVCo0Ksrd9cMTJKHVwHUi68+yrnmLM3AoS
+fCAm
+-----END CERTIFICATE-----

pihole/etc-pihole/tls_ca.crt

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8TCCAXegAwIBAgIPNDYzMTI0ODQwNzA0NzQ1MAoGCCqGSM49BAMCMDExEDAO
+BgNVBAMMB3BpLmhvbGUxEDAOBgNVBAoMB1BpLWhvbGUxCzAJBgNVBAYTAkRFMCAX
+DTI1MDIyNTA2NTkxOVoYDzIwNTUwMjI1MDY1OTE5WjAxMRAwDgYDVQQDDAdwaS5o
+b2xlMRAwDgYDVQQKDAdQaS1ob2xlMQswCQYDVQQGEwJERTB2MBAGByqGSM49AgEG
+BSuBBAAiA2IABC16Zw0oMu1ZmCUGaFzbgahFCdWDpdlWMb60SDAVoTNgeJ4HEAL5
+OF8eHh2hLlk+ahL4M1J4eUeZOoPKk0jkytTS7Jpi3j5vITpvAFIrm5FyXI4Etrru
+kWtwdGnHTMUaH6NTMFEwHQYDVR0OBBYEFLRWh6YhW6+PQ0/N7/0b6hxr1zb9MB8G
+A1UdIwQYMBaAFLRWh6YhW6+PQ0/N7/0b6hxr1zb9MA8GA1UdEwEB/wQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOWeCByOstKQsF9RFkt9gw/4I6WDPRuafKGr2shz
+q2d2hv0WO/dgw8jU8za5KGRbfgIwdCxYfD4CFJiybzu0379jujLtgym6wurxpMjB
+HRLnjnHvipRXMZ0pGSVwyg7HE0oQ
+-----END CERTIFICATE-----

pihole/etc-pihole/versions

@@ -0,0 +1,17 @@
+CORE_VERSION=v6.0.4
+CORE_BRANCH=master
+CORE_HASH=567bb724
+GITHUB_CORE_VERSION=v6.0.6
+GITHUB_CORE_HASH=0f7803b7
+WEB_VERSION=v6.0.1
+WEB_BRANCH=master
+WEB_HASH=42e7279a
+GITHUB_WEB_VERSION=v6.1
+GITHUB_WEB_HASH=1eaddca8
+FTL_VERSION=v6.0.2
+FTL_BRANCH=master
+FTL_HASH=ac500d5f
+GITHUB_FTL_VERSION=v6.1
+GITHUB_FTL_HASH=a3313229
+DOCKER_VERSION=2025.02.6
+GITHUB_DOCKER_VERSION=2025.03.1

plantit/server.env

@@ -6,7 +6,7 @@ MYSQL_PORT=3306
 MYSQL_USERNAME=root
 MYSQL_PSW=root
 MYSQL_DATABASE=bootdb
-MYSQL_ROOT_PASSWORD=root
+MYSQL_ROOT_PASSWORD=SuSePaWo
 
 #
 # Server config

portracker/Caddyfilepart

@@ -0,0 +1,5 @@
+portracker.domr.ovh,
+portracker.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:4999
+}

