nerdlicht/docker-container
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: nerdlicht:main
Branches Tags
nerdlicht:main
..
compare: nerdlicht:1a72a7c0ffdb33bc37bc61313082a7410dbc5a12
Branches Tags
nerdlicht:main

3 Commits
main ... 1a72a7c0ff

Author SHA1 Message Date
Sönke Domröse
1a72a7c0ff Merge remote-tracking branch 'origin/main' into feature/allthestuff 
# Conflicts:
#	caddy/Caddyfile
#	startall.sh
 2025-04-24 15:37:10 +02:00
Sönke Domröse
266f32b917 readme + restart script 2025-04-24 15:34:57 +02:00
Sönke Domröse
2e618e910a Add all the containers 2025-04-24 14:55:20 +02:00
137 changed files with 911 additions and 138700 deletions
Expand all files Collapse all files

2
.idea/.gitignore generated vendored
View File

@@ -11,5 +11,3 @@
# Datasource local storage ignored files
/dataSources/
/dataSources.local.xml
/AndroidProjectSystem.xml
/sonarlint.xml

19
.idea/php.xml generated
View File

@@ -1,19 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="MessDetectorOptionsConfiguration">
<option name="transferred" value="true" />
</component>
<component name="PHPCSFixerOptionsConfiguration">
<option name="transferred" value="true" />
</component>
<component name="PHPCodeSnifferOptionsConfiguration">
<option name="highlightLevel" value="WARNING" />
<option name="transferred" value="true" />
</component>
<component name="PhpStanOptionsConfiguration">
<option name="transferred" value="true" />
</component>
<component name="PsalmOptionsConfiguration">
<option name="transferred" value="true" />
</component>
</project>

7
Blinko/Caddyfilepart
View File

@@ -1,7 +0,0 @@
blinko.domr.ovh,
blinko.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1111
}

61
Blinko/docker-compose.yaml
View File

@@ -1,61 +0,0 @@
networks:
blinko-network:
driver: bridge
services:
blinko-website:
image: blinkospace/blinko:latest
container_name: blinko-website
environment:
NODE_ENV: production
# NEXTAUTH_URL: http://localhost:1111
# IMPORTANT: If you want to use sso, you must set NEXTAUTH_URL to your own domain
# NEXT_PUBLIC_BASE_URL: http://localhost:1111
# IMPORTANT: Replace this with your own secure secret key!
NEXTAUTH_SECRET: my_ultra_secure_nextauth_secret
DATABASE_URL: postgresql://postgres:o2OyODu2vhVJFY9apA9ODTSZg0JxFbZP@postgres:5432/postgres
depends_on:
postgres:
condition: service_healthy
# Make sure you have enough permissions.
# volumes:
# - ~/your-name/.blinko:/app/.blinko
restart: always
logging:
options:
max-size: "10m"
max-file: "3"
ports:
- 1111:1111
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://blinko-website:1111/"]
interval: 30s
timeout: 10s
retries: 5
start_period: 30s
networks:
- blinko-network
postgres:
image: postgres:14
container_name: blinko-postgres
restart: always
ports:
- 5435:5432
environment:
POSTGRES_DB: postgres
POSTGRES_USER: postgres
POSTGRES_PASSWORD: o2OyODu2vhVJFY9apA9ODTSZg0JxFbZP
TZ: Europe/Berlin
# Persisting container data
# Make sure you have enough permissions.
volumes:
- /home/soenke/docker-data/blinko/.db:/var/lib/postgresql/data
healthcheck:
test:
["CMD", "pg_isready", "-U", "postgres", "-d", "postgres"]
interval: 5s
timeout: 10s
retries: 5
networks:
- blinko-network

202
Caddyfile.bak
View File

@@ -1,202 +0,0 @@
auth.domr.ovh,
auth.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8444
}
bookstack.domr.ovh,
bookstack.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:6875
}
bracket.domr.ovh:443,
bracket.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3000
}
backend.bracket.domr.ovh:443,
backend.bracket.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8400
}
caddy.domr.ovh,
caddy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8881
}
api.caddy.domr.ovh,
api.caddy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2019
}
changedetect.domr.ovh:80,
changedetect.home.domroese.eu:80,
changedetect.domr.ovh:443,
changedetect.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:5238
}
chartbrew.domr.ovh,
chartbrew.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4018
}
chartbrew.domr.ovh:4019,
chartbrew.home.domroese.eu:4019 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4019
}
onboarding.domr.ovh,
onboarding.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8517
}convertx.domr.ovh,
convertx.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3410
}
todos.domr.ovh, #donetick
todos.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2021
}
erugo.domr.ovh,
erugo.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9997
}
excalidraw.domr.ovh,
excalidraw.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8267
}
firefly.domr.ovh,
firefly.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8950
}
rss.domr.ovh,
rss.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8884
}
git.domr.ovh,
git.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.194:8418
}
guac.domr.ovh,
guac.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:6080
}
homarr.domr.ovh,
homarr.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:7575
}
homepage.domr.ovh:80,
homepage.domr.ovh:443,
homepage.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3891
}
ittools.domr.ovh:443,
ittools.home.domroese.eu:443,
ittools.domr.ovh:80,
ittools.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9080
}
jenkins.domr.ovh,
jenkins.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8040
}
kopia.domr.ovh,
kopia.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:51515
}
mealie.domr.ovh,
mealie.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9925
}
memos.domr.ovh,
memos.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:5230
}
ntfy.domr.ovh {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8234
}
chat.domr.ovh,
chat.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1180
}omnitools.domr.ovh,
omnitools.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8579
}
paperless.domr.ovh:443,
paperless.home.domroese.eu:443,
paperless.domr.ovh:80,
paperless.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1000
}
pihole.domr.ovh,
pihole.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2000
}
plantit.domr.ovh,
plantit.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3632
}
api.plantit.domr.ovh,
api.plantit.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8632
}
shiori.domr.ovh,
shiori.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2661
}
speedtesttracker.domr.ovh,
speedtesttracker.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1378
}
pdf.domr.ovh,
pdf.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3614
}
uptimekuma.domr.ovh,
uptimekuma.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8030
}
vault.domr.ovh:443,
vault.home.domroese.eu:443,
vault.domr.ovh:80,
vault.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4080
}
wallos.domr.ovh,
wallos.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8282
}

78
README.md
View File

@@ -2,41 +2,47 @@
Docker Container
## some commands
* show only container name and status:
```
docker ps --format '{{.Names}}|{{.Status}}' | column -t -s "|"
```
### addresspool full:
edit /etc/docker/daemon.json
```
{
"default-address-pools": [
{
"base" : "172.16.0.0/12",
"size" : 24
}
]
}
```
## available containers:
#### Env-Vars
/etc/environment
```
SYSTEM_EMAIL_USER="some@thing.de"
SYSTEM_EMAIL_PASSSWORD="asdf"
SYSTEM_EMAIL_SMTP_HOST="mail.ovh.net"
SYSTEM_EMAIL_SMTP_PORT="465"
```
### SMTP Settings
SMTP_USER=${SYSTEM_EMAIL_USER}
SMTP_PASSWORD=${SYSTEM_EMAIL_PASSSWORD}
SMTP_HOST=${SYSTEM_EMAIL_SMTP_HOST}
SMTP_PORT=${SYSTEM_EMAIL_SMTP_PORT}
SMTP_FROM_ADDRESS=${SYSTEM_EMAIL_USER}
### OAUTH2 Integration
* use https://auth.domr.ovh
* [git](https://git.home.domroese.eu)
* git server
* [guac](https://guac.home.domroese.eu)
* guacamole, ssh and remotedesktop sessions
* [rss](https://rss.home.domroese.eu)
* rss reader
* [morphos](https://morphos.home.domroese.eu)
* Image and Video converter
* [uptimekuma](https://uptimekuma.home.domroese.eu)
* monitoring
* [kopia](https://kopia.home.domroese.eu)
* backup tools
* [jenkins](https://jenkins.home.domroese.eu)
* [pihole](https://pihole.home.domroese.eu)
* [paperless](https://paperless.home.domroese.eu)
* DMS
* [ittools](https://ittools.home.domroese.eu)
* just tools
* [omnitools](https://omnitools.home.domroese.eu)
* also just tools
* [vault](https://vault.home.domroese.eu)
* key vault
* [chat](https://chat.home.domroese.eu)
* LMMs
* [budibase](https://budibase.home.domroese.eu)
* No-Code coding
* [erugo](https://erugo.home.domroese.eu)
* Filesharing
* [excalidraw](https://excalidraw.home.domroese.eu)
*
* [homarr](https://homarr.home.domroese.eu)
* monitoring
* [homepage](https://homepage.home.domroese.eu)
* Homepage
* [mealie](https://mealie.home.domroese.eu)
* Reciepes
* [shiori](https://shiori.home.domroese.eu)
* Bookmarks
* [wallos](https://wallos.home.domroese.eu)
* Finance, tracking of Subscriptions
* [nas](https://nas.home.domroese.eu)

29
actualBudget/docker-compose.yml Normal file
View File

@@ -0,0 +1,29 @@
services:
actual_server:
image: docker.io/actualbudget/actual-server:latest
ports:
# This line makes Actual available at port 5006 of the device you run the server on,
# i.e. http://localhost:5006. You can change the first number to change the port, if you want.
- '5006:5006'
environment:
# Uncomment any of the lines below to set configuration options.
# - ACTUAL_HTTPS_KEY=/data/selfhost.key
# - ACTUAL_HTTPS_CERT=/data/selfhost.crt
# - ACTUAL_PORT=5006
# - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20
# - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50
# - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20
# See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration
# !! If you are not using any of these options, remove the 'environment:' tag entirely.
volumes:
# Change './actual-data' below to the path to the folder you want Actual to store its data in on your server.
# '/data' is the path Actual will look for its files in by default, so leave that as-is.
- /home/soenke/docker-data/actualBudget/data:/data
healthcheck:
# Enable health check for the instance
test: ['CMD-SHELL', 'node src/scripts/health-check.js']
interval: 60s
timeout: 10s
retries: 3
start_period: 20s
restart: unless-stopped

1
api.md
View File

@@ -1 +0,0 @@
uk1_NptdpvVbC14Nt3qZ6EJHt9IrFGuSurmqSM6cSf8y

17
authentik/.env
View File

@@ -1,17 +0,0 @@
# SMTP Host Emails are sent to
AUTHENTIK_EMAIL__HOST=smtp.mail.ovh.net
AUTHENTIK_EMAIL__PORT=465
# Optionally authenticate (don't add quotation marks to your password)
AUTHENTIK_EMAIL__USERNAME=soenke@domr.ovh
AUTHENTIK_EMAIL__PASSWORD=5Qy6/Hmo&IMl
# Use StartTLS
AUTHENTIK_EMAIL__USE_TLS=false
# Use SSL
AUTHENTIK_EMAIL__USE_SSL=true
AUTHENTIK_EMAIL__TIMEOUT=20
# Email address authentik will send from, should have a correct @domain
AUTHENTIK_EMAIL__FROM=soenke@domr.ovh
COMPOSE_PORT_HTTP=8444
COMPOSE_PORT_HTTPS=9444
PG_PASS=ygANkw/2DERtCPtVx/sByUz8oHh/AA/MKGvixunGJQdzjuI6
AUTHENTIK_SECRET_KEY=zCojkJpDWAapikKGWR812mSDXwS1bznfTJ+PIyAbqZAiZaKxhyRZTOPq3djqdMtIsqdoPr+HnJNfn9QG

5
authentik/Caddyfilepart
View File

@@ -1,5 +0,0 @@
auth.domr.ovh,
auth.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8444
}

6
authentik/README.md
View File

@@ -1,6 +0,0 @@
* After install run
```
echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .env
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .env
# echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env
```

85
authentik/docker-compose.yml
View File

@@ -1,85 +0,0 @@
services:
postgresql:
env_file:
- .env
environment:
POSTGRES_DB: ${PG_DB:-authentik}
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
POSTGRES_USER: ${PG_USER:-authentik}
healthcheck:
interval: 30s
retries: 5
start_period: 20s
test:
- CMD-SHELL
- pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
timeout: 5s
image: docker.io/library/postgres:16-alpine
restart: unless-stopped
volumes:
- /home/soenke/docker-data/authentik/database:/var/lib/postgresql/data
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.authentik.http.name: 'Authentik'
kuma.authentik.http.url: 'https://auth.domr.ovh'
kuma.authentik.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "homelab", "value": "" }]'
homepage.group: Hosting
homepage.name: Authentik
homepage.icon: authentik.png
homepage.href: https://auth.domr.ovh/
homepage.description: Authentik Oauth2 Service
homepage.widget.type: authentik
homepage.widget.url: https://auth.domr.ovh/
homepage.widget.key: slGO2rsG4xTObyuzRYPEe4Gs92X8TeNblIYOstX0rCID1WEv6wT5wkz4filJ
server:
command: server
depends_on:
postgresql:
condition: service_healthy
env_file:
- .env
environment:
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.12.3}
ports:
- "${COMPOSE_PORT_HTTP:-9000}:9000"
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
restart: unless-stopped
volumes:
- /home/soenke/docker-data/authentik/data:/data
- /home/soenke/docker-data/authentik/media:/media
- /home/soenke/docker-data/authentik/custom-templates:/templates
worker:
command: worker
depends_on:
postgresql:
condition: service_healthy
env_file:
- .env
environment:
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.12.3}
restart: unless-stopped
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/soenke/docker-data/authentik/media:/media
- /home/soenke/docker-data/authentik/certs:/certs
- /home/soenke/docker-data/authentik/custom-templates:/templates
volumes:
database:
driver: local

