Initial commit

akkoma/compose.yaml

@@ -0,0 +1,53 @@
+services:
+  db:
+    image: postgres:14.5-alpine
+    container_name: akkoma_db
+    restart: unless-stopped
+    networks:
+      - backend 
+    env_file: .env-db
+    environment:
+	  POSTGRES_USER: akkoma
+      POSTGRES_DB: akkoma
+      # POSTGRES_PASSWORD:
+    volumes:
+      - /var/docker/akkoma/postgres:/var/lib/postgresql/data
+    configs:
+      - source: postgresql
+        target: /etc/postgres/postgresql.conf
+        mode: 0400
+
+  web:
+    image: docker.fanyx.xyz/akkoma:stable-2023-02
+    container_name: akkoma_web
+    restart: unless-stopped
+    depends_on:
+      - db
+    networks:
+      - traefik_proxy
+      - backend
+    volumes:
+      - /srv/docker/akkoma/akkoma:/opt/akkoma
+      - /var/docker/akkoma/akkoma/uploads:/opt/akkoma/uploads
+      - /var/docker/akkoma/akkoma/static:/opt/akkoma/instance/static
+    configs:
+      - source: akkoma
+        target: /opt/akkoma/config/prod.secret.exs
+        mode: 0400
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.akkoma.entrypoints: "https"
+      traefik.http.routers.akkoma.rule: "Host(`pl.fanyx.xyz`)"
+      traefik.docker.network: "traefik_proxy"
+
+networks:
+  traefik_proxy:
+    name: traefik_proxy
+  backend:
+    driver: bridge
+
+configs:
+  postgresql:
+    file: /srv/docker/akkoma/postgresql.conf
+  akkoma:
+    file: /srv/docker/akkoma/secret.exs

akkoma/postgresql.conf

@@ -0,0 +1,24 @@
+# DB Version: 14
+# OS Type: linux
+# DB Type: web
+# Total Memory (RAM): 16 GB
+# CPUs num: 4
+# Connections num: 20
+# Data Storage: ssd
+
+max_connections = 20
+shared_buffers = 4GB
+effective_cache_size = 12GB
+maintenance_work_mem = 1GB
+checkpoint_completion_target = 0.9
+wal_buffers = 16MB
+default_statistics_target = 100
+random_page_cost = 1.1
+effective_io_concurrency = 200
+work_mem = 104857kB
+min_wal_size = 1GB
+max_wal_size = 4GB
+max_worker_processes = 4
+max_parallel_workers_per_gather = 2
+max_parallel_workers = 4
+max_parallel_maintenance_workers = 2

filebrowser/compose.yaml

@@ -0,0 +1,19 @@
+services:
+  filebrowser:
+    image: filebrowser/filebrowser:v2.23.0
+    container_name: filebrowser    
+    restart: unless-stopped
+    networks:
+      - traefik_proxy
+    volumes:
+      - /var/cloud/hendrik/public:/srv
+      - /var/docker/filebrowser/filebrowser.db:/database.db
+    user: "1000:1000"
+    labels:
+      traefik.http.routers.filebrowser.entrypoints: "https"
+      traefik.http.routers.filebrowser.rule: "Host(`cloud.fanyx.xyz`)"
+      traefik.enable: "true"
+
+networks:
+  traefik_proxy:
+    name: traefik_proxy

funkwhale/compose.yaml

@@ -0,0 +1,25 @@
+services:
+  funkwhale:
+    image: funkwhale/all-in-one:1.2.8
+    container_name: funkwhale
+    restart: unless-stopped
+    networks:
+      - traefik_proxy
+    env_file: .env
+    environment:
+      PUID: "994"
+      PGID: "994"
+      FUNKWHALE_HOSTNAME: "music.fanyx.xyz"
+      FUNKWHALE_PROTOCOL: "https"
+      NESTED_PROXY: "1"
+    volumes:
+      - /var/docker/funkwhale/data:/data
+      - /var/cloud/hendrik/public/Music:/music/hendrik:ro
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.funkwhale.entrypoints: "https"
+      traefik.http.routers.funkwhale.rule: "Host(`music.fanyx.xyz`)"
+
+networks:
+  traefik_proxy:
+    name: traefik_proxy

