├── .editorconfig ├── .github ├── CODEOWNERS └── workflows │ └── ci.yml ├── .gitignore ├── LICENSE ├── README.md ├── core ├── _main.sh ├── checks.sh ├── common.mk └── log.sh ├── server.sh └── services ├── adguard ├── .env.template ├── Makefile ├── config │ └── AdGuardHome.yaml └── docker-compose.yml ├── answer ├── .env.template ├── Makefile └── docker-compose.yml ├── appsmith ├── .env.template ├── Makefile └── docker-compose.yml ├── authelia ├── .env.template ├── Makefile ├── config.template │ ├── configuration.yml.template │ └── users_database.yml.template └── docker-compose.yml ├── bookstack ├── .env.template ├── Makefile └── docker-compose.yml ├── calibre-web ├── .env.template ├── Makefile ├── docker-compose.yml └── mods │ └── fix-cloudflare-login.sh ├── centreon ├── .env.template ├── Dockerfile ├── Makefile ├── config │ └── mariadb │ │ ├── mariadb.cnf │ │ └── service.conf ├── docker-compose.yml └── scripts │ ├── enable-monitoring.sh │ └── systemctl.py ├── cf-companion ├── .env.template ├── Makefile └── docker-compose.yml ├── changedetection ├── .env.template ├── Makefile └── docker-compose.yml ├── datadog-agent ├── .env.template ├── Makefile └── docker-compose.yml ├── ddns-updater ├── .env.template ├── Makefile └── docker-compose.yml ├── diun ├── .env.template ├── Makefile └── docker-compose.yml ├── error-pages ├── .env.template ├── Makefile └── docker-compose.yml ├── gitea ├── .env.template ├── Makefile └── docker-compose.yml ├── gotify ├── .env.template ├── Makefile └── docker-compose.yml ├── grafana ├── .env.template ├── Makefile └── docker-compose.yml ├── heimdall ├── .env.template ├── Makefile └── docker-compose.yml ├── home-assistant ├── .env.template ├── Makefile └── docker-compose.yml ├── homepage ├── .env.template ├── Makefile └── docker-compose.yml ├── infisical ├── .env.template ├── Makefile ├── docker-compose.yml └── nginx │ └── default.conf ├── kafka ├── .env.template ├── Makefile ├── config │ ├── application.yml │ └── kafka_jaas.conf └── docker-compose.yml ├── keycloack ├── .env.template ├── Makefile └── docker-compose.yml ├── kimai ├── .env.template ├── Makefile └── docker-compose.yml ├── landing ├── .env.template ├── Makefile ├── docker-compose.yml └── static │ ├── favicon.ico │ ├── img │ ├── 404.svg │ ├── astronaut.svg │ ├── bg_purple.png │ ├── earth.svg │ ├── moon.svg │ ├── overlay_stars.svg │ └── rocket.svg │ ├── index.html │ └── style.css ├── mailhog ├── .env.template ├── Makefile └── docker-compose.yml ├── mongo ├── .env.template ├── Makefile ├── config │ └── init-mongo.js └── docker-compose.yml ├── monica ├── .env.template ├── Makefile └── docker-compose.yml ├── moodle ├── .env.template ├── Makefile └── docker-compose.yml ├── n8n ├── .env.template ├── Makefile └── docker-compose.yml ├── netdata ├── .env.template ├── Makefile ├── config │ ├── health_alarm_notify.conf.template │ └── netdata.conf └── docker-compose.yml ├── nextcloud ├── .env.template ├── Makefile └── docker-compose.yml ├── nocodb ├── .env.template ├── Makefile └── docker-compose.yml ├── openvpn ├── .env.template ├── Makefile └── docker-compose.yml ├── paperless ├── .env.template ├── Makefile └── docker-compose.yml ├── portainer ├── .env.template ├── Makefile └── docker-compose.yml ├── traefik ├── .env.template ├── Makefile ├── docker-compose.yml └── rules │ └── rules.yml ├── vaultwarden ├── .env.template ├── Makefile └── docker-compose.yml ├── watchtower ├── .env.template ├── Makefile └── docker-compose.yml ├── wordpress ├── .env.template ├── Makefile ├── config │ ├── php.ini │ └── uploads.ini └── docker-compose.yml ├── your-spotify ├── .env.template ├── Makefile └── docker-compose.yml └── zot ├── .env.template ├── Makefile ├── config └── config.json └── docker-compose.yml /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | indent_style = space 5 | indent_size = 2 6 | tab_width = 2 7 | end_of_line = lf 8 | charset = utf-8 9 | trim_trailing_whitespace = true 10 | insert_final_newline = true 11 | 12 | [*.{java,gradle,xml}] 13 | indent_size = 4 14 | continuation_indent_size = 8 15 | 16 | [*.py] 17 | indent_size = 4 18 | max_line_length = 120 19 | 20 | [{go.mod,go.sum,*.go}] 21 | indent_style = tab 22 | indent_size = 4 23 | 24 | [*.php] 25 | indent_size = 4 26 | 27 | [*.js] 28 | block_comment_start = /** 29 | block_comment = * 30 | block_comment_end = */ 31 | 32 | [*.min.js] 33 | indent_style = ignore 34 | insert_final_newline = ignore 35 | 36 | [{Makefile,*.mk}] 37 | indent_style = tab 38 | 39 | [*.{cmd,bat}] 40 | indent_style = tab 41 | end_of_line = crlf 42 | 43 | [*.{json,json5}] 44 | insert_final_newline = ignore 45 | 46 | [*.md] 47 | trim_trailing_whitespace = false 48 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @borjapazr 2 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | pull_request: 8 | 9 | jobs: 10 | build: 11 | name: 🧑‍🔬 Test server.sh 12 | runs-on: ubuntu-latest 13 | 14 | steps: 15 | - name: ⬇️ Checkout project 16 | uses: actions/checkout@v2 17 | 18 | - name: 🆘 Show help 19 | run: ./server.sh --help 20 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/.env 2 | **/.disabled 3 | **/openvpn/clients 4 | **/ddns-updater/data 5 | **/netdata/config/health_alarm_notify.conf 6 | **/netdata/config/.container-hostname 7 | **/traefik/credentials 8 | **/zot/credentials 9 | **/*.private 10 | **/_*/ 11 | **/_* 12 | **/authelia/config/ 13 | **/homepage/config/ 14 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2020 Borja Paz Rodríguez borjapazr@gmail.com 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🏡🖥️ Mars Server 2 | 3 | Managed home server with Docker, Docker Compose, Make and Bash. 4 | 5 | ## 🧩 Requirements 6 | 7 | - [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/install/) 8 | - Make 9 | - [fzf](https://github.com/junegunn/fzf) 10 | 11 | ## 🧑‍🍳 Configuration 12 | 13 | Before deploying the services it is necessary to configure them. To do so, it is enough to create an .env file for each service with the content of the corresponding .env.template. 14 | 15 | ## 🏗️ Installation 16 | 17 | ```bash 18 | server.sh install 19 | ``` 20 | 21 | ## 🧙 Usage 22 | 23 | ```bash 24 | Usage: server [OPTIONS] COMMAND 25 | 26 | This script aims to manage a home server based on Docker, Docker Compose, Make and Bash. 27 | 28 | Available options: 29 | -h, --help Print this help and exit 30 | 31 | Available commands: 32 | install Install all services 33 | uninstall Uninstall all services 34 | start Start all services 35 | stop Stop all services 36 | restart Restart all services 37 | status Get the status of all services 38 | services Open a menu based on FZF to manage the services separately 39 | ``` 40 | 41 | ## 🎯 Credits 42 | 43 | To realise this project I have based myself on many similar projects. There were countless of them and I gave them all a star. 44 | 45 | 🙏 Thank you very much for these wonderful creations. 46 | 47 | ### ⭐ Stargazers 48 | 49 | [![Stargazers repo roster for @borjapazr/mars-server](https://reporoster.com/stars/borjapazr/mars-server)](https://github.com/borjapazr/mars-server/stargazers) 50 | 51 | ## ⚖️ License 52 | 53 | The MIT License (MIT). Please see [License](LICENSE) for more information. 54 | -------------------------------------------------------------------------------- /core/_main.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if ! ${SERVER_MAIN_SOURCED:-false}; then 4 | for file in $SERVER_DIR/core/{checks,log}.sh; do 5 | source "$file"; 6 | done; 7 | unset file; 8 | 9 | readonly SERVER_MAIN_SOURCED=true 10 | fi 11 | -------------------------------------------------------------------------------- /core/checks.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | checks::executable_check() { 4 | local EXE=$1 5 | local NAME=$2 6 | if [ "$EXE" == "0" ]; then 7 | log::error "No '${NAME}' command found" 8 | exit 1 9 | fi 10 | 11 | if [ ! -e ${EXE} ]; then 12 | log::error "'${NAME}' is installed but not executable" 13 | fi 14 | } 15 | 16 | checks::version_check() { 17 | local VERSION=$1 18 | local MINIMUM=$2 19 | local SYSTEM=$3 20 | local CHECK=`echo "$VERSION>=$MINIMUM" | bc -l` 21 | if [ "$CHECK" == "0" ]; then 22 | log::error "'${SYSTEM}' version mismatch, please upgrade" 23 | exit 1 24 | fi 25 | } 26 | -------------------------------------------------------------------------------- /core/common.mk: -------------------------------------------------------------------------------- 1 | ## Docker commands 2 | DOCKER := docker 3 | DOCKER_COMPOSE := docker-compose 4 | DOCKER_COMPOSE_FILE := $(ROOT_DIR)/docker-compose.yml 5 | 6 | ## Set 'bash' as default shell 7 | SHELL := $(shell which bash) 8 | 9 | ## Set 'help' target as the default goal 10 | .DEFAULT_GOAL := help 11 | 12 | .PHONY: help 13 | help: ## Show this help 14 | @egrep -h '^[a-zA-Z0-9_\/-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort -d | awk 'BEGIN {FS = ":.*?## "; printf "Usage: make \033[0;34mTARGET\033[0m \033[0;35m[ARGUMENTS]\033[0m\n\n"; printf "Targets:\n"}; {printf " \033[33m%-25s\033[0m \033[0;32m%s\033[0m\n", $$1, $$2}' 15 | 16 | .PHONY: enable 17 | enable: ## Enable service 18 | @rm -rf .disabled 19 | 20 | .PHONY: disable 21 | disable: down ## Disable service 22 | @touch .disabled 23 | 24 | .PHONY: env 25 | env: ## Create .env file from .env.template 26 | @if [ ! -f .env ]; then cp .env.template .env; fi 27 | 28 | .PHONY: health 29 | health: ## Get service health 30 | @if [ "$$($(DOCKER) container inspect -f '{{.State.Status}}' $(SERVICE) 2>&1)" = "running" ]; then echo "UP"; else echo "DOWN"; fi 31 | 32 | .PHONY: build 33 | build: CMD = build $(c) ## Build all or c= containers 34 | 35 | .PHONY: up 36 | up: CMD = up -d $(c) ## Up all or c= containers 37 | 38 | .PHONY: down 39 | down: CMD = down ## Down all containers 40 | 41 | .PHONY: destroy 42 | destroy: CMD = down -v ## Destroy all containers 43 | 44 | .PHONY: start 45 | start: CMD = start $(c) ## Start all or c= containers 46 | 47 | .PHONY: stop 48 | stop: CMD = stop $(c) ## Stop all or c= containers 49 | 50 | .PHONY: restart 51 | restart: CMD = restart $(c) ## Restart all or c= containers 52 | 53 | .PHONY: status 54 | status: CMD = ps ## Show status of containers 55 | 56 | .PHONY: logs 57 | logs: CMD = logs --tail=100 -f $(c) ## Show logs for all or c= containers 58 | 59 | build up down start stop restart destroy logs status: 60 | @$(DOCKER_COMPOSE) -f $(DOCKER_COMPOSE_FILE) $(CMD) 61 | -------------------------------------------------------------------------------- /core/log.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echoerr() { 4 | echo "$@" 1>&2 5 | } 6 | 7 | log::ansi() { 8 | local bg=false 9 | case "$@" in 10 | *reset*) 11 | echo "\e[0m" 12 | return 0 13 | ;; 14 | *black*) color=30 ;; 15 | *red*) color=31 ;; 16 | *green*) color=32 ;; 17 | *yellow*) color=33 ;; 18 | *blue*) color=34 ;; 19 | *purple*) color=35 ;; 20 | *cyan*) color=36 ;; 21 | *white*) color=37 ;; 22 | esac 23 | case "$@" in 24 | *regular*) mod=0 ;; 25 | *bold*) mod=1 ;; 26 | *underline*) mod=4 ;; 27 | esac 28 | case "$@" in 29 | *background*) bg=true ;; 30 | *bg*) bg=true ;; 31 | esac 32 | 33 | if $bg; then 34 | echo "\e[${color}m" 35 | else 36 | echo "\e[${mod:-0};${color}m" 37 | fi 38 | } 39 | 40 | _log() { 41 | local template=$1 42 | shift 43 | echoerr -e $(printf "$template" "$@") 44 | } 45 | 46 | _header() { 47 | local TOTAL_CHARS=60 48 | local total=$TOTAL_CHARS-2 49 | local size=${#1} 50 | local left=$((($total - $size) / 2)) 51 | local right=$(($total - $size - $left)) 52 | printf "%${left}s" '' | tr ' ' = 53 | printf " $1 " 54 | printf "%${right}s" '' | tr ' ' = 55 | } 56 | 57 | log::header() { _log "\n$(log::ansi bold purple)$(_header "$1")$(log::ansi reset)\n"; } 58 | log::success() { _log "$(log::ansi green)✔ %s$(log::ansi reset)\n" "$@"; } 59 | log::error() { _log "$(log::ansi red)✖ %s$(log::ansi reset)\n" "$@"; } 60 | log::warning() { _log "$(log::ansi yellow)➜ %s$(log::ansi reset)\n" "$@"; } 61 | log::note() { _log "$(log::ansi blue)%s$(log::ansi reset)\n" "$@"; } 62 | 63 | die() { 64 | log::error "$@" 65 | exit 42 66 | } 67 | -------------------------------------------------------------------------------- /server.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -Eeuo pipefail 4 | trap _cleanup SIGINT SIGTERM ERR EXIT 5 | 6 | BLACK=$(tput -Txterm setaf 0) 7 | RED=$(tput -Txterm setaf 1) 8 | GREEN=$(tput -Txterm setaf 2) 9 | YELLOW=$(tput -Txterm setaf 3) 10 | BLUE=$(tput -Txterm setaf 4) 11 | MAGENTA=$(tput -Txterm setaf 5) 12 | CYAN=$(tput -Txterm setaf 6) 13 | WHITE=$(tput -Txterm setaf 7) 14 | RESET=$(tput -Txterm sgr0) 15 | 16 | SOURCE="${BASH_SOURCE[0]}" 17 | while [ -h "$SOURCE" ]; do 18 | SERVER_DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )" 19 | SOURCE="$(readlink "$SOURCE")" 20 | [[ $SOURCE != /* ]] && SOURCE="$SERVER_DIR/$SOURCE" 21 | done 22 | export SERVER_DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )" 23 | 24 | source "$SERVER_DIR/core/_main.sh" 25 | 26 | _usage() { 27 | cat </dev/null | awk -F':' '/^[a-zA-Z0-9][^$#\/\t=]*:([^=]|$)/ && !/Makefile/ {split($1,A,/ /);for(i in A)print A[i]}' | uniq | sort | awk -v service_prefix="${service} " '{ print service_prefix $0}' || true)\n" 160 | else 161 | services_string+="$service enable\n" 162 | fi 163 | done 164 | target=($(echo -e "$services_string" | awk 'NF' | xargs -I % sh -c 'echo %' | fzf --height 50% \ 165 | --preview 'make -s -C "$SERVER_DIR/services/"$(echo {} | cut -d" " -f 1) help')) 166 | log::note "Executing 'make ${target[1]}' for service '${target[0]}'" 167 | make -s -C "$SERVER_DIR/services/${target[0]}" ${target[1]} 168 | } 169 | 170 | ## Global variables ## 171 | SERVICES=($(ls -I "_*" $SERVER_DIR/services)) 172 | MINIMUM_DOCKER_VERSION=19.03 173 | MINIMUM_DOCKER_COMPOSE_VERSION=1.25 174 | MINIMUM_MAKE_VERSION=4.2 175 | 176 | ## Logic ## 177 | _parse_params "$@" 178 | 179 | case "${args[0]-}" in 180 | install) _install ;; 181 | uninstall) _uninstall ;; 182 | start) _start ;; 183 | stop) _stop ;; 184 | restart) _restart ;; 185 | status) _status ;; 186 | services) _services ;; 187 | -?*) die "Unknown option: $1" ;; 188 | *) echo "none" ;; 189 | esac 190 | 191 | -------------------------------------------------------------------------------- /services/adguard/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## IP settings ## 5 | DNS_IP= 6 | 7 | ## Domain settings ## 8 | DOMAIN= 9 | 10 | ## Timezone configuration ## 11 | TZ= 12 | -------------------------------------------------------------------------------- /services/adguard/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := adguard 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/adguard/config/AdGuardHome.yaml: -------------------------------------------------------------------------------- 1 | bind_host: 0.0.0.0 2 | bind_port: 80 3 | beta_bind_port: 0 4 | users: 5 | - name: admin 6 | password: $2y$12$HbsoiRP6gqqRRrvmjJGT2.90aRxePnALDG18hcIpPbO5xqsLLmAN. 