65
authentik/docker-compose2025.12.yml
View File

@@ -1,65 +0,0 @@
services:
postgresql:
env_file:
- .env
environment:
POSTGRES_DB: ${PG_DB:-authentik}
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
POSTGRES_USER: ${PG_USER:-authentik}
healthcheck:
interval: 30s
retries: 5
start_period: 20s
test:
- CMD-SHELL
- pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
timeout: 5s
image: docker.io/library/postgres:16-alpine
restart: unless-stopped
volumes:
- database:/var/lib/postgresql/data
server:
command: server
depends_on:
postgresql:
condition: service_healthy
env_file:
- .env
environment:
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.12.3}
ports:
- ${COMPOSE_PORT_HTTP:-9000}:9000
- ${COMPOSE_PORT_HTTPS:-9443}:9443
restart: unless-stopped
volumes:
- ./data:/data
- ./custom-templates:/templates
worker:
command: worker
depends_on:
postgresql:
condition: service_healthy
env_file:
- .env
environment:
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.12.3}
restart: unless-stopped
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/data
- ./certs:/certs
- ./custom-templates:/templates
volumes:
database:
driver: local

0
autokuma/Caddyfilepart
View File

29
autokuma/docker-compose.yaml
View File

@@ -1,29 +0,0 @@
services:
autokuma:
image: ghcr.io/bigboot/autokuma:latest
restart: unless-stopped
environment:
AUTOKUMA__KUMA__URL: https://uptimekuma.domr.ovh/
AUTOKUMA__KUMA__USERNAME: "Soenke"
AUTOKUMA__KUMA__PASSWORD: "RvG7ULSTLf7cN39XCEnH4BVEjx4BuQgJ"
# AUTOKUMA__KUMA__MFA_TOKEN: <token>
# AUTOKUMA__KUMA__HEADERS: "<header1_key>=<header1_value>,<header2_key>=<header2_value>,..."
AUTOKUMA__KUMA__CALL_TIMEOUT: 5
AUTOKUMA__KUMA__CONNECT_TIMEOUT: 5
AUTOKUMA__TAG_NAME: AutoKuma
AUTOKUMA__TAG_COLOR: "#42C0FB"
AUTOKUMA__DEFAULT_SETTINGS: |-
docker.docker_container: {{container_name}}
http.max_redirects: 10
*.max_retries: 3
# AUTOKUMA__SNIPPETS__WEB: |-
# {{container_name}}_http.http.name: {{container_name}} HTTP
# {{container_name}}_http.http.url: https://{{@0}}:{{@1}}
# {{container_name}}_docker.docker.name: {{container_name}} Docker
# {{container_name}}_docker.docker.docker_container: {{container_name}}
AUTOKUMA__DOCKER__HOSTS: unix:///var/run/docker.sock
# AUTOKUMA__DOCKER__LABEL_PREFIX: kuma
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/soenke/docker-data/autokuma/data:/data

5
automatic-ripping-machine/README.md Normal file
View File

@@ -0,0 +1,5 @@
sudo apt install wget lsscsi
lsscsi -g
wget https://raw.githubusercontent.com/automatic-ripping-machine/automatic-ripping-machine/main/scripts/docker-setup.sh
sudo chmod +x docker-setup.sh

102
automatic-ripping-machine/docker-setup.sh Executable file
View File

@@ -0,0 +1,102 @@
#!/usr/bin/env bash
set -eo pipefail
RED='\033[1;31m'
NC='\033[0m' # No Color
FORK=automaticrippingmachine
TAG=latest
function usage() {
echo -e "\nUsage: docker_setup.sh [OPTIONS]"
echo -e " -f <fork>\tSpecify the fork to pull from on DockerHub. \n\t\tDefault is \"$FORK\""
echo -e " -t <tag>\tSpecify the tag to pull from on DockerHub. \n\t\tDefault is \"$TAG\""
}
while getopts 'f:t:' OPTION
do
case $OPTION in
f) FORK=$OPTARG
;;
t) TAG=$OPTARG
;;
?) usage
exit 2
;;
esac
done
IMAGE="$FORK/automatic-ripping-machine:$TAG"
function install_reqs() {
apt update -y && apt upgrade -y
apt install -y curl lsscsi
}
function add_arm_user() {
echo -e "${RED}Adding arm user${NC}"
# create arm group if it doesn't already exist
if ! [[ "$(getent group arm)" ]]; then
groupadd arm
else
echo -e "${RED}arm group already exists, skipping...${NC}"
fi
# create arm user if it doesn't already exist
if ! id arm >/dev/null 2>&1; then
useradd -m arm -g arm
passwd arm
else
echo -e "${RED}arm user already exists, skipping...${NC}"
fi
usermod -aG cdrom,video arm
}
function launch_setup() {
# install docker
if [ -e /usr/bin/docker ]; then
echo -e "${RED}Docker installation detected, skipping...${NC}"
echo -e "${RED}Adding user arm to docker user group${NC}"
usermod -aG docker arm
else
echo -e "${RED}Installing Docker${NC}"
# the convenience script auto-detects OS and handles install accordingly
curl -sSL https://get.docker.com | bash
echo -e "${RED}Adding user arm to docker user group${NC}"
usermod -aG docker arm
fi
}
function pull_image() {
echo -e "${RED}Pulling image from $IMAGE${NC}"
sudo -u arm docker pull "$IMAGE"
}
function setup_mountpoints() {
echo -e "${RED}Creating mount points${NC}"
for dev in /dev/sr?; do
mkdir -p "/mnt$dev"
done
chown arm:arm /mnt/dev/sr*
}
function save_start_command() {
url="https://raw.githubusercontent.com/automatic-ripping-machine/automatic-ripping-machine/main/scripts/docker/start_arm_container.sh"
cd ~arm
if [ -e start_arm_container.sh ]
then
echo -e "'start_arm_container.sh' already exists. Backing up..."
sudo mv ./start_arm_container.sh ./start_arm_container.sh.bak
fi
sudo -u arm curl -fsSL "$url" -o start_arm_container.sh
chmod +x start_arm_container.sh
sed -i "s|IMAGE_NAME|${IMAGE}|" start_arm_container.sh
}
# start here
install_reqs
add_arm_user
launch_setup
pull_image
setup_mountpoints
save_start_command
echo -e "${RED}Installation complete. A template command to run the ARM container is located in: $(echo ~arm) ${NC}"

16
beszel-agent/docker-compose.yaml
View File

@@ -1,16 +0,0 @@
services:
beszel-agent:
image: henrygd/beszel-agent
container_name: beszel-agent
restart: unless-stopped
network_mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/soenke/docker-data/beszel-agent/beszel_agent_data:/var/lib/beszel-agent
# monitor other disks / partitions by mounting a folder in /extra-filesystems
# - /mnt/disk/.beszel:/extra-filesystems/sda1:ro
environment:
LISTEN: 45876
KEY: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVA2+hStjbFgCmiZl80+JFDZZxePZ4fRV8hEwLj3/o5'
TOKEN: b608d327-43be-4a2c-a4fb-7e6606639fab
HUB_URL: https://beszel.domr.ovh

5
beszel/Caddyfilepart
View File

@@ -1,5 +0,0 @@
beszel.domr.ovh,
beszel.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:7090
}

9
beszel/docker-compose.yml
View File

@@ -1,9 +0,0 @@
services:
beszel:
image: henrygd/beszel
container_name: beszel
restart: unless-stopped
ports:
- 7090:8090
volumes:
- /home/soenke/docker-data/beszel/beszel_data:/beszel_data

31
budibase/.env Normal file
View File

@@ -0,0 +1,31 @@
# Use the main port in the builder for your self hosting URL, e.g. localhost:10000
MAIN_PORT=10000
# This section contains all secrets pertaining to the system
# These should be updated
API_ENCRYPTION_KEY="r*6V&XX#Nc@KhkB7"
JWT_SECRET="4hXZmFIvjmb$!jIp"
MINIO_ACCESS_KEY="*PG2M5^6WByh!uT1"
MINIO_SECRET_KEY="I238Lt@TqB#eTtG%"
COUCH_DB_PASSWORD="OgDcjjIA^Q6i0*VN"
COUCH_DB_USER=budibase
REDIS_PASSWORD="wfU2ufV*4#pxSyr&"
INTERNAL_API_KEY="pWCxHj8*A6bfEzTB"
# This section contains variables that do not need to be altered under normal circumstances
APP_PORT=4002
WORKER_PORT=4003
MINIO_PORT=4004
COUCH_DB_PORT=4005
COUCH_DB_SQS_PORT=4006
REDIS_PORT=6379
BUDIBASE_ENVIRONMENT=PRODUCTION
SQL_MAX_ROWS=
# An admin user can be automatically created initially if these are set
BB_ADMIN_USER_EMAIL=soenke@domroese.eu
BB_ADMIN_USER_PASSWORD="$$3ljjnr6#nGO3pP"
# A path that is watched for plugin bundles. Any bundles found are imported automatically/
PLUGINS_DIR=
ROLLING_LOG_MAX_SIZE=

120
budibase/docker-compose.yml Normal file
View File

@@ -0,0 +1,120 @@
version: "3"
# optional ports are specified throughout for more advanced use cases.
services:
app-service:
restart: unless-stopped
image: budibase/apps
container_name: bbapps
environment:
SELF_HOSTED: 1
COUCH_DB_URL: http://${COUCH_DB_USER}:${COUCH_DB_PASSWORD}@couchdb-service:5984
WORKER_URL: http://worker-service:4003
MINIO_URL: http://minio-service:9000
MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
INTERNAL_API_KEY: ${INTERNAL_API_KEY}
BUDIBASE_ENVIRONMENT: ${BUDIBASE_ENVIRONMENT}
PORT: 4002
API_ENCRYPTION_KEY: ${API_ENCRYPTION_KEY}
JWT_SECRET: ${JWT_SECRET}
LOG_LEVEL: info
ENABLE_ANALYTICS: "true"
REDIS_URL: redis-service:6379
REDIS_PASSWORD: ${REDIS_PASSWORD}
BB_ADMIN_USER_EMAIL: ${BB_ADMIN_USER_EMAIL}
BB_ADMIN_USER_PASSWORD: ${BB_ADMIN_USER_PASSWORD}
PLUGINS_DIR: ${PLUGINS_DIR}
OFFLINE_MODE: ${OFFLINE_MODE:-}
depends_on:
- worker-service
- redis-service
volumes:
- /home/soenke/docker-data/budibase/plugins:/plugins
worker-service:
restart: unless-stopped
image: budibase/worker
container_name: bbworker
environment:
SELF_HOSTED: 1
PORT: 4003
CLUSTER_PORT: ${MAIN_PORT}
API_ENCRYPTION_KEY: ${API_ENCRYPTION_KEY}
JWT_SECRET: ${JWT_SECRET}
MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
MINIO_URL: http://minio-service:9000
APPS_URL: http://app-service:4002
COUCH_DB_USERNAME: ${COUCH_DB_USER}
COUCH_DB_PASSWORD: ${COUCH_DB_PASSWORD}
COUCH_DB_URL: http://${COUCH_DB_USER}:${COUCH_DB_PASSWORD}@couchdb-service:5984
INTERNAL_API_KEY: ${INTERNAL_API_KEY}
REDIS_URL: redis-service:6379
REDIS_PASSWORD: ${REDIS_PASSWORD}
OFFLINE_MODE: ${OFFLINE_MODE:-}
depends_on:
- redis-service
- minio-service
minio-service:
restart: unless-stopped
image: minio/minio
volumes:
- minio_data:/data
environment:
MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
MINIO_BROWSER: "off"
command: server /data --console-address ":9001"
healthcheck:
test: "timeout 5s bash -c ':> /dev/tcp/127.0.0.1/9000' || exit 1"
interval: 30s
timeout: 20s
retries: 3
proxy-service:
restart: unless-stopped
ports:
- "${MAIN_PORT}:10000"
container_name: bbproxy
image: budibase/proxy
environment:
- PROXY_RATE_LIMIT_WEBHOOKS_PER_SECOND=10
- PROXY_RATE_LIMIT_API_PER_SECOND=20
- APPS_UPSTREAM_URL=http://app-service:4002
- WORKER_UPSTREAM_URL=http://worker-service:4003
- MINIO_UPSTREAM_URL=http://minio-service:9000
- COUCHDB_UPSTREAM_URL=http://couchdb-service:5984
- RESOLVER=127.0.0.11
depends_on:
- minio-service
- worker-service
- app-service
- couchdb-service
couchdb-service:
restart: unless-stopped
image: budibase/couchdb:v3.3.3-sqs-v2.1.1
environment:
- COUCHDB_PASSWORD=${COUCH_DB_PASSWORD}
- COUCHDB_USER=${COUCH_DB_USER}
- TARGETBUILD=docker-compose
volumes:
- couchdb3_data:/opt/couchdb/data
redis-service:
restart: unless-stopped
image: redis
command: redis-server --requirepass "${REDIS_PASSWORD}"
volumes:
- redis_data:/data
volumes:
couchdb3_data:
driver: local
minio_data:
driver: local
redis_data:
driver: local