portracker/docker-compose.yml

@@ -0,0 +1,121 @@
+services:
+  portracker:
+    image: mostafawahied/portracker:latest
+    container_name: portracker
+    restart: unless-stopped
+
+    # Required for comprehensive system port detection
+    # This allows Portracker to see all host processes for accurate port mapping
+    pid: "host"
+
+    # Capabilities & security (universal, required)
+    # - SYS_PTRACE enables reading other processes' /proc entries on Linux hosts
+    # - SYS_ADMIN enables namespace entry on Docker Desktop (macOS/Windows)
+    # - apparmor:unconfined disables AppArmor restrictions that may block /proc access
+    cap_add:
+      - SYS_PTRACE
+      - SYS_ADMIN
+    security_opt:
+      - apparmor:unconfined
+
+    volumes:
+      # Required: Data persistence for SQLite database
+      - /home/soenke/docker-data/portracker/portracker-data:/data
+
+      # Required: Docker socket access for container discovery
+      # Comment out if using docker-proxy setup below
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
+      # Advanced: Host filesystem access (usually not needed with pid: "host")
+      # Uncomment only if you experience issues with port detection
+      # - /proc:/host/proc:ro
+      # - /sys/fs/cgroup:/host/sys/fs/cgroup:ro
+
+    ports:
+      - "4999:4999"
+
+    environment:
+    # CORE CONFIGURATION (Required)
+     - DATABASE_PATH=/data/portracker.db
+     - PORT=4999
+    # Tell Portracker where to find the host /proc (matches the volume above)
+     - HOST_PROC=/host/proc
+
+    # DOCKER CONFIGURATION
+    # Uncomment to use with docker-proxy for enhanced security
+    # - DOCKER_HOST=tcp://docker-proxy:2375
+
+    # TRUENAS INTEGRATION (Optional)
+    # Uncomment and set your API key for enhanced TrueNAS features:
+    # - VM discovery and monitoring
+    # - Enhanced system information
+    # - TrueNAS-specific optimizations
+    # - TRUENAS_API_KEY=your-api-key-here
+
+    # PERFORMANCE SETTINGS (Optional)
+    # Cache duration - increase for better performance, decrease for fresher data
+    # - CACHE_TIMEOUT_MS=60000
+    # Disable caching entirely (not recommended for production)
+    # - DISABLE_CACHE=true
+
+    # ADVANCED PORT SCANNING (Optional)
+    # Include UDP ports in scans (may increase noise and impact performance)
+    # - INCLUDE_UDP=true
+
+    # DEVELOPMENT & DEBUGGING (Optional)
+    # Enable verbose logging for troubleshooting
+    # - DEBUG=true
+
+    # Optional: Health check for monitoring
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:4999/api/health"]
+      interval: 30s
+      timeout: 10s
+      start_period: 30s
+      retries: 3
+
+
+  # OPTIONAL: Enhanced Security with Docker Socket Proxy
+  # Uncomment the entire section below for additional Docker socket security
+  # This adds a proxy layer between Portracker and the Docker socket
+
+  # docker-proxy:
+  #   image: tecnativa/docker-socket-proxy:latest
+  #   container_name: portracker-docker-proxy
+  #   restart: unless-stopped
+  #   environment:
+  #     # Only allow read operations Portracker needs
+  #     - CONTAINERS=1
+  #     - IMAGES=1
+  #     - INFO=1
+  #     - NETWORKS=1
+  #     # Disable write operations for security
+  #     - POST=0
+  #     - BUILD=0
+  #     - COMMIT=0
+  #     - EXEC=0
+  #     - SWARM=0
+  #     - EVENTS=0
+  #     - VOLUMES=0
+  #   volumes:
+  #     - /var/run/docker.sock:/var/run/docker.sock:ro
+  #   ports:
+  #     - "2375:2375"
+
+  # When using docker-proxy:
+  # 1. Uncomment the entire docker-proxy service above
+  # 2. Comment out the /var/run/docker.sock volume mount in portracker service
+  # 3. Uncomment the DOCKER_HOST environment variable in portracker service
+  # 4. Add depends_on to portracker service:
+  #    depends_on:
+  #      - docker-proxy
+
+# Optional: Custom networks for isolation
+# networks:
+#   portracker:
+#     driver: bridge
+
+# Optional: Named volumes for better data management
+# volumes:
+#   portracker-data:
+#     driver: local

restartcaddy.sh

@@ -1,9 +1,19 @@
-(cd "/home/soenke/docker/" && echo "" > newCaddyfile)
+(echo "" > /home/soenke/docker/caddy/newCaddyfile)
-
+(cd "/home/soenke/docker/" )
+echo "Collecting Caddyfileparts"
 for dir in *; do
   if [ -d "$dir" ]; then
-    ( cd "$dir" && cat Caddyfilepart >> ../newCaddyfile)
+    ( cd "$dir" && cat Caddyfilepart >> /home/soenke/docker/caddy/newCaddyfile)
   fi
+  echo -en '\n' >> /home/soenke/docker/caddy/newCaddyfile
 done
 