funkwhale/update-lib-funkwhale.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+docker-compose -f /srv/docker/funkwhale/compose.yaml \
+	exec -it funkwhale /app/api/manage.py import_files \
+	9cf82ebc-67b9-444e-99db-011e64053d74 \
+	"/music/hendrik/" \
+	--recursive \
+	--noinput \
+	--in-place

gitea/compose.yaml

@@ -0,0 +1,23 @@
+services:
+  gitea:
+    image: gitea/gitea:1.17.3
+    container_name: gitea
+    restart: unless-stopped
+    networks:
+      - traefik_proxy
+    environment:
+      USER_UID: "993"
+      USER_GID: "993"
+    volumes:
+      - /var/docker/gitea/data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.gitea.entrypoints: "https"
+      traefik.http.routers.gitea.rule: "Host(`git.fanyx.xyz`)"
+      traefik.http.services.gitea.loadbalancer.server.port: "3000"
+
+networks:
+  traefik_proxy:
+    name: traefik_proxy

hedgedoc/compose.yaml

@@ -0,0 +1,45 @@
+services:
+  hedgedoc:
+    image: quay.io/hedgedoc/hedgedoc:1.9.6-alpine
+    container_name: hedgedoc_web
+    depends_on:
+      - db
+    restart: unless-stopped
+    networks:
+      - traefik_proxy
+      - backend
+    env_file: .env-hedgedoc
+    environment:
+      - NODE_ENV=production
+      - CMD_DOMAIN=n.fanyx.xyz
+      - CMD_PROTOCOL_USESSL=true
+      - CMD_ALLOW_ANONYMOUS=false
+      - CMD_ALLOW_ANONYMOUS_EDITS=true
+      - CMD_ALLOW_FREEURL=true
+      - CMD_REQUIRE_FREEURL_AUTHENTICATION=true
+      - CMD_EMAIL=true
+      - CMD_ALLOW_EMAIL_REGISTER=false
+    volumes:
+      - /var/docker/hedgedoc/uploads:/hedgedoc/public/uploads
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.hedgedoc.entrypoints: "https"
+      traefik.http.routers.hedgedoc.rule: "Host(`n.fanyx.xyz`)"
+      traefik.http.routers.hedgedoc-ws.entrypoints: "https"
+      traefik.http.routers.hedgedoc-ws.rule: "Host(`n.fanyx.xyz`) && Path(`/sockets.io/`)"
+      traefik.http.middlewares.wsUpgrade.headers.customrequestheaders.X-Forwarded-Proto: "https"
+      traefik.http.routers.hedgedoc-ws.middlewares: "wsUpgrade@docker"
+  db:
+    image: postgres:13.4-alpine
+    container_name: hedgedoc_db
+    restart: unless-stopped
+    env_file: .env-db
+    networks:
+      - backend
+    volumes:
+      - /var/docker/hedgedoc/database:/var/lib/postgresql/data
+
+networks:
+  traefik_proxy:
+    name: traefik_proxy
+  backend:

infrared/compose.yaml

@@ -0,0 +1,9 @@
+services:
+  infrared:
+    image: docker.fanyx.xyz/infrared
+    container_name: infrared
+    restart: unless-stopped
+    volumes:
+      - ./configs:/configs
+    network_mode: host
+

infrared/configs/sevtechages.yml

@@ -0,0 +1,9 @@
+DomainName: "sta.mc.fanyx.xyz"
+ListenTo: ":25565"
+ProxyTo: ":25568"
+TimeOut: "5m"
+Server:
+  Version: "1.12.2"
+  Protocol: 340
+  DisconnectMessage: "Unable to connect to backend server."
+

jellyfin/compose.yaml

@@ -0,0 +1,10 @@
+services:
+  jellyfin:
+    image: jellyfin/jellyfin:10.8.5
+    container_name: jellyfin
+    restart: unless-stopped
+    volumes:
+      - /data/local_share/public/Videos:/media
+      - /var/docker/jellyfin/cache:/cache
+      - /var/docker/jellyfin/config:/config
+    network_mode: "host"

linx/compose.yaml

@@ -0,0 +1,27 @@
+services:
+  linx:
+    image: docker.fanyx.xyz/linx-server:2022-01
+    container_name: linx-server
+    restart: unless-stopped
+    networks:
+      - traefik_proxy
+    command: ["-config", "/data/linx-server.conf"]
+    configs:
+      - source: linx-config
+        target: /data/linx-server.conf
+        mode: 0444
+    volumes:
+      - /var/docker/linx/files:/data/files
+      - /var/docker/linx/meta:/data/meta
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.linx.entrypoints=https"
+      - "traefik.http.routers.linx.rule=Host(`t.fanyx.xyz`)"
+
+configs:
+  linx-config:
+    file: ./linx-server.conf
+
+networks:
+  traefik_proxy:
+    name: traefik_proxy