277
caddy/Caddyfile
View File

@@ -1,223 +1,120 @@
auth.domr.ovh,
auth.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8444
}
beszel.domr.ovh,
beszel.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:7090
}
caddy.domr.ovh,
caddy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8881
}
api.caddy.domr.ovh,
api.caddy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2019
}
chartbrew.domr.ovh,
chartbrew.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4018
}
chartbrew.domr.ovh:4019,
chartbrew.home.domroese.eu:4019 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4019
}
dashy.domr.ovh, #donetick
dashy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8832
}
dockpeek.domr.ovh,
dockpeek.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3420
}
excalidraw.domr.ovh,
excalidraw.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8267
}
rss.domr.ovh,
rss.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8884
}
git.domr.ovh,
git.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.194:8418
}
guac.domr.ovh,
guac.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:6080
}
homebox.domr.ovh,
homebox.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3100
rss.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8884
}
homepage.domr.ovh:80,
homepage.domr.ovh:443,
homepage.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3891
}
immich.domr.ovh,
immich.home.domroese.eu {
morphos.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2283
reverse_proxy 192.168.1.65:8020
}
ittools.domr.ovh:443,
ittools.home.domroese.eu:443,
ittools.domr.ovh:80,
ittools.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9080
}
journal.domr.ovh,
journiv.domr.ovh {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8198
}
mealie.domr.ovh,
mealie.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9925
}
memos.domr.ovh,
memos.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:5230
}
nas.domr.ovh,
nas.home.domroese.eu {
tls soenke@domroese.eu {
client_auth {
mode request
}
}
reverse_proxy https://192.168.1.194:5001 {
transport http {
tls_insecure_skip_verify # Disable TLS Verification, as we don't have a real certificate on the nas
}
}
}
ntfy.domr.ovh {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8234
}
chat.domr.ovh,
chat.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1180
}
omnitools.domr.ovh,
omnitools.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8579
}
paperless.domr.ovh:443,
paperless.home.domroese.eu:443,
paperless.domr.ovh:80,
paperless.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1000
}
pihole.domr.ovh,
pihole.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2000
}
portracker.domr.ovh,
portracker.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4999
}
speedtesttracker.domr.ovh,
speedtesttracker.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1378
}
pdf.domr.ovh,
pdf.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3614
}
uptimekuma.domr.ovh,
uptimekuma.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8030
}
vault.domr.ovh:443,
kopia.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:51515
}
jenkins.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8040
}
pihole.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2000
}
paperless.home.domroese.eu:443,
paperless.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1000
}
ittools.home.domroese.eu:443,
ittools.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9080
}
vault.home.domroese.eu:443,
vault.domr.ovh:80,
vault.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4080
}
wallos.domr.ovh,
chat.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1180
}
budibase.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4002
}
erugo.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9997
}
excalidraw.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8267
}
homarr.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:7575
}
homepage.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3891
}
mealie.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9925
}
omnitools.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8579
}
shiori.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2661
}
wallos.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8282
}
yopass.domr.ovh,
yopass.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8667
nas.home.domroese.eu {
tls soenke@domroese.eu {
client_auth {
mode request
}
}
reverse_proxy https://192.168.1.194:5001 {
transport http {
tls_insecure_skip_verify # Disable TLS Verification, as we don't have a real certificate on the nas
}
}
}

216
caddy/Caddyfile.bak
View File

@@ -1,216 +0,0 @@
auth.domr.ovh,
auth.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8444
}
beszel.domr.ovh,
beszel.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:7090
}
caddy.domr.ovh,
caddy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8881
}
api.caddy.domr.ovh,
api.caddy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2019
}
chartbrew.domr.ovh,
chartbrew.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4018
}
chartbrew.domr.ovh:4019,
chartbrew.home.domroese.eu:4019 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4019
}
dashy.domr.ovh, #donetick
dashy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8832
}
dockpeek.domr.ovh,
dockpeek.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3420
}
excalidraw.domr.ovh,
excalidraw.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8267
}
rss.domr.ovh,
rss.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8884
}
guac.domr.ovh,
guac.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:6080
}
homebox.domr.ovh,
homebox.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3100
}
homepage.domr.ovh:80,
homepage.domr.ovh:443,
homepage.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3891
}
immich.domr.ovh,
immich.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2283
}
ittools.domr.ovh:443,
ittools.home.domroese.eu:443,
ittools.domr.ovh:80,
ittools.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9080
}
journal.domr.ovh,
journiv.domr.ovh {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8198
}
mealie.domr.ovh,
mealie.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9925
}
memos.domr.ovh,
memos.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:5230
}
nas.domr.ovh,
nas.home.domroese.eu {
tls soenke@domroese.eu {
client_auth {
mode request
}
}
reverse_proxy https://192.168.1.194:5001 {
transport http {
tls_insecure_skip_verify # Disable TLS Verification, as we don't have a real certificate on the nas
}
}
}
ntfy.domr.ovh {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8234
}
chat.domr.ovh,
chat.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1180
}
omnitools.domr.ovh,
omnitools.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8579
}
paperless.domr.ovh:443,
paperless.home.domroese.eu:443,
paperless.domr.ovh:80,
paperless.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1000
}
pihole.domr.ovh,
pihole.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2000
}
portracker.domr.ovh,
portracker.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4999
}
speedtesttracker.domr.ovh,
speedtesttracker.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1378
}
pdf.domr.ovh,
pdf.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3614
}
uptimekuma.domr.ovh,
uptimekuma.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8030
}
vault.domr.ovh:443,
vault.home.domroese.eu:443,
vault.domr.ovh:80,
vault.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4080
}
wallos.domr.ovh,
wallos.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8282
}
yopass.domr.ovh,
yopass.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8667
}

234
caddy/Caddyfile.bak.möp
View File

@@ -1,234 +0,0 @@
auth.domr.ovh,
auth.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8444
}
bookstack.domr.ovh,
bookstack.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:6875
}
bracket.domr.ovh:443,
bracket.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3000
}
backend.bracket.domr.ovh:443,
backend.bracket.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8400
}
caddy.domr.ovh,
caddy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8881
}
api.caddy.domr.ovh,
api.caddy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2019
}
changedetect.domr.ovh:80,
changedetect.home.domroese.eu:80,
changedetect.domr.ovh:443,
changedetect.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:5238
}
chartbrew.domr.ovh,
chartbrew.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4018
}
chartbrew.domr.ovh:4019,
chartbrew.home.domroese.eu:4019 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4019
}
onboarding.domr.ovh,
onboarding.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8517
}
convertx.domr.ovh,
convertx.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3410
}
todos.domr.ovh, #donetick
todos.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2021
}
erugo.domr.ovh,
erugo.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9997
}
excalidraw.domr.ovh,
excalidraw.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8267
}
firefly.domr.ovh,
firefly.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8950
}
rss.domr.ovh,
rss.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8884
}
git.domr.ovh,
git.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.194:8418
}
guac.domr.ovh,
guac.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:6080
}
homarr.domr.ovh,
homarr.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:7575
}
homepage.domr.ovh:80,
homepage.domr.ovh:443,
homepage.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3891
}
ittools.domr.ovh:443,
ittools.home.domroese.eu:443,
ittools.domr.ovh:80,
ittools.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9080
}
jenkins.domr.ovh,
jenkins.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8040
}
kopia.domr.ovh,
kopia.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:51515
}
mealie.domr.ovh,
mealie.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9925
}
memos.domr.ovh,
memos.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:5230
}
ntfy.domr.ovh {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8234
}
chat.domr.ovh,
chat.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1180
}
omnitools.domr.ovh,
omnitools.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8579
}
paperless.domr.ovh:443,
paperless.home.domroese.eu:443,
paperless.domr.ovh:80,
paperless.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1000
}
pihole.domr.ovh,
pihole.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2000
}
plantit.domr.ovh,
plantit.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3632
}
api.plantit.domr.ovh,
api.plantit.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8632
}
shiori.domr.ovh,
shiori.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2661
}
speedtesttracker.domr.ovh,
speedtesttracker.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1378
}
pdf.domr.ovh,
pdf.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3614
}
uptimekuma.domr.ovh,
uptimekuma.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8030
}
vault.domr.ovh:443,
vault.home.domroese.eu:443,
vault.domr.ovh:80,
vault.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4080
}
wallos.domr.ovh,
wallos.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8282
}

11
caddy/Caddyfilepart
View File

@@ -1,11 +0,0 @@
caddy.domr.ovh,
caddy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8881
}
api.caddy.domr.ovh,
api.caddy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2019
}

15
caddy/docker-compose.yml
View File

@@ -15,9 +15,7 @@ services:
restart: unless-stopped
networks:
- caddy-network
environment:
- CADDY_ADMIN=0.0.0.0:2019
caddy-ui:
image: qmcgaw/caddy-ui
ports:
@@ -26,17 +24,6 @@ services:
- CADDY_API_ENDPOINT=http://192.168.1.65:2019
networks:
- caddy-network
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.caddy.http.name: 'Caddy'
kuma.caddy.http.url: 'https://caddy.domr.ovh'
kuma.caddy.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "homelab", "value": "" }]'
networks:
caddy-network:

10
chartbrew/Caddyfilepart
View File

@@ -1,10 +0,0 @@
chartbrew.domr.ovh,
chartbrew.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4018
}
chartbrew.domr.ovh:4019,
chartbrew.home.domroese.eu:4019 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:4019
}

40
chartbrew/docker-compose.yaml
View File

@@ -1,40 +0,0 @@
services:
chartbrew:
container_name: chartbrew
image: razvanilin/chartbrew
environment:
- VITE_APP_API_HOST=https://chartbrew.domr.ovh:4019
- VITE_APP_CLIENT_PORT=4018
- VITE_APP_CLIENT_HOST=https://chartbrew.domr.ovh
- CB_REDIS_PASSWORD=Diavid9600
- CB_REDIS_PORT=6379
- CB_REDIS_HOST=host.docker.internal
- CB_DB_PASSWORD=Diavid9600
- CB_DB_USERNAME=root
- CB_DB_NAME=chartbrew
- CB_DB_PORT=3306
- CB_DB_HOST=host.docker.internal
- CB_API_PORT=4019
- CB_API_HOST=0.0.0.0
- CB_ENCRYPTION_KEY=iuGSZWEs2+SjkrW15a468gIG8089pEUDfZ4XVZD0772TQCTj/kac1Oz7noOge+WRcdj6W8Q0JfqfVXBUPXHuPzAm2fBBRC9xjCdVqbAYk/0=
- CB_MAIL_HOST=${SYSTEM_EMAIL_USER}
- CB_MAIL_USER=${SYSTEM_EMAIL_PASSSWORD}
- CB_MAIL_PASS=${SYSTEM_EMAIL_SMTP_HOST}
- CB_MAIL_PORT=${SYSTEM_EMAIL_SMTP_PORT}
- CB_MAIL_SECURE=${SYSTEM_EMAIL_SMTP_SECURITY}
- CB_ADMIN_MAIL=soenke@domroese.eu
- CB_OPENAI_API_KEY=
- CB_OPENAI_MODEL=
ports:
- '4018:4018'
- '4019:4019'
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.chartbrew.http.name: 'Chartbrew'
kuma.chartbrew.http.url: 'https://chartbrew.domr.ovh'
kuma.chartbrew.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'

5
dashy/Caddyfilepart
View File

@@ -1,5 +0,0 @@
dashy.domr.ovh, #donetick
dashy.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8832
}

