commit 60dfcfcb8a679ba6afbc387f955f77bb771303b2 Author: fanyx Date: Thu Mar 9 22:10:22 2023 +0100 Initial commit diff --git a/akkoma/compose.yaml b/akkoma/compose.yaml new file mode 100644 index 0000000..e4fb7fb --- /dev/null +++ b/akkoma/compose.yaml @@ -0,0 +1,53 @@ +services: + db: + image: postgres:14.5-alpine + container_name: akkoma_db + restart: unless-stopped + networks: + - backend + env_file: .env-db + environment: + POSTGRES_USER: akkoma + POSTGRES_DB: akkoma + # POSTGRES_PASSWORD: + volumes: + - /var/docker/akkoma/postgres:/var/lib/postgresql/data + configs: + - source: postgresql + target: /etc/postgres/postgresql.conf + mode: 0400 + + web: + image: docker.fanyx.xyz/akkoma:stable-2023-02 + container_name: akkoma_web + restart: unless-stopped + depends_on: + - db + networks: + - traefik_proxy + - backend + volumes: + - /srv/docker/akkoma/akkoma:/opt/akkoma + - /var/docker/akkoma/akkoma/uploads:/opt/akkoma/uploads + - /var/docker/akkoma/akkoma/static:/opt/akkoma/instance/static + configs: + - source: akkoma + target: /opt/akkoma/config/prod.secret.exs + mode: 0400 + labels: + traefik.enable: "true" + traefik.http.routers.akkoma.entrypoints: "https" + traefik.http.routers.akkoma.rule: "Host(`pl.fanyx.xyz`)" + traefik.docker.network: "traefik_proxy" + +networks: + traefik_proxy: + name: traefik_proxy + backend: + driver: bridge + +configs: + postgresql: + file: /srv/docker/akkoma/postgresql.conf + akkoma: + file: /srv/docker/akkoma/secret.exs diff --git a/akkoma/postgresql.conf b/akkoma/postgresql.conf new file mode 100644 index 0000000..1b75368 --- /dev/null +++ b/akkoma/postgresql.conf @@ -0,0 +1,24 @@ +# DB Version: 14 +# OS Type: linux +# DB Type: web +# Total Memory (RAM): 16 GB +# CPUs num: 4 +# Connections num: 20 +# Data Storage: ssd + +max_connections = 20 +shared_buffers = 4GB +effective_cache_size = 12GB +maintenance_work_mem = 1GB +checkpoint_completion_target = 0.9 +wal_buffers = 16MB +default_statistics_target = 100 +random_page_cost = 1.1 +effective_io_concurrency = 200 +work_mem = 104857kB +min_wal_size = 1GB +max_wal_size = 4GB +max_worker_processes = 4 +max_parallel_workers_per_gather = 2 +max_parallel_workers = 4 +max_parallel_maintenance_workers = 2 diff --git a/filebrowser/compose.yaml b/filebrowser/compose.yaml new file mode 100644 index 0000000..646c1ad --- /dev/null +++ b/filebrowser/compose.yaml @@ -0,0 +1,19 @@ +services: + filebrowser: + image: filebrowser/filebrowser:v2.23.0 + container_name: filebrowser + restart: unless-stopped + networks: + - traefik_proxy + volumes: + - /var/cloud/hendrik/public:/srv + - /var/docker/filebrowser/filebrowser.db:/database.db + user: "1000:1000" + labels: + traefik.http.routers.filebrowser.entrypoints: "https" + traefik.http.routers.filebrowser.rule: "Host(`cloud.fanyx.xyz`)" + traefik.enable: "true" + +networks: + traefik_proxy: + name: traefik_proxy diff --git a/funkwhale/compose.yaml b/funkwhale/compose.yaml new file mode 100644 index 0000000..1f8ca35 --- /dev/null +++ b/funkwhale/compose.yaml @@ -0,0 +1,25 @@ +services: + funkwhale: + image: funkwhale/all-in-one:1.2.8 + container_name: funkwhale + restart: unless-stopped + networks: + - traefik_proxy + env_file: .env + environment: + PUID: "994" + PGID: "994" + FUNKWHALE_HOSTNAME: "music.fanyx.xyz" + FUNKWHALE_PROTOCOL: "https" + NESTED_PROXY: "1" + volumes: + - /var/docker/funkwhale/data:/data + - /var/cloud/hendrik/public/Music:/music/hendrik:ro + labels: + traefik.enable: "true" + traefik.http.routers.funkwhale.entrypoints: "https" + traefik.http.routers.funkwhale.rule: "Host(`music.fanyx.xyz`)" + +networks: + traefik_proxy: + name: traefik_proxy diff --git a/funkwhale/update-lib-funkwhale.sh b/funkwhale/update-lib-funkwhale.sh new file mode 100755 index 0000000..a5ad8a6 --- /dev/null +++ b/funkwhale/update-lib-funkwhale.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +docker-compose -f /srv/docker/funkwhale/compose.yaml \ + exec -it funkwhale /app/api/manage.py import_files \ + 9cf82ebc-67b9-444e-99db-011e64053d74 \ + "/music/hendrik/" \ + --recursive \ + --noinput \ + --in-place diff --git a/gitea/compose.yaml b/gitea/compose.yaml new file mode 100644 index 0000000..553f716 --- /dev/null +++ b/gitea/compose.yaml @@ -0,0 +1,23 @@ +services: + gitea: + image: gitea/gitea:1.17.3 + container_name: gitea + restart: unless-stopped + networks: + - traefik_proxy + environment: + USER_UID: "993" + USER_GID: "993" + volumes: + - /var/docker/gitea/data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + labels: + traefik.enable: "true" + traefik.http.routers.gitea.entrypoints: "https" + traefik.http.routers.gitea.rule: "Host(`git.fanyx.xyz`)" + traefik.http.services.gitea.loadbalancer.server.port: "3000" + +networks: + traefik_proxy: + name: traefik_proxy diff --git a/hedgedoc/compose.yaml b/hedgedoc/compose.yaml new file mode 100644 index 0000000..8c017d3 --- /dev/null +++ b/hedgedoc/compose.yaml @@ -0,0 +1,45 @@ +services: + hedgedoc: + image: quay.io/hedgedoc/hedgedoc:1.9.6-alpine + container_name: hedgedoc_web + depends_on: + - db + restart: unless-stopped + networks: + - traefik_proxy + - backend + env_file: .env-hedgedoc + environment: + - NODE_ENV=production + - CMD_DOMAIN=n.fanyx.xyz + - CMD_PROTOCOL_USESSL=true + - CMD_ALLOW_ANONYMOUS=false + - CMD_ALLOW_ANONYMOUS_EDITS=true + - CMD_ALLOW_FREEURL=true + - CMD_REQUIRE_FREEURL_AUTHENTICATION=true + - CMD_EMAIL=true + - CMD_ALLOW_EMAIL_REGISTER=false + volumes: + - /var/docker/hedgedoc/uploads:/hedgedoc/public/uploads + labels: + traefik.enable: "true" + traefik.http.routers.hedgedoc.entrypoints: "https" + traefik.http.routers.hedgedoc.rule: "Host(`n.fanyx.xyz`)" + traefik.http.routers.hedgedoc-ws.entrypoints: "https" + traefik.http.routers.hedgedoc-ws.rule: "Host(`n.fanyx.xyz`) && Path(`/sockets.io/`)" + traefik.http.middlewares.wsUpgrade.headers.customrequestheaders.X-Forwarded-Proto: "https" + traefik.http.routers.hedgedoc-ws.middlewares: "wsUpgrade@docker" + db: + image: postgres:13.4-alpine + container_name: hedgedoc_db + restart: unless-stopped + env_file: .env-db + networks: + - backend + volumes: + - /var/docker/hedgedoc/database:/var/lib/postgresql/data + +networks: + traefik_proxy: + name: traefik_proxy + backend: diff --git a/infrared/compose.yaml