linx/linx-server.conf

@@ -0,0 +1,15 @@
+bind = 0.0.0.0:8080
+sitename = t.fanyx.xyz
+siteurl = https://t.fanyx.xyz/
+selifpath = s
+maxsize = 4294967296
+maxexpiry = 0
+max-duration-time = 86400
+max-duration-size = 67108864
+allowhotlink = true
+remoteuploads = true
+nologs = true
+force-random-filename = false
+cleanup-every-minutes = 5
+realip = true
+

maloja/compose.yaml

@@ -0,0 +1,22 @@
+services:
+  maloja:
+    image: krateng/maloja:3.1.4
+    container_name: maloja
+    restart: unless-stopped
+    networks:
+      - traefik_proxy
+    env_file: .env
+    environment:
+      - MALOJA_DATA_DIRECTORY=/var/lib/maloja
+      - MALOJA_HOST=0.0.0.0
+      - MALOJA_SKIP_SETUP=True
+    volumes:
+      - /var/docker/maloja/data:/var/lib/maloja
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.maloja.entrypoints: "https"
+      traefik.http.routers.maloja.rule: "Host(`maloja.fanyx.xyz`)"
+
+networks:
+  traefik_proxy:
+    name: traefik_proxy

minecraft/sevtechages/compose.yaml

@@ -0,0 +1,22 @@
+services:
+  sevtechages:
+    image: itzg/minecraft-server:java8
+    container_name: mc-sevtechages
+    restart: unless-stopped
+    environment:
+      - TYPE=FORGE
+      - EULA=TRUE
+      - TZ=Europe/Berlin
+      - VERSION=1.12.2
+      - FORGEVERSION=14.23.5.2860
+      - OPS=Fanyx
+      - MEMORY=7G
+      - USE_AIKAR_FLAGS=true
+      - GUI=FALSE
+    tty: true
+    stdin_open: true
+    volumes:
+      - /var/docker/minecraft/sevtechages:/data
+    ports:
+      - "25568:25565"
+

pihole/compose.yaml

@@ -0,0 +1,21 @@
+services:
+  pihole:
+    image: pihole/pihole:2022.10
+    container_name: pihole
+    restart: unless-stopped
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "8082:80/tcp"
+    environment:
+      TZ: "Berlin/Europe"
+      WEBPASSWORD: "K2jgiRMxhBMYZpEV3MtXqdMb"
+    volumes:
+      - pihole_pihole-config:/etc/pihole/
+      - pihole_pihole-dnsmasq:/etc/dnsmasq.d/
+
+volumes:
+  pihole_pihole-config:
+    external: true
+  pihole_pihole-dnsmasq:
+    external: true

registry/compose.yaml

@@ -0,0 +1,35 @@
+services:
+  registry:
+    image: registry:2.8
+    container_name: registry
+    restart: unless-stopped
+    networks:
+      - traefik_proxy
+    configs:
+      - source: registry
+        target: /etc/docker/registry/config.yml
+        mode: 0400
+    volumes:
+      - registry_registry:/var/lib/registry
+    expose:
+      - 5000
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.registry.entrypoints=https"
+      - "traefik.http.routers.registry.rule=Host(`docker.fanyx.xyz`)"
+      - "traefik.http.middlewares.headers.Headers.sslProxyHeaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.headers.Headers.hostsProxyHeaders=X-Forwarded-Host"
+      - "traefik.http.middlewares.auth.BasicAuth.usersfile=/htpasswd"
+      - "traefik.http.routers.registry.middlewares=headers@docker,auth@docker"
+
+volumes:
+  registry_registry:
+    external: true
+
+configs:
+  registry:
+    file: ./config.yml
+
+networks:
+  traefik_proxy:
+    name: traefik_proxy