10
dashy/docker-compose.yml
View File

@@ -1,10 +0,0 @@
services:
dashy:
image: 'lissy93/dashy:latest'
restart: always
container_name: dashy
volumes:
- '/home/soenke/docker-data/dashy/:/app/user-data/'
ports:
- '8832:8080'

5
dockpeek/Caddyfilepart
View File

@@ -1,5 +0,0 @@
dockpeek.domr.ovh,
dockpeek.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3420
}

13
dockpeek/docker-compose.yml
View File

@@ -1,13 +0,0 @@
services:
dockpeek:
image: ghcr.io/dockpeek/dockpeek:latest
container_name: dockpeek
environment:
- SECRET_KEY=saljfbhwkhsjgbwjlefn # Set secret key
- USERNAME=soenke # Change default username
- PASSWORD=Diavid9600 # Change default password
ports:
- "3420:8000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped

22
erugo/docker-compose.yml Normal file
View File

@@ -0,0 +1,22 @@
services:
erugo:
image: wardy784/erugo:latest
user: 0:0
container_name: Erugo
healthcheck:
test: ["CMD-SHELL", "nc -z 127.0.0.1 80 || exit 1"]
interval: 10s
timeout: 5s
retries: 3
start_period: 90s
environment:
VITE_API_URL: https://erugo.yourname.synology.me
JWT_SECRET: dLB%7V$YJ5cPPmeuZCc%0O2E0HMV9Ock!J0dU@mzgYp4IaCR4XVuUn%0i!e@sMUq
APP_KEY: h$@H$BdK8ywbKmwkt^B8TH^mjDQ$w*AideHPhOLTHt$qH2eQvqSWJpxsARKVRxXM
APP_DEBUG: true
APP_TIMEZONE: Europe/Berlin
volumes:
- /home/soenke/docker-data/erugo/data:/var/www/html/storage:rw
ports:
- 9997:80
restart: on-failure:5

5
excalidraw/Caddyfilepart
View File

@@ -1,5 +0,0 @@
excalidraw.domr.ovh,
excalidraw.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8267
}

29
excalidraw/docker-compose.yml
View File

@@ -1,18 +1,23 @@
services:
excalidraw:
build:
context: .
args:
- NODE_ENV=development
container_name: excalidraw
image: excalidraw/excalidraw:latest
ports:
- "8267:80"
restart: on-failure
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.excalidraw.http.name: 'excalidraw'
kuma.excalidraw.http.url: 'https://excalidraw.domr.ovh'
kuma.excalidraw.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
stdin_open: true
healthcheck:
disable: true
environment:
- NODE_ENV=development
volumes:
- /home/soenke/docker-data/excalidraw/data:/opt/node_app/app:delegated
- /home/soenke/docker-data/excalidraw/package.json:/opt/node_app/package.json
- /home/soenke/docker-data/excalidraw/yarn.lock:/opt/node_app/yarn.lock
- notused:/opt/node_app/app/node_modules
volumes:
notused:

5
freshrss/Caddyfilepart
View File

@@ -1,5 +0,0 @@
rss.domr.ovh,
rss.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8884
}

30
freshrss/docker-compose.yml
View File

@@ -1,30 +0,0 @@
services:
freshrss:
image: lscr.io/linuxserver/freshrss:latest
container_name: freshrss
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- OIDC_ENABLED=1
- OIDC_PROVIDER_METADATA_URL=https://auth.domr.ovh/application/o/freshrss/.well-known/openid-configuration
- OIDC_CLIENT_ID=9O7GtmlyNAxaTwsO5Abg9BWCaCpHyzR551VC94qO
- OIDC_CLIENT_SECRET=ZPTML006HvR0yoRonHIZdvSMIcHYjdkRcC8QT6DERZYmitTIV5cCZhEESQNaKW4vEI7i7z1tC4brbEMaC9ERsfxlOlm6ZTVVVc8kcfYIthUGLijhi2livaJzwSYjFaWZ
- OIDC_X_FORWARDED_HEADERS=X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
- OIDC_SCOPES=openid email profile
volumes:
- /home/soenke/docker-data/freshrss:/config
ports:
- 8884:80
restart: unless-stopped
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.freshrss.http.name: 'freshrss'
kuma.freshrss.http.url: 'https://rss.domr.ovh'
kuma.freshrss.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'

5
generateCaddySnippets.sh
View File

@@ -1,5 +0,0 @@
for dir in *; do
if [ -d "$dir" ]; then
( cd "$dir" && touch Caddyfilepart )
fi
done

6
git/Caddyfilepart
View File

@@ -1,6 +0,0 @@
git.domr.ovh,
git.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.194:8418
}

5
guacamole-docker-compose/Caddyfilepart
View File

@@ -1,5 +0,0 @@
guac.domr.ovh,
guac.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:6080
}

36
guacamole-docker-compose/docker-compose.yml
View File

@@ -84,6 +84,10 @@
# 0.61 2024-07-27 fix networks + version 3.0
# 0.62 2024-07-27 fix
#####################################################################################
#the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
#version: '3.0'
# networks
# create a network 'guacnetwork_compose' in mode 'bridged'
networks:
@@ -107,9 +111,9 @@ services:
container_name: postgres_guacamole_compose
environment:
PGDATA: /var/lib/postgresql/data/guacamole
POSTGRESQL_DB: guacamole_db
POSTGRESQL_PASSWORD: 'quvt2s1UQgZjhvCl5e8H2s6X8FPnoULO'
POSTGRESQL_USERNAME: guacamole_hans
POSTGRES_DB: guacamole_db
POSTGRES_PASSWORD: 'ChooseYourOwnPasswordHere1234'
POSTGRES_USER: guacamole_user
image: postgres:15.2-alpine
networks:
- guacnetwork_compose
@@ -126,18 +130,10 @@ services:
- postgres
environment:
GUACD_HOSTNAME: guacd
POSTGRESQL_DATABASE: guacamole_db
POSTGRESQL_HOSTNAME: postgres
POSTGRESQL_PASSWORD: 'quvt2s1UQgZjhvCl5e8H2s6X8FPnoULO'
POSTGRESQL_USERNAME: guacamole_hans
OPENID_AUTHORIZATION_ENDPOINT: https://auth.domr.ovh/application/o/authorize/
OPENID_CLIENT_ID: HampNyA8GqcnljpuJ4Cb9Y3FKPuy8JNUL50gS2Wi
OPENID_CLIENT_SECRET: lCjXz3FADrLNmvV9XZmqCeHEaMY7lxuZeWuo9NomJNT70s3XuNNOP2wMn96fi6cmBAWuIXSBF5nMjf4Mwu3FszAULV9pAWGbvIGV2cC7xgT1DhRVaiTVO1bVGGcaFPJ9
OPENID_ISSUER: https://auth.domr.ovh/application/o/guacamole/
OPENID_JWKS_ENDPOINT: https://auth.domr.ovh/application/o/guacamole/jwks/
OPENID_REDIRECT_URI: https://guac.domr.ovh/
OPENID_USERNAME_CLAIM_TYPE: preferred_username
OPENID_ENABLED: false
POSTGRES_DATABASE: guacamole_db
POSTGRES_HOSTNAME: postgres
POSTGRES_PASSWORD: 'ChooseYourOwnPasswordHere1234'
POSTGRES_USER: guacamole_user
image: guacamole/guacamole
networks:
- guacnetwork_compose
@@ -149,14 +145,4 @@ services:
## enable next line when using nginx
## - 8080/tcp
restart: always
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.guacamole.http.name: 'guacamole'
kuma.guacamole.http.url: 'https://guac.domr.ovh/guacamole'
kuma.guacamole.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "homelab", "value": "" }]'

12
homarr/docker-compose.yml Normal file
View File

@@ -0,0 +1,12 @@
services:
homarr:
container_name: homarr
image: ghcr.io/homarr-labs/homarr:latest
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration
- /home/soenke/docker-data/homarr/appdata:/appdata
environment:
- SECRET_ENCRYPTION_KEY=c99349e72b4267a0ba7a19fa2de53cfdbd73708974338d2abe36f1379fe8ba7c
ports:
- '7575:7575'

5
homebox/Caddyfilepart
View File

@@ -1,5 +0,0 @@
homebox.domr.ovh,
homebox.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3100
}

24
homebox/docker-compose.yaml
View File

@@ -1,24 +0,0 @@
services:
homebox:
image: ghcr.io/hay-kot/homebox:latest
# image: ghcr.io/hay-kot/homebox:latest-rootless
container_name: homebox
restart: always
environment:
- HBOX_LOG_LEVEL=info
- HBOX_LOG_FORMAT=text
- HBOX_WEB_MAX_UPLOAD_SIZE=10
volumes:
- /home/soenke/docker-data/homebox/data:/data/
ports:
- 3100:7745
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.homarr.http.name: 'HomeBox'
kuma.homarr.http.url: 'https://homebox.domr.ovh/'
kuma.homarr.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'

6
homepage/Caddyfilepart
View File

@@ -1,6 +0,0 @@
homepage.domr.ovh:80,
homepage.domr.ovh:443,
homepage.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:3891
}

27
homepage/docker-compose.yml
View File

@@ -1,18 +1,4 @@
services:
dockerproxy:
image: ghcr.io/tecnativa/docker-socket-proxy:latest
container_name: dockerproxy
environment:
- CONTAINERS=1 # Allow access to viewing containers
- SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
- TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
- POST=0 # Disallow any POST operations (effectively read-only)
ports:
- 127.0.0.1:2375:2375
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
restart: unless-stopped
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
@@ -22,15 +8,4 @@ services:
- /home/soenke/docker-data/homepage/config:/app/config # Make sure your local config directory exists
- /var/run/docker.sock:/var/run/docker.sock # (optional) For docker integrations
environment:
- HOMEPAGE_ALLOWED_HOSTS=gethomepage.dev,homepage.domr.ovh,homepage.home.domroese.eu,homepage.domr.ovh:80,homepage.domr.ovh:443 # required, may need port. See gethomepage.dev/installation/#homepage_allowed_hosts
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.homepage.http.name: 'homepage'
kuma.homepage.http.url: 'https://homepage.domr.ovh/'
kuma.homepage.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
HOMEPAGE_ALLOWED_HOSTS: gethomepage.dev,homepage.home.domroese.eu # required, may need port. See gethomepage.dev/installation/#homepage_allowed_hosts

23
immich/.env
View File

@@ -1,23 +0,0 @@
# You can find documentation for all the supported env variables at https://docs.immich.app/install/environment-variables
# The location where your uploaded files are stored
UPLOAD_LOCATION=/mnt/synology/immich/library
# The location where your database files are stored. Network shares are not supported for the database
DB_DATA_LOCATION=/home/soenke/docker-data/immich/postgres
# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
# TZ=Etc/UTC
# The Immich version to use. You can pin this to a specific version like "v2.1.0"
IMMICH_VERSION=v2
# Connection secret for postgres. You should change it to a random password
# Please use only the characters `A-Za-z0-9`, without special characters or spaces
DB_PASSWORD=Mb1K7TmwtDeN7Cg7v6zPGwGNYnWti9x5
# The values below this line do not need to be changed
###################################################################################
DB_USERNAME=postgres
DB_DATABASE_NAME=immich

5
immich/Caddyfilepart
View File

@@ -1,5 +0,0 @@
immich.domr.ovh,
immich.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2283
}

77
immich/docker-compose.yml
View File

@@ -1,77 +0,0 @@
#
# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
#
# Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends:
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- ${UPLOAD_LOCATION}:/data
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
ports:
- '2283:2283'
depends_on:
- redis
- database
restart: always
healthcheck:
disable: false
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- model-cache:/cache
env_file:
- .env
restart: always
healthcheck:
disable: false
redis:
container_name: immich_redis
image: docker.io/valkey/valkey:9@sha256:546304417feac0874c3dd576e0952c6bb8f06bb4093ea0c9ca303c73cf458f63
healthcheck:
test: redis-cli ping || exit 1
restart: always
database:
container_name: immich_postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: '--data-checksums'
# Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
# DB_STORAGE_TYPE: 'HDD'
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
shm_size: 128mb
restart: always
healthcheck:
disable: false
volumes:
model-cache:

7
ittools/Caddyfilepart
View File

@@ -1,7 +0,0 @@
ittools.domr.ovh:443,
ittools.home.domroese.eu:443,
ittools.domr.ovh:80,
ittools.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9080
}

12
ittools/docker-compose.yml
View File

@@ -7,14 +7,4 @@ services:
environment:
- UID=1000
- GID=1000
image: 'corentinth/it-tools:latest'
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.ittools.http.name: 'ittools'
kuma.ittools.http.url: 'https://ittools.domr.ovh/'
kuma.ittools.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
image: 'corentinth/it-tools:latest'