-( cd "/home/soenke/docker/caddy" && docker compose down && docker compose pull && docker compose up -d)
+( cd "/home/soenke/docker/caddy/" )
+
+echo "Replace Caddyfile"
+
+( mv /home/soenke/docker/caddy/Caddyfile /home/soenke/docker/caddy/Caddyfile.bak)
+( mv /home/soenke/docker/caddy/newCaddyfile /home/soenke/docker/caddy/Caddyfile)
+
+echo "Restart Caddy"
+( cd "/home/soenke/docker/caddy/" && docker compose down && docker compose pull && docker compose up -d)

rwmarkable/Caddyfilepart

@@ -0,0 +1,5 @@
+rwmarkable.domr.ovh, 
+rwmarkable.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:1235
+}

rwmarkable/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  app:
+    image: ghcr.io/fccview/rwmarkable:main
+    container_name: rwmarkable
+    user: "1000:1000"
+    ports:
+      - "1235:3000"
+    volumes:
+      - /home/soenke/docker-data/rwmarkable/data:/app/data:rw
+      - /home/soenke/docker-data/rwmarkable/config:/app/config:ro
+    restart: unless-stopped
+    environment:
+      - NODE_ENV=production
+      - HTTPS=false
+    init: true

scratch_4.md

@@ -0,0 +1,34 @@
+sudo mount /dev/nvme0p1 /mnt/newssd/boot/efi
+sudo chroot /mnt/newssd
+
+
+
+/dev/nvme1n1p1: UUID="ad271484-f3d7-4065-b1b7-224cdd4cd1ca" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="3c04012f-35d1-a64d-bc80-04382a24d521"
+
+
+soenke@heimdall:/var/cache$ sudo blkid
+/dev/nvme0n1p3: UUID="4476761c-6ba1-4ef7-bb5f-81f38f96ff44" TYPE="swap" PARTUUID="f60a9a77-2842-40ab-9315-e92e35f42ca6"
+/dev/nvme0n1p1: UUID="1504-1CE6" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="c4c73403-14cd-4a99-842c-a02c5c772214"
+/dev/nvme0n1p2: UUID="f6b9a157-815a-4f61-a463-0caf165a92b4" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="260bc56c-585a-446f-b2c2-ba7e1057289d"
+/dev/sda1: UUID="c810ee0e-35ab-4f2a-a273-0a94ea401731" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="721505ac-9419-4475-9843-e5058fb41550"
+
+vi /etc/fstab
+
+# Use 'blkid' to print the universally unique identifier for a
+# device; this may be used with UUID= as a more robust way to name devices
+# that works even if disks are added and removed. See fstab(5).
+#
+# systemd generates mount units based on this file, see systemd.mount(5).
+# Please run 'systemctl daemon-reload' after making changes here.
+#
+# <file system> <mount point>   <type>  <options>       <dump>  <pass>
+# / was on /dev/nvme0n1p2 during installation
+UUID=ad271484-f3d7-4065-b1b7-224cdd4cd1ca /               ext4    errors=remount-ro 0       1 ### change this line to uuid of nvme1(or 1)n1p2 (ext4 one...) -> f6b9a157-815a-4f61-a463-0caf165a92b4
+# /boot/efi was on /dev/nvme0n1p1 during installation
+UUID=1504-1CE6  /boot/efi       vfat    umask=0077      0       1
+# /home was on /dev/sda1 during installation
+# UUID=c810ee0e-35ab-4f2a-a273-0a94ea401731 /home           ext4    defaults        0       2 ####Re-Add this one?
+# swap was on /dev/nvme0n1p3 during installation
+UUID=4476761c-6ba1-4ef7-bb5f-81f38f96ff44 none            swap    sw              0       0
+
+