b/infrared/compose.yaml new file mode 100644 index 0000000..ff40671 --- /dev/null +++ b/infrared/compose.yaml @@ -0,0 +1,9 @@ +services: + infrared: + image: docker.fanyx.xyz/infrared + container_name: infrared + restart: unless-stopped + volumes: + - ./configs:/configs + network_mode: host + diff --git a/infrared/configs/sevtechages.yml b/infrared/configs/sevtechages.yml new file mode 100644 index 0000000..81cf6dd --- /dev/null +++ b/infrared/configs/sevtechages.yml @@ -0,0 +1,9 @@ +DomainName: "sta.mc.fanyx.xyz" +ListenTo: ":25565" +ProxyTo: ":25568" +TimeOut: "5m" +Server: + Version: "1.12.2" + Protocol: 340 + DisconnectMessage: "Unable to connect to backend server." + diff --git a/jellyfin/compose.yaml b/jellyfin/compose.yaml new file mode 100644 index 0000000..6e5ea78 --- /dev/null +++ b/jellyfin/compose.yaml @@ -0,0 +1,10 @@ +services: + jellyfin: + image: jellyfin/jellyfin:10.8.5 + container_name: jellyfin + restart: unless-stopped + volumes: + - /data/local_share/public/Videos:/media + - /var/docker/jellyfin/cache:/cache + - /var/docker/jellyfin/config:/config + network_mode: "host" diff --git a/linx/compose.yaml b/linx/compose.yaml new file mode 100644 index 0000000..68771f8 --- /dev/null +++ b/linx/compose.yaml @@ -0,0 +1,27 @@ +services: + linx: + image: docker.fanyx.xyz/linx-server:2022-01 + container_name: linx-server + restart: unless-stopped + networks: + - traefik_proxy + command: ["-config", "/data/linx-server.conf"] + configs: + - source: linx-config + target: /data/linx-server.conf + mode: 0444 + volumes: + - /var/docker/linx/files:/data/files + - /var/docker/linx/meta:/data/meta + labels: + - "traefik.enable=true" + - "traefik.http.routers.linx.entrypoints=https" + - "traefik.http.routers.linx.rule=Host(`t.fanyx.xyz`)" + +configs: + linx-config: + file: ./linx-server.conf + +networks: + traefik_proxy: + name: traefik_proxy diff --git a/linx/linx-server.conf b/linx/linx-server.conf new file mode 100644 index 0000000..211170a --- /dev/null +++ b/linx/linx-server.conf @@ -0,0 +1,15 @@ +bind = 0.0.0.0:8080 +sitename = t.fanyx.xyz +siteurl = https://t.fanyx.xyz/ +selifpath = s +maxsize = 4294967296 +maxexpiry = 0 +max-duration-time = 86400 +max-duration-size = 67108864 +allowhotlink = true +remoteuploads = true +nologs = true +force-random-filename = false +cleanup-every-minutes = 5 +realip = true + diff --git a/maloja/compose.yaml b/maloja/compose.yaml new file mode 100644 index 0000000..49fd7c9 --- /dev/null +++ b/maloja/compose.yaml @@ -0,0 +1,22 @@ +services: + maloja: + image: krateng/maloja:3.1.4 + container_name: maloja + restart: unless-stopped + networks: + - traefik_proxy + env_file: .env + environment: + - MALOJA_DATA_DIRECTORY=/var/lib/maloja + - MALOJA_HOST=0.0.0.0 + - MALOJA_SKIP_SETUP=True + volumes: + - /var/docker/maloja/data:/var/lib/maloja + labels: + traefik.enable: "true" + traefik.http.routers.maloja.entrypoints: "https" + traefik.http.routers.maloja.rule: "Host(`maloja.fanyx.xyz`)" + +networks: + traefik_proxy: + name: traefik_proxy diff --git a/minecraft/sevtechages/compose.yaml b/minecraft/sevtechages/compose.yaml new file mode 100644 index 