2
jenkins/.env Normal file
View File

@@ -0,0 +1,2 @@
JENKINS_HOME_PATH=/home/soenke/docker-data/jenkins/jenkins_sandbox_home
JENKINS_AGENT_SSH_PUBLIC_KEY="<< leave empty for now >>"

65
jenkins/README.md Normal file
View File

@@ -0,0 +1,65 @@
# Jenkins with Docker Compose
Jenkins docker compose file (and instructions) to configure your jenkins controller and agent.
## Configuring Jenkins
1. Create the **jenkins_home** folder in your local environment
```
mkdir jenkins_sandbox_home
```
2. Create a file named **.env** and add the following:
```yml
JENKINS_HOME_PATH=/home/user/jenkins_sandbox_home # your local jenkins_home path.
JENKINS_AGENT_SSH_PUBLIC_KEY=<< leave empty for now >>
```
3. Run Jenkins controller:
```bash
docker-compose up -d
```
4. Get the password to proceed installation:
```bash
docker logs jenkins_sandbox | less
```
5. Go to <http://localhost:8080/> and enter the password.
6. Select **Install Suggested Plugins**, create the **admin** user and password, and leave the Jenkins URL <http://localhost:8080/>.
## Configuring Jenkins Agent
1. Use ssh-keygen to create a new key pair:
```bash
ssh-keygen -t rsa -f jenkins_key
```
2. Go to Jenkins and click **Manage jenkins** > **Manage credentials**.
3. Under **Stores scoped to Jenkins**, click **Global credentials**, next click **Add credentials** and set the following options:
- Select **SSH Username with private key**.
- Limit the scope to **System**.
- Give the credential an **ID**.
- Provide a **description**.
- Enter a **username**.
- Under Private Key check **Enter directly**.
- Paste the content of private key in the text box.
4. Click **Ok** to save.
5. Paste the public key on the **JENKINS_AGENT_SSH_PUBLIC_KEY** variable, in the **.env** file.
6. Recreate the services:
```bash
docker-compose down
docker-compose up -d
```

23
jenkins/docker-compose.yml Normal file
View File

@@ -0,0 +1,23 @@
# Jenkins Sandbox
version: "3"
services:
jenkins:
image: jenkins/jenkins:lts
container_name: jenkins_sandbox
privileged: true
user: root
ports:
- 8040:8080
- 50000:50000
volumes:
- ${JENKINS_HOME_PATH}:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
agent:
image: jenkins/ssh-agent:jdk11
container_name: jenkins_sandbox_agent
privileged: true
user: root
expose:
- 22
environment:
- JENKINS_AGENT_SSH_PUBKEY=${JENKINS_AGENT_SSH_PUBLIC_KEY}

297
journiv/.env
View File

@@ -1,297 +0,0 @@
# ============================================================================
# Journiv Environment Configuration Template
# Copy this file to .env and customize for your deployment.
#
# Usage:
# cp env.template .env
# nano .env
# Required settings:
# - SECRET_KEY
# - DOMAIN_NAME
#
# If using PostgreSQL (DB_DRIVER=postgres), also set:
# - Either POSTGRES_PASSWORD (with optional components), OR
# - DATABASE_URL with a PostgreSQL URL (postgresql:// or postgres://)
# NOT BOTH - specifying both will cause startup to fail
#
# All other settings are optional.
# ============================================================================
# ============================================================================
# REQUIRED SETTINGS
# ============================================================================
# Secret key for JWT token signing and encryption
# Generate with:
# python -c "import secrets; print(secrets.token_urlsafe(32))"
# Or:
# openssl rand -base64 32
SECRET_KEY=gjQ/6282Fdf3p4hK61nx/OHmLJCluIQauz/mm5idPls
# ============================================================================
# DOMAIN CONFIGURATION
# ============================================================================
# Public domain name where Journiv is accessible.
# DO NOT include http:// or https://.
# DO NOT include trailing slashes.
#
# Examples:
DOMAIN_NAME=journiv.domr.ovh
DOMAIN_NAME=journal.domr.ovh
# DOMAIN_NAME=192.168.1.10
#
# WRONG:
# DOMAIN_NAME=https://journiv.example.com
# DOMAIN_NAME=journiv.example.com/
# Protocol scheme for public URLs: http or https
# IMPORTANT: Set to "https" for production deployments, especially when behind a reverse proxy (Traefik, Caddy, Nginx, etc.).
# - Default: "http" (for local development only)
# - Production: "https" (REQUIRED when behind reverse proxy or using SSL/TLS)
#
# Journiv uses this to generate correct public redirect URLs:
# {DOMAIN_SCHEME}://{DOMAIN_NAME}/#/oidc-finish
# {DOMAIN_SCHEME}://{DOMAIN_NAME}/#/login?logout=success
#
DOMAIN_SCHEME=https
# ============================================================================
# DATABASE CONFIGURATION
# ============================================================================
# Database driver selection: "sqlite" (default) or "postgres"
DB_DRIVER=sqlite
# Primary database URL (defaults to SQLite)
# For SQLite: sqlite:////data/journiv.db
# For PostgreSQL: postgresql://user:password@host:5432/dbname
DATABASE_URL=sqlite:////data/journiv.db
# When DB_DRIVER=postgres, you must specify EITHER:
# Option 1: POSTGRES_PASSWORD (with optional components below)
# Option 2: DATABASE_URL with a PostgreSQL URL (postgresql:// or postgres://)
# NOT BOTH - specifying both will cause startup to fail
# PostgreSQL password (required when DB_DRIVER=postgres and using Option 1)
POSTGRES_PASSWORD=oUPnKDY3stjREg7ctUYWrbnn4wNs0Yy3
# (Optional) PostgreSQL components for Docker deployments (used with POSTGRES_PASSWORD)
# Defaults are used if not specified:
# POSTGRES_HOST=postgres
# POSTGRES_USER=journiv
# POSTGRES_DB=journiv_prod (production) or journiv_dev (development)
# POSTGRES_PORT=5432
# POSTGRES_HOST=
#POSTGRES_USER=journiv
#POSTGRES_DB=journiv_prod
#POSTGRES_PORT=5432
# ============================================================================
# APPLICATION SETTINGS
# ============================================================================
APP_NAME=Journiv
# APP_VERSION=latest # Pin to a specific version for production if needed
# DEBUG=false
ENVIRONMENT=production
APP_PORT=8198
# ============================================================================
# API CONFIGURATION
# ============================================================================
# API_V1_PREFIX=/api/v1
# Enable CORS only when the frontend runs on a different origin.
# ENABLE_CORS=false
# Required when ENABLE_CORS=true.
# Example:
# CORS_ORIGINS=https://journiv.example.com,https://myapp.example.net
# CORS_ORIGINS=
# ============================================================================
# SECURITY SETTINGS
# ============================================================================
# ALGORITHM=HS256
# ACCESS_TOKEN_EXPIRE_MINUTES=15
# REFRESH_TOKEN_EXPIRE_DAYS=7
# Disable user signup
# DISABLE_SIGNUP=false
# ============================================================================
# OIDC CONFIGURATION
# ============================================================================
# Enable OIDC login (Pocket-ID, Keycloak, Authentik, etc.)
OIDC_ENABLED=true
# OIDC provider issuer
# Example: https://id.example.com or https://auth.example.com/realms/default
OIDC_ISSUER=https://auth.domr.ovh/application/o/journiv
# OIDC client credentials
OIDC_CLIENT_ID="L1wmsh8BqoGlQRO6ZULMkTCRGOhu9M0L3Im7tiGd"
OIDC_CLIENT_SECRET=MPhUBLM8p4soNCfpfbp0pgAxoaqRHj36EvTzALVicoVy7Tf1UrVh2ckXJtciGYNscuQpQ78c8j8MXb1a1pn3bvOcnGERSYC2uT9s4AXhchD5yTKBBfFEz4l15OMZNqvG
# OIDC redirect URI
# Must match provider configuration EXACTLY.
# Example:
# OIDC_REDIRECT_URI=https://journiv.example.com/api/v1/auth/oidc/callback
OIDC_REDIRECT_URI=https://journal.domr.ovh/api/v1/auth/oidc/callback
# OIDC scopes to request
# OIDC_SCOPES="openid email profile"
# Automatically create users from OIDC claims
# OIDC_AUTO_PROVISION=true
# Disable SSL verification (ONLY for local development with self-signed certs)
# OIDC_DISABLE_SSL_VERIFY=false
# Allow OIDC over HTTP (INSECURE). Recommended only for advanced users in isolated homelabs.
# Default: false
# OIDC_ALLOW_INSECURE_PROD=false
# ============================================================================
# REDIS CONFIGURATION (Optional)
# ============================================================================
# Optional Redis URL for OIDC state caching, rate-limit persistence, and Celery
# Example: redis://localhost:6379/0
# REDIS_URL=
# ============================================================================
# CELERY CONFIGURATION (For Import/Export)
# ============================================================================
# Celery broker and result backend
# If not set, defaults to REDIS_URL
# Examples:
# CELERY_BROKER_URL=redis://localhost:6379/0
# CELERY_RESULT_BACKEND=redis://localhost:6379/0
# CELERY_BROKER_URL=
# CELERY_RESULT_BACKEND=
# Celery task serialization (default: json)
# CELERY_TASK_SERIALIZER=json
# CELERY_RESULT_SERIALIZER=json
# CELERY_TIMEZONE=UTC
# CELERY_ENABLE_UTC=true
# ============================================================================
# IMPORT/EXPORT CONFIGURATION
# ============================================================================
# Maximum file size for import/export operations (in MB)
# IMPORT_EXPORT_MAX_FILE_SIZE_MB=500
# Days to keep export files before automatic cleanup
# Set to -1 to disable automatic cleanup.
# EXPORT_CLEANUP_DAYS=7
# Directories for import/export operations
# IMPORT_TEMP_DIR=/data/imports/temp
# EXPORT_DIR=/data/exports
# ============================================================================
# INTEGRATIONS (IMMICH)
# ============================================================================
# Default Immich base URL for all users on the instance.
# If set, users can leave the Immich URL field empty in the UI.
# Immich URL specified per user level in settting screens can be used to override this.
# Example: IMMICH_BASE_URL=https://immich.example.com
# Example: IMMICH_BASE_URL=http://192.168.1.1:2283
# IMMICH_BASE_URL=
# ============================================================================
# CONTENT SECURITY POLICY (CSP)
# ============================================================================
# ENABLE_CSP=true
# ENABLE_HSTS=true
# ENABLE_CSP_REPORTING=true
# Where browsers should POST CSP violation reports
# CSP_REPORT_URI=/api/v1/security/csp-report
# ============================================================================
# FILE STORAGE
# ============================================================================
# Directory for user-uploaded files and media
# MEDIA_ROOT=/data/media
# Maximum allowed upload size in MB
# MAX_FILE_SIZE_MB=50
# Allowed media MIME types (comma-separated)
# ALLOWED_MEDIA_TYPES=image/jpeg,image/png,image/gif,image/webp,image/heic,video/mp4,video/avi,video/mov,video/webm,video/x-m4v,audio/mpeg,audio/wav,audio/ogg,audio/m4a,audio/aac
# Allowed file extensions (comma-separated)
# ALLOWED_FILE_EXTENSIONS=.jpg,.jpeg,.png,.gif,.webp,.heic,.mp4,.avi,.mov,.webm,.m4v,.mp3,.wav,.ogg,.m4a,.aac
# Signed media URL TTL in seconds (for images and general media)
# Default 5 minutes
# MEDIA_SIGNED_URL_TTL_SECONDS=300
# Signed video URL TTL in seconds (for video streaming, longer to support playback of large files)
# Default 20 mins
# MEDIA_SIGNED_URL_VIDEO_TTL_SECONDS=1200
# Signed thumbnail URL TTL in seconds (used for caching thumbnails)
# Default 24 hours
# MEDIA_THUMBNAIL_SIGNED_URL_TTL_SECONDS=86400
# Grace period in seconds for signed media URL expiration checks
# MEDIA_SIGNED_URL_GRACE_SECONDS=60
# ============================================================================
# LOGGING
# ============================================================================
# LOG_LEVEL=INFO
# LOG_FILE=
# LOG_DIR=/data/logs
# ============================================================================
# EXTERNAL API CONFIGURATION
# ============================================================================
# OpenWeather API keys for weather data fetching
# Get your free API key at: https://openweathermap.org/api
# Weather service is optional - if not configured, weather features will be disabled
# OPEN_WEATHER_API_KEY_25=your-openweather-2-5-api-key-here
# OPEN_WEATHER_API_KEY_30=your-openweather-3-0-api-key-here
# ============================================================================
# RATE LIMITING
# ============================================================================
# Enable rate limiting (protects login endpoints)
# RATE_LIMITING_ENABLED=true
# Backend for rate-limit storage (default: in-memory)
# Example for Redis: redis://localhost:6379/1
# RATE_LIMIT_STORAGE_URI=memory://