7 | auth_attempts: 5 8 | block_auth_min: 15 9 | http_proxy: "" 10 | language: "" 11 | rlimit_nofile: 0 12 | debug_pprof: false 13 | web_session_ttl: 720 14 | dns: 15 | bind_hosts: 16 | - 0.0.0.0 17 | port: 53 18 | statistics_interval: 30 19 | querylog_enabled: true 20 | querylog_file_enabled: true 21 | querylog_interval: 90 22 | querylog_size_memory: 1000 23 | anonymize_client_ip: false 24 | protection_enabled: true 25 | blocking_mode: default 26 | blocking_ipv4: "" 27 | blocking_ipv6: "" 28 | blocked_response_ttl: 10 29 | parental_block_host: family-block.dns.adguard.com 30 | safebrowsing_block_host: standard-block.dns.adguard.com 31 | ratelimit: 20 32 | ratelimit_whitelist: [] 33 | refuse_any: true 34 | upstream_dns: 35 | - https://dns10.quad9.net/dns-query 36 | - https://dns.google/dns-query 37 | - https://cloudflare-dns.com/dns-query 38 | - tls://9.9.9.9 39 | - tls://8.8.8.8 40 | - tls://1.1.1.1 41 | upstream_dns_file: "" 42 | bootstrap_dns: 43 | - 9.9.9.10 44 | - 149.112.112.10 45 | - 2620:fe::10 46 | - 2620:fe::fe:10 47 | all_servers: false 48 | fastest_addr: false 49 | allowed_clients: [] 50 | disallowed_clients: [] 51 | blocked_hosts: 52 | - version.bind 53 | - id.server 54 | - hostname.bind 55 | cache_size: 4194304 56 | cache_ttl_min: 0 57 | cache_ttl_max: 0 58 | bogus_nxdomain: [] 59 | aaaa_disabled: false 60 | enable_dnssec: false 61 | edns_client_subnet: false 62 | max_goroutines: 300 63 | ipset: [] 64 | filtering_enabled: true 65 | filters_update_interval: 24 66 | parental_enabled: false 67 | safesearch_enabled: false 68 | safebrowsing_enabled: false 69 | safebrowsing_cache_size: 1048576 70 | safesearch_cache_size: 1048576 71 | parental_cache_size: 1048576 72 | cache_time: 30 73 | rewrites: [] 74 | blocked_services: [] 75 | local_domain_name: lan 76 | resolve_clients: true 77 | local_ptr_upstreams: [] 78 | tls: 79 | enabled: false 80 | server_name: "" 81 | force_https: false 82 | port_https: 443 83 | port_dns_over_tls: 853 84 | port_dns_over_quic: 784 85 | port_dnscrypt: 0 86 | dnscrypt_config_file: "" 87 | allow_unencrypted_doh: false 88 | strict_sni_check: false 89 | certificate_chain: "" 90 | private_key: "" 91 | certificate_path: "" 92 | private_key_path: "" 93 | filters: 94 | - enabled: true 95 | url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt 96 | name: AdGuard DNS filter 97 | id: 1 98 | - enabled: true 99 | url: https://adaway.org/hosts.txt 100 | name: AdAway Default Blocklist 101 | id: 2 102 | - enabled: true 103 | url: https://www.malwaredomainlist.com/hostslist/hosts.txt 104 | name: MalwareDomainList.com Hosts List 105 | id: 4 106 | - enabled: true 107 | url: https://someonewhocares.org/hosts/zero/hosts 108 | name: Dan Pollock's List 109 | id: 1612829207 110 | - enabled: true 111 | url: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/GameConsoleAdblockList.txt 112 | name: Game Console Adblock List 113 | id: 1612829208 114 | - enabled: true 115 | url: https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV-AGH.txt 116 | name: Perflyst and Dandelion Sprout's Smart-TV Blocklist 117 | id: 1612829209 118 | - enabled: true 119 | url: https://pgl.yoyo.org/adservers/serverlist.php?hostformat=adblockplus&showintro=1&mimetype=plaintext 120 | name: Peter Lowe's List 121 | id: 1612829210 122 | - enabled: true 123 | url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts 124 | name: StevenBlack's list 125 | id: 1612829211 126 | - enabled: true 127 | url: http://sysctl.org/cameleon/hosts 128 | name: Cameleon 129 | id: 1612829213 130 | - enabled: true 131 | url: https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt 132 | name: Disconnect.me Tracking 133 | id: 1612829215 134 | - enabled: true 135 | url: https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt 136 | name: Disconnect.me Ads 137 | id: 1612829216 138 | - enabled: true 139 | url: https://abp.oisd.nl/ 140 | name: ABP 141 | id: 1612829218 142 | - enabled: true 143 | url: https://gitlab.com/Shub_/mobile-ads-block/-/raw/master/list 144 | name: Blockd - Mobile 145 | id: 1612829219 146 | - enabled: true 147 | url: https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt 148 | name: KADhosts 149 | id: 1612897836 150 | - enabled: true 151 | url: https://v.firebog.net/hosts/Prigent-Crypto.txt 152 | name: Prigent Crypto 153 | id: 1612897837 154 | - enabled: true 155 | url: https://phishing.army/download/phishing_army_blocklist_extended.txt 156 | name: Phishing Army 157 | id: 1612897838 158 | - enabled: true 159 | url: https://v.firebog.net/hosts/Easyprivacy.txt 160 | name: Easy Privacy 161 | id: 1612897839 162 | - enabled: true 163 | url: https://v.firebog.net/hosts/static/w3kbl.txt 164 | name: WaLLy3K 165 | id: 1612897840 166 | - enabled: true 167 | url: https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt 168 | name: WindowsSpyBlocker 169 | id: 1612897841 170 | - enabled: true 171 | url: https://v.firebog.net/hosts/Shalla-mal.txt 172 | name: Shalla Mal 173 | id: 1612897842 174 | whitelist_filters: [] 175 | user_rules: [] 176 | dhcp: 177 | enabled: false 178 | interface_name: "" 179 | dhcpv4: 180 | gateway_ip: "" 181 | subnet_mask: "" 182 | range_start: "" 183 | range_end: "" 184 | lease_duration: 86400 185 | icmp_timeout_msec: 1000 186 | options: [] 187 | dhcpv6: 188 | range_start: "" 189 | lease_duration: 86400 190 | ra_slaac_only: false 191 | ra_allow_slaac: false 192 | clients: [] 193 | log_compress: false 194 | log_localtime: false 195 | log_max_backups: 0 196 | log_max_size: 100 197 | log_max_age: 3 198 | log_file: "" 199 | verbose: false 200 | schema_version: 10 201 | -------------------------------------------------------------------------------- /services/adguard/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### AdGuard: AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it'll cover ALL your home devices, and you don't need any client-side software for that ### 5 | adguard: 6 | image: adguard/adguardhome 7 | container_name: adguard 8 | restart: always 9 | environment: 10 | - TZ=${TZ} 11 | volumes: 12 | - ${VOLUME_DIR}/adguard-data:/opt/adguardhome/work 13 | - ./config:/opt/adguardhome/conf 14 | ports: 15 | - ${DNS_IP}:53:53 16 | - ${DNS_IP}:53:53/udp 17 | networks: 18 | - default 19 | - traefik-network 20 | labels: 21 | ## Watchtower configuration ## 22 | - com.centurylinklabs.watchtower.enable=true 23 | 24 | ## Diun configuration ## 25 | - diun.enable=true 26 | 27 | ## Traefik configuration ## 28 | # Enable Traefik # 29 | - traefik.enable=true 30 | - traefik.docker.network=traefik-network 31 | 32 | # Set entrypoint port # 33 | - traefik.http.services.adguard.loadbalancer.server.port=80 34 | 35 | # Set HTTP domain # 36 | - traefik.http.routers.adguard.entrypoints=web 37 | - traefik.http.routers.adguard.rule=Host(`${DOMAIN}`) 38 | 39 | networks: 40 | default: 41 | name: adguard-network 42 | traefik-network: 43 | name: traefik-network 44 | external: true 45 | -------------------------------------------------------------------------------- /services/answer/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/answer/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := answer 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/answer/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Answer: An open-source knowledge-based community software. You can use it quickly to build Q&A community for your products, customers, teams, and more. ### 5 | answer: 6 | image: answerdev/answer 7 | container_name: answer 8 | restart: always 9 | environment: 10 | - TZ=${TZ} 11 | volumes: 12 | - ${VOLUME_DIR}/answer-data:/data 13 | networks: 14 | - default 15 | - traefik-network 16 | labels: 17 | ## Watchtower configuration ## 18 | - com.centurylinklabs.watchtower.enable=true 19 | - com.centurylinklabs.watchtower.monitor-only=true 20 | 21 | ## Diun configuration ## 22 | - diun.enable=true 23 | 24 | ## Traefik configuration ## 25 | # Enable Traefik # 26 | - traefik.enable=true 27 | - traefik.docker.network=traefik-network 28 | 29 | # Set entrypoint port # 30 | - traefik.http.services.answer.loadbalancer.server.port=80 31 | 32 | # Set HTTP domain and HTTP -> HTTPS redirection # 33 | - traefik.http.routers.answer.rule=Host(`${DOMAIN}`) 34 | - traefik.http.routers.answer.entrypoints=web 35 | - traefik.http.routers.answer.middlewares=https-redirect@file 36 | 37 | # Set HTTPS domain # 38 | - traefik.http.routers.answer-secure.rule=Host(`${DOMAIN}`) 39 | - traefik.http.routers.answer-secure.entrypoints=websecure 40 | 41 | networks: 42 | default: 43 | name: answer-network 44 | traefik-network: 45 | name: traefik-network 46 | external: true 47 | -------------------------------------------------------------------------------- /services/appsmith/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/appsmith/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := appsmith 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/appsmith/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ## Appsmith: Appsmith is a low code, open-source developer tool to build internal applications quickly. ## 5 | appsmith: 6 | image: appsmith/appsmith-ce 7 | container_name: appsmith 8 | restart: always 9 | environment: 10 | - TZ=${TZ} 11 | volumes: 12 | - ${VOLUME_DIR}/appsmith-data:/appsmith-stacks 13 | networks: 14 | - default 15 | - traefik-network 16 | labels: 17 | ## Watchtower configuration ## 18 | - com.centurylinklabs.watchtower.enable=true 19 | 20 | ## Diun configuration ## 21 | - diun.enable=true 22 | 23 | ## Traefik configuration ## 24 | # Enable Traefik # 25 | - traefik.enable=true 26 | - traefik.docker.network=traefik-network 27 | 28 | # Set entrypoint port # 29 | - traefik.http.services.appsmith.loadbalancer.server.port=80 30 | 31 | # Set HTTP domain and HTTP -> HTTPS redirection # 32 | - traefik.http.routers.appsmith.rule=Host(`${DOMAIN}`) 33 | - traefik.http.routers.appsmith.entrypoints=web 34 | - traefik.http.routers.appsmith.middlewares=https-redirect@file 35 | 36 | # Set HTTPS domain # 37 | - traefik.http.routers.appsmith-secure.rule=Host(`${DOMAIN}`) 38 | - traefik.http.routers.appsmith-secure.entrypoints=websecure 39 | 40 | networks: 41 | default: 42 | name: appsmith-network 43 | traefik-network: 44 | name: traefik-network 45 | external: true 46 | -------------------------------------------------------------------------------- /services/authelia/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/authelia/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := authelia 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/authelia/config.template/configuration.yml.template: -------------------------------------------------------------------------------- 1 | ############################################################### 2 | # Authelia configuration # 3 | ############################################################### 4 | 5 | # Basic configuration 6 | server: 7 | host: 0.0.0.0 8 | port: 9091 9 | default_redirection_url: https://authelia.example.com 10 | log: 11 | level: debug 12 | # This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE 13 | jwt_secret: 14 | theme: dark 15 | 16 | # Time-Based One Time Password Configuration. https://www.authelia.com/configuration/second-factor/time-based-one-time-password 17 | totp: 18 | issuer: authelia.com 19 | period: 30 20 | skew: 1 21 | 22 | # Enable Duo Push Notification support 23 | duo_api: 24 | hostname: 25 | integration_key: 26 | # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE 27 | secret_key: 28 | 29 | # Authentication backend configuration: file based user storage 30 | authentication_backend: 31 | file: 32 | path: /config/users_database.yml 33 | password: 34 | algorithm: argon2id 35 | iterations: 1 36 | salt_length: 16 37 | parallelism: 8 38 | memory: 1024 39 | 40 | # Access Control lists 41 | access_control: 42 | default_policy: deny 43 | rules: 44 | # Rules applied to everyone 45 | - domain: authelia.example.com 46 | policy: bypass 47 | 48 | # Session configuration: use Redis to store sessions 49 | session: 50 | name: authelia_session 51 | # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE 52 | secret: 53 | expiration: 3600 # 1 hour 54 | inactivity: 300 # 5 minutes 55 | domain: example.com # Should match whatever your root protected domain is 56 | 57 | redis: 58 | host: authelia-redis 59 | port: 6379 60 | # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE 61 | # password: authelia 62 | 63 | # Brute force protection 64 | regulation: 65 | max_retries: 3 66 | find_time: 120 67 | ban_time: 300 68 | 69 | # Storage configuration 70 | storage: 71 | encryption_key: 72 | local: 73 | path: /config/db.sqlite3 74 | 75 | # Notifier configuration 76 | notifier: 77 | smtp: 78 | username: 79 | # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE 80 | password: 81 | host: 82 | port: 83 | sender: 84 | -------------------------------------------------------------------------------- /services/authelia/config.template/users_database.yml.template: -------------------------------------------------------------------------------- 1 | ############################################################### 2 | # Users Database # 3 | ############################################################### 4 | 5 | # List of users 6 | users: 7 | authelia: 8 | disabled: false 9 | displayname: "Authelia Sample User" 10 | password: "$argon2id$v=19$m=65536,t=3,p=4$jSF39KZIfg2Zc3/MD3LAkQ$betaso9tjGEiRXw+YENOtj7j6/PjmVgXhORxpMmMrio" # Password is "authelia" 11 | email: authelia@authelia.com 12 | groups: 13 | - admins 14 | - dev 15 | -------------------------------------------------------------------------------- /services/authelia/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Authelia: The Single Sign-On Multi-Factor portal for web apps ### 5 | authelia: 6 | image: authelia/authelia 7 | container_name: authelia 8 | restart: always 9 | healthcheck: 10 | disable: true 11 | environment: 12 | - TZ=${TZ} 13 | volumes: 14 | - ./config:/config 15 | - ${VOLUME_DIR}/authelia-data/logs:/logs 16 | networks: 17 | - default 18 | - traefik-network 19 | labels: 20 | ## Watchtower configuration ## 21 | - com.centurylinklabs.watchtower.enable=true 22 | - com.centurylinklabs.watchtower.monitor-only=true 23 | 24 | ## Diun configuration ## 25 | - diun.enable=true 26 | 27 | ## Traefik configuration ## 28 | # Enable Traefik # 29 | - traefik.enable=true 30 | - traefik.docker.network=traefik-network 31 | 32 | # Set entrypoint port # 33 | - traefik.http.services.authelia.loadbalancer.server.port=9091 34 | 35 | # Set authelia middleware # 36 | - traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https://${DOMAIN} 37 | - traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true 38 | - traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email 39 | - traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia:9091/api/verify?auth=basic 40 | - traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true 41 | - traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email 42 | 43 | # Set HTTP domain and HTTP -> HTTPS redirection # 44 | - traefik.http.routers.authelia.rule=Host(`${DOMAIN}`) 45 | - traefik.http.routers.authelia.entrypoints=web 46 | - traefik.http.routers.authelia.middlewares=cors-allow-all@file,https-redirect@file 47 | 48 | # Set HTTPS domain # 49 | - traefik.http.routers.authelia-secure.rule=Host(`${DOMAIN}`) 50 | - traefik.http.routers.authelia-secure.entrypoints=websecure 51 | - traefik.http.routers.authelia-secure.middlewares=cors-allow-all@file 52 | 53 | ### Authelia cache: Redis ### 54 | authelia-redis: 55 | image: redis:alpine 56 | container_name: authelia-redis 57 | environment: 58 | - TZ=${TZ} 59 | volumes: 60 | - ./config:/config 61 | - ${VOLUME_DIR}/redis-data:/data 62 | restart: always 63 | 64 | networks: 65 | default: 66 | name: authelia-network 67 | traefik-network: 68 | name: traefik-network 69 | external: true 70 | -------------------------------------------------------------------------------- /services/bookstack/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Database configuration ## 8 | MYSQL_ROOT_PASSWORD= 9 | MYSQL_USER= 10 | MYSQL_PASSWORD= 11 | MYSQL_DATABASE= 12 | 13 | ## Email settings ## 14 | MAIL_NAME= 15 | MAIL_ACCOUNT= 16 | SMTP_HOST= 17 | SMTP_PORT= 18 | SMTP_USER= 19 | SMTP_PASS= 20 | 21 | ## Timezone configuration ## 22 | PUID= 23 | PGID= 24 | TZ= 25 | -------------------------------------------------------------------------------- /services/bookstack/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := bookstack 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/bookstack/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### BookStack: A simple, self-hosted, easy-to-use platform for organising and storing information. ### 5 | bookstack: 6 | image: linuxserver/bookstack 7 | container_name: bookstack 8 | restart: always 9 | environment: 10 | - DB_HOST=bookstack-mariadb 11 | - DB_PORT=3306 12 | - DB_USER=${MYSQL_USER} 13 | - DB_PASS=${MYSQL_PASSWORD} 14 | - DB_DATABASE=${MYSQL_DATABASE} 15 | - MAIL_DRIVER=smtp 16 | - MAIL_HOST=${SMTP_HOST} 17 | - MAIL_PORT=${SMTP_PORT} 18 | - MAIL_USERNAME=${SMTP_USER} 19 | - MAIL_PASSWORD=${SMTP_PASS} 20 | - MAIL_FROM=${MAIL_ACCOUNT} 21 | - MAIL_FROM_NAME=${MAIL_NAME} 22 | - MAIL_ENCRYPTION=tls 23 | - APP_URL=https://${DOMAIN} 24 | - PUID=${PUID} 25 | - PGID=${PGID} 26 | - TZ=${TZ} 27 | volumes: 28 | - ${VOLUME_DIR}/bookstack-data:/config 29 | networks: 30 | - default 31 | - traefik-network 32 | labels: 33 | ## Watchtower configuration ## 34 | - com.centurylinklabs.watchtower.enable=true 35 | - com.centurylinklabs.watchtower.monitor-only=true 36 | 37 | ## Diun configuration ## 38 | - diun.enable=true 39 | 40 | ## Traefik configuration ## 41 | # Enable Traefik # 42 | - traefik.enable=true 43 | - traefik.docker.network=traefik-network 44 | 45 | # Set entrypoint port # 46 | - traefik.http.services.bookstack.loadbalancer.server.port=80 47 | 48 | # Set HTTP domain and HTTP -> HTTPS redirection # 49 | - traefik.http.routers.bookstack.rule=Host(`${DOMAIN}`) 50 | - traefik.http.routers.bookstack.entrypoints=web 51 | - traefik.http.routers.bookstack.middlewares=https-redirect@file 52 | 53 | # Set HTTPS domain # 54 | - traefik.http.routers.bookstack-secure.rule=Host(`${DOMAIN}`) 55 | - traefik.http.routers.bookstack-secure.entrypoints=websecure 56 | 57 | ### BookStack database: MariaDB ### 58 | bookstack-mariadb: 59 | image: linuxserver/mariadb 60 | container_name: bookstack-mariadb 61 | restart: always 62 | environment: 63 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 64 | - MYSQL_USER=${MYSQL_USER} 65 | - MYSQL_PASSWORD=${MYSQL_PASSWORD} 66 | - MYSQL_DATABASE=${MYSQL_DATABASE} 67 | - PUID=${PUID} 68 | - PGID=${PGID} 69 | - TZ=${TZ} 70 | volumes: 71 | - ${VOLUME_DIR}/bookstack-db:/config 72 | 73 | networks: 74 | default: 75 | name: bookstack-network 76 | traefik-network: 77 | name: traefik-network 78 | external: true 79 | -------------------------------------------------------------------------------- /services/calibre-web/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Application settings ## 8 | LOGOUT_REDIRECT_URL= 9 | 10 | ## Timezone configuration ## 11 | PUID= 12 | PGID= 13 | TZ= 14 | -------------------------------------------------------------------------------- /services/calibre-web/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := calibre-web 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/calibre-web/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Calibre Web: A web app providing a clean interface for browsing, reading and downloading eBooks using an existing Calibre database. ### 5 | calibre-web: 6 | image: lscr.io/linuxserver/calibre-web:0.6.20 7 | container_name: calibre-web 8 | restart: always 9 | environment: 10 | - PUID=${PUID} 11 | - PGID=${PGID} 12 | - DOCKER_MODS=linuxserver/mods:universal-calibre 13 | - TZ=${TZ} 14 | volumes: 15 | - ${VOLUME_DIR}/data:/config 16 | - ${VOLUME_DIR}/library:/books 17 | - ./mods:/custom-cont-init.d:ro 18 | networks: 19 | - default 20 | - traefik-network 21 | ports: 22 | - 8083:8083 23 | labels: 24 | ## Watchtower configuration ## 25 | - com.centurylinklabs.watchtower.enable=true 26 | - com.centurylinklabs.watchtower.monitor-only=true 27 | 28 | ## Diun configuration ## 29 | - diun.enable=true 30 | 31 | ## Traefik configuration ## 32 | # Enable Traefik # 33 | - traefik.enable=true 34 | - traefik.docker.network=traefik-network 35 | 36 | # Set entrypoint port # 37 | - traefik.http.services.calibre.loadbalancer.server.port=8083 38 | 39 | # Set HTTP domain and HTTP -> HTTPS redirection # 40 | - traefik.http.routers.calibre.rule=Host(`${DOMAIN}`) 41 | - traefik.http.routers.calibre.entrypoints=web 42 | - traefik.http.routers.calibre.middlewares=https-redirect@file 43 | 44 | # Set HTTPS domain # 45 | - traefik.http.routers.calibre-secure.rule=Host(`${DOMAIN}`) 46 | - traefik.http.routers.calibre-secure.entrypoints=websecure 47 | - traefik.http.routers.calibre-secure.middlewares=calibre-logout,authelia@docker 48 | - traefik.http.middlewares.calibre-logout.redirectregex.regex=https://${DOMAIN}/logout 49 | - traefik.http.middlewares.calibre-logout.redirectregex.replacement=${LOGOUT_REDIRECT_URL} 50 | - traefik.http.middlewares.calibre-logout.redirectregex.permanent=true 51 | 52 | networks: 53 | default: 54 | name: calibre-network 55 | traefik-network: 56 | name: traefik-network 57 | external: true 58 | -------------------------------------------------------------------------------- /services/calibre-web/mods/fix-cloudflare-login.