services.log

@@ -0,0 +1,60 @@
+total 232
+drwxr-xr-x 49 soenke soenke 4096 Jun 24 22:22 .
+drwx------ 19 soenke soenke 4096 Jun 23 21:17 ..
+-rw-r--r--  1 soenke soenke   45 Jun  6 16:40 api.md
+drwxr-xr-x  2 soenke soenke 4096 Jun 23 07:41 authentik
+drwxr-xr-x  2 soenke soenke 4096 Jun 18 14:27 autokuma
+drwxr-xr-x  2 soenke soenke 4096 Jun 18 14:27 automatic-ripping-machine
+drwxr-xr-x  2 soenke soenke 4096 Jun 18 14:27 beeper
+drwxr-xr-x  4 soenke soenke 4096 Jun 19 11:41 bookstack
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 bracket
+drwxr-xr-x  3 soenke soenke 4096 Jun 19 11:41 caddy
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 changedetect
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 chartbrew
+drwxr-xr-x  2 soenke soenke 4096 Jun 18 14:27 chiefonboarding
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 convertx
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 donetick
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 erugo
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 excalidraw
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 firefly
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 freshrss
+-rwxr-xr-x  1 soenke soenke   93 Jun 18 14:33 generateCaddySnippets.sh
+drwxr-xr-x  9 soenke soenke 4096 Jun 20 12:52 .git
+drwxr-xr-x  2 soenke soenke 4096 Jun 18 14:27 git
+drwxr-xr-x  3 soenke soenke 4096 Jun 19 11:41 guacamole-docker-compose
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 12:33 homarr
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 12:33 homepage
+drwxr-xr-x  2 soenke soenke 4096 Jun  8 21:12 .idea
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 12:33 ittools
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 jenkins
+drwxr-xr-x  3 soenke soenke 4096 Jun 19 11:41 kopia
+-rw-r--r--  1 soenke soenke  659 Apr  9 14:06 LICENSE
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 mealie
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 memos
+drwxr-xr-x  6 soenke soenke 4096 Jun 18 14:28 morphos
+-rw-r--r--  1 soenke soenke    0 Jun 20 12:52 move_ssd.md
+drwxr-xr-x  8 soenke soenke 4096 Jun 19 22:14 mysql
+drwxr-xr-x  2 soenke soenke 4096 Jun 18 14:27 n8n
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 12:33 nas
+-rw-r--r--  1 soenke soenke 4849 Jun 19 07:13 newCaddyfile
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 ntfy
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 12:23 ollama
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 omniTools
+drwxr-xr-x  2 soenke soenke 4096 Jun 23 07:40 paperless
+drwxr-xr-x  3 soenke soenke 4096 Jun 18 14:28 paperless_import
+drwxr-xr-x  4 soenke soenke 4096 Jun 19 07:13 pihole
+drwxr-xr-x  2 soenke soenke 4096 Jun 23 07:31 plantit
+-rw-r--r--  1 soenke soenke  420 Jun  8 22:34 README.md
+-rwxr-xr-x  1 soenke soenke  257 Jun 19 11:29 restartall.sh
+-rwxr-xr-x  1 soenke soenke  269 Jun 18 14:34 restartcaddy.sh
+-rw-r--r--  1 soenke soenke    0 Jun 24 22:22 services.log
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 shiori
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 speedtest-tracker
+-rwxr-xr-x  1 soenke soenke  117 Jun 18 07:23 startall.sh
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 stirlingpdf
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 unify
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 uptimekuma
+drwxr-xr-x  2 soenke soenke 4096 Jun 23 21:17 vaultwarden
+drwxr-xr-x  2 soenke soenke 4096 Jun 18 14:27 vikunja
+drwxr-xr-x  2 soenke soenke 4096 Jun 18 14:27 vscode
+drwxr-xr-x  2 soenke soenke 4096 Jun 19 11:41 wallos