0000000..c9a9c7d --- /dev/null +++ b/minecraft/sevtechages/compose.yaml @@ -0,0 +1,22 @@ +services: + sevtechages: + image: itzg/minecraft-server:java8 + container_name: mc-sevtechages + restart: unless-stopped + environment: + - TYPE=FORGE + - EULA=TRUE + - TZ=Europe/Berlin + - VERSION=1.12.2 + - FORGEVERSION=14.23.5.2860 + - OPS=Fanyx + - MEMORY=7G + - USE_AIKAR_FLAGS=true + - GUI=FALSE + tty: true + stdin_open: true + volumes: + - /var/docker/minecraft/sevtechages:/data + ports: + - "25568:25565" + diff --git a/pihole/compose.yaml b/pihole/compose.yaml new file mode 100644 index 0000000..4ae6646 --- /dev/null +++ b/pihole/compose.yaml @@ -0,0 +1,21 @@ +services: + pihole: + image: pihole/pihole:2022.10 + container_name: pihole + restart: unless-stopped + ports: + - "53:53/tcp" + - "53:53/udp" + - "8082:80/tcp" + environment: + TZ: "Berlin/Europe" + WEBPASSWORD: "K2jgiRMxhBMYZpEV3MtXqdMb" + volumes: + - pihole_pihole-config:/etc/pihole/ + - pihole_pihole-dnsmasq:/etc/dnsmasq.d/ + +volumes: + pihole_pihole-config: + external: true + pihole_pihole-dnsmasq: + external: true diff --git a/registry/compose.yaml b/registry/compose.yaml new file mode 100644 index 0000000..1800ce0 --- /dev/null +++ b/registry/compose.yaml @@ -0,0 +1,35 @@ +services: + registry: + image: registry:2.8 + container_name: registry + restart: unless-stopped + networks: + - traefik_proxy + configs: + - source: registry + target: /etc/docker/registry/config.yml + mode: 0400 + volumes: + - registry_registry:/var/lib/registry + expose: + - 5000 + labels: + - "traefik.enable=true" + - "traefik.http.routers.registry.entrypoints=https" + - "traefik.http.routers.registry.rule=Host(`docker.fanyx.xyz`)" + - "traefik.http.middlewares.headers.Headers.sslProxyHeaders.X-Forwarded-Proto=https" + - "traefik.http.middlewares.headers.Headers.hostsProxyHeaders=X-Forwarded-Host" + - "traefik.http.middlewares.auth.BasicAuth.usersfile=/htpasswd" + - "traefik.http.routers.registry.middlewares=headers@docker,auth@docker" + +volumes: + registry_registry: + external: true + +configs: + registry: + file: ./config.yml + +networks: + traefik_proxy: + name: traefik_proxy diff --git a/registry/config.yml b/registry/config.yml new file mode 100644 index 0000000..c632a7e --- /dev/null +++ b/registry/config.yml @@ -0,0 +1,15 @@ +version: 0.1 +storage: + filesystem: + rootdirectory: /var/lib/registry + delete: + enabled: true + cache: + blobdescriptor: inmemory +http: + addr: :5000 + headers: + Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE'] + Access-Control-Expose-Headers: ['Docker-Content-Digest'] + X-Content-Type-Options: [nosniff] + host: docker.fanyx.xyz diff --git a/trackmania/compose.yaml b/trackmania/compose.yaml new file mode 100644 index 0000000..5383065 --- /dev/null +++ b/trackmania/compose.yaml @@ -0,0 +1,44 @@ +version: '3.8' +services: + tmserver: + image: fanyx/tmserver:2.1.0 + container_name: trackmania_tmserver + depends_on: + - db + restart: always + env_file: .env +# volumes: +# - ./tracks:/var/lib/tmserver/GameData/Tracks/Challenges/Custom # => Custom tracks +# - ./playlist.txt:/var/lib/tmserver/playlist.txt # => Custom playlist +# - ./blacklist:/var/lib/xaseco/blacklist # => Plugin blacklist +# - ./plugins:/var/lib/xaseco/plugins/custom # => Custom plugins +# - ./config:/var/lib/xaseco/config # => Custom configuration files +# ports: +# - "2350:2350" +# - "2350:2350/udp" +# - "3450:3450/udp" + db: + image: mysql:5 + container_name: trackmania_db + restart: always + environment: + - MYSQL_ROOT_PASSWORD=tmforever + - MYSQL_DATABASE=trackmania + - MYSQL_USER=trackmania + - MYSQL_PASSWORD=tmforever + volumes: + - trackmania-db:/var/lib/mysql + pma: + image: phpmyadmin/phpmyadmin:4.9 + container_name: trackmania_phpmyadmin + depends_on: + - db + environment: + - PMA_HOST=db + restart: always +# ports: +# - "8080:80" + +volumes: + trackmania-db: + diff --git a/traefik/compose.yaml b/traefik/compose.yaml new file mode 100644 index 0000000..3c39f14 --- /dev/null +++ b/traefik/compose.yaml @@ -0,0 +1,29 @@ +services: + traefik: + image: traefik:2.8 + container_name: traefik + restart: unless-stopped + ports: + - "80:80" + - "443:443" + - "24880:8080" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./config/acme/acme.json:/acme.json:rw + configs: + - source: traefik + target: /traefik.yml + - source: htpasswd + target: /htpasswd + networks: + - traefik_proxy + +networks: + traefik_proxy: + name: traefik_proxy + +configs: + traefik: + file: ./config/traefik.yml + htpasswd: + file: ./config/htpasswd diff --git a/traefik/config/traefik.yml b/traefik/config/traefik.yml new file mode 100644 index 0000000..7aa1ced --- /dev/null +++ b/traefik/config/traefik.yml @@ -0,0 +1,63 @@ +api: + dashboard: true + insecure: true + +entryPoints: + http: + address: ":80" + http: + redirections: + entryPoint: + to: https + scheme: https + https: + address: ":443" + http: + tls: + certResolver: default + middlewares: + - hsts@file + +providers: + docker: + network: "traefik_proxy" + exposedByDefault: false + file: + filename: "/traefik.yml" + +certificatesResolvers: + default: + acme: + email: "fanyx@fanyx.xyz" + storage: "acme.json" + caServer: "https://acme-v02.api.letsencrypt.org/directory" + tlsChallenge: true + httpChallenge: + entrypoint: http + +http: + routers: + jellyfin: + entrypoints: + - "https" + rule: "Host(`v.fanyx.xyz`)" + service: "jellyfin" + radicale: + entrypoints: + - "https" + rule: "Host(`r.fanyx.xyz`)" + service: "radicale" + services: + jellyfin: + loadBalancer: + servers: + - url: "http://172.18.0.1:8096" + radicale: + loadBalancer: + servers: + - url: "http://172.18.0.1:5232" + middlewares: + hsts: + headers: + frameDeny: true + browserXssFilter: true diff --git a/www/compose.yaml b/www/compose.yaml new file mode 100644 index 0000000..7700135 --- /dev/null +++ b/www/compose.yaml @@ -0,0 +1,17 @@ +services: + website: + image: nginx:1.23.2-alpine + container_name: website + restart: unless-stopped + networks: + - traefik_proxy + volumes: + - /var/docker/www/website:/usr/share/nginx/html:ro + labels: + traefik.enable: "true" + traefik.http.routers.website.entrypoints: "https" + traefik.http.routers.website.rule: "Host(`fanyx.xyz`)" + +networks: + traefik_proxy: + name: traefik_proxy