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "**** patching calibre-web - removing session protection ****" 4 | 5 | sed -i "/lm.session_protection = 'strong'/d" /app/calibre-web/cps/__init__.py 6 | sed -i "/if not ub.check_user_session(current_user.id, flask_session.get('_id')) and 'opds' not in request.path:/d" /app/calibre-web/cps/admin.py 7 | sed -i "/logout_user()/d" /app/calibre-web/cps/admin.py 8 | -------------------------------------------------------------------------------- /services/centreon/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Database configuration ## 8 | MYSQL_ROOT_PASSWORD= 9 | MYSQL_USER= 10 | MYSQL_PASSWORD= 11 | MYSQL_DATABASE= 12 | 13 | ## Timezone configuration ## 14 | TZ= 15 | -------------------------------------------------------------------------------- /services/centreon/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:7.9.2009 2 | 3 | ARG TIMEZONE Europe/Paris 4 | EXPOSE 80 5 | 6 | # Update system 7 | RUN yum update -y 8 | 9 | # Fix systemctl 10 | COPY scripts/systemctl.py /usr/bin/systemctl.py 11 | RUN cp -f /usr/bin/systemctl /usr/bin/systemctl.original \ 12 | && chmod +x /usr/bin/systemctl.py \ 13 | && cp -f /usr/bin/systemctl.py /usr/bin/systemctl 14 | 15 | # Install required repositories 16 | ## Install Redhat Software Collections repository 17 | RUN yum install -y centos-release-scl 18 | ## Install Remi repository 19 | RUN yum install -y yum-utils 20 | RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 21 | RUN yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm 22 | RUN yum-config-manager --enable remi-php80 23 | ## Install Centreon repository 24 | RUN yum install -y https://yum.centreon.com/standard/22.04/el7/stable/noarch/RPMS/centreon-release-22.04-3.el7.centos.noarch.rpm 25 | 26 | # Installation of Centreon Central Server 27 | RUN yum install -y centreon-central 28 | 29 | # Configuration 30 | RUN echo "date.timezone = $TIMEZONE" >> /etc/php.d/50-centreon.ini 31 | RUN systemctl restart php-fpm 32 | RUN systemctl enable php-fpm httpd24-httpd centreon cbd centengine gorgoned snmptrapd centreontrapd snmpd 33 | 34 | # Add scripts 35 | COPY scripts/enable-monitoring.sh /scripts/enable-monitoring.sh 36 | RUN chmod +x /scripts/enable-monitoring.sh 37 | 38 | CMD /usr/bin/systemctl 39 | -------------------------------------------------------------------------------- /services/centreon/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := centreon 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d --build 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/centreon/config/mariadb/mariadb.cnf: -------------------------------------------------------------------------------- 1 | [server] 2 | innodb_file_per_table=1 3 | innodb_buffer_pool_size=1G 4 | open_files_limit=32000 5 | key_buffer_size = 256M 6 | sort_buffer_size = 32M 7 | join_buffer_size = 4M 8 | thread_cache_size = 64 9 | read_buffer_size = 512K 10 | read_rnd_buffer_size = 256K 11 | max_allowed_packet = 128M 12 | -------------------------------------------------------------------------------- /services/centreon/config/mariadb/service.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | LimitNOFILE=32000 3 | -------------------------------------------------------------------------------- /services/centreon/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Centreon: Business-aware and AIOps-ready IT infrastructure monitoring ### 5 | centreon: 6 | build: 7 | context: . 8 | dockerfile: Dockerfile 9 | args: 10 | - TIMEZONE=${TZ} 11 | image: centreon 12 | container_name: centreon 13 | hostname: centreon 14 | privileged: true 15 | restart: always 16 | environment: 17 | - TZ=${TZ} 18 | volumes: 19 | - ${VOLUME_DIR}/centreon-data/centreon-config:/etc/centreon 20 | - ${VOLUME_DIR}/centreon-data/centreon-engine-config:/etc/centreon-engine 21 | - ${VOLUME_DIR}/centreon-data/plugins:/usr/lib/centreon/plugins 22 | networks: 23 | - default 24 | - traefik-network 25 | labels: 26 | ## Watchtower configuration ## 27 | - com.centurylinklabs.watchtower.enable=true 28 | 29 | ## Diun configuration ## 30 | - diun.enable=true 31 | 32 | ## Traefik configuration ## 33 | # Enable Traefik # 34 | - traefik.enable=true 35 | - traefik.docker.network=traefik-network 36 | 37 | # Set entrypoint port # 38 | - traefik.http.services.centreon.loadbalancer.server.port=80 39 | 40 | # Set HTTP domain and HTTP -> HTTPS redirection # 41 | - traefik.http.routers.centreon.rule=Host(`${DOMAIN}`) 42 | - traefik.http.routers.centreon.entrypoints=web 43 | - traefik.http.routers.centreon.middlewares=https-redirect@file 44 | 45 | # Set HTTPS domain # 46 | - traefik.http.routers.centreon-secure.rule=Host(`${DOMAIN}`) 47 | - traefik.http.routers.centreon-secure.entrypoints=websecure 48 | 49 | ### Centreon database: MariaDB ### 50 | centreon-mariadb: 51 | image: mariadb 52 | container_name: centreon-mariadb 53 | restart: always 54 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 55 | environment: 56 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 57 | - MYSQL_USER=${MYSQL_USER} 58 | - MYSQL_PASSWORD=${MYSQL_PASSWORD} 59 | - MYSQL_DATABASE=${MYSQL_DATABASE} 60 | volumes: 61 | - ./config/mariadb/service.conf:/etc/systemd/system/mariadb.service.d/centreon.conf 62 | - ./config/mariadb/mariadb.cnf:/etc/mysql/conf.d/centreon.cnf 63 | - ${VOLUME_DIR}/centreon-db:/var/lib/mysql 64 | 65 | networks: 66 | default: 67 | name: centreon-network 68 | traefik-network: 69 | name: traefik-network 70 | external: true 71 | -------------------------------------------------------------------------------- /services/centreon/scripts/enable-monitoring.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Start/restart collect processes 4 | systemctl restart cbd centengine 2>/dev/null 5 | 6 | # Restart the tasks manager 7 | systemctl restart gorgoned 2>/dev/null 8 | 9 | # Start the passive monitoring services 10 | systemctl start snmptrapd centreontrapd 2>/dev/null 11 | 12 | # Start the SNMP daemon 13 | systemctl start snmpd 2>/dev/null 14 | 15 | -------------------------------------------------------------------------------- /services/cf-companion/.env.template: -------------------------------------------------------------------------------- 1 | ## Domain settings ## 2 | DOMAIN1= 3 | DOMAIN1_TARGET_DOMAIN= 4 | DOMAIN1_ZONE_ID= 5 | DOMAIN2= 6 | DOMAIN2_TARGET_DOMAIN= 7 | DOMAIN2_ZONE_ID= 8 | DOMAIN3= 9 | DOMAIN3_TARGET_DOMAIN= 10 | DOMAIN3_ZONE_ID= 11 | 12 | ## Configuration ## 13 | CF_API_EMAIL= 14 | CF_API_KEY= 15 | 16 | ## Timezone settings ## 17 | TZ= 18 | -------------------------------------------------------------------------------- /services/cf-companion/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := cf-companion 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | -------------------------------------------------------------------------------- /services/cf-companion/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Cloudflare-Companion: Automatic CNAME DNS Creation ### 5 | cf-companion: 6 | image: tiredofit/traefik-cloudflare-companion 7 | container_name: cf-companion 8 | restart: always 9 | environment: 10 | - TRAEFIK_VERSION=2 11 | - CF_EMAIL=${CF_API_EMAIL} 12 | - CF_TOKEN=${CF_API_KEY} 13 | - TARGET_DOMAIN= 14 | - DOMAIN1=${DOMAIN1} 15 | - DOMAIN1_TARGET_DOMAIN=${DOMAIN1_TARGET_DOMAIN} 16 | - DOMAIN1_ZONE_ID=${DOMAIN1_ZONE_ID} 17 | - DOMAIN1_PROXIED=true 18 | - DOMAIN2=${DOMAIN2} 19 | - DOMAIN2_TARGET_DOMAIN=${DOMAIN2_TARGET_DOMAIN} 20 | - DOMAIN2_ZONE_ID=${DOMAIN2_ZONE_ID} 21 | - DOMAIN2_PROXIED=true 22 | - DOMAIN3=${DOMAIN3} 23 | - DOMAIN3_TARGET_DOMAIN=${DOMAIN3_TARGET_DOMAIN} 24 | - DOMAIN3_ZONE_ID=${DOMAIN3_ZONE_ID} 25 | - DOMAIN3_PROXIED=true 26 | - TZ=${TZ} 27 | volumes: 28 | - /var/run/docker.sock:/var/run/docker.sock:ro 29 | networks: 30 | - default 31 | - traefik-network 32 | labels: 33 | ## Watchtower configuration ## 34 | - com.centurylinklabs.watchtower.enable=true 35 | 36 | ## Diun configuration ## 37 | - diun.enable=true 38 | 39 | networks: 40 | default: 41 | name: cf-companion-network 42 | traefik-network: 43 | name: traefik-network 44 | external: true 45 | -------------------------------------------------------------------------------- /services/changedetection/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/changedetection/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := changedetection 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/changedetection/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### changedetection.io: The best and simplest self-hosted free open source website change detection monitoring and notification service. ### 5 | changedetection: 6 | image: dgtlmoon/changedetection.io 7 | container_name: changedetection 8 | restart: always 9 | environment: 10 | # - PLAYWRIGHT_DRIVER_URL=ws://changedetection-playwright:3000/?stealth=1&--disable-web-security=true 11 | - TZ=${TZ} 12 | volumes: 13 | - ${VOLUME_DIR}/changedetection-data:/datastore 14 | networks: 15 | - default 16 | - traefik-network 17 | labels: 18 | ## Watchtower configuration ## 19 | - com.centurylinklabs.watchtower.enable=true 20 | 21 | ## Diun configuration ## 22 | - diun.enable=true 23 | 24 | ## Traefik configuration ## 25 | # Enable Traefik # 26 | - traefik.enable=true 27 | - traefik.docker.network=traefik-network 28 | 29 | # Set entrypoint port # 30 | - traefik.http.services.changedetection.loadbalancer.server.port=5000 31 | 32 | # Set HTTP domain and HTTP -> HTTPS redirection # 33 | - traefik.http.routers.changedetection.rule=Host(`${DOMAIN}`) 34 | - traefik.http.routers.changedetection.entrypoints=web 35 | - traefik.http.routers.changedetection.middlewares=https-redirect@file 36 | 37 | # Set HTTPS domain # 38 | - traefik.http.routers.changedetection-secure.rule=Host(`${DOMAIN}`) 39 | - traefik.http.routers.changedetection-secure.entrypoints=websecure 40 | - traefik.http.routers.changedetection-secure.middlewares=authelia@docker 41 | 42 | # changedetection-playwright: 43 | # image: browserless/chrome 44 | # container_name: changedetection-playwright 45 | # hostname: changedetection-playwright 46 | # restart: always 47 | # environment: 48 | # - TZ=${TZ} 49 | 50 | networks: 51 | default: 52 | name: changedetection-network 53 | traefik-network: 54 | name: traefik-network 55 | external: true 56 | -------------------------------------------------------------------------------- /services/datadog-agent/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## App configuration ## 5 | DD_API_KEY= 6 | DD_SITE= 7 | 8 | ## Timezone configuration ## 9 | TZ= 10 | -------------------------------------------------------------------------------- /services/datadog-agent/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := datadog-agent 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/datadog-agent/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Datadog Agent: The Datadog Agent collects metrics and events from your systems and apps. ### 5 | datadog-agent: 6 | image: gcr.io/datadoghq/agent:7 7 | container_name: datadog-agent 8 | restart: always 9 | environment: 10 | - DD_API_KEY=${DD_API_KEY} 11 | - DD_SITE=${DD_SITE} 12 | - TZ=${TZ} 13 | volumes: 14 | - /var/run/docker.sock:/var/run/docker.sock:ro 15 | - /proc/:/host/proc/:ro 16 | - /sys/fs/cgroup/:/host/sys/fs/cgroup:ro 17 | 18 | networks: 19 | default: 20 | name: datadog-agent-network 21 | traefik-network: 22 | name: traefik-network 23 | external: true 24 | -------------------------------------------------------------------------------- /services/ddns-updater/.env.template: -------------------------------------------------------------------------------- 1 | ## Domain settings ## 2 | DOMAIN= 3 | 4 | ## Notifications ## 5 | GOTIFY_ENDPOINT= 6 | GOTIFY_TOKEN= 7 | 8 | ## Timezone settings ## 9 | TZ= 10 | -------------------------------------------------------------------------------- /services/ddns-updater/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := ddns-updater 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | -------------------------------------------------------------------------------- /services/ddns-updater/docker-compose.yml: -------------------------------------------------------------------------------- 1 | 2 | version: "3.7" 3 | 4 | services: 5 | ### DDNS Updater: Light container updating DNS A and/or AAAA records periodically for multiple DNS providers ### 6 | ddns-updater: 7 | image: qmcgaw/ddns-updater 8 | container_name: ddns-updater 9 | restart: always 10 | environment: 11 | # Public IP Scanner 12 | - PERIOD=5m 13 | - UPDATE_COOLDOWN_PERIOD=5m 14 | - HTTP_TIMEOUT=10s 15 | - PUBLICIP_FETCHERS=all 16 | - PUBLICIP_HTTP_PROVIDERS=all 17 | - PUBLICIPV4_HTTP_PROVIDERS=all 18 | - PUBLICIPV6_HTTP_PROVIDERS=all 19 | - PUBLICIP_DNS_PROVIDERS=all 20 | - PUBLICIP_DNS_TIMEOUT=3s 21 | # Web UI 22 | - LISTENING_ADDRESS=:8080 23 | - ROOT_URL=/ 24 | # Data 25 | - DATADIR=/updater/data 26 | # Backup 27 | - BACKUP_PERIOD=0 28 | - BACKUP_DIRECTORY=/updater/data 29 | # Logger 30 | - LOG_LEVEL=info 31 | - LOG_CALLER=hidden 32 | # Notifications 33 | - SHOUTRRR_ADDRESSES=gotify://${GOTIFY_ENDPOINT}/${GOTIFY_TOKEN} 34 | # Timezone 35 | - TZ=${TZ} 36 | volumes: 37 | - ./data:/updater/data 38 | networks: 39 | - default 40 | - traefik-network 41 | labels: 42 | ## Watchtower configuration ## 43 | - com.centurylinklabs.watchtower.enable=true 44 | 45 | ## Diun configuration ## 46 | - diun.enable=true 47 | 48 | ## Traefik configuration ## 49 | # Enable Traefik # 50 | - traefik.enable=true 51 | - traefik.docker.network=traefik-network 52 | 53 | # Set entrypoint port # 54 | - traefik.http.services.ddns-updater.loadbalancer.server.port=8080 55 | 56 | # Set HTTP domain and HTTP -> HTTPS redirection # 57 | - traefik.http.routers.ddns-updater.rule=Host(`${DOMAIN}`) 58 | - traefik.http.routers.ddns-updater.entrypoints=web 59 | - traefik.http.routers.ddns-updater.middlewares=https-redirect@file 60 | 61 | # Set HTTPS domain # 62 | - traefik.http.routers.ddns-updater-secure.rule=Host(`${DOMAIN}`) 63 | - traefik.http.routers.ddns-updater-secure.entrypoints=websecure 64 | - traefik.http.routers.ddns-updater-secure.middlewares=authelia@docker 65 | 66 | networks: 67 | default: 68 | name: ddns-updater-network 69 | traefik-network: 70 | name: traefik-network 71 | external: true 72 | 73 | 74 | 75 | -------------------------------------------------------------------------------- /services/diun/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Diun settings ## 5 | LOG_LEVEL= 6 | 7 | ## Notifications settings ## 8 | GOTIFY_ENDPOINT= 9 | GOTIFY_TOKEN= 10 | 11 | ## Timezone configuration ## 12 | TZ= 13 | -------------------------------------------------------------------------------- /services/diun/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := diun 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/diun/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Diun: Receive notifications when an image is updated on a Docker registry ### 5 | diun: 6 | image: crazymax/diun 7 | container_name: diun 8 | restart: always 9 | environment: 10 | - LOG_LEVEL=${LOG_LEVEL} 11 | - LOG_JSON=false 12 | - DIUN_WATCH_WORKERS=20 13 | - DIUN_WATCH_SCHEDULE=0 0 7 * * * 14 | - DIUN_WATCH_JITTER=30s 15 | - DIUN_PROVIDERS_DOCKER=true 16 | - DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=false 17 | - DIUN_PROVIDERS_DOCKER_WATCHSTOPPED=true 18 | - DIUN_NOTIF_GOTIFY_ENDPOINT=${GOTIFY_ENDPOINT} 19 | - DIUN_NOTIF_GOTIFY_TOKEN=${GOTIFY_TOKEN} 20 | - TZ=${TZ} 21 | volumes: 22 | - ${VOLUME_DIR}/diun-data:/data 23 | - /var/run/docker.sock:/var/run/docker.sock 24 | labels: 25 | ## Watchtower configuration ## 26 | - com.centurylinklabs.watchtower.enable=true 27 | 28 | ## Diun configuration ## 29 | - diun.enable=true 30 | 31 | networks: 32 | default: 33 | name: diun-network 34 | -------------------------------------------------------------------------------- /services/error-pages/.env.template: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/borjapazr/mars-server/dd9377ec368439727e63c4273c8d8f84e71eb774/services/error-pages/.env.template -------------------------------------------------------------------------------- /services/error-pages/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := error-pages 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | -------------------------------------------------------------------------------- /services/error-pages/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Error Pages: Static server error pages in docker image ### 5 | error-pages: 6 | image: tarampampam/error-pages 7 | container_name: error-pages 8 | restart: always 9 | environment: 10 | - TEMPLATE_NAME=lost-in-space 11 | networks: 12 | - default 13 | - traefik-network 14 | labels: 15 | ## Watchtower configuration ## 16 | - com.centurylinklabs.watchtower.enable=true 17 | 18 | ## Diun configuration ## 19 | - diun.enable=true 20 | 21 | ## Traefik configuration ## 22 | # Enable Traefik # 23 | - traefik.enable=true 24 | - traefik.docker.network=traefik-network 25 | 26 | ## Set entrypoint port ## 27 | - traefik.http.services.error-pages.loadbalancer.server.port=8080 28 | 29 | ## Set HTTP domain and HTTP -> HTTPS redirection ## 30 | - traefik.http.routers.error-pages.rule=HostRegexp(`{host:.