sparkyfitness/.env

@@ -0,0 +1,59 @@
+# SparkyFitness Environment Variables
+# Copy this file to .env in the root directory and fill in your own values before running 'docker-compose up'.
+
+# --- PostgreSQL Database Settings ---
+# These values should match the ones used by your PostgreSQL container.
+# For Docker Compose deployments, SPARKY_FITNESS_DB_HOST will be the service name (e.g., 'sparkyfitness-db').
+# For local development (running Node.js directly), use 'localhost' or '127.0.0.1' if PostgreSQL is on your host.
+SPARKY_FITNESS_DB_NAME=sparkyfitness_db
+SPARKY_FITNESS_DB_USER=sparky
+SPARKY_FITNESS_DB_PASSWORD=iI5EjjLHHPhYAsiw1H1eAUz6kfkTxLp6T3Zv4H0JSmi4Dt1rGCR2904lURub7ctB
+#SPARKY_FITNESS_DB_HOST=localhost # Needed only for local development or if you are not using Docker Compose.
+
+# --- Backend Server Settings ---
+# The hostname or IP address of the backend server.
+# For Docker Compose, this is typically the service name (e.g., 'sparkyfitness-server').
+# For local development or other deployments, this might be 'localhost' or a specific IP.
+SPARKY_FITNESS_SERVER_HOST=sparkyfitness-server
+# The external port the server will be exposed on.
+SPARKY_FITNESS_SERVER_PORT=3010
+
+# The public URL of your frontend (e.g., https://fitness.example.com). This is crucial for CORS security.
+# For local development, use http://localhost:8080. For production, use your domain with https.
+SPARKY_FITNESS_FRONTEND_URL=https://sparkyfitness.domr.ovh
+
+# Logging level for the server (e.g., INFO, DEBUG, WARN, ERROR)
+SPARKY_FITNESS_LOG_LEVEL=INFO
+
+# Node.js environment mode (e.g., development, production, test)
+# Set to 'production' for deployment to ensure optimal performance and security.
+NODE_ENV=production
+
+# Server timezone. Use a TZ database name (e.g., 'America/New_York', 'Etc/UTC').
+# This affects how dates/times are handled by the server if not explicitly managed in code.
+TZ=Etc/UTC
+
+# --- Security Settings ---
+# A 64-character hex string for data encryption. 
+# You can generate a secure key with the following command:
+# openssl rand -hex 32
+# or 
+# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+SPARKY_FITNESS_API_ENCRYPTION_KEY=6b81cdf06688652427c79ed4e08116c8612c87309bb7d0ed76edc586f240c81c
+
+# A secret key for signing JSON Web Tokens (JWTs). Make this a long, random, and secure string.
+# You can generate a secure key with the following command:
+# openssl rand -base64 32
+# or 
+# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+JWT_SECRET=bvf4IpNQ9CtxdeRlcYk2K5lpQeAphPBgo72G7EQdPmE=
+
+# --- Signup Settings ---
+# Set to 'true' to disable new user registrations.
+SPARKY_FITNESS_DISABLE_SIGNUP=false
+
+# --- Admin Settings ---
+# Set the email of a user to automatically grant admin privileges on server startup.
+# This is useful for development or initial setup.
+# Example: SPARKY_FITNESS_ADMIN_EMAIL=admin@example.com
+SPARKY_FITNESS_ADMIN_EMAIL=soenke@domroese.eu

sparkyfitness/Caddyfilepart

@@ -0,0 +1,4 @@
+sparkyfitness.domr.ovh {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3942
+}