5
journiv/Caddyfilepart
View File

@@ -1,5 +0,0 @@
journal.domr.ovh,
journiv.domr.ovh {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8198
}

191
journiv/docker-compose.yml
View File

@@ -1,191 +0,0 @@
# Journiv Production Docker Compose (PostgreSQL).
# Journiv recommends using PostgreSQL based deployment over SQLite.
#
# Usage:
# docker compose up -d
#
# Required Environment Variables:
# SECRET_KEY - Generate with: python -c "import secrets; print(secrets.token_urlsafe(32))"
# DOMAIN_NAME - Needed when running in same-origin SPA mode (ENABLE_CORS=false).
# POSTGRES_PASSWORD - Must be provided in .env file.
x-base-env: &base-env
REDIS_URL: redis://valkey:6379/0
CELERY_BROKER_URL: redis://valkey:6379/0
CELERY_RESULT_BACKEND: redis://valkey:6379/0
DB_DRIVER: sqlite
# POSTGRES_HOST: postgres
x-celery-common: &celery-common
image: swalabtech/journiv-app:${APP_VERSION:-latest}
env_file: .env
volumes:
- /home/soenke/docker-data/journiv/app_data:/data
depends_on:
postgres:
condition: service_healthy
valkey:
condition: service_healthy
networks:
- backend
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "50m"
max-file: "5"
deploy:
resources:
limits:
cpus: "1.0"
memory: 1g
reservations:
memory: 256m
x-app-common: &app-common
image: swalabtech/journiv-app:${APP_VERSION:-latest}
env_file: .env
volumes:
- /home/soenke/docker-data/journiv/app_data:/data
depends_on:
postgres:
condition: service_healthy
valkey:
condition: service_healthy
networks:
- backend
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "50m"
max-file: "5"
x-celery-healthcheck: &celery-healthcheck
interval: 30s
timeout: 10s
retries: 5
start_period: 40s
services:
postgres:
image: postgres:18.1
container_name: journiv-postgres-db
environment:
- POSTGRES_USER=${POSTGRES_USER:-journiv}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD} # must provide a password in .env file
- POSTGRES_DB=${POSTGRES_DB:-journiv_prod}
volumes:
- /home/soenke/docker-data/journiv/postgres_data:/var/lib/postgresql
networks:
- backend
restart: unless-stopped
deploy:
resources:
limits:
cpus: "1.0"
memory: 1g
reservations:
memory: 256m
logging:
driver: "json-file"
options:
max-size: "50m"
max-file: "5"
healthcheck:
test:
[
"CMD-SHELL",
"pg_isready -U ${POSTGRES_USER:-journiv} -d ${POSTGRES_DB:-journiv_prod}",
]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
valkey:
# Journiv uses Valkey which is similar to Redis for cache.
image: valkey/valkey:9.0-alpine
container_name: journiv-valkey-cache
restart: unless-stopped
volumes:
- /home/soenke/docker-data/journiv/valkey_data:/data
networks:
- backend
healthcheck:
test: ["CMD", "valkey-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
celery-worker:
<<: *celery-common
container_name: journiv-celery-worker
command: celery -A app.core.celery_app worker --loglevel=info
environment:
<<: *base-env
SERVICE_ROLE: celery-worker
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
healthcheck:
<<: *celery-healthcheck
celery-beat:
<<: *celery-common
container_name: journiv-celery-beat
command: celery -A app.core.celery_app beat --loglevel=info --scheduler redbeat.RedBeatScheduler --pidfile=/tmp/celerybeat.pid
environment:
<<: *base-env
SERVICE_ROLE: celery-beat
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
REDBEAT_REDIS_URL: redis://valkey:6379/2
healthcheck:
<<: *celery-healthcheck
app:
<<: *app-common
container_name: journiv-postgres-app
ports:
- "${APP_PORT:-8000}:8000"
environment:
<<: *base-env
SERVICE_ROLE: app
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
ENVIRONMENT: production
RATE_LIMIT_STORAGE_URI: redis://valkey:6379/1
networks:
- backend
- frontend
healthcheck:
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
deploy:
resources:
limits:
cpus: "2.0"
memory: 2g
reservations:
memory: 512m
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.journiv.tag.name: 'Work'
kuma.journiv.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.journiv.http.name: 'journiv'
kuma.journiv.http.url: 'https://journiv.domr.ovh'
kuma.journiv.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "homelab", "value": "" }]'
#volumes:
# app_data:
# postgres_data:
# valkey_data:
networks:
backend:
driver: bridge
frontend:
driver: bridge

33
kopia/docker-compose.yml Normal file
View File

@@ -0,0 +1,33 @@
services:
kopia:
image: kopia/kopia:latest
hostname: Hostname
container_name: Kopia
restart: unless-stopped
ports:
- 51515:51515
# Setup the server that provides the web gui
command:
- server
- start
- --disable-csrf-token-checks
- --insecure
- --address=0.0.0.0:51515
- --server-username=Soenke
- --server-password=Diavid9600
environment:
# Set repository password
KOPIA_PASSWORD: "Diavid9600!9600"
USER: "Soenke"
volumes:
# Mount local folders needed by kopia
- /home/soenke/docker-data/kopia/config:/app/config
- /home/soenke/docker-data/kopia/cache:/app/cache
- /home/soenke/docker-data/kopia/logs:/app/logs
# Mount local folders to snapshot
- /home/soenke/docker-data/kopia/data:/data:ro
# Mount repository location
- /home/soenke/docker-data/kopia/repository:/repository
# Mount path for browsing mounted snaphots
- /home/soenke/docker-data/kopia/tmp:/tmp:shared

12
livebook/Caddyfilepart
View File

@@ -1,12 +0,0 @@
livebook.domr.ovh,
livebook.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8090
}
iframe.livebook.domr.ovh,
iframe.livebook.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8091
}

10
livebook/docker-compose.yml
View File

@@ -1,10 +0,0 @@
services:
livebook-dev:
image: ghcr.io/livebook-dev/livebook
environment:
- LIVEBOOK_IFRAME_PORT=8091
- LIVEBOOK_PORT=8090
pull_policy: always
ports:
- '8091:8091'
- '8090:8090'

5
mealie/Caddyfilepart
View File

@@ -1,5 +0,0 @@
mealie.domr.ovh,
mealie.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:9925
}

38
mealie/docker-compose.yml
View File

@@ -17,7 +17,7 @@ services:
environment:
POSTGRES_DB: mealie
POSTGRES_USER: mealie
POSTGRES_PASSWORD: "$hYx%uyO$IAUX3EhXvUtP$GMe4TLgoiLrBTN9nrXh&q8C0TWqp&ku%dEOUPT4GMZ"
POSTGRES_PASSWORD: $hYx%uyO$IAUX3EhXvUtP$GMe4TLgoiLrBTN9nrXh&q8C0TWqp&ku%dEOUPT4GMZ
restart: on-failure:5
mealie:
@@ -40,41 +40,21 @@ services:
MAX_WORKERS: 1
WEB_CONCURRENCY: 1
ALLOW_SIGNUP: true
BASE_URL: https://mealie.domr.ovh
BASE_URL: https://mealie.home.domroese.eu
DB_ENGINE: postgres
POSTGRES_USER: mealie
POSTGRES_PASSWORD: "$hYx%uyO$IAUX3EhXvUtP$GMe4TLgoiLrBTN9nrXh&q8C0TWqp&ku%dEOUPT4GMZ"
POSTGRES_PASSWORD: $hYx%uyO$IAUX3EhXvUtP$GMe4TLgoiLrBTN9nrXh&q8C0TWqp&ku%dEOUPT4GMZ
POSTGRES_SERVER: mealie-db
POSTGRES_PORT: 5432
POSTGRES_DB: mealie
SMTP_HOST: ${SYSTEM_EMAIL_SMTP_HOST}
SMTP_PORT: ${SYSTEM_EMAIL_SMTP_PORT}
SMTP_HOST: smtp.gmail.com
SMTP_PORT: 587
SMTP_FROM_NAME: Mealie
SMTP_AUTH_STRATEGY: TLS # Options: TLS, SSL, NONE
SMTP_FROM_EMAIL: ${SYSTEM_EMAIL_USER}
SMTP_USER: ${SYSTEM_EMAIL_USER}
SMTP_PASSWORD: ${SYSTEM_EMAIL_PASSSWORD}
OIDC_AUTH_ENABLED: true
OIDC_PROVIDER_NAME: Domröse
OIDC_CONFIGURATION_URL: https://auth.domr.ovh/application/o/mealie/.well-known/openid-configuration
OIDC_CLIENT_ID: "oVmVbL9Ehd1KAjSgAseAMZw4LHV6gmUfsFEf2Akp"
OIDC_CLIENT_SECRET: "WP2hs4qKjmEpKQabIvKCBgDwtlm534It526vs3Mg9lrBGgzswG9sCh0nw7ieW9y7D7OMRe0x2gkcHqcdP37LVMBgpR3f2rABSlOduhyZhPQKOUNBk79AQNxYr23Mdaud"
OIDC_SIGNUP_ENABLED: true
OIDC_USER_GROUP: mealie-users
OIDC_ADMIN_GROUP: mealie-admins
OIDC_AUTO_REDIRECT: true # Optional: The login page will be bypassed and you will be sent directly to your Identity Provider.
OIDC_REMEMBER_ME: true # Optional: By setting this value to true, a session will be extended as if "Remember Me" was checked.
SMTP_FROM_EMAIL: Your-own-gmail-address
SMTP_USER: Your-own-gmail-address
SMTP_PASSWORD: Your-own-app-password
restart: on-failure:5
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.mealie.http.name: 'mealie'
kuma.mealie.http.url: 'https://mealie.domr.ovh/'
kuma.mealie.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
depends_on:
db:
condition: service_healthy
condition: service_healthy

5
memos/Caddyfilepart
View File

@@ -1,5 +0,0 @@
memos.domr.ovh,
memos.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:5230
}

22
memos/docker-compose.yaml
View File

@@ -1,22 +0,0 @@
services:
memos:
image: neosmemo/memos:stable
container_name: memos
restart: unless-stopped
ports:
- "5230:5230"
volumes:
- /home/soenke/docker-data/memos/data:/var/opt/memos
environment:
- MEMOS_MODE=prod
- MEMOS_PORT=5230
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.memos.http.name: 'memos'
kuma.memos.http.url: 'https://memos.domr.ovh/'
kuma.memos.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'

123
move_ssd.md
View File

@@ -1,123 +0,0 @@
Step-by-Step Instructions
📀 1. Clone the OS to the New SSD
Well start by cloning your OS from /dev/nvme0 to the new SSD (/dev/nvme1).
a) Partition and Format the New SSD
First, partition the new SSD (/dev/nvme1) and create the root partition:
# Launch fdisk to partition the new SSD
sudo fdisk /dev/nvme1
Type g to create a GPT partition table (if it's not already).
Type n to create a new partition, use the entire disk.
Type w to write the partition table.
Then, format the new partition (/dev/nvme1p1):
sudo mkfs.ext4 /dev/nvme1p1
b) Mount the New SSD
Create a mount point and mount the new SSD:
sudo mkdir /mnt/ssd
sudo mount /dev/nvme1p1 /mnt/ssd
c) Clone the OS from /dev/nvme0 to /dev/nvme1
Now, well copy the entire root filesystem, excluding /home, to the new SSD:
sudo rsync -aAXv / --exclude=/home --exclude=/proc --exclude=/sys \
--exclude=/dev --exclude=/run --exclude=/mnt --exclude=/tmp \
/mnt/ssd/
###################################################################################################
This command copies the entire OS and system data but excludes /home, as well sync that separately later.
🧩 2. Prepare the New SSD to Boot
a) Mount Necessary Filesystems and Chroot
To make the new installation bootable, we need to bind mount critical filesystems and chroot into the new root.
for dir in dev proc sys; do
sudo mount --bind /$dir /mnt/ssd/$dir
done
If you are using UEFI, you might also need to mount the EFI partition:
sudo mount /dev/nvme0p1 /mnt/ssd/boot/efi # Adjust if needed
Now, enter the chroot environment:
sudo chroot /mnt/ssd
b) Update /etc/fstab
Make sure /etc/fstab points to the correct root filesystem and removes any /home partition references.
blkid # Get the UUID of /dev/nvme1p1
nano /etc/fstab
Ensure the / entry is updated to use the new SSD, for example:
UUID=<new-uuid> / ext4 defaults 0 1
And remove or comment out any /home partition entry.
c) Install GRUB on the New SSD
Now install GRUB to make the system bootable from /dev/nvme1.
grub-install /dev/nvme1
update-grub
exit
🔄 3. Reboot from the New SSD
Reboot the system.
Go into BIOS/UEFI and set /dev/nvme1 as the primary boot drive.
Boot into the new SSD.
📁 4. Sync /home from /dev/sda (Old Home Drive)
Now, well sync the /home data from the old drive (/dev/sda) onto the new root partition.
a) Mount the Old /home Drive
First, mount /dev/sda (the old /home drive):
sudo mount /dev/sda1 /mnt/oldhome
b) Sync /home to the New SSD
Now, copy the /home data:
sudo rsync -aAXv /mnt/oldhome/ /home/
Make sure /home is mounted correctly on /dev/nvme1p1 (the new SSD) by checking with df -h or lsblk.
🧹 5. Cleanup (Optional)
Once you verify everything works as expected:
Remove /home entry from /etc/fstab if it exists.
You can either repurpose or wipe the old drives (/dev/nvme0 and /dev/sda).
Confirm everything is working fine and youre now booting from /dev/nvme1.
✅ Final Checks
Check disk usage:
df -h
Verify partitioning:
lsblk
Verify boot order in BIOS/UEFI to make sure you're booting from /dev/nvme1.
This approach ensures you move everything safely, with minimal risk of data loss.
Let me know if you encounter any issues or need further clarification!