+}`) 31 | - traefik.http.routers.error-pages.priority=10 32 | - traefik.http.routers.error-pages.entrypoints=web 33 | - traefik.http.routers.error-pages.middlewares=https-redirect@file 34 | 35 | ## Set HTTPS domain ## 36 | - traefik.http.routers.error-pages-secure.rule=HostRegexp(`{host:.+}`) 37 | - traefik.http.routers.error-pages-secure.priority=10 38 | - traefik.http.routers.error-pages-secure.entrypoints=websecure 39 | - traefik.http.routers.error-pages-secure.middlewares=error-pages 40 | 41 | ## Set error-pages middleware ## 42 | - traefik.http.middlewares.error-pages.errors.status=400-599 43 | - traefik.http.middlewares.error-pages.errors.service=error-pages 44 | - traefik.http.middlewares.error-pages.errors.query=/{status}.html 45 | 46 | networks: 47 | default: 48 | name: error-pages-network 49 | traefik-network: 50 | name: traefik-network 51 | external: true 52 | -------------------------------------------------------------------------------- /services/gitea/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | # Database configuration # 8 | DB_USER= 9 | DB_PASSWORD= 10 | DB_NAME= 11 | 12 | ## Email settings ## 13 | SMTP_HOST= 14 | SMTP_PORT= 15 | SMTP_USER= 16 | SMTP_PASSWORD= 17 | 18 | ## Timezone configuration ## 19 | TZ= 20 | -------------------------------------------------------------------------------- /services/gitea/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := gitea 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/gitea/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Gitea: A lightweight DevOps platform. ### 5 | gitea: 6 | image: gitea/gitea:1.20.2 7 | container_name: gitea 8 | restart: always 9 | depends_on: 10 | - gitea-postgresql 11 | environment: 12 | - USER=git 13 | - USER_UID=1000 14 | - USER_GID=1000 15 | - GITEA__database__DB_TYPE=postgres 16 | - GITEA__database__HOST=gitea-postgresql:5432 17 | - GITEA__database__USER=${DB_USER} 18 | - GITEA__database__PASSWD=${DB_PASSWORD} 19 | - GITEA__database__NAME=${DB_NAME} 20 | - GITEA__mailer__ENABLED=true 21 | - GITEA__mailer__PROTOCOL=smtps 22 | - GITEA__mailer__FROM=${MAIL} 23 | - GITEA__mailer__SMTP_ADDR=${SMTP_HOST} 24 | - GITEA__mailer__SMTP_PORT=${SMTP_PORT} 25 | - GITEA__mailer__USER=${SMTP_USER} 26 | - GITEA__mailer__PASSWD=${SMTP_PASSWORD} 27 | - GITEA__service__DISABLE_REGISTRATION=true 28 | - TZ=${TZ} 29 | volumes: 30 | - ${VOLUME_DIR}/data:/var/lib/gitea 31 | - ${VOLUME_DIR}/config:/etc/gitea 32 | - /etc/timezone:/etc/timezone:ro 33 | - /etc/localtime:/etc/localtime:ro 34 | networks: 35 | - default 36 | - traefik-network 37 | labels: 38 | ## Watchtower configuration ## 39 | - com.centurylinklabs.watchtower.enable=true 40 | - com.centurylinklabs.watchtower.monitor-only=true 41 | 42 | ## Diun configuration ## 43 | - diun.enable=true 44 | 45 | ## Traefik configuration ## 46 | # Enable Traefik # 47 | - traefik.enable=true 48 | - traefik.docker.network=traefik-network 49 | 50 | # Set entrypoint port # 51 | - traefik.http.services.gitea.loadbalancer.server.port=3000 52 | 53 | # Set HTTP domain and HTTP -> HTTPS redirection # 54 | - traefik.http.routers.gitea.rule=Host(`${DOMAIN}`) 55 | - traefik.http.routers.gitea.entrypoints=web 56 | - traefik.http.routers.gitea.middlewares=https-redirect@file 57 | 58 | # Set HTTPS domain # 59 | - traefik.http.routers.gitea-secure.rule=Host(`${DOMAIN}`) 60 | - traefik.http.routers.gitea-secure.entrypoints=websecure 61 | 62 | ### Gitea database: PostgreSQL ### 63 | gitea-postgresql: 64 | image: postgres:15 65 | container_name: gitea-postgresql 66 | restart: always 67 | environment: 68 | - POSTGRES_USER=${DB_USER} 69 | - POSTGRES_PASSWORD=${DB_PASSWORD} 70 | - POSTGRES_DB=${DB_NAME} 71 | - TZ=${TZ} 72 | volumes: 73 | - ${VOLUME_DIR}/db:/var/lib/postgresql/data 74 | 75 | networks: 76 | default: 77 | name: gitea-network 78 | traefik-network: 79 | name: traefik-network 80 | external: true 81 | -------------------------------------------------------------------------------- /services/gotify/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Gotify settings ## 8 | DEFAULT_USERNAME= 9 | DEFAULT_PASSWORD= 10 | 11 | ## Timezone configuration ## 12 | TZ= 13 | -------------------------------------------------------------------------------- /services/gotify/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := gotify 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/gotify/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Gotify: A simple server for sending and receiving messages in real-time per WebSocket. (Includes a sleek web-ui) ### 5 | gotify: 6 | image: gotify/server 7 | container_name: gotify 8 | restart: always 9 | environment: 10 | - GOTIFY_SERVER_PORT=80 11 | - GOTIFY_SERVER_SSL_ENABLED=false 12 | - GOTIFY_SERVER_SSL_REDIRECTTOHTTPS=false 13 | - GOTIFY_DEFAULTUSER_NAME=${DEFAULT_USERNAME} 14 | - GOTIFY_DEFAULTUSER_PASS=${DEFAULT_PASSWORD} 15 | - GOTIFY_DATABASE_DIALECT=sqlite3 16 | - GOTIFY_DATABASE_CONNECTION=data/gotify.db 17 | - TZ=${TZ} 18 | volumes: 19 | - ${VOLUME_DIR}/gotify-data:/app/data 20 | networks: 21 | - default 22 | - traefik-network 23 | labels: 24 | ## Watchtower configuration ## 25 | - com.centurylinklabs.watchtower.enable=true 26 | - com.centurylinklabs.watchtower.monitor-only=true 27 | 28 | ## Diun configuration ## 29 | - diun.enable=true 30 | 31 | ## Traefik configuration ## 32 | # Enable Traefik # 33 | - traefik.enable=true 34 | - traefik.docker.network=traefik-network 35 | 36 | # Set entrypoint port # 37 | - traefik.http.services.gotify.loadbalancer.server.port=80 38 | 39 | # Set HTTP domain and HTTP -> HTTPS redirection # 40 | - traefik.http.routers.gotify.rule=Host(`${DOMAIN}`) 41 | - traefik.http.routers.gotify.entrypoints=web 42 | - traefik.http.routers.gotify.middlewares=https-redirect@file 43 | 44 | # Set HTTPS domain # 45 | - traefik.http.routers.gotify-secure.rule=Host(`${DOMAIN}`) 46 | - traefik.http.routers.gotify-secure.entrypoints=websecure 47 | 48 | networks: 49 | default: 50 | name: gotify-network 51 | traefik-network: 52 | name: traefik-network 53 | external: true 54 | -------------------------------------------------------------------------------- /services/grafana/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Application settings ## 8 | GF_INSTALL_PLUGINS= 9 | 10 | ## Database configuration ## 11 | MYSQL_ROOT_PASSWORD= 12 | MYSQL_USER= 13 | MYSQL_PASSWORD= 14 | MYSQL_DATABASE= 15 | MONGO_ROOT_USERNAME= 16 | MONGO_ROOT_PASSWORD= 17 | 18 | ## Timezone configuration ## 19 | TZ= 20 | -------------------------------------------------------------------------------- /services/grafana/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := grafana 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/grafana/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Grafana database: MariaDB ### 5 | grafana-mariadb: 6 | image: mariadb 7 | container_name: grafana-mariadb 8 | restart: always 9 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 10 | environment: 11 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 12 | - MYSQL_USER=${MYSQL_USER} 13 | - MYSQL_PASSWORD=${MYSQL_PASSWORD} 14 | - MYSQL_DATABASE=${MYSQL_DATABASE} 15 | volumes: 16 | - ${VOLUME_DIR}/grafana-db/mariadb:/var/lib/mysql 17 | ### Grafana database: Mongo ### 18 | grafana-mongodb: 19 | image: mongo 20 | container_name: grafana-mongodb 21 | restart: always 22 | environment: 23 | - MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USERNAME} 24 | - MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD} 25 | volumes: 26 | - ${VOLUME_DIR}/grafana-db/mongodb:/data/db 27 | grafana-adminer: 28 | image: adminer 29 | container_name: grafana-adminer 30 | restart: always 31 | environment: 32 | - ADMINER_DEFAULT_SERVER=grafana-mariadb 33 | - TZ=${TZ} 34 | networks: 35 | - default 36 | - traefik-network 37 | labels: 38 | ## Watchtower configuration ## 39 | - com.centurylinklabs.watchtower.enable=true 40 | 41 | ## Diun configuration ## 42 | - diun.enable=true 43 | 44 | ## Traefik configuration ## 45 | # Enable Traefik # 46 | - traefik.enable=true 47 | - traefik.docker.network=traefik-network 48 | 49 | # Set entrypoint port # 50 | - traefik.http.services.db-grafana.loadbalancer.server.port=8080 51 | 52 | # Set HTTP domain and HTTP -> HTTPS redirection # 53 | - traefik.http.routers.db-grafana.rule=Host(`db-${DOMAIN}`) 54 | - traefik.http.routers.db-grafana.entrypoints=web 55 | - traefik.http.routers.db-grafana.middlewares=https-redirect@file 56 | 57 | # Set HTTPS domain # 58 | - traefik.http.routers.db-grafana-secure.rule=Host(`db-${DOMAIN}`) 59 | - traefik.http.routers.db-grafana-secure.entrypoints=websecure 60 | ## Grafana: The open and composable observability and data visualization platform ## 61 | grafana: 62 | image: grafana/grafana 63 | container_name: grafana 64 | restart: always 65 | user: "0" 66 | environment: 67 | - GF_INSTALL_PLUGINS=${GF_INSTALL_PLUGINS} 68 | - TZ=${TZ} 69 | volumes: 70 | - ${VOLUME_DIR}/grafana-data/config:/var/lib/grafana 71 | - ${VOLUME_DIR}/grafana-data/storage:/storage 72 | networks: 73 | - default 74 | - traefik-network 75 | labels: 76 | ## Watchtower configuration ## 77 | - com.centurylinklabs.watchtower.enable=true 78 | 79 | ## Diun configuration ## 80 | - diun.enable=true 81 | 82 | ## Traefik configuration ## 83 | # Enable Traefik # 84 | - traefik.enable=true 85 | - traefik.docker.network=traefik-network 86 | 87 | # Set entrypoint port # 88 | - traefik.http.services.grafana.loadbalancer.server.port=3000 89 | 90 | # Set HTTP domain and HTTP -> HTTPS redirection # 91 | - traefik.http.routers.grafana.rule=Host(`${DOMAIN}`) 92 | - traefik.http.routers.grafana.entrypoints=web 93 | - traefik.http.routers.grafana.middlewares=https-redirect@file 94 | 95 | # Set HTTPS domain # 96 | - traefik.http.routers.grafana-secure.rule=Host(`${DOMAIN}`) 97 | - traefik.http.routers.grafana-secure.entrypoints=websecure 98 | 99 | networks: 100 | default: 101 | name: grafana-network 102 | traefik-network: 103 | name: traefik-network 104 | external: true 105 | -------------------------------------------------------------------------------- /services/heimdall/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/heimdall/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := heimdall 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/heimdall/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ## Heimdall: a way to organise all those links to your most used web sites and web applications in a simple way. Simplicity is the key to Heimdall. ## 5 | heimdall: 6 | image: ghcr.io/linuxserver/heimdall 7 | container_name: heimdall 8 | restart: always 9 | environment: 10 | - PUID=1000 11 | - PGID=1000 12 | - TZ=${TZ} 13 | volumes: 14 | - ${VOLUME_DIR}/heimdall-data:/config 15 | networks: 16 | - default 17 | - traefik-network 18 | labels: 19 | ## Watchtower configuration ## 20 | - com.centurylinklabs.watchtower.enable=true 21 | 22 | ## Diun configuration ## 23 | - diun.enable=true 24 | 25 | ## Traefik configuration ## 26 | # Enable Traefik # 27 | - traefik.enable=true 28 | - traefik.docker.network=traefik-network 29 | 30 | # Set entrypoint port # 31 | - traefik.http.services.heimdall.loadbalancer.server.port=80 32 | 33 | # Set HTTP domain and HTTP -> HTTPS redirection # 34 | - traefik.http.routers.heimdall.rule=Host(`${DOMAIN}`) 35 | - traefik.http.routers.heimdall.entrypoints=web 36 | - traefik.http.routers.heimdall.middlewares=https-redirect@file 37 | 38 | # Set HTTPS domain # 39 | - traefik.http.routers.heimdall-secure.rule=Host(`${DOMAIN}`) 40 | - traefik.http.routers.heimdall-secure.entrypoints=websecure 41 | 42 | networks: 43 | default: 44 | name: heimdall-network 45 | traefik-network: 46 | name: traefik-network 47 | external: true 48 | -------------------------------------------------------------------------------- /services/home-assistant/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/home-assistant/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := homeassistant 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/home-assistant/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Home Assitant: Open source home automation that puts local control and privacy first ### 5 | homeassistant: 6 | image: homeassistant/home-assistant 7 | container_name: homeassistant 8 | restart: always 9 | privileged: true 10 | environment: 11 | - TZ=${TZ} 12 | volumes: 13 | - ${VOLUME_DIR}/home-assitant-config:/config 14 | - /etc/localtime:/etc/localtime:ro 15 | networks: 16 | - default 17 | - traefik-network 18 | labels: 19 | ## Watchtower configuration ## 20 | - com.centurylinklabs.watchtower.enable=true 21 | 22 | ## Diun configuration ## 23 | - diun.enable=true 24 | 25 | ## Traefik configuration ## 26 | # Enable Traefik # 27 | - traefik.enable=true 28 | - traefik.docker.network=traefik-network 29 | 30 | # Set entrypoint port # 31 | - traefik.http.services.homeassistant.loadbalancer.server.port=8123 32 | 33 | # Set HTTP domain and HTTP -> HTTPS redirection # 34 | - traefik.http.routers.homeassistant.rule=Host(`${DOMAIN}`) 35 | - traefik.http.routers.homeassistant.entrypoints=web 36 | - traefik.http.routers.homeassistant.middlewares=https-redirect@file 37 | 38 | # Set HTTPS domain # 39 | - traefik.http.routers.homeassistant-secure.rule=Host(`${DOMAIN}`) 40 | - traefik.http.routers.homeassistant-secure.entrypoints=websecure 41 | 42 | networks: 43 | default: 44 | name: homeassistant-network 45 | traefik-network: 46 | name: traefik-network 47 | external: true 48 | -------------------------------------------------------------------------------- /services/homepage/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/homepage/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := homepage 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/homepage/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Homepage: A highly customizable homepage (or startpage / application dashboard) with Docker and service API integrations ### 5 | homepage: 6 | image: ghcr.io/gethomepage/homepage:latest 7 | container_name: homepage 8 | restart: always 9 | environment: 10 | - TZ=${TZ} 11 | volumes: 12 | - ./config:/app/config 13 | - /var/run/docker.sock:/var/run/docker.sock 14 | networks: 15 | - default 16 | - traefik-network 17 | labels: 18 | ## Watchtower configuration ## 19 | - com.centurylinklabs.watchtower.enable=true 20 | 21 | ## Diun configuration ## 22 | - diun.enable=true 23 | 24 | ## Traefik configuration ## 25 | # Enable Traefik # 26 | - traefik.enable=true 27 | - traefik.docker.network=traefik-network 28 | 29 | # Set entrypoint port # 30 | - traefik.http.services.homepage.loadbalancer.server.port=3000 31 | 32 | # Set HTTP domain and HTTP -> HTTPS redirection # 33 | - traefik.http.routers.homepage.rule=Host(`${DOMAIN}`) 34 | - traefik.http.routers.homepage.entrypoints=web 35 | - traefik.http.routers.homepage.middlewares=https-redirect@file 36 | 37 | # Set HTTPS domain # 38 | - traefik.http.routers.homepage-secure.rule=Host(`${DOMAIN}`) 39 | - traefik.http.routers.homepage-secure.entrypoints=websecure 40 | - traefik.http.routers.homepage-secure.middlewares=authelia@docker 41 | 42 | networks: 43 | default: 44 | name: homepage-network 45 | traefik-network: 46 | name: traefik-network 47 | external: true 48 | -------------------------------------------------------------------------------- /services/infisical/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Database