sparkyfitness/docker-compose.yaml

@@ -0,0 +1,62 @@
+services:
+  sparkyfitness-db:
+    image: postgres:15-alpine
+    restart: always
+    environment:
+      POSTGRES_DB: ${SPARKY_FITNESS_DB_NAME}
+      POSTGRES_USER: ${SPARKY_FITNESS_DB_USER}
+      POSTGRES_PASSWORD: ${SPARKY_FITNESS_DB_PASSWORD}
+    volumes:
+      - /home/soenke/docker-data/sparkyfitness/postgresql:/var/lib/postgresql/data
+    networks:
+      - sparkyfitness-network # Use the new named network
+
+  sparkyfitness-server:
+    image: codewithcj/sparkyfitness_server:latest # Use pre-built image
+    environment:
+      SPARKY_FITNESS_LOG_LEVEL: ${SPARKY_FITNESS_LOG_LEVEL}
+      SPARKY_FITNESS_DB_USER: ${SPARKY_FITNESS_DB_USER}
+      SPARKY_FITNESS_DB_HOST: sparkyfitness-db # Use the service name 'sparkyfitness-db' for inter-container communication
+      SPARKY_FITNESS_DB_NAME: ${SPARKY_FITNESS_DB_NAME}
+      SPARKY_FITNESS_DB_PASSWORD: ${SPARKY_FITNESS_DB_PASSWORD}
+      SPARKY_FITNESS_DB_PORT: 5432
+      SPARKY_FITNESS_API_ENCRYPTION_KEY: ${SPARKY_FITNESS_API_ENCRYPTION_KEY}
+      JWT_SECRET: ${JWT_SECRET}
+      SPARKY_FITNESS_FRONTEND_URL: ${SPARKY_FITNESS_FRONTEND_URL}
+      SPARKY_FITNESS_DISABLE_SIGNUP: ${SPARKY_FITNESS_DISABLE_SIGNUP}
+      SPARKY_FITNESS_ADMIN_EMAIL: ${SPARKY_FITNESS_ADMIN_EMAIL}  #User with this email can access the admin panel
+    networks:
+      - sparkyfitness-network # Use the new named network
+    restart: always
+    depends_on:
+      - sparkyfitness-db # Backend depends on the database being available
+
+
+  sparkyfitness-frontend:
+    image: codewithcj/sparkyfitness:latest # Use pre-built image
+    ports:
+      - "3942:80" # Map host port 8080 to container port 80 (Nginx)
+    networks:
+      - sparkyfitness-network # Use the new named network
+    restart: always
+    depends_on:
+      - sparkyfitness-server # Frontend depends on the server
+    labels:
+      kuma.tools.tag.name: 'Tools'
+      kuma.tools.tag.color: '#FF9900'
+      kuma.homelab.tag.name: 'Homelab'
+      kuma.homelab.tag.color: '#FF9955'
+      kuma.organization.tag.name: 'Organization'
+      kuma.organization.tag.color: '#FF99AA'
+      kuma.sparkyfitness.http.name: 'Sparkyfitness'
+      kuma.sparkyfitness.http.url: 'https://sparkyfitness.domr.ovh/'
+      kuma.sparkyfitness.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
+      homepage.group: Hosting
+      homepage.name: Sparkyfitness
+      homepage.icon: sparkyfitness.png
+      homepage.href: https://sparkyfitness.domr.ovh/
+      homepage.description: Sparkyfitness Fitnesstracker
+      
+networks:
+  sparkyfitness-network:
+    driver: bridge

vaultwarden/docker-compose.yaml

@@ -0,0 +1,32 @@
+services:
+  vaultwarden:
+    container_name: vaultwarden
+    image: vaultwarden/server:latest
+    restart: unless-stopped
+    volumes:
+      - /home/soenke/docker-data/vaultwarden/data/:/data/
+    ports:
+      - 4080:80
+    environment:
+      - DOMAIN=https://vault.domr.ovh
+      - LOGIN_RATELIMIT_MAX_BURST=10
+      - LOGIN_RATELIMIT_SECONDS=60
+      - ADMIN_RATELIMIT_MAX_BURST=10
+      - ADMIN_RATELIMIT_SECONDS=60
+      - ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$YWNhZitNS0l5eU5zNWY2enNtbjlRQTlEci9HcEdRNVROVkZkaWpRZnJnRT0$$8Ma3+XxVENBXG2Tx6tZceqGb8RscwisZK1OqT/YNl60
+      - SENDS_ALLOWED=true
+      - EMERGENCY_ACCESS_ALLOWED=true
+      - WEB_VAULT_ENABLED=true
+      - SIGNUPS_ALLOWED=false
+      - SIGNUPS_VERIFY=true
+      - SIGNUPS_VERIFY_RESEND_TIME=3600
+      - SIGNUPS_VERIFY_RESEND_LIMIT=5
+      - SIGNUPS_DOMAINS_WHITELIST=domr.ovh,home.domroese.eu,domroese.eu,192.168.1.65
+      - SMTP_HOST=${SYSTEM_EMAIL_SMTP_HOST}
+      - SMTP_FROM=${SYSTEM_EMAIL_USER}
+      - SMTP_FROM_NAME="domr.ovh Vaultwarden"
+      - SMTP_SECURITY=force_tls
+      - SMTP_PORT=${SYSTEM_EMAIL_SMTP_PORT}
+      - SMTP_USERNAME=${SYSTEM_EMAIL_USER}
+      - SMTP_PASSWORD=${SYSTEM_EMAIL_PASSSWORD}
+      - SMTP_AUTH_MECHANISM="Login"

vikunja/Caddyfilepart

@@ -0,0 +1,4 @@
+vikunja.domr.ovh {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:3456
+}