13
nas/Caddyfilepart
View File

@@ -1,13 +0,0 @@
nas.domr.ovh,
nas.home.domroese.eu {
tls soenke@domroese.eu {
client_auth {
mode request
}
}
reverse_proxy https://192.168.1.194:5001 {
transport http {
tls_insecure_skip_verify # Disable TLS Verification, as we don't have a real certificate on the nas
}
}
}

4
ntfy/Caddyfilepart
View File

@@ -1,4 +0,0 @@
ntfy.domr.ovh {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8234
}

37
ntfy/docker-compose.yml
View File

@@ -1,37 +0,0 @@
services:
ntfy:
image: binwiederhier/ntfy
container_name: ntfy
command:
- serve
environment:
TZ: Europe/Berlin # optional: set desired timezone
NTFY_BASE_URL: http://ntfy.domr.ovh
NTFY_AUTH_DEFAULT_ACCESS: deny-all
NTFY_BEHIND_PROXY: true
NTFY_ATTACHMENT_CACHE_DIR: /var/lib/ntfy/attachments
NTFY_ENABLE_LOGIN: true
NTFY_UPSTREAM_BASE_URL: https://ntfy.domr.ovh
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.jenkins.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
kuma.ntfy.http.name: 'Notify'
kuma.ntfy.http.url: 'https://ntfy.domr.ovh'
volumes:
- /home/soenke/docker-data/ntfy/cache:/var/cache/ntfy
- /home/soenke/docker-data/ntfy/etc:/etc/ntfy
ports:
- 8234:80
healthcheck: # optional: remember to adapt the host:port to your environment
test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:8234/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
interval: 60s
timeout: 10s
retries: 3
start_period: 40s
restart: unless-stopped

5
ollama/Caddyfilepart
View File

@@ -1,5 +0,0 @@
chat.domr.ovh,
chat.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1180
}

18
ollama/docker-compose.yml
View File

@@ -12,28 +12,10 @@ services:
image: "ghcr.io/open-webui/open-webui:main"
restart: always
container_name: open-webui
environment:
OAUTH_CLIENT_ID: b8Ktsot896DWYOMpSeKCyA30b0SfV5hW1qSpQtEh
OAUTH_CLIENT_SECRET: qLW9FNTRIhWpS51Ynx1gx0AiB0x0UGrs5FVukyBZyDNrNYc6NLdotHJq9U6giQJ48TnIHpE3mHvbCFvXnR8jpeV5o50CgbLXGXATHb0Om2K80TvFLSgAhbU8oIBvdSvj
OAUTH_PROVIDER_NAME: auth.domr.ovh
OPENID_PROVIDER_URL: https://auth.domr.ovh/application/o/openwebui/.well-known/openid-configuration
OPENID_REDIRECT_URI: https://chat.domr.ovh/oauth/oidc/callback
ENABLE_OAUTH_SIGNUP: 'true'
volumes:
- /home/soenke/docker-data/ollama/open-webui:/app/backend/data
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- 1180:8080
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.ollama.http.name: 'ollama'
kuma.ollama.http.url: 'https://chat.domr.ovh/'
kuma.ollama.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'

5
omniTools/Caddyfilepart
View File

@@ -1,5 +0,0 @@
omnitools.domr.ovh,
omnitools.home.domroese.eu:443 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:8579
}

12
omniTools/docker-compose.yml
View File

@@ -4,14 +4,4 @@ services:
container_name: omni-tools
restart: unless-stopped
ports:
- "8579:80"
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.omnitools.http.name: 'omnitools'
kuma.omnitools.http.url: 'https://omnitools.domr.ovh/'
kuma.omnitools.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
- "8579:80"

7
paperless/Caddyfilepart
View File

@@ -1,7 +0,0 @@
paperless.domr.ovh:443,
paperless.home.domroese.eu:443,
paperless.domr.ovh:80,
paperless.home.domroese.eu:80 {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:1000
}

8
paperless/docker-compose.env
View File

@@ -1,9 +1,9 @@
PAPERLESS_SECRET_KEY="UkvhWQ5frosxA%JKY5XGGtVABxjD87QKRqNX4uM&F8UsFh@MkQYZ@4bkCwJmazLKen346zbZA$q$DaKZB*wrF8g&8uyycigab67uTNGa5TirFA7UHSQF2qLG%fj7Kp$9"
PAPERLESS_URL=https://paperless.domr.ovh
PAPERLESS_ALLOWED_HOSTS=paperless.domr.ovh
PAPERLESS_CSRF_TRUSTED_ORIGINS=['https://paperless.domr.ovh']
PAPERLESS_CORS_ALLOWED_HOSTS=https://paperless.domr.ovh
PAPERLESS_URL=https://paperless.home.domroese.eu
PAPERLESS_ALLOWED_HOSTS=paperless.home.domroese.eu
PAPERLESS_CSRF_TRUSTED_ORIGINS=['https://paperless.home.domroese.eu']
PAPERLESS_CORS_ALLOWED_HOSTS=https://paperless.home.domroese.eu
PAPERLESS_ADMIN_MAIL=soenke@domroese.eu
PAPERLESS_CONSUMER_ENABLE_BARCODES=true
PAPERLESS_TIME_ZONE=Europe/Berlin

29
paperless/docker-compose.yml
View File

@@ -30,6 +30,7 @@
# For more extensive installation and update instructions, refer to the
# documentation.
version: "3.4"
services:
broker:
image: docker.io/library/redis:7
@@ -77,34 +78,6 @@ services:
PAPERLESS_TIKA_ENABLED: 1
PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
PAPERLESS_TIKA_ENDPOINT: http://tika:9998
PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
{
"openid_connect": {
"APPS": [
{
"provider_id": "authentik",
"name": "auth.domr.ovh",
"client_id": "U9wsU9xPEU6oWEWO2jhiPr0OhUPcG3XvA8nGhPki",
"secret": "xFpnKcYaNcEuVReBWT6sGTprvUtYE0AT3lnHHshY8wKJlOw1NGsvtqIYqTgdp4VkTjLk3ZHr1Th4LaQYiciicYJe7LtpTa5qX3ICDBRJhs2HGX40sJMQ1LCnnEUrS9fZ",
"settings": {
"server_url": "https://auth.domr.ovh/application/o/paperless/.well-known/openid-configuration"
}
}
],
"OAUTH_PKCE_ENABLED": "True"
}
}
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.paperless.http.name: 'paperless'
kuma.paperless.http.url: 'https://paperless.domr.ovh/'
kuma.paperless.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'
gotenberg:
image: docker.io/gotenberg/gotenberg:7.10

0
paperless_import/Caddyfilepart
View File

281
penpot/docker-compose.yaml Normal file
View File

@@ -0,0 +1,281 @@
## Common flags:
# demo-users
# email-verification
# log-emails
# log-invitation-tokens
# login-with-github
# login-with-gitlab
# login-with-google
# login-with-ldap
# login-with-oidc
# login-with-password
# prepl-server
# registration
# secure-session-cookies
# smtp
# smtp-debug
# telemetry
# webhooks
##
## You can read more about all available flags and other
## environment variables here:
## https://help.penpot.app/technical-guide/configuration/#advanced-configuration
#
# WARNING: if you're exposing Penpot to the internet, you should remove the flags
# 'disable-secure-session-cookies' and 'disable-email-verification'
x-flags: &penpot-flags
PENPOT_FLAGS: disable-email-verification enable-smtp enable-prepl-server disable-secure-session-cookies
x-uri: &penpot-public-uri
PENPOT_PUBLIC_URI: http://penpot.home.domroese.eu
x-body-size: &penpot-http-body-size
# Max body size (30MiB); Used for plain requests, should never be
# greater than multi-part size
PENPOT_HTTP_SERVER_MAX_BODY_SIZE: 31457280
# Max multipart body size (350MiB)
PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE: 367001600
networks:
penpot:
volumes:
penpot_postgres_v15:
penpot_assets:
# penpot_traefik:
# penpot_minio:
services:
## Traefik service declaration example. Consider using it if you are going to expose
## penpot to the internet, or a different host than `localhost`.
# traefik:
# image: traefik:v3.3
# networks:
# - penpot
# command:
# - "--api.insecure=true"
# - "--entryPoints.web.address=:80"
# - "--providers.docker=true"
# - "--providers.docker.exposedbydefault=false"
# - "--entryPoints.websecure.address=:443"
# - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
# - "--certificatesresolvers.letsencrypt.acme.email=<EMAIL_ADDRESS>"
# - "--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json"
# volumes:
# - "penpot_traefik:/traefik"
# - "/var/run/docker.sock:/var/run/docker.sock"
# ports:
# - "80:80"
# - "443:443"
penpot-frontend:
image: "penpotapp/frontend:${PENPOT_VERSION:-latest}"
restart: always
ports:
- 9574:8080
volumes:
- penpot_assets:/opt/data/assets
depends_on:
- penpot-backend
- penpot-exporter
networks:
- penpot
# labels:
# - "traefik.enable=true"
# ## HTTPS: example of labels for the case where penpot will be exposed to the
# ## internet with HTTPS using traefik.
# - "traefik.http.routers.penpot-https.rule=Host(`<DOMAIN_NAME>`)"
# - "traefik.http.routers.penpot-https.entrypoints=websecure"
# - "traefik.http.routers.penpot-https.tls.certresolver=letsencrypt"
# - "traefik.http.routers.penpot-https.tls=true"
environment:
<< : [*penpot-flags, *penpot-http-body-size]
penpot-backend:
image: "penpotapp/backend:${PENPOT_VERSION:-latest}"
restart: always
volumes:
- penpot_assets:/opt/data/assets
depends_on:
penpot-postgres:
condition: service_healthy
penpot-redis:
condition: service_healthy
networks:
- penpot
## Configuration envronment variables for the backend container.
environment:
<< : [*penpot-flags, *penpot-public-uri, *penpot-http-body-size]
## Penpot SECRET KEY. It serves as a master key from which other keys for subsystems
## (eg http sessions, or invitations) are derived.
##
## If you leave it commented, all created sessions and invitations will
## become invalid on container restart.
##
## If you going to uncomment this, we recommend to use a trully randomly generated
## 512 bits base64 encoded string here. You can generate one with:
##
## python3 -c "import secrets; print(secrets.token_urlsafe(64))"
# PENPOT_SECRET_KEY: my-insecure-key
## The PREPL host. Mainly used for external programatic access to penpot backend
## (example: admin). By default it will listen on `localhost` but if you are going to use
## the `admin`, you will need to uncomment this and set the host to `0.0.0.0`.
# PENPOT_PREPL_HOST: 0.0.0.0
## Database connection parameters. Don't touch them unless you are using custom
## postgresql connection parameters.
PENPOT_DATABASE_URI: postgresql://penpot-postgres/penpot
PENPOT_DATABASE_USERNAME: penpot
PENPOT_DATABASE_PASSWORD: penpot
## Redis is used for the websockets notifications. Don't touch unless the redis
## container has different parameters or different name.
PENPOT_REDIS_URI: redis://penpot-redis/0
## Default configuration for assets storage: using filesystem based with all files
## stored in a docker volume.
PENPOT_ASSETS_STORAGE_BACKEND: assets-fs
PENPOT_STORAGE_ASSETS_FS_DIRECTORY: /opt/data/assets
## Also can be configured to to use a S3 compatible storage
## service like MiniIO. Look below for minio service setup.
# AWS_ACCESS_KEY_ID: <KEY_ID>
# AWS_SECRET_ACCESS_KEY: <ACCESS_KEY>
# PENPOT_ASSETS_STORAGE_BACKEND: assets-s3
# PENPOT_STORAGE_ASSETS_S3_ENDPOINT: http://penpot-minio:9000
# PENPOT_STORAGE_ASSETS_S3_BUCKET: <BUKET_NAME>
## Telemetry. When enabled, a periodical process will send anonymous data about this
## instance. Telemetry data will enable us to learn how the application is used,
## based on real scenarios. If you want to help us, please leave it enabled. You can
## audit what data we send with the code available on github.
PENPOT_TELEMETRY_ENABLED: true
PENPOT_TELEMETRY_REFERER: compose
## Example SMTP/Email configuration. By default, emails are sent to the mailcatch
## service, but for production usage it is recommended to setup a real SMTP
## provider. Emails are used to confirm user registrations & invitations. Look below
## how the mailcatch service is configured.
PENPOT_SMTP_DEFAULT_FROM: no-reply@example.com
PENPOT_SMTP_DEFAULT_REPLY_TO: no-reply@example.com
PENPOT_SMTP_HOST: penpot-mailcatch
PENPOT_SMTP_PORT: 1025
PENPOT_SMTP_USERNAME:
PENPOT_SMTP_PASSWORD:
PENPOT_SMTP_TLS: false
PENPOT_SMTP_SSL: false
penpot-exporter:
image: "penpotapp/exporter:${PENPOT_VERSION:-latest}"
restart: always
depends_on:
penpot-redis:
condition: service_healthy
networks:
- penpot
environment:
# Don't touch it; this uses an internal docker network to
# communicate with the frontend.
PENPOT_PUBLIC_URI: http://penpot-frontend:8080
## Redis is used for the websockets notifications.
PENPOT_REDIS_URI: redis://penpot-redis/0
penpot-postgres:
image: "postgres:15"
restart: always
stop_signal: SIGINT
healthcheck:
test: ["CMD-SHELL", "pg_isready -U penpot"]
interval: 2s
timeout: 10s
retries: 5
start_period: 2s
volumes:
- penpot_postgres_v15:/var/lib/postgresql/data
networks:
- penpot
environment:
- POSTGRES_INITDB_ARGS=--data-checksums
- POSTGRES_DB=penpot
- POSTGRES_USER=penpot
- POSTGRES_PASSWORD=penpot
penpot-redis:
image: redis:7.2
restart: always
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
interval: 1s
timeout: 3s
retries: 5
start_period: 3s
networks:
- penpot
## A mailcatch service, used as temporal SMTP server. You can access via HTTP to the
## port 1080 for read all emails the penpot platform has sent. Should be only used as a
## temporal solution while no real SMTP provider is configured.
penpot-mailcatch:
image: sj26/mailcatcher:latest
restart: always
expose:
- '1025'
ports:
- "1080:1080"
networks:
- penpot
## Example configuration of MiniIO (S3 compatible object storage service); If you don't
## have preference, then just use filesystem, this is here just for the completeness.
# minio:
# image: "minio/minio:latest"
# command: minio server /mnt/data --console-address ":9001"
# restart: always
#
# volumes:
# - "penpot_minio:/mnt/data"
#
# environment:
# - MINIO_ROOT_USER=minioadmin
# - MINIO_ROOT_PASSWORD=minioadmin
#
# ports:
# - 9000:9000
# - 9001:9001