configuration ## 8 | MONGO_ROOT_USERNAME= 9 | MONGO_ROOT_PASSWORD= 10 | 11 | ## Email settings ## 12 | SMTP_FROM_NAME= 13 | SMTP_FROM_ADDRESS= 14 | SMTP_HOST= 15 | SMTP_PORT= 16 | SMTP_USERNAME= 17 | SMTP_PASSWORD= 18 | 19 | ## App settings ## 20 | TELEMETRY_ENABLED= 21 | ENCRYPTION_KEY= 22 | JWT_SIGNUP_SECRET= 23 | JWT_REFRESH_SECRET= 24 | JWT_AUTH_SECRET= 25 | JWT_SERVICE_SECRET= 26 | 27 | ## Timezone configuration ## 28 | TZ= 29 | -------------------------------------------------------------------------------- /services/infisical/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := infisical 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/infisical/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Infisical: OPEN SOURCE and END-TO-END ENCRYPTED platform that lets you securely sync secrets and configs across your team, devices, and infrastructure. ### 5 | infisical-nginx: 6 | image: nginx 7 | container_name: infisical-nginx 8 | restart: always 9 | depends_on: 10 | - infisical-frontend 11 | - infisical-backend 12 | environment: 13 | - TZ=${TZ} 14 | volumes: 15 | - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro 16 | networks: 17 | - default 18 | - traefik-network 19 | labels: 20 | ## Watchtower configuration ## 21 | - com.centurylinklabs.watchtower.enable=true 22 | - com.centurylinklabs.watchtower.monitor-only=true 23 | 24 | ## Diun configuration ## 25 | - diun.enable=true 26 | 27 | ## Traefik configuration ## 28 | # Enable Traefik # 29 | - traefik.enable=true 30 | - traefik.docker.network=traefik-network 31 | 32 | # Set entrypoint port # 33 | - traefik.http.services.infisical.loadbalancer.server.port=80 34 | 35 | # Set HTTP domain and HTTP -> HTTPS redirection # 36 | - traefik.http.routers.infisical.rule=Host(`${DOMAIN}`) 37 | - traefik.http.routers.infisical.entrypoints=web 38 | - traefik.http.routers.infisical.middlewares=https-redirect@file 39 | 40 | # Set HTTPS domain # 41 | - traefik.http.routers.infisical-secure.rule=Host(`${DOMAIN}`) 42 | - traefik.http.routers.infisical-secure.entrypoints=websecure 43 | 44 | infisical-backend: 45 | image: infisical/backend 46 | container_name: infisical-backend 47 | restart: unless-stopped 48 | depends_on: 49 | - infisical-mongodb 50 | environment: 51 | - NODE_ENV=production 52 | - SITE_URL=https://${DOMAIN} 53 | - MONGO_URL=mongodb://${MONGO_ROOT_USERNAME}:${MONGO_ROOT_PASSWORD}@infisical-mongodb:27017/?authSource=admin 54 | - ENCRYPTION_KEY=${ENCRYPTION_KEY} 55 | - JWT_SIGNUP_SECRET=${JWT_SIGNUP_SECRET} 56 | - JWT_REFRESH_SECRET=${JWT_REFRESH_SECRET} 57 | - JWT_AUTH_SECRET=${JWT_AUTH_SECRET} 58 | - JWT_SERVICE_SECRET=${JWT_SERVICE_SECRET} 59 | - SMTP_HOST=${SMTP_HOST} 60 | - SMTP_PORT=${SMTP_PORT} 61 | - SMTP_USERNAME=${SMTP_USERNAME} 62 | - SMTP_PASSWORD=${SMTP_PASSWORD} 63 | - SMTP_SECURE=true 64 | - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS} 65 | - SMTP_FROM_NAME=${SMTP_FROM_NAME} 66 | 67 | infisical-frontend: 68 | image: infisical/frontend 69 | container_name: infisical-frontend 70 | restart: unless-stopped 71 | depends_on: 72 | - infisical-backend 73 | environment: 74 | - TELEMETRY_ENABLED=${TELEMETRY_ENABLED} 75 | 76 | infisical-mongodb: 77 | image: mongo:4.4 78 | container_name: infisical-mongodb 79 | restart: always 80 | environment: 81 | - MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USERNAME} 82 | - MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD} 83 | volumes: 84 | - ${VOLUME_DIR}/infisical-db/mongodb:/data/db 85 | 86 | networks: 87 | default: 88 | name: infisical-network 89 | traefik-network: 90 | name: traefik-network 91 | external: true 92 | -------------------------------------------------------------------------------- /services/infisical/nginx/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | 4 | location /api { 5 | proxy_set_header X-Real-RIP $remote_addr; 6 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 7 | 8 | proxy_set_header Host $http_host; 9 | proxy_set_header X-NginX-Proxy true; 10 | 11 | proxy_pass http://infisical-backend:4000; 12 | proxy_redirect off; 13 | 14 | proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; 15 | } 16 | 17 | location / { 18 | include /etc/nginx/mime.types; 19 | 20 | proxy_set_header X-Real-RIP $remote_addr; 21 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 22 | 23 | proxy_set_header Host $http_host; 24 | proxy_set_header X-NginX-Proxy true; 25 | 26 | proxy_set_header Upgrade $http_upgrade; 27 | proxy_set_header Connection "upgrade"; 28 | 29 | proxy_pass http://infisical-frontend:3000; 30 | proxy_redirect off; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /services/kafka/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/kafka/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := kafka 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/kafka/config/application.yml: -------------------------------------------------------------------------------- 1 | akhq: 2 | server: 3 | access-log: 4 | enabled: true 5 | name: org.akhq.log.access 6 | format: "[Date: {}] [Duration: {} ms] [Url: {} {}] [Status: {}] [Ip: {}] [User: {}]" # Logger format 7 | 8 | clients-defaults: 9 | consumer: 10 | properties: 11 | isolation.level: read_committed 12 | 13 | connections: 14 | traqus: 15 | properties: 16 | bootstrap.servers: "kafka:19092" 17 | 18 | pagination: 19 | page-size: 25 20 | threads: 16 21 | -------------------------------------------------------------------------------- /services/kafka/config/kafka_jaas.conf: -------------------------------------------------------------------------------- 1 | KafkaServer { 2 | org.apache.kafka.common.security.plain.PlainLoginModule required 3 | user_kafka="password_kafka"; 4 | }; 5 | 6 | 7 | Client { 8 | org.apache.zookeeper.server.auth.PlainLoginModule required 9 | user_kafka="password_kafka"; 10 | }; 11 | -------------------------------------------------------------------------------- /services/kafka/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Zookeeper: A centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. ### 5 | zookeeper: 6 | image: bitnami/zookeeper:latest 7 | container_name: zookeeper 8 | hostname: zookeeper 9 | restart: always 10 | environment: 11 | - ALLOW_ANONYMOUS_LOGIN=yes 12 | - TZ=${TZ} 13 | ports: 14 | - 2181:2181 15 | ### Apache Kafka: An open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications. ### 16 | kafka: 17 | image: bitnami/kafka:latest 18 | container_name: kafka 19 | hostname: kafka 20 | restart: always 21 | depends_on: 22 | - zookeeper 23 | environment: 24 | - ALLOW_PLAINTEXT_LISTENER=yes 25 | - KAFKA_CFG_BROKER_ID=0 26 | - KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181 27 | - KAFKA_CFG_LISTENERS=INTERNAL://:19092,EXTERNAL://:9092 28 | - KAFKA_CFG_ADVERTISED_LISTENERS=INTERNAL://kafka:19092,EXTERNAL://kafka.${DOMAIN}:9092 29 | - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=INTERNAL:PLAINTEXT,EXTERNAL:SASL_PLAINTEXT 30 | - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=INTERNAL 31 | - KAFKA_CFG_SOCKET_REQUEST_MAX_BYTES=100001200 32 | - KAFKA_CFG_MESSAGE_MAX_BYTES=100001200 33 | - KAFKA_CFG_MAX_REQUEST_SIZE=100001200 34 | - TZ=${TZ} 35 | volumes: 36 | - "./config/kafka_jaas.conf:/opt/bitnami/kafka/conf/kafka_jaas.conf:ro" 37 | ports: 38 | - 9092:9092 39 | ### Kafdrop: A web UI for viewing Kafka topics and browsing consumer groups. The tool displays information such as brokers, topics, partitions, consumers, and lets you view messages. ### 40 | kafdrop: 41 | image: obsidiandynamics/kafdrop 42 | container_name: kafdrop 43 | hostname: kafdrop 44 | restart: always 45 | depends_on: 46 | - kafka 47 | environment: 48 | - KAFKA_BROKERCONNECT=INTERNAL://kafka:19092 49 | - JVM_OPTS=-Xms16M -Xmx48M -Xss180K -XX:-TieredCompilation -XX:+UseStringDeduplication -noverify 50 | - TZ=${TZ} 51 | networks: 52 | - default 53 | - traefik-network 54 | labels: 55 | ## Traefik configuration ## 56 | # Enable Traefik # 57 | - traefik.enable=true 58 | - traefik.docker.network=traefik-network 59 | 60 | # Set entrypoint port # 61 | - traefik.http.services.kafdrop.loadbalancer.server.port=9000 62 | 63 | # Set HTTP domain and HTTP -> HTTPS redirection # 64 | - traefik.http.routers.kafdrop.rule=Host(`kafdrop.${DOMAIN}`) 65 | - traefik.http.routers.kafdrop.entrypoints=web 66 | - traefik.http.routers.kafdrop.middlewares=https-redirect@file 67 | 68 | # Set HTTPS domain # 69 | - traefik.http.routers.kafdrop-secure.rule=Host(`kafdrop.${DOMAIN}`) 70 | - traefik.http.routers.kafdrop-secure.entrypoints=websecure 71 | - traefik.http.routers.kafdrop-secure.middlewares=basic-auth@file 72 | ### Kafka UI: UI for Apache Kafka is a free, open-source web UI to monitor and manage Apache Kafka clusters. ### 73 | kafka-ui: 74 | image: provectuslabs/kafka-ui 75 | container_name: kafka-ui 76 | hostname: kafka-ui 77 | restart: always 78 | depends_on: 79 | - kafka 80 | environment: 81 | - KAFKA_CLUSTERS_0_NAME=kafka 82 | - KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=kafka:19092 83 | - KAFKA_CLUSTERS_0_ZOOKEEPER=zookeeper:2181 84 | - TZ=${TZ} 85 | networks: 86 | - default 87 | - traefik-network 88 | labels: 89 | ## Traefik configuration ## 90 | # Enable Traefik # 91 | - traefik.enable=true 92 | - traefik.docker.network=traefik-network 93 | 94 | # Set entrypoint port # 95 | - traefik.http.services.kafka-ui.loadbalancer.server.port=8080 96 | 97 | # Set HTTP domain and HTTP -> HTTPS redirection # 98 | - traefik.http.routers.kafka-ui.rule=Host(`kafka-ui.${DOMAIN}`) 99 | - traefik.http.routers.kafka-ui.entrypoints=web 100 | - traefik.http.routers.kafka-ui.middlewares=https-redirect@file 101 | 102 | # Set HTTPS domain # 103 | - traefik.http.routers.kafka-ui-secure.rule=Host(`kafka-ui.${DOMAIN}`) 104 | - traefik.http.routers.kafka-ui-secure.entrypoints=websecure 105 | - traefik.http.routers.kafka-ui-secure.middlewares=basic-auth@file 106 | ### AKHQ: Kafka GUI for Apache Kafka to manage topics, topics data, consumers group, schema registry, connect and more... ### 107 | akhq: 108 | image: tchiotludo/akhq 109 | container_name: akhq 110 | hostname: akhq 111 | restart: always 112 | depends_on: 113 | - kafka 114 | environment: 115 | - TZ=${TZ} 116 | volumes: 117 | - ./config/application.yml:/app/application.yml 118 | networks: 119 | - default 120 | - traefik-network 121 | labels: 122 | ## Traefik configuration ## 123 | # Enable Traefik # 124 | - traefik.enable=true 125 | - traefik.docker.network=traefik-network 126 | 127 | # Set entrypoint port # 128 | - traefik.http.services.akhq.loadbalancer.server.port=8080 129 | 130 | # Set HTTP domain and HTTP -> HTTPS redirection # 131 | - traefik.http.routers.akhq.rule=Host(`akhq.${DOMAIN}`) 132 | - traefik.http.routers.akhq.entrypoints=web 133 | - traefik.http.routers.akhq.middlewares=https-redirect@file 134 | 135 | # Set HTTPS domain # 136 | - traefik.http.routers.akhq-secure.rule=Host(`akhq.${DOMAIN}`) 137 | - traefik.http.routers.akhq-secure.entrypoints=websecure 138 | - traefik.http.routers.akhq-secure.middlewares=basic-auth@file 139 | 140 | networks: 141 | default: 142 | name: kafka-network 143 | traefik-network: 144 | name: traefik-network 145 | external: true 146 | -------------------------------------------------------------------------------- /services/keycloack/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Keycloak settings ## 8 | KEYCLOAK_USER= 9 | KEYCLOAK_PASSWORD= 10 | 11 | ## Database configuration ## 12 | POSTGRES_USER= 13 | POSTGRES_PASSWORD= 14 | POSTGRES_DB= 15 | 16 | ## Timezone configuration ## 17 | TZ= 18 | -------------------------------------------------------------------------------- /services/keycloack/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := keycloak 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/keycloack/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Keycloak database: PostgreSQL ### 5 | keycloak-postgres: 6 | image: postgres 7 | container_name: keycloak-postgres 8 | restart: always 9 | environment: 10 | - POSTGRES_USER=${POSTGRES_USER} 11 | - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} 12 | - POSTGRES_DB=${POSTGRES_DB} 13 | volumes: 14 | - ${VOLUME_DIR}/keycloak-db:/var/lib/postgresql/data 15 | ### Keycloak: An open source identity and access management solution ### 16 | keycloak: 17 | image: quay.io/keycloak/keycloak 18 | container_name: keycloak 19 | restart: always 20 | depends_on: 21 | - keycloak-postgres 22 | environment: 23 | - DB_VENDOR=POSTGRES 24 | - DB_ADDR=keycloak-postgres 25 | - DB_DATABASE=${POSTGRES_DB} 26 | - DB_USER=${POSTGRES_USER} 27 | - DB_PASSWORD=${POSTGRES_PASSWORD} 28 | - KEYCLOAK_USER=${KEYCLOAK_USER} 29 | - KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD} 30 | - KEYCLOAK_LOGLEVEL=DEBUG 31 | - PROXY_ADDRESS_FORWARDING=true 32 | - TZ=${TZ} 33 | networks: 34 | - default 35 | - traefik-network 36 | labels: 37 | ## Watchtower configuration ## 38 | - com.centurylinklabs.watchtower.enable=true 39 | 40 | ## Diun configuration ## 41 | - diun.enable=true 42 | 43 | ## Traefik configuration ## 44 | # Enable Traefik # 45 | - traefik.enable=true 46 | - traefik.docker.network=traefik-network 47 | 48 | # Set entrypoint port # 49 | - traefik.http.services.keycloak.loadbalancer.server.port=8080 50 | 51 | # Set HTTP domain and HTTP -> HTTPS redirection # 52 | - traefik.http.routers.keycloak.rule=Host(`${DOMAIN}`) 53 | - traefik.http.routers.keycloak.entrypoints=web 54 | - traefik.http.routers.keycloak.middlewares=https-redirect@file 55 | 56 | # Set HTTPS domain # 57 | - traefik.http.routers.keycloak-secure.rule=Host(`${DOMAIN}`) 58 | - traefik.http.routers.keycloak-secure.entrypoints=websecure 59 | 60 | networks: 61 | default: 62 | name: keycloak-network 63 | traefik-network: 64 | name: traefik-network 65 | external: true 66 | -------------------------------------------------------------------------------- /services/kimai/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Database configuration ## 8 | MYSQL_ROOT_PASSWORD= 9 | MYSQL_USER= 10 | MYSQL_PASSWORD= 11 | MYSQL_DATABASE= 12 | 13 | ## Email settings ## 14 | SMTP_HOST= 15 | SMTP_PORT= 16 | SMTP_USER= 17 | SMTP_PASSWORD= 18 | SMTP_PROTOCOL= 19 | 20 | ## User configuration ## 21 | KIMAI_MAIL= 22 | KIMAI_PASSWORD= 23 | 24 | ## Timezone configuration ## 25 | TZ= 26 | -------------------------------------------------------------------------------- /services/kimai/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := kimai 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | 17 | .PHONY: fix-permissions 18 | fix-permissions: ## Fix volume permissions 19 | @$(DOCKER) exec --user root $(SERVICE) chown -R www-data:www-data /opt/kimai/public 20 | -------------------------------------------------------------------------------- /services/kimai/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Kimai database: MariaDB ### 5 | kimai-mariadb: 6 | image: mariadb 7 | container_name: kimai-mariadb 8 | restart: always 9 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 10 | environment: 11 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 12 | - MYSQL_USER=${MYSQL_USER} 13 | - MYSQL_PASSWORD=${MYSQL_PASSWORD} 14 | - MYSQL_DATABASE=${MYSQL_DATABASE} 15 | volumes: 16 | - ${VOLUME_DIR}/kimai-db:/var/lib/mysql 17 | ## Kimai: Free Time-Tracking App ## 18 | kimai: 19 | image: kimai/kimai2:apache 20 | container_name: kimai 21 | restart: always 22 | depends_on: 23 | - kimai-mariadb 24 | environment: 25 | - APP_ENV=prod 26 | - ADMINMAIL=${KIMAI_MAIL} 27 | - ADMINPASS=${KIMAI_PASSWORD} 28 | - DB_TYPE=mysql 29 | - DB_HOST=kimai-mariadb 30 | - DB_PORT=3306 31 | - DB_USER=${MYSQL_USER} 32 | - DB_PASS=${MYSQL_PASSWORD} 33 | - DB_BASE=${MYSQL_DATABASE} 34 | - TRUSTED_HOSTS=kimai,localhost,127.0.0.1,${DOMAIN} 35 | - TZ=${TZ} 36 | volumes: 37 | - ${VOLUME_DIR}/kimai-data:/opt/kimai/public 38 | networks: 39 | - default 40 | - traefik-network 41 | labels: 42 | ## Watchtower configuration ## 43 | - com.centurylinklabs.watchtower.enable=true 44 | 45 | ## Diun configuration ## 46 | - diun.enable=true 47 | 48 | ## Traefik configuration ## 49 | # Enable Traefik # 50 | - traefik.enable=true 51 | - traefik.docker.network=traefik-network 52 | 53 | # Set entrypoint port # 54 | - traefik.http.services.kimai.loadbalancer.server.port=8001 55 | 56 | # Set HTTP domain and HTTP -> HTTPS redirection # 57 | - traefik.http.routers.kimai.rule=Host(`${DOMAIN}`) 58 | - traefik.http.routers.kimai.entrypoints=web 59 | - traefik.http.routers.kimai.middlewares=https-redirect@file 60 | 61 | # Set HTTPS domain # 62 | - traefik.http.routers.kimai-secure.rule=Host(`${DOMAIN}`) 63 | - traefik.http.routers.kimai-secure.entrypoints=websecure 64 | 65 | networks: 66 | default: 67 | name: kimai-network 68 | traefik-network: 69 | name: traefik-network 70 | external: true 71 | -------------------------------------------------------------------------------- /services/landing/.env.template: -------------------------------------------------------------------------------- 1 | ## Domain settings ## 2 | DOMAIN= 3 | 4 | ## Timezone settings ## 5 | TZ= 6 | -------------------------------------------------------------------------------- /services/landing/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := landing 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | -------------------------------------------------------------------------------- /services/landing/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Nginx: Server landing page ### 5 | landing: 6 | image: nginx 7 | container_name: landing 8 | restart: always 9 | environment: 10 | - TZ=${TZ} 11 | volumes: 12 | - ./static:/usr/share/nginx/html 13 | networks: 14 | - default 15 | - traefik-network 16 | labels: 17 | ## Watchtower configuration ## 18 | - com.centurylinklabs.watchtower.enable=true 19 | 20 | ## Diun configuration ## 21 | - diun.enable=true 22 | 23 | ## Traefik configuration ## 24 | # Enable Traefik # 25 | - traefik.enable=true 26 | - traefik.docker.network=traefik-network 27 | 28 | # Set entrypoint port # 29 | - traefik.http.services.landing.loadbalancer.server.port=80 30 | 31 | # Set HTTP domain and HTTP -> HTTPS redirection # 32 | - traefik.http.routers.landing.rule=Host(`${DOMAIN}`,`www.