registry/config.yml

@@ -0,0 +1,15 @@
+version: 0.1
+storage:
+  filesystem:
+    rootdirectory: /var/lib/registry
+  delete:
+    enabled: true
+  cache:
+    blobdescriptor: inmemory
+http:
+  addr: :5000
+  headers:
+    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
+    Access-Control-Expose-Headers: ['Docker-Content-Digest']
+    X-Content-Type-Options: [nosniff]
+  host: docker.fanyx.xyz

trackmania/compose.yaml

@@ -0,0 +1,44 @@
+version: '3.8'
+services:
+  tmserver:
+    image: fanyx/tmserver:2.1.0
+    container_name: trackmania_tmserver
+    depends_on:
+     - db
+    restart: always
+    env_file: .env
+#     volumes:
+#      - ./tracks:/var/lib/tmserver/GameData/Tracks/Challenges/Custom # => Custom tracks
+#      - ./playlist.txt:/var/lib/tmserver/playlist.txt # => Custom playlist
+#      - ./blacklist:/var/lib/xaseco/blacklist # => Plugin blacklist
+#      - ./plugins:/var/lib/xaseco/plugins/custom # => Custom plugins
+#      - ./config:/var/lib/xaseco/config # => Custom configuration files
+#    ports:
+#      - "2350:2350"
+#      - "2350:2350/udp"
+#      - "3450:3450/udp"
+  db:
+    image: mysql:5
+    container_name: trackmania_db
+    restart: always
+    environment:
+     -   MYSQL_ROOT_PASSWORD=tmforever
+     -   MYSQL_DATABASE=trackmania
+     -   MYSQL_USER=trackmania
+     -   MYSQL_PASSWORD=tmforever
+    volumes:
+     - trackmania-db:/var/lib/mysql
+  pma:
+    image: phpmyadmin/phpmyadmin:4.9
+    container_name: trackmania_phpmyadmin
+    depends_on:
+     - db
+    environment:
+     - PMA_HOST=db
+    restart: always
+#   ports:
+#      - "8080:80"
+
+volumes:
+  trackmania-db:
+

traefik/compose.yaml

@@ -0,0 +1,29 @@
+services:
+  traefik:
+    image: traefik:2.8
+    container_name: traefik
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+      - "24880:8080"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./config/acme/acme.json:/acme.json:rw
+    configs:
+      - source: traefik
+        target: /traefik.yml
+      - source: htpasswd
+        target: /htpasswd
+    networks:
+      - traefik_proxy
+
+networks:
+  traefik_proxy:
+    name: traefik_proxy
+
+configs:
+  traefik:
+    file: ./config/traefik.yml
+  htpasswd:
+    file: ./config/htpasswd

traefik/config/traefik.yml

@@ -0,0 +1,63 @@
+api:
+  dashboard: true
+  insecure: true
+
+entryPoints:
+  http:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: https
+          scheme: https
+  https:
+    address: ":443"
+    http:
+      tls:
+        certResolver: default
+      middlewares:
+        - hsts@file
+
+providers:
+  docker:
+    network: "traefik_proxy"
+    exposedByDefault: false
+  file:
+    filename: "/traefik.yml"
+
+certificatesResolvers:
+  default:
+    acme:
+      email: "fanyx@fanyx.xyz"
+      storage: "acme.json"
+      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+      tlsChallenge: true
+      httpChallenge:
+        entrypoint: http
+
+http:
+  routers:
+    jellyfin:
+     entrypoints: 
+       - "https"
+     rule: "Host(`v.fanyx.xyz`)"
+     service: "jellyfin"
+    radicale:
+      entrypoints:
+        - "https"
+      rule: "Host(`r.fanyx.xyz`)"
+      service: "radicale"
+  services:
+    jellyfin:
+      loadBalancer:
+        servers:
+         - url: "http://172.18.0.1:8096"
+    radicale:
+      loadBalancer:
+        servers:
+          - url: "http://172.18.0.1:5232"
+  middlewares:
+    hsts:
+      headers:
+        frameDeny: true
+        browserXssFilter: true

www/compose.yaml

@@ -0,0 +1,17 @@
+services:
+  website:
+    image: nginx:1.23.2-alpine
+    container_name: website
+    restart: unless-stopped
+    networks:
+      - traefik_proxy
+    volumes:
+      - /var/docker/www/website:/usr/share/nginx/html:ro
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.website.entrypoints: "https"
+      traefik.http.routers.website.rule: "Host(`fanyx.xyz`)"
+
+networks:
+  traefik_proxy:
+    name: traefik_proxy