7
pihole/Caddyfilepart
View File

@@ -1,7 +0,0 @@
pihole.domr.ovh,
pihole.home.domroese.eu {
tls soenke@domroese.eu
reverse_proxy 192.168.1.65:2000
}

33
pihole/docker-compose.yml
View File

@@ -1,33 +0,0 @@
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
- "2000:80/tcp"
environment:
TZ: 'Europe/Berlin'
WEBPASSWORD: 'Diavid9600'
# Volumes store your data between container upgrades
volumes:
- '/home/soenke/docker-data/pihole/etc-pihole:/etc/pihole'
- '/home/soenke/docker-data/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
restart: unless-stopped
labels:
kuma.tools.tag.name: 'Tools'
kuma.tools.tag.color: '#FF9900'
kuma.homelab.tag.name: 'Homelab'
kuma.homelab.tag.color: '#FF9955'
kuma.organization.tag.name: 'Organization'
kuma.organization.tag.color: '#FF99AA'
kuma.pihole.http.name: 'pihole'
kuma.pihole.http.url: 'https://pihole.domr.ovh/'
kuma.pihole.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "organization", "value": "" }]'

1
pihole/etc-pihole/adlists.list
View File

@@ -1 +0,0 @@
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

1145
pihole/etc-pihole/config_backups/pihole.toml.1
View File

File diff suppressed because it is too large Load Diff

1145
pihole/etc-pihole/config_backups/pihole.toml.2
View File

File diff suppressed because it is too large Load Diff

1145
pihole/etc-pihole/config_backups/pihole.toml.3
View File

File diff suppressed because it is too large Load Diff

0
pihole/etc-pihole/dhcp.leases
View File

9
pihole/etc-pihole/dns-servers.conf
View File

@@ -1,9 +0,0 @@
Google (ECS, DNSSEC);8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860:0:0:0:0:8844
OpenDNS (ECS, DNSSEC);208.67.222.222;208.67.220.220;2620:119:35::35;2620:119:53::53
Level3;4.2.2.1;4.2.2.2;;
Comodo;8.26.56.26;8.20.247.20;;
DNS.WATCH (DNSSEC);84.200.69.80;84.200.70.40;2001:1608:10:25:0:0:1c04:b12f;2001:1608:10:25:0:0:9249:d69b
Quad9 (filtered, DNSSEC);9.9.9.9;149.112.112.112;2620:fe::fe;2620:fe::9
Quad9 (unfiltered, no DNSSEC);9.9.9.10;149.112.112.10;2620:fe::10;2620:fe::fe:10
Quad9 (filtered, ECS, DNSSEC);9.9.9.11;149.112.112.11;2620:fe::11;2620:fe::fe:11
Cloudflare (DNSSEC);1.1.1.1;1.0.0.1;2606:4700:4700::1111;2606:4700:4700::1001

106
pihole/etc-pihole/dnsmasq.conf
View File

@@ -1,106 +0,0 @@
# Pi-hole: A black hole for Internet advertisements
# (c) 2025 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
##################################################################################
# #
# FILE AUTOMATICALLY POPULATED BY PI-HOLE #
# ANY CHANGES MADE TO THIS FILE WILL BE LOST WHEN THE CONFIGURATION CHANGES #
# #
# IF YOU WISH TO CHANGE ANY OF THESE VALUES, CHANGE THEM IN #
# /etc/pihole/pihole.toml #
# and restart pihole-FTL #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
# (make sure misc.etc_dnsmasq_d is set to true in /etc/pihole/pihole.toml) #
# #
# Last updated: 2025-03-07 13:21:22 CET #
# by FTL version v6.0.2 #
# #
##################################################################################
hostsdir=/etc/pihole/hosts
# Don't read /etc/resolv.conf. Get upstream servers only from the configuration
no-resolv
# DNS port to be used
port=53
# List of upstream DNS server
server=8.8.8.8
server=8.8.4.4
# Set the size of dnsmasq's cache. The default is 150 names. Setting the cache
# size to zero disables caching. Note: huge cache size impacts performance
cache-size=10000
# Return answers to DNS queries from /etc/hosts and interface-name and
# dynamic-host which depend on the interface over which the query was
# received. If a name has more than one address associated with it, and
# at least one of those addresses is on the same subnet as the interface
# to which the query was sent, then return only the address(es) on that
# subnet and return all the available addresses otherwise.
localise-queries
# Enable query logging
log-queries
log-async
# Specify the log file to use
# We set this even if logging is disabled to store warnings
# and errors in this file. This is useful for debugging.
log-facility=/var/log/pihole/pihole.log
# Use stale cache entries for a given number of seconds to optimize cache utilization
# Setting the time to zero will serve stale cache data regardless how long it has expired.
use-stale-cache=3600
# Listen on one interface
interface=eth0
# DNS domain for both the DNS and DHCP server
# This DNS domain in purely local. FTL may answer queries from
# /etc/hosts or DHCP but should never forward queries on that
# domain to any upstream servers
domain=lan
local=/lan/
# RFC 6761: Caching DNS servers SHOULD recognize
# test, localhost, invalid
# names as special and SHOULD NOT attempt to look up NS records for them, or
# otherwise query authoritative DNS servers in an attempt to resolve these
# names.
server=/test/
server=/localhost/
server=/invalid/
# The same RFC requests something similar for
# 10.in-addr.arpa. 21.172.in-addr.arpa. 27.172.in-addr.arpa.
# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 28.172.in-addr.arpa.
# 17.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa.
# 18.172.in-addr.arpa. 24.172.in-addr.arpa. 30.172.in-addr.arpa.
# 19.172.in-addr.arpa. 25.172.in-addr.arpa. 31.172.in-addr.arpa.
# 20.172.in-addr.arpa. 26.172.in-addr.arpa. 168.192.in-addr.arpa.
# Pi-hole implements this via the dnsmasq option "bogus-priv" above
# (if enabled!) as this option also covers IPv6.
# OpenWRT furthermore blocks bind, local, onion domains
# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
server=/bind/
server=/onion/
# Cache all DNS records
cache-rr=ANY
# RFC 8482: Providing Minimal-Sized Responses to DNS Queries That Have QTYPE=ANY
# Filters replies to queries for type ANY. Everything other than A, AAAA, MX and CNAME
# records are removed. Since ANY queries with forged source addresses can be used in DNS amplification attacks
# replies to ANY queries can be large) this defangs such attacks, whilst still supporting the
# one remaining possible use of ANY queries. See RFC 8482 para 4.3 for details.
filter-rr=ANY

BIN
pihole/etc-pihole/gravity.db
View File

Binary file not shown.

BIN
pihole/etc-pihole/gravity_backups/gravity.db.1
View File

Binary file not shown.

BIN
pihole/etc-pihole/gravity_backups/gravity.db.2
View File

Binary file not shown.

BIN
pihole/etc-pihole/gravity_backups/gravity.db.3
View File

Binary file not shown.

BIN
pihole/etc-pihole/gravity_backups/gravity.db.4
View File

Binary file not shown.

BIN
pihole/etc-pihole/gravity_backups/gravity.db.5
View File

Binary file not shown.

BIN
pihole/etc-pihole/gravity_backups/gravity.db.6
View File

Binary file not shown.

32
pihole/etc-pihole/hosts/custom.list
View File

@@ -1,32 +0,0 @@
# Pi-hole: A black hole for Internet advertisements
# (c) 2025 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Custom DNS entries (HOSTS file)
#
##################################################################################
# #
# FILE AUTOMATICALLY POPULATED BY PI-HOLE #
# ANY CHANGES MADE TO THIS FILE WILL BE LOST WHEN THE CONFIGURATION CHANGES #
# #
# IF YOU WISH TO CHANGE ANY OF THESE VALUES, CHANGE THEM IN #
# /etc/pihole/pihole.toml #
# and restart pihole-FTL #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
# (make sure misc.etc_dnsmasq_d is set to true in /etc/pihole/pihole.toml) #
# #
# Last updated: 2025-02-25 07:59:17 CET #
# by FTL version v6.0.2 #
# #
##################################################################################
213.209.115.117 proxy.voipslb.wtnet.de
192.168.1.194 asgard.dom.local
192.168.1.194 dom.local
192.168.1.194 home.local
192.168.1.65 home
# There are 5 entries in this file

130862
pihole/etc-pihole/listsCache/list.1.raw.githubusercontent.com.domains
View File

File diff suppressed because it is too large Load Diff

1
pihole/etc-pihole/listsCache/list.1.raw.githubusercontent.com.domains.etag
View File

@@ -1 +0,0 @@
W/"8caa9f75b909391b2db18bf240ac07e621dd2e393821d9a4ea052571edb33df9"

1
pihole/etc-pihole/listsCache/list.1.raw.githubusercontent.com.domains.sha1
View File

@@ -1 +0,0 @@
2b74510cd4f1dffab5b7dd4f59dcbc00d19ad0d2 /etc/pihole/listsCache/list.1.raw.githubusercontent.com.domains

1
pihole/etc-pihole/local.list
View File

@@ -1 +0,0 @@
### Do not modify this file, it will be overwritten by pihole -g

32
pihole/etc-pihole/logrotate
View File

@@ -1,32 +0,0 @@
/var/log/pihole/pihole.log {
# su #
daily
copytruncate
rotate 5
compress
delaycompress
notifempty
nomail
}
/var/log/pihole/FTL.log {
# su #
weekly
copytruncate
rotate 3
compress
delaycompress
notifempty
nomail
}
/var/log/pihole/webserver.log {
# su #
weekly
copytruncate
rotate 3
compress
delaycompress
notifempty
nomail
}

Some files were not shown because too many files have changed in this diff Show More