${DOMAIN}`) 33 | - traefik.http.routers.landing.entrypoints=web 34 | - traefik.http.routers.landing.middlewares=https-redirect@file 35 | 36 | # Set HTTPS domain # 37 | - traefik.http.routers.landing-secure.rule=Host(`${DOMAIN}`,`www.${DOMAIN}`) 38 | - traefik.http.routers.landing-secure.entrypoints=websecure 39 | - traefik.http.routers.landing-secure.middlewares=error-pages 40 | 41 | networks: 42 | default: 43 | name: landing-network 44 | traefik-network: 45 | name: traefik-network 46 | external: true 47 | -------------------------------------------------------------------------------- /services/landing/static/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/borjapazr/mars-server/dd9377ec368439727e63c4273c8d8f84e71eb774/services/landing/static/favicon.ico -------------------------------------------------------------------------------- /services/landing/static/img/astronaut.svg: -------------------------------------------------------------------------------- 1 | 5 | 6 | astronaut_1 -------------------------------------------------------------------------------- /services/landing/static/img/bg_purple.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/borjapazr/mars-server/dd9377ec368439727e63c4273c8d8f84e71eb774/services/landing/static/img/bg_purple.png -------------------------------------------------------------------------------- /services/landing/static/img/earth.svg: -------------------------------------------------------------------------------- 1 | 5 | 6 | earth -------------------------------------------------------------------------------- /services/landing/static/img/moon.svg: -------------------------------------------------------------------------------- 1 | 5 | 6 | moon_1 -------------------------------------------------------------------------------- /services/landing/static/img/overlay_stars.svg: -------------------------------------------------------------------------------- 1 | 5 | 6 | overlay_stars_1 -------------------------------------------------------------------------------- /services/landing/static/img/rocket.svg: -------------------------------------------------------------------------------- 1 | 5 | 6 | rocket_1 -------------------------------------------------------------------------------- /services/landing/static/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Mars Machine 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 |
18 |
19 | 20 |
21 |
22 |
23 |
24 |
25 |
26 |
28 |
29 | 30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /services/landing/static/style.css: -------------------------------------------------------------------------------- 1 | @import url(https://fonts.googleapis.com/css?family=Dosis:300,400,500); 2 | @-moz-keyframes rocket-movement { 3 | 100% { 4 | -moz-transform: translate(1200px, -600px); 5 | } 6 | } 7 | @-webkit-keyframes rocket-movement { 8 | 100% { 9 | -webkit-transform: translate(1200px, -600px); 10 | } 11 | } 12 | @keyframes rocket-movement { 13 | 100% { 14 | transform: translate(1200px, -600px); 15 | } 16 | } 17 | @-moz-keyframes spin-earth { 18 | 100% { 19 | -moz-transform: rotate(-360deg); 20 | transition: transform 20s; 21 | } 22 | } 23 | @-webkit-keyframes spin-earth { 24 | 100% { 25 | -webkit-transform: rotate(-360deg); 26 | transition: transform 20s; 27 | } 28 | } 29 | @keyframes spin-earth { 30 | 100% { 31 | -webkit-transform: rotate(-360deg); 32 | transform: rotate(-360deg); 33 | transition: transform 20s; 34 | } 35 | } 36 | @-moz-keyframes move-astronaut { 37 | 100% { 38 | -moz-transform: translate(-160px, -160px); 39 | } 40 | } 41 | @-webkit-keyframes move-astronaut { 42 | 100% { 43 | -webkit-transform: translate(-160px, -160px); 44 | } 45 | } 46 | @keyframes move-astronaut { 47 | 100% { 48 | -webkit-transform: translate(-160px, -160px); 49 | transform: translate(-160px, -160px); 50 | } 51 | } 52 | @-moz-keyframes rotate-astronaut { 53 | 100% { 54 | -moz-transform: rotate(-720deg); 55 | } 56 | } 57 | @-webkit-keyframes rotate-astronaut { 58 | 100% { 59 | -webkit-transform: rotate(-720deg); 60 | } 61 | } 62 | @keyframes rotate-astronaut { 63 | 100% { 64 | -webkit-transform: rotate(-720deg); 65 | transform: rotate(-720deg); 66 | } 67 | } 68 | @-moz-keyframes glow-star { 69 | 40% { 70 | -moz-opacity: 0.3; 71 | } 72 | 100%, 73 | 90% { 74 | -moz-opacity: 1; 75 | -moz-transform: scale(1.2); 76 | } 77 | } 78 | @-webkit-keyframes glow-star { 79 | 40% { 80 | -webkit-opacity: 0.3; 81 | } 82 | 100%, 83 | 90% { 84 | -webkit-opacity: 1; 85 | -webkit-transform: scale(1.2); 86 | } 87 | } 88 | @keyframes glow-star { 89 | 40% { 90 | -webkit-opacity: 0.3; 91 | opacity: 0.3; 92 | } 93 | 100%, 94 | 90% { 95 | -webkit-opacity: 1; 96 | opacity: 1; 97 | -webkit-transform: scale(1.2); 98 | transform: scale(1.2); 99 | border-radius: 999999px; 100 | } 101 | } 102 | .spin-earth-on-hover { 103 | transition: ease 200s !important; 104 | transform: rotate(-3600deg) !important; 105 | } 106 | body, 107 | html { 108 | margin: 0; 109 | width: 100%; 110 | height: 100%; 111 | font-family: Dosis, sans-serif; 112 | font-weight: 300; 113 | -webkit-user-select: none; 114 | -moz-user-select: none; 115 | -ms-user-select: none; 116 | user-select: none; 117 | } 118 | .bg-purple { 119 | background: url(img/bg_purple.png); 120 | background-repeat: repeat-x; 121 | background-size: cover; 122 | background-position: left top; 123 | height: 100%; 124 | overflow: hidden; 125 | } 126 | .custom-navbar { 127 | padding-top: 15px; 128 | } 129 | .brand-logo { 130 | margin-left: 25px; 131 | margin-top: 5px; 132 | display: inline-block; 133 | } 134 | .navbar-links { 135 | display: inline-block; 136 | float: right; 137 | margin-right: 15px; 138 | text-transform: uppercase; 139 | } 140 | ul { 141 | list-style-type: none; 142 | margin: 0; 143 | padding: 0; 144 | display: flex; 145 | align-items: center; 146 | } 147 | li { 148 | float: left; 149 | padding: 0 15px; 150 | } 151 | li a { 152 | display: block; 153 | color: #fff; 154 | text-align: center; 155 | text-decoration: none; 156 | letter-spacing: 2px; 157 | font-size: 12px; 158 | -webkit-transition: all 0.3s ease-in; 159 | -moz-transition: all 0.3s ease-in; 160 | -ms-transition: all 0.3s ease-in; 161 | -o-transition: all 0.3s ease-in; 162 | transition: all 0.3s ease-in; 163 | } 164 | li a:hover { 165 | color: #ffcb39; 166 | } 167 | .btn-request { 168 | padding: 10px 25px; 169 | border: 1px solid #ffcb39; 170 | border-radius: 100px; 171 | font-weight: 400; 172 | } 173 | .btn-request:hover { 174 | background-color: #ffcb39; 175 | color: #fff; 176 | transform: scale(1.05); 177 | box-shadow: 0 20px 20px rgba(0, 0, 0, 0.1); 178 | } 179 | .btn-go-home { 180 | position: relative; 181 | z-index: 200; 182 | margin: 15px auto; 183 | width: 100px; 184 | padding: 10px 15px; 185 | border: 1px solid #ffcb39; 186 | border-radius: 100px; 187 | font-weight: 400; 188 | display: block; 189 | color: #fff; 190 | text-align: center; 191 | text-decoration: none; 192 | letter-spacing: 2px; 193 | font-size: 11px; 194 | -webkit-transition: all 0.3s ease-in; 195 | -moz-transition: all 0.3s ease-in; 196 | -ms-transition: all 0.3s ease-in; 197 | -o-transition: all 0.3s ease-in; 198 | transition: all 0.3s ease-in; 199 | } 200 | .btn-go-home:hover { 201 | background-color: #ffcb39; 202 | color: #fff; 203 | transform: scale(1.05); 204 | box-shadow: 0 20px 20px rgba(0, 0, 0, 0.1); 205 | } 206 | .central-body { 207 | padding: 17% 5% 10% 5%; 208 | text-align: center; 209 | } 210 | .objects img { 211 | z-index: 90; 212 | pointer-events: none; 213 | } 214 | .object_rocket { 215 | z-index: 95; 216 | position: absolute; 217 | transform: translateX(-50px); 218 | top: 75%; 219 | pointer-events: none; 220 | animation: rocket-movement 200s linear infinite both running; 221 | } 222 | .object_earth { 223 | position: absolute; 224 | top: 20%; 225 | left: 15%; 226 | z-index: 90; 227 | } 228 | .object_moon { 229 | position: absolute; 230 | top: 12%; 231 | left: 25%; 232 | } 233 | .object_astronaut { 234 | animation: rotate-astronaut 200s infinite linear both alternate; 235 | } 236 | .box_astronaut { 237 | z-index: 110 !important; 238 | position: absolute; 239 | top: 60%; 240 | right: 20%; 241 | will-change: transform; 242 | animation: move-astronaut 50s infinite linear both alternate; 243 | } 244 | .image-404 { 245 | position: relative; 246 | z-index: 100; 247 | pointer-events: none; 248 | } 249 | .stars { 250 | background: url(img/overlay_stars.svg); 251 | background-repeat: repeat; 252 | background-size: contain; 253 | background-position: left top; 254 | } 255 | .glowing_stars .star { 256 | position: absolute; 257 | border-radius: 100%; 258 | background-color: #fff; 259 | width: 3px; 260 | height: 3px; 261 | opacity: 0.3; 262 | will-change: opacity; 263 | } 264 | .glowing_stars .star:nth-child(1) { 265 | top: 80%; 266 | left: 25%; 267 | animation: glow-star 2s infinite ease-in-out alternate 1s; 268 | } 269 | .glowing_stars .star:nth-child(2) { 270 | top: 20%; 271 | left: 40%; 272 | animation: glow-star 2s infinite ease-in-out alternate 3s; 273 | } 274 | .glowing_stars .star:nth-child(3) { 275 | top: 25%; 276 | left: 25%; 277 | animation: glow-star 2s infinite ease-in-out alternate 5s; 278 | } 279 | .glowing_stars .star:nth-child(4) { 280 | top: 75%; 281 | left: 80%; 282 | animation: glow-star 2s infinite ease-in-out alternate 7s; 283 | } 284 | .glowing_stars .star:nth-child(5) { 285 | top: 90%; 286 | left: 50%; 287 | animation: glow-star 2s infinite ease-in-out alternate 9s; 288 | } 289 | @media only screen and (max-width: 600px) { 290 | .navbar-links { 291 | display: none; 292 | } 293 | .custom-navbar { 294 | text-align: center; 295 | } 296 | .brand-logo img { 297 | width: 120px; 298 | } 299 | .box_astronaut { 300 | top: 70%; 301 | } 302 | .central-body { 303 | padding-top: 25%; 304 | } 305 | } 306 | -------------------------------------------------------------------------------- /services/mailhog/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/mailhog/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := mailhog 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/mailhog/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### MailHog: Web and API based SMTP testing ### 5 | mailhog: 6 | image: mailhog/mailhog 7 | container_name: mailhog 8 | restart: always 9 | command: ["-smtp-bind-addr", "0.0.0.0:1025"] 10 | environment: 11 | - TZ=${TZ} 12 | ports: 13 | - 1025:1025 14 | - 8025:8025 15 | networks: 16 | - default 17 | - traefik-network 18 | labels: 19 | ## Watchtower configuration ## 20 | - com.centurylinklabs.watchtower.enable=true 21 | - com.centurylinklabs.watchtower.monitor-only=true 22 | 23 | ## Diun configuration ## 24 | - diun.enable=true 25 | 26 | ## Traefik configuration ## 27 | # Enable Traefik # 28 | - traefik.enable=true 29 | - traefik.docker.network=traefik-network 30 | 31 | # Set entrypoint port # 32 | - traefik.http.services.mailhog.loadbalancer.server.port=8025 33 | 34 | # Set HTTP domain and HTTP -> HTTPS redirection # 35 | - traefik.http.routers.mailhog.rule=Host(`${DOMAIN}`) 36 | - traefik.http.routers.mailhog.entrypoints=web 37 | - traefik.http.routers.mailhog.middlewares=https-redirect@file 38 | 39 | # Set HTTPS domain # 40 | - traefik.http.routers.mailhog-secure.rule=Host(`${DOMAIN}`) 41 | - traefik.http.routers.mailhog-secure.entrypoints=websecure 42 | 43 | networks: 44 | default: 45 | name: mailhog-network 46 | traefik-network: 47 | name: traefik-network 48 | external: true 49 | -------------------------------------------------------------------------------- /services/mongo/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Database settings ## 5 | MONGO_ROOT_USER= 6 | MONGO_ROOT_PASSWORD= 7 | MONGO_DB= 8 | 9 | ## Domain settings ## 10 | DOMAIN= 11 | 12 | ## Timezone configuration ## 13 | TZ= 14 | -------------------------------------------------------------------------------- /services/mongo/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := mongo 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/mongo/config/init-mongo.js: -------------------------------------------------------------------------------- 1 | db.createUser( 2 | { 3 | user: "mongo_user", 4 | pwd: "mongo_password", 5 | roles: [ 6 | { 7 | role: "readWrite", 8 | db: "test" 9 | } 10 | ] 11 | } 12 | ) 13 | 14 | db.createCollection('test_delete-me'); 15 | -------------------------------------------------------------------------------- /services/mongo/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### MongoDB: A document-oriented NoSQL database used for high volume data storage ### 5 | mongo: 6 | image: mongo 7 | container_name: mongo 8 | hostname: mongo 9 | restart: always 10 | environment: 11 | - MONGO_INITDB_DATABASE=${MONGO_DB} 12 | - MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USER} 13 | - MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD} 14 | - TZ=${TZ} 15 | volumes: 16 | - ./config/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro 17 | - ${VOLUME_DIR}/mongo-data/db/mongo:/data/db 18 | ports: 19 | - 27017-27019:27017-27019 20 | ### Mongo Express: Web-based MongoDB admin interface written with Node.js, Express and Bootstrap3 ### 21 | mongo-express: 22 | image: mongo-express 23 | container_name: mongo-express 24 | hostname: mongo-express 25 | restart: always 26 | depends_on: 27 | - mongo 28 | environment: 29 | - ME_CONFIG_MONGODB_ADMINUSERNAME=${MONGO_ROOT_USER} 30 | - ME_CONFIG_MONGODB_ADMINPASSWORD=${MONGO_ROOT_PASSWORD} 31 | - ME_CONFIG_MONGODB_URL=mongodb://${MONGO_ROOT_USER}:${MONGO_ROOT_PASSWORD}@mongo:27017/ 32 | - TZ=${TZ} 33 | networks: 34 | - default 35 | - traefik-network 36 | labels: 37 | ## Traefik configuration ## 38 | # Enable Traefik # 39 | - traefik.enable=true 40 | - traefik.docker.network=traefik-network 41 | 42 | # Set entrypoint port # 43 | - traefik.http.services.mongo-express.loadbalancer.server.port=8081 44 | 45 | # Set HTTP domain and HTTP -> HTTPS redirection # 46 | - traefik.http.routers.mongo-express.rule=Host(`mongo-express.${DOMAIN}`) 47 | - traefik.http.routers.mongo-express.entrypoints=web 48 | - traefik.http.routers.mongo-express.middlewares=https-redirect@file 49 | 50 | # Set HTTPS domain # 51 | - traefik.http.routers.mongo-express-secure.rule=Host(`mongo-express.${DOMAIN}`) 52 | - traefik.http.routers.mongo-express-secure.entrypoints=websecure 53 | - traefik.http.routers.mongo-express-secure.middlewares=basic-auth@file 54 | ### Mongo Client: Cross-platform and self hosted, easy to use, MongoDB 4.0+ support and more features! ### 55 | mongo-client: 56 | image: mongoclient/mongoclient 57 | container_name: mongo-client 58 | hostname: mongo-client 59 | restart: always 60 | depends_on: 61 | - mongo 62 | environment: 63 | - MONGO_URL=mongodb://${MONGO_ROOT_USER}:${MONGO_ROOT_PASSWORD}@mongo:27017/ 64 | - TZ=${TZ} 65 | networks: 66 | - default 67 | - traefik-network 68 | labels: 69 | ## Traefik configuration ## 70 | # Enable Traefik # 71 | - traefik.enable=true 72 | - traefik.docker.network=traefik-network 73 | 74 | # Set entrypoint port # 75 | - traefik.http.services.mongo-client.loadbalancer.server.port=3000 76 | 77 | # Set HTTP domain and HTTP -> HTTPS redirection # 78 | - traefik.http.routers.mongo-client.rule=Host(`mongo-client.${DOMAIN}`) 79 | - traefik.http.routers.mongo-client.entrypoints=web 80 | - traefik.http.routers.mongo-client.middlewares=https-redirect@file 81 | 82 | # Set HTTPS domain # 83 | - traefik.http.routers.mongo-client-secure.rule=Host(`mongo-client.${DOMAIN}`) 84 | - traefik.http.routers.mongo-client-secure.entrypoints=websecure 85 | - traefik.http.routers.mongo-client-secure.middlewares=basic-auth@file 86 | 87 | networks: 88 | default: 89 | name: mongo-network 90 | traefik-network: 91 | name: traefik-network 92 | external: true 93 | -------------------------------------------------------------------------------- /services/monica/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Database configuration ## 8 | MYSQL_ROOT_PASSWORD= 9 | MYSQL_USER= 10 | MYSQL_PASSWORD= 11 | MYSQL_DATABASE= 12 | 13 | ## Timezone configuration ## 14 | TZ= 15 | -------------------------------------------------------------------------------- /services/monica/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := monica 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/monica/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Monica: Personal CRM. Remember everything about your friends, family and business relationships. ### 5 | monica: 6 | image: monica:apache 7 | container_name: monica 8 | restart: always 9 | depends_on: 10 | - monica-mariadb 11 | environment: 12 | - DB_HOST=monica-mariadb 13 | - DB_PORT=3306 14 | - DB_USERNAME=${MYSQL_USER} 15 | - DB_PASSWORD=${MYSQL_PASSWORD} 16 | - DB_DATABASE=${MYSQL_DATABASE} 17 | - TZ=${TZ} 18 | volumes: 19 | - ${VOLUME_DIR}/monica-data:/var/www/html/storage 20 | networks: 21 | - default 22 | - traefik-network 23 | labels: 24 | ## Watchtower configuration ## 25 | - com.centurylinklabs.watchtower.enable=true 26 | 27 | ## Diun configuration ## 28 | - diun.enable=true 29 | 30 | ## Traefik configuration ## 31 | # Enable Traefik # 32 | - traefik.enable=true 33 | - traefik.docker.network=traefik-network 34 | 35 | # Set entrypoint port # 36 | - traefik.http.services.monica.loadbalancer.server.port=80 37 | 38 | # Set HTTP domain and HTTP -> HTTPS redirection # 39 | - traefik.http.routers.monica.rule=Host(`${DOMAIN}`) 40 | - traefik.http.routers.monica.entrypoints=web 41 | - traefik.http.routers.monica.middlewares=https-redirect@file 42 | 43 | # Set HTTPS domain # 44 | - traefik.http.routers.monica-secure.rule=Host(`${DOMAIN}`) 45 | - traefik.http.routers.monica-secure.entrypoints=websecure 46 | 47 | ### Monica database: MariaDB ### 48 | monica-mariadb: 49 | image: mariadb 50 | container_name: monica-mariadb 51 | restart: always 52 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 53 | environment: 54 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 55 | - MYSQL_USER=${MYSQL_USER} 56 | - MYSQL_PASSWORD=${MYSQL_PASSWORD} 57 | - MYSQL_DATABASE=${MYSQL_DATABASE} 58 | volumes: 59 | - ${VOLUME_DIR}/monica-db:/var/lib/mysql 60 | 61 | networks: 62 | default: 63 | name: monica-network 64 | traefik-network: 65 | name: traefik-network 66 | external: true 67 | -------------------------------------------------------------------------------- /services/moodle/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Database configuration ## 8 | MYSQL_ROOT_PASSWORD= 9 | MYSQL_USER= 10 | MYSQL_PASSWORD= 11 | MYSQL_DATABASE= 12 | 13 | ## Email settings ## 14 | SMTP_HOST= 15 | SMTP_PORT= 16 | SMTP_USER= 17 | SMTP_PASSWORD= 18 | SMTP_PROTOCOL= 19 | 20 | ## User configuration ## 21 | MOODLE_USER= 22 | MOODLE_PASSWORD= 23 | 24 | ## Timezone configuration ## 25 | TZ= 26 | -------------------------------------------------------------------------------- /services/moodle/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := moodle 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/moodle/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Moodle database: MariaDB ### 5 | moodle-mariadb: 6 | image: mariadb:10.10 7 | container_name: moodle-mariadb 8 | restart: always 9 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 10 | environment: 11 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 12 | - MYSQL_USER=${MYSQL_USER} 13 | - MYSQL_PASSWORD=${MYSQL_PASSWORD} 14 | - MYSQL_DATABASE=${MYSQL_DATABASE} 15 | volumes: 16 | - ${VOLUME_DIR}/moodle-db:/var/lib/mysql 17 | ## Moodle: A very popular open source learning management solution (LMS) for the delivery of elearning courses and programs. ## 18 | moodle: 19 | image: bitnami/moodle:4.3.0 20 | container_name: moodle 21 | restart: always 22 | depends_on: 23 | - moodle-mariadb 24 | environment: 25 | - MOODLE_USERNAME=${MOODLE_USER} 26 | - MOODLE_PASSWORD=${MOODLE_PASSWORD} 27 | - MOODLE_EMAIL=${MAIL} 28 | - MOODLE_DATABASE_HOST=moodle-mariadb 29 | - MOODLE_DATABASE_PORT_NUMBER=3306 30 | - MOODLE_DATABASE_USER=${MYSQL_USER} 31 | - MOODLE_DATABASE_PASSWORD=${MYSQL_PASSWORD} 32 | - MOODLE_DATABASE_NAME=${MYSQL_DATABASE} 33 | - ALLOW_EMPTY_PASSWORD=no 34 | - MOODLE_SMTP_HOST=${SMTP_HOST} 35 | - MOODLE_SMTP_PORT=${SMTP_PORT} 36 | - MOODLE_SMTP_USER=${SMTP_USER} 37 | - MOODLE_SMTP_PASSWORD=${SMTP_PASSWORD} 38 | - MOODLE_SMTP_PROTOCOL=${SMTP_PROTOCOL} 39 | - BITNAMI_DEBUG=true 40 | - TZ=${TZ} 41 | volumes: 42 | - ${VOLUME_DIR}/moodle-data:/bitnami 43 | networks: 44 | - default 45 | - traefik-network 46 | labels: 47 | ## Watchtower configuration ## 48 | - com.centurylinklabs.watchtower.enable=true 49 | 50 | ## Diun configuration ## 51 | - diun.enable=true 52 | 53 | ## Traefik configuration ## 54 | # Enable Traefik # 55 | - traefik.enable=true 56 | - traefik.docker.network=traefik-network 57 | 58 | # Set entrypoint port # 59 | - traefik.http.services.moodle.loadbalancer.server.port=8080 60 | 61 | # Set HTTP domain and HTTP -> HTTPS redirection # 62 | - traefik.http.routers.moodle.rule=Host(`${DOMAIN}`) 63 | - traefik.http.routers.moodle.entrypoints=web 64 | - traefik.http.routers.moodle.middlewares=https-redirect@file 65 | 66 | # Set HTTPS domain # 67 | - traefik.http.routers.moodle-secure.rule=Host(`${DOMAIN}`) 68 | - traefik.http.routers.moodle-secure.entrypoints=websecure 69 | 70 | networks: 71 | default: 72 | name: moodle-network 73 | traefik-network: 74 | name: traefik-network 75 | external: true 76 | -------------------------------------------------------------------------------- /services/n8n/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Email settings ## 8 | SMTP_HOST= 9 | SMTP_PORT= 10 | SMTP_USER= 11 | SMTP_PASSWORD= 12 | 13 | ## Timezone configuration ## 14 | TZ= 15 | -------------------------------------------------------------------------------- /services/n8n/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := n8n 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/n8n/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### n8n: Workflow automation for technical people. ### 5 | n8n: 6 | image: n8nio/n8n 7 | container_name: n8n 8 | restart: always 9 | environment: 10 | - NODE_ENV=production 11 | - N8N_BASIC_AUTH_ACTIVE=false 12 | - N8N_HOST=${DOMAIN} 13 | - N8N_PORT=5678 14 | - N8N_PROTOCOL=https 15 | - N8N_EMAIL_MODE=smtp 16 | - N8N_SMTP_SSL=true 17 | - N8N_SMTP_HOST=${SMTP_HOST} 18 | - N8N_SMTP_PORT=${SMTP_PORT} 19 | - N8N_SMTP_USER=${SMTP_USER} 20 | - N8N_SMTP_PASS=${SMTP_PASSWORD} 21 | - N8N_SMTP_SENDER=${SMTP_USER} 22 | - WEBHOOK_URL=https://${DOMAIN}/ 23 | - GENERIC_TIMEZONE=${TZ} 24 | - TZ=${TZ} 25 | volumes: 26 | - ${VOLUME_DIR}/n8n-data:/home/node/.n8n 27 | networks: 28 | - default 29 | - traefik-network 30 | labels: 31 | ## Watchtower configuration ## 32 | - com.centurylinklabs.watchtower.enable=true 33 | - com.centurylinklabs.watchtower.monitor-only=true 34 | 35 | ## Diun configuration ## 36 | - diun.enable=true 37 | 38 | ## Traefik configuration ## 39 | # Enable Traefik # 40 | - traefik.enable=true 41 | - traefik.docker.network=traefik-network 42 | 43 | # Set entrypoint port # 44 | - traefik.http.services.n8n.loadbalancer.server.port=5678 45 | 46 | # Set HTTP domain and HTTP -> HTTPS redirection # 47 | - traefik.http.routers.n8n.rule=Host(`${DOMAIN}`) 48 | - traefik.http.routers.n8n.entrypoints=web 49 | - traefik.http.routers.n8n.middlewares=https-redirect@file 50 | 51 | # Set HTTPS domain # 52 | - traefik.http.routers.n8n-secure.rule=Host(`${DOMAIN}`) 53 | - traefik.http.routers.n8n-secure.entrypoints=websecure 54 | 55 | networks: 56 | default: 57 | name: n8n-network 58 | traefik-network: 59 | name: traefik-network 60 | external: true 61 | -------------------------------------------------------------------------------- /services/netdata/.env.template: -------------------------------------------------------------------------------- 1 | ## Domain settings ## 2 | DOMAIN= 3 | 4 | ## Netdata Configuration ## 5 | NETDATA_CLAIM_TOKEN= 6 | NETDATA_CLAIM_URL= 7 | NETDATA_CLAIM_ROOMS= 8 | 9 | ## Timezone configuration ## 10 | TZ= 11 | -------------------------------------------------------------------------------- /services/netdata/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := netdata 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/netdata/config/health_alarm_notify.conf.template: -------------------------------------------------------------------------------- 1 | SEND_TELEGRAM="YES" 2 | TELEGRAM_BOT_TOKEN= 3 | DEFAULT_RECIPIENT_TELEGRAM= 4 | -------------------------------------------------------------------------------- /services/netdata/config/netdata.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | hostname = Mars Server 3 | -------------------------------------------------------------------------------- /services/netdata/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### NetData: A is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers. ### 5 | netdata: 6 | image: netdata/netdata 7 | container_name: netdata 8 | restart: always 9 | pid: host 10 | cap_add: 11 | - SYS_PTRACE 12 | - SYS_ADMIN 13 | security_opt: 14 | - apparmor:unconfined 15 | environment: 16 | - DOCKER_HOST=netdata-docker-proxy:2375 17 | - NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN} 18 | - NETDATA_CLAIM_URL=${NETDATA_CLAIM_URL} 19 | - NETDATA_CLAIM_ROOMS=${NETDATA_CLAIM_ROOMS} 20 | - TZ=${TZ} 21 | volumes: 22 | - ./config:/etc/netdata 23 | - /etc/passwd:/host/etc/passwd:ro 24 | - /etc/group:/host/etc/group:ro 25 | - /proc:/host/proc:ro 26 | - /sys:/host/sys:ro 27 | - /etc/os-release:/host/etc/os-release:ro 28 | networks: 29 | - default 30 | - traefik-network 31 | labels: 32 | ## Watchtower configuration ## 33 | - com.centurylinklabs.watchtower.enable=true 34 | 35 | ## Diun configuration ## 36 | - diun.enable=true 37 | 38 | ## Traefik configuration ## 39 | # Enable Traefik # 40 | - traefik.enable=true 41 | - traefik.docker.network=traefik-network 42 | 43 | # Set entrypoint port # 44 | - traefik.http.services.netdata.loadbalancer.server.port=19999 45 | 46 | # Set HTTP domain and HTTP -> HTTPS redirection # 47 | - traefik.http.routers.netdata.rule=Host(`${DOMAIN}`) 48 | - traefik.http.routers.netdata.entrypoints=web 49 | - traefik.http.routers.netdata.middlewares=https-redirect@file 50 | 51 | # Set HTTPS domain # 52 | - traefik.http.routers.netdata-secure.rule=Host(`${DOMAIN}`) 53 | - traefik.http.routers.netdata-secure.entrypoints=websecure 54 | - traefik.http.routers.netdata-secure.middlewares=authelia@docker 55 | ### NetData Docker socket proxy ### 56 | netdata-docker-proxy: 57 | image: tecnativa/docker-socket-proxy 58 | container_name: netdata-docker-proxy 59 | restart: always 60 | volumes: 61 | - /var/run/docker.sock:/var/run/docker.sock:ro 62 | environment: 63 | - CONTAINERS=1 64 | 65 | networks: 66 | default: 67 | name: netdata-network 68 | traefik-network: 69 | name: traefik-network 70 | external: true 71 | -------------------------------------------------------------------------------- /services/nextcloud/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Database configuration ## 8 | MYSQL_ROOT_PASSWORD= 9 | MYSQL_USER= 10 | MYSQL_PASSWORD= 11 | MYSQL_DATABASE= 12 | 13 | ## Email settings ## 14 | SMTP_HOST= 15 | SMTP_SECURE= 16 | SMTP_PORT= 17 | SMTP_AUTHTYPE= 18 | SMTP_NAME= 19 | SMTP_PASSWORD= 20 | MAIL_FROM_ADDRESS= 21 | MAIL_DOMAIN= 22 | 23 | ## OnlyOffice settings ## 24 | ONLYOFFICE_TOKEN= 25 | 26 | ## Timezone configuration ## 27 | TZ= 28 | -------------------------------------------------------------------------------- /services/nextcloud/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := nextcloud-app 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background and prepare data directory 10 | @$(DOCKER_COMPOSE) up -d 11 | @$(DOCKER) exec --user root $(SERVICE) mkdir -p /srv/nextcloud/data 12 | @$(DOCKER) exec --user root $(SERVICE) chown www-data:www-data /srv/nextcloud/data 13 | 14 | .PHONY: uninstall 15 | uninstall: ## Stop all containers and remove all data 16 | @$(DOCKER_COMPOSE) down -v 17 | @sudo rm -rf $(VOLUME_DIR) 18 | 19 | .PHONY: optimize 20 | optimize: ## Optimize Nextcloud 21 | @$(DOCKER) exec --user www-data $(SERVICE) php occ db:add-missing-indices 22 | -------------------------------------------------------------------------------- /services/nextcloud/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Nextcloud database: MariaDB ### 5 | nextcloud-mariadb: 6 | image: mariadb 7 | container_name: nextcloud-mariadb 8 | restart: always 9 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 10 | environment: 11 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 12 | - MYSQL_USER=${MYSQL_USER} 13 | - MYSQL_PASSWORD=${MYSQL_PASSWORD} 14 | - MYSQL_DATABASE=${MYSQL_DATABASE} 15 | volumes: 16 | - ${VOLUME_DIR}/nextcloud-db:/var/lib/mysql 17 | 18 | ### Nextcloud cache: Redis ### 19 | nextcloud-redis: 20 | image: redis 21 | container_name: nextcloud-redis 22 | restart: always 23 | 24 | ### Nextcloud application: Apache image ### 25 | nextcloud-app: 26 | image: nextcloud 27 | container_name: nextcloud-app 28 | restart: always 29 | depends_on: 30 | - nextcloud-mariadb 31 | - nextcloud-redis 32 | environment: 33 | ## Data directory ## 34 | - NEXTCLOUD_DATA_DIR=/srv/nextcloud/data 35 | 36 | ## Trusted domains ## 37 | - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN} 38 | 39 | ## Database configuration ## 40 | - MYSQL_USER=${MYSQL_USER} 41 | - MYSQL_PASSWORD=${MYSQL_PASSWORD} 42 | - MYSQL_DATABASE=${MYSQL_DATABASE} 43 | 44 | ## Mail configuration ## 45 | - SMTP_HOST=${SMTP_HOST} 46 | - SMTP_SECURE=${SMTP_SECURE} 47 | - SMTP_PORT=${SMTP_PORT} 48 | - SMTP_AUTHTYPE=${SMTP_AUTHTYPE} 49 | - SMTP_NAME=${SMTP_NAME} 50 | - SMTP_PASSWORD=${SMTP_PASSWORD} 51 | - MAIL_FROM_ADDRESS=${MAIL_FROM_ADDRESS} 52 | - MAIL_DOMAIN=${MAIL_DOMAIN} 53 | 54 | ## Apache configuration ## 55 | - OVERWRITEPROTOCOL=https 56 | - OVERWRITEHOST=${DOMAIN} 57 | 58 | ## Containers link 59 | - MYSQL_HOST=nextcloud-mariadb 60 | - REDIS_HOST=nextcloud-redis 61 | - TRUSTED_PROXIES=traefik 62 | 63 | - TZ=${TZ} 64 | volumes: 65 | - ${VOLUME_DIR}/nextcloud-data/html:/var/www/html 66 | - ${VOLUME_DIR}/nextcloud-data/data:/srv/nextcloud/data 67 | networks: 68 | - default 69 | - traefik-network 70 | labels: 71 | ## Watchtower configuration: Only enable monitoring ## 72 | - com.centurylinklabs.watchtower.enable=true 73 | - com.centurylinklabs.watchtower.monitor-only=true 74 | 75 | ## Diun configuration ## 76 | - diun.enable=true 77 | 78 | ## Traefik configuration ## 79 | # Enable Traefik # 80 | - traefik.enable=true 81 | - traefik.docker.network=traefik-network 82 | 83 | # Set entrypoint port # 84 | - traefik.http.services.nextcloud.loadbalancer.server.port=80 85 | 86 | # Set HTTP domain and HTTP -> HTTPS redirection # 87 | - traefik.http.routers.nextcloud.rule=Host(`${DOMAIN}`) 88 | - traefik.http.routers.nextcloud.entrypoints=web 89 | - traefik.http.routers.nextcloud.middlewares=https-redirect@file 90 | 91 | # Set HTTPS domain # 92 | - traefik.http.routers.nextcloud-secure.rule=Host(`${DOMAIN}`) 93 | - traefik.http.routers.nextcloud-secure.entrypoints=websecure 94 | - traefik.http.routers.nextcloud-secure.middlewares=nextcloud,nextcloud-redirect 95 | 96 | # Specific Nextcloud configuration # 97 | - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011 98 | - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true 99 | - traefik.http.middlewares.nextcloud.headers.stsPreload=true 100 | - traefik.http.middlewares.nextcloud.headers.contentTypeNosniff=true 101 | - traefik.http.middlewares.nextcloud.headers.browserXSSFilter=true 102 | - traefik.http.middlewares.nextcloud-redirect.redirectregex.permanent=true 103 | - traefik.http.middlewares.nextcloud-redirect.redirectregex.regex=/.well-known/(card|cal)dav 104 | - traefik.http.middlewares.nextcloud-redirect.redirectregex.replacement=/remote.php/dav/ 105 | 106 | ### Nextcloud cron ### 107 | nextcloud-cron: 108 | image: nextcloud 109 | container_name: nextcloud-cron 110 | restart: always 111 | depends_on: 112 | - nextcloud-mariadb 113 | - nextcloud-redis 114 | entrypoint: /cron.sh 115 | volumes: 116 | - ${VOLUME_DIR}/nextcloud-data/html:/var/www/html 117 | - ${VOLUME_DIR}/nextcloud-data/data:/srv/nextcloud/data 118 | 119 | ### OnlyOffice: An online office suite comprising viewers and editors for texts, spreadsheets and presentations, fully compatible with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative editing in real time. ### 120 | nextcloud-onlyoffice: 121 | image: onlyoffice/documentserver 122 | container_name: nextcloud-onlyoffice 123 | restart: always 124 | environment: 125 | - ONLYOFFICE_HTTPS_HSTS_ENABLED=false 126 | - JWT_ENABLED=true 127 | - JWT_SECRET=${ONLYOFFICE_TOKEN} 128 | - TZ=${TZ} 129 | volumes: 130 | - ${VOLUME_DIR}/nextcloud-onlyoffice/data:/var/www/onlyoffice/Data 131 | - ${VOLUME_DIR}/nextcloud-onlyoffice/log:/var/log/onlyoffice 132 | networks: 133 | - default 134 | - traefik-network 135 | labels: 136 | ## Watchtower configuration ## 137 | - com.centurylinklabs.watchtower.enable=true 138 | 139 | ## Diun configuration ## 140 | - diun.enable=true 141 | 142 | ## Traefik configuration ## 143 | # Enable Traefik # 144 | - traefik.enable=true 145 | - traefik.docker.network=traefik-network 146 | 147 | # Set entrypoint port # 148 | - traefik.http.services.onlyoffice.loadbalancer.server.port=80 149 | 150 | # Set HTTP domain and HTTP -> HTTPS redirection # 151 | - traefik.http.routers.onlyoffice.rule=Host(`${DOMAIN}`) && PathPrefix(`/onlyoffice`) 152 | - traefik.http.routers.onlyoffice.entrypoints=web 153 | - traefik.http.routers.onlyoffice.middlewares=https-redirect@file 154 | 155 | # Set HTTPS domain # 156 | - traefik.http.routers.onlyoffice-secure.rule=Host(`${DOMAIN}`) && PathPrefix(`/onlyoffice`) 157 | - traefik.http.routers.onlyoffice-secure.entrypoints=websecure 158 | - traefik.http.routers.onlyoffice-secure.middlewares=onlyoffice,onlyoffice-strip 159 | 160 | # Specific OnlyOffice configuration # 161 | - traefik.http.middlewares.onlyoffice-strip.stripprefix.prefixes=/onlyoffice 162 | - traefik.http.middlewares.onlyoffice-strip.stripprefix.forceSlash=true 163 | - traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https 164 | - traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Host=${DOMAIN}/onlyoffice 165 | 166 | networks: 167 | default: 168 | name: nextcloud-network 169 | traefik-network: 170 | name: traefik-network 171 | external: true 172 | -------------------------------------------------------------------------------- /services/nocodb/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | # Database configuration # 8 | DB_USER= 9 | DB_PASSWORD= 10 | DB_NAME= 11 | 12 | ## Email settings ## 13 | SMTP_FROM_NAME= 14 | SMTP_FROM_ADDRESS= 15 | SMTP_HOST= 16 | SMTP_PORT= 17 | SMTP_USERNAME= 18 | SMTP_PASSWORD= 19 | 20 | ## Timezone configuration ## 21 | TZ= 22 | -------------------------------------------------------------------------------- /services/nocodb/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := nocodb 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/nocodb/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### NocoDB: An open source #NoCode platform that turns any database into a smart spreadsheet. ### 5 | nocodb: 6 | image: nocodb/nocodb:0.109.2 7 | container_name: nocodb 8 | restart: always 9 | depends_on: 10 | - nocodb-postgresql 11 | environment: 12 | - NC_SMTP_FROM=${SMTP_FROM_ADDRESS} 13 | - NC_SMTP_HOST=${SMTP_HOST} 14 | - NC_SMTP_PORT=${SMTP_PORT} 15 | - NC_SMTP_USERNAME=${SMTP_USERNAME} 16 | - NC_SMTP_PASSWORD=${SMTP_PASSWORD} 17 | - NC_SMTP_SECURE=true 18 | - NC_DB=pg://nocodb-postgresql:5432?u=${DB_USER}&p=${DB_PASSWORD}&d=${DB_NAME} 19 | - TZ=${TZ} 20 | volumes: 21 | - ${VOLUME_DIR}/nocodb-data:/usr/app/data 22 | networks: 23 | - default 24 | - traefik-network 25 | labels: 26 | ## Watchtower configuration ## 27 | - com.centurylinklabs.watchtower.enable=true 28 | - com.centurylinklabs.watchtower.monitor-only=true 29 | 30 | ## Diun configuration ## 31 | - diun.enable=true 32 | 33 | ## Traefik configuration ## 34 | # Enable Traefik # 35 | - traefik.enable=true 36 | - traefik.docker.network=traefik-network 37 | 38 | # Set entrypoint port # 39 | - traefik.http.services.nocodb.loadbalancer.server.port=8080 40 | 41 | # Set HTTP domain and HTTP -> HTTPS redirection # 42 | - traefik.http.routers.nocodb.rule=Host(`${DOMAIN}`) 43 | - traefik.http.routers.nocodb.entrypoints=web 44 | - traefik.http.routers.nocodb.middlewares=https-redirect@file 45 | 46 | # Set HTTPS domain # 47 | - traefik.http.routers.nocodb-secure.rule=Host(`${DOMAIN}`) 48 | - traefik.http.routers.nocodb-secure.entrypoints=websecure 49 | 50 | ### NocoDB database: PostgreSQL ### 51 | nocodb-postgresql: 52 | image: postgres:15 53 | container_name: nocodb-postgresql 54 | restart: always 55 | environment: 56 | - POSTGRES_USER=${DB_USER} 57 | - POSTGRES_PASSWORD=${DB_PASSWORD} 58 | - POSTGRES_DB=${DB_NAME} 59 | - TZ=${TZ} 60 | volumes: 61 | - ${VOLUME_DIR}/nocodb-db:/var/lib/postgresql/data 62 | 63 | networks: 64 | default: 65 | name: nocodb-network 66 | traefik-network: 67 | name: traefik-network 68 | external: true 69 | -------------------------------------------------------------------------------- /services/openvpn/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/openvpn/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := openvpn 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background and prepare certificates 10 | @$(DOCKER_COMPOSE) run --rm $(SERVICE) ovpn_genconfig -u udp://$(DOMAIN) 11 | @$(DOCKER_COMPOSE) run --rm $(SERVICE) ovpn_initpki 12 | @sudo chown -R $(whoami): $(VOLUME_DIR)/openvpn-data 13 | @mkdir clients 14 | @$(DOCKER_COMPOSE) up -d 15 | 16 | .PHONY: uninstall 17 | uninstall: ## Stop all containers and remove all data 18 | @$(DOCKER_COMPOSE) down -v 19 | @sudo rm -rf $(VOLUME_DIR) 20 | @sudo rm -rf clients 21 | 22 | .PHONY: add-user 23 | add-user: ## Add a new user 24 | @read -p "Enter username: " username 25 | @$(DOCKER_COMPOSE) run --rm $(SERVICE) easyrsa build-client-full $${username} 26 | @$(DOCKER_COMPOSE) run --rm $(SERVICE) ovpn_getclient $${username} > clients/$${username}.ovpn 27 | 28 | .PHONY: delete-user 29 | delete-user: ## Remove a user 30 | @read -p "Enter username: " username 31 | @$(DOCKER_COMPOSE) run --rm $(SERVICE) ovpn_revokeclient $${username} 32 | @rm -rf clients/$${username}.ovpn 33 | -------------------------------------------------------------------------------- /services/openvpn/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### OpenVPN: OpenVPN server in a Docker container complete with an EasyRSA PKI CA ### 5 | openvpn: 6 | image: kylemanna/openvpn 7 | container_name: openvpn 8 | restart: always 9 | environment: 10 | - TZ=${TZ} 11 | cap_add: 12 | - NET_ADMIN 13 | ports: 14 | - 1194:1194/udp 15 | volumes: 16 | - ${VOLUME_DIR}/openvpn-data/conf:/etc/openvpn 17 | labels: 18 | ## Watchtower configuration: Only enable monitoring ## 19 | - com.centurylinklabs.watchtower.enable=true 20 | - com.centurylinklabs.watchtower.monitor-only=true 21 | 22 | ## Diun configuration ## 23 | - diun.enable=true 24 | 25 | networks: 26 | default: 27 | name: openvpn-network 28 | -------------------------------------------------------------------------------- /services/paperless/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Paperless configuration ## 8 | LANGUAGE= 9 | SECRET_KEY= 10 | 11 | ## Database configuration ## 12 | POSTGRES_USER= 13 | POSTGRES_PASSWORD= 14 | POSTGRES_DB= 15 | 16 | ## Timezone configuration ## 17 | TZ= 18 | -------------------------------------------------------------------------------- /services/paperless/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := paperless 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) pull 11 | @$(DOCKER_COMPOSE) run --rm ${SERVICE} createsuperuser 12 | @$(DOCKER_COMPOSE) up -d 13 | 14 | .PHONY: uninstall 15 | uninstall: ## Stop all containers and remove all data 16 | @$(DOCKER_COMPOSE) down -v 17 | @sudo rm -rf $(VOLUME_DIR) 18 | -------------------------------------------------------------------------------- /services/paperless/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Paperless cache: Redis ### 5 | paperless-redis: 6 | image: redis 7 | container_name: paperless-redis 8 | restart: always 9 | ### Paperless database: PostgreSQL ### 10 | paperless-postgres: 11 | image: postgres 12 | container_name: paperless-postgres 13 | restart: always 14 | environment: 15 | - POSTGRES_USER=${POSTGRES_USER} 16 | - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} 17 | - POSTGRES_DB=${POSTGRES_DB} 18 | volumes: 19 | - ${VOLUME_DIR}/paperless-db:/var/lib/postgresql/data 20 | ### Gotenberg: At TheCodingMachine, we build a lot of web applications (intranets, extranets and so on) which require to generate PDF from various sources. Each time, we ended up using some well known libraries and kind of lost time by reimplementing a solution from a project to another project. Meh. ### 21 | paperless-gotenberg: 22 | image: thecodingmachine/gotenberg 23 | container_name: paperless-gotenberg 24 | restart: always 25 | environment: 26 | - DISABLE_GOOGLE_CHROME=1 27 | ### Tika: The Apache Tika™ toolkit detects and extracts metadata and text from over a thousand different file types (such as PPT, XLS, and PDF). ### 28 | paperless-tika: 29 | image: apache/tika 30 | container_name: paperless-tika 31 | restart: always 32 | ## Paperless: An application by Daniel Quinn and others that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. ## 33 | paperless: 34 | image: jonaswinkler/paperless-ng 35 | container_name: paperless 36 | restart: always 37 | depends_on: 38 | - paperless-postgres 39 | - paperless-redis 40 | - paperless-gotenberg 41 | - paperless-tika 42 | environment: 43 | - COMPOSE_PROJECT_NAME=paperless 44 | - PAPERLESS_SECRET_KEY=${SECRET_KEY} 45 | - PAPERLESS_OCR_LANGUAGE=${LANGUAGE} 46 | - PAPERLESS_REDIS=redis://paperless-redis:6379 47 | - PAPERLESS_DBHOST=paperless-postgres 48 | - PAPERLESS_DBUSER=${POSTGRES_USER} 49 | - PAPERLESS_DBPASS=${POSTGRES_PASSWORD} 50 | - PAPERLESS_DBNAME=${POSTGRES_DB} 51 | - PAPERLESS_TIKA_ENABLED=1 52 | - PAPERLESS_TIKA_GOTENBERG_ENDPOINT=http://paperless-gotenberg:3000 53 | - PAPERLESS_TIKA_ENDPOINT=http://paperless-tika:9998 54 | - TZ=${TZ} 55 | - PAPERLESS_TIME_ZONE=${TZ} 56 | volumes: 57 | - ${VOLUME_DIR}/paperless-data/data:/usr/src/paperless/data 58 | - ${VOLUME_DIR}/paperless-data/media:/usr/src/paperless/media 59 | - ${VOLUME_DIR}/paperless-data/export:/usr/src/paperless/export 60 | - ${VOLUME_DIR}/paperless-data/consume:/usr/src/paperless/consume 61 | networks: 62 | - default 63 | - traefik-network 64 | labels: 65 | ## Watchtower configuration ## 66 | - com.centurylinklabs.watchtower.enable=true 67 | 68 | ## Diun configuration ## 69 | - diun.enable=true 70 | 71 | ## Traefik configuration ## 72 | # Enable Traefik # 73 | - traefik.enable=true 74 | - traefik.docker.network=traefik-network 75 | 76 | # Set entrypoint port # 77 | - traefik.http.services.paperless.loadbalancer.server.port=8000 78 | 79 | # Set HTTP domain and HTTP -> HTTPS redirection # 80 | - traefik.http.routers.paperless.rule=Host(`${DOMAIN}`) 81 | - traefik.http.routers.paperless.entrypoints=web 82 | - traefik.http.routers.paperless.middlewares=https-redirect@file 83 | 84 | # Set HTTPS domain # 85 | - traefik.http.routers.paperless-secure.rule=Host(`${DOMAIN}`) 86 | - traefik.http.routers.paperless-secure.entrypoints=websecure 87 | 88 | networks: 89 | default: 90 | name: paperless-network 91 | traefik-network: 92 | name: traefik-network 93 | external: true 94 | -------------------------------------------------------------------------------- /services/portainer/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/portainer/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := portainer 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/portainer/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ## Portainer: A universal container management tool. It works with Kubernetes, Docker, Docker Swarm and Azure ACI and allows you to manage containers without needing to know platform-specific code. ## 5 | portainer: 6 | image: portainer/portainer-ce 7 | container_name: portainer 8 | restart: always 9 | environment: 10 | - TZ=${TZ} 11 | command: -H unix:///var/run/docker.sock 12 | volumes: 13 | - ${VOLUME_DIR}/portainer-data:/data 14 | - /var/run/docker.sock:/var/run/docker.sock:ro 15 | networks: 16 | - default 17 | - traefik-network 18 | labels: 19 | ## Watchtower configuration ## 20 | - com.centurylinklabs.watchtower.enable=true 21 | 22 | ## Diun configuration ## 23 | - diun.enable=true 24 | 25 | ## Traefik configuration ## 26 | # Enable Traefik # 27 | - traefik.enable=true 28 | - traefik.docker.network=traefik-network 29 | 30 | # Set entrypoint port # 31 | - traefik.http.services.portainer.loadbalancer.server.port=9000 32 | 33 | # Set HTTP domain # 34 | - traefik.http.routers.portainer.entrypoints=web 35 | - traefik.http.routers.portainer.rule=Host(`${DOMAIN}`) 36 | 37 | networks: 38 | default: 39 | name: portainer-network 40 | traefik-network: 41 | name: traefik-network 42 | external: true 43 | -------------------------------------------------------------------------------- /services/traefik/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Global settings ## 5 | LOG_LEVEL= 6 | 7 | ## Domain settings ## 8 | DOMAIN1= 9 | DOMAIN2= 10 | DOMAIN3= 11 | DASHBOARD_DOMAIN= 12 | 13 | ## Certificate settings ## 14 | ACME_EMAIL= 15 | NAMECHEAP_API_USER= 16 | NAMECHEAP_API_KEY= 17 | CF_API_EMAIL= 18 | CF_API_KEY= 19 | 20 | ## Timezone configuration ## 21 | TZ= 22 | -------------------------------------------------------------------------------- /services/traefik/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := traefik 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @mkdir -p credentials 11 | @touch credentials/users-credentials 12 | @$(DOCKER_COMPOSE) up -d 13 | 14 | .PHONY: uninstall 15 | uninstall: ## Stop all containers and remove all data 16 | @$(DOCKER_COMPOSE) down -v 17 | @sudo rm -rf $(VOLUME_DIR) 18 | 19 | .PHONY: add-user 20 | add-user: ## Add a new user for Traefik Dashboard 21 | @read -p "Enter username: " username 22 | @read -p "Enter password: " password 23 | @echo $$(htpasswd -nb $${username} $${password}) >> credentials/users-credentials 24 | @$(DOCKER_COMPOSE) restart 25 | -------------------------------------------------------------------------------- /services/traefik/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Traefik: An open-source Edge Router that makes publishing your services a fun and easy experience ### 5 | traefik: 6 | image: traefik:2.10 7 | container_name: traefik 8 | restart: always 9 | extra_hosts: 10 | - host.docker.internal:172.17.0.1 11 | environment: 12 | - NAMECHEAP_API_KEY=${NAMECHEAP_API_KEY} 13 | - NAMECHEAP_API_USER=${NAMECHEAP_API_USER} 14 | - CF_API_EMAIL=${CF_API_EMAIL} 15 | - CF_API_KEY=${CF_API_KEY} 16 | - TZ=${TZ} 17 | command: 18 | ## Global settings ## 19 | - --global.checkNewVersion=true 20 | - --global.sendAnonymousUsage=true 21 | 22 | ## Log Settings (options: ERROR, DEBUG, PANIC, FATAL, WARN, INFO) - https://docs.traefik.io/observability/logs ## 23 | - --log=true 24 | - --log.level=${LOG_LEVEL} 25 | - --log.filePath=/srv/traefik/log/traefik.log 26 | # - --log.format=json 27 | 28 | ## Access Log - https://doc.traefik.io/traefik/observability/access-logs ## 29 | - --accesslog=false 30 | - --accesslog.filePath=/srv/traefik/accesslog/traefik-access.log 31 | - --accesslog.fields.defaultMode=keep 32 | - --accesslog.fields.headers.defaultMode=keep 33 | - --accesslog.bufferingSize=100 34 | # - --accesslog.format=json 35 | 36 | ## Metrics - https://doc.traefik.io/traefik/observability/metrics/overview ## 37 | - --metrics=false 38 | - --metrics.prometheus=false 39 | 40 | ## Tracing - https://doc.traefik.io/traefik/observability/tracing/overview ## 41 | - --tracing=false 42 | - --tracing.serviceName=traefik 43 | - --tracing.spanNameLimit=150 44 | 45 | ## API Settings - https://docs.traefik.io/operations/api/, endpoints - https://docs.traefik.io/operations/api/#endpoints ## 46 | - --api=true 47 | - --api.insecure=true 48 | - --api.dashboard=true 49 | - --api.debug=true 50 | - --ping=false 51 | 52 | ## Provider Settings - https://docs.traefik.io/providers/docker/#provider-configuration ## 53 | - --providers.docker=true 54 | - --providers.docker.swarmMode=false 55 | - --providers.docker.exposedByDefault=false 56 | - --providers.docker.watch=true 57 | - --providers.docker.network=traefik-network 58 | - --providers.file.directory=/srv/traefik/rules 59 | - --providers.file.watch=true 60 | 61 | ## Entrypoints Settings - https://docs.traefik.io/routing/entrypoints/#configuration ## 62 | - --entryPoints.web.address=:80 63 | - --entryPoints.websecure.address=:443 64 | # Set security headers for https # 65 | - --entryPoints.websecure.http.middlewares=security-headers@file 66 | - --serverstransport.insecureskipverify=true 67 | # Add Let's Encrypt as default certresolver for all services 68 | - --entrypoints.websecure.http.tls=true 69 | - --entrypoints.websecure.http.tls.certresolver=letsencrypt 70 | - --entrypoints.websecure.http.tls.domains[0].main=*.${DOMAIN1} 71 | - --entrypoints.websecure.http.tls.domains[0].sans=${DOMAIN1} 72 | - --entrypoints.websecure.http.tls.domains[1].main=*.${DOMAIN2} 73 | - --entrypoints.websecure.http.tls.domains[1].sans=${DOMAIN2} 74 | - --entrypoints.websecure.http.tls.domains[2].main=*.${DOMAIN3} 75 | - --entrypoints.websecure.http.tls.domains[2].sans=${DOMAIN3} 76 | 77 | ## Global HTTP -> HTTPS redirection - https://blog.jensknipper.de/blog/traefik-http-to-https-redirect ## 78 | # - --entryPoints.web.http.redirections.entryPoint.to=websecure 79 | # - --entryPoints.web.http.redirections.entryPoint.scheme=https 80 | # - --entryPoints.web.http.redirections.entryPoint.permanent=true 81 | 82 | ## Certificate Settings (Let's Encrypt) - https://docs.traefik.io/https/acme/#configuration-examples ## 83 | - --certificatesResolvers.letsencrypt.acme.email=${ACME_EMAIL} 84 | - --certificatesResolvers.letsencrypt.acme.storage=/srv/traefik/letsencrypt/acme.json 85 | - --certificatesresolvers.letsencrypt.acme.dnschallenge=true 86 | - --certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=120 87 | - --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers[0]=1.1.1.1:53 88 | - --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers[1]=8.8.8.8:53 89 | - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare 90 | ports: 91 | - 80:80 92 | - 443:443 93 | volumes: 94 | - ${VOLUME_DIR}/traefik-data/log:/srv/traefik/log 95 | - ${VOLUME_DIR}/traefik-data/accesslog:/srv/traefik/