vikunja/docker-compose.yaml

@@ -0,0 +1,61 @@
+services:
+    vikunja:
+        image: vikunja/vikunja
+        environment:
+            VIKUNJA_SERVICE_PUBLICURL: https://vikunja.domr.ovh
+            VIKUNJA_SERVICE_CUSTOMLOGOURL: https://domroese.eu/Nerdlicht/images/nerdlicht_color.png
+            VIKUNJA_DATABASE_HOST: db
+            VIKUNJA_DATABASE_PASSWORD: Huarghlbarfding!dong14780
+            VIKUNJA_DATABASE_TYPE: postgres
+            VIKUNJA_DATABASE_USER: vikunja
+            VIKUNJA_DATABASE_DATABASE: vikunja
+            VIKUNJA_SERVICE_JWTSECRET: 39d48b07b858229682ecbb5edc54716285a52bed7d1f935511ff2d1b361fce24
+            VIKUNJA_MAILER_ENABLED: true
+            VIKUNJA_MAILER_HOST: ${SYSTEM_EMAIL_SMTP_HOST}
+            VIKUNJA_MAILER_PORT: ${SYSTEM_EMAIL_SMTP_PORT}
+            VIKUNJA_MAILER_AUTHTYPE: login
+            VIKUNJA_MAILER_USERNAME: ${SYSTEM_EMAIL_USER}
+            VIKUNJA_MAILER_PASSWORD: ${SYSTEM_EMAIL_PASSWORD}
+            VIKUNJA_MAILER_SKIPTLSVERIFY: false
+            VIKUNJA_MAILER_FROMEMAIL: ${SYSTEM_EMAIL_USER}
+            VIKUNJA_MAILER_QUEUELENGTH: 10
+            VIKUNJA_MAILER_QUEUETIMEOUT: 30
+            VIKUNJA_MAILER_FORCESSL: false
+            VIKUNJA_BACKGROUNDS_ENABLED: true
+            VIKUNJA_BACKGROUNDS_PROVIDERS_UPLOAD_ENABLED: true
+            VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_ENABLED: true
+            VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_ACCESSTOKEN: vnE2DQsU2jKE0o_5kYVjDsUaxAaFOts_1GOpyZxfbAI
+            VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_SECRET: 1XNsUdNT8qRlKITVr8fuNI7RcQO2q7EMNG3BRpay7aY
+            VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_APPLICATIONID: 769765
+        ports:
+            - 3456:3456
+        volumes:
+            - /home/soenke/docker-data/vikunja/files:/app/vikunja/files
+            - /home/soenke/docker-data/vikunja/config.yml:/etc/vikunja/config.yml
+        depends_on:
+            db:
+                condition: service_healthy
+        restart: unless-stopped
+        labels:
+            kuma.tools.tag.name: 'Tools'
+            kuma.tools.tag.color: '#FF9900'
+            kuma.homelab.tag.name: 'Homelab'
+            kuma.homelab.tag.color: '#FF9955'
+            kuma.organization.tag.name: 'Organization'
+            kuma.organization.tag.color: '#FF99AA'
+            kuma.wallos.http.name: 'wallos'
+            kuma.wallos.http.url: 'https://vikunja.domr.ovh/'
+            kuma.wallos.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
+
+    db:
+        image: postgres:17
+        environment:
+            POSTGRES_PASSWORD: Huarghlbarfding!dong14780
+            POSTGRES_USER: vikunja
+        volumes:
+            - /home/soenke/docker-data/vikunja/db:/var/lib/postgresql/data
+        restart: unless-stopped
+        healthcheck:
+            test: ["CMD-SHELL", "pg_isready -h localhost -U $$POSTGRES_USER"]
+            interval: 2s
+            start_period: 30s

yopass/Caddyfilepart

@@ -0,0 +1,5 @@
+yopass.domr.ovh,
+yopass.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:8667
+}

yopass/docker-compose.yml

@@ -0,0 +1,12 @@
+services:
+  memcached:
+    image: memcached
+    restart: always
+    expose:
+      - "11211"
+  yopass:
+    image: jhaals/yopass
+    restart: always
+    ports:
+      - 8667:80
+    command: --memcached=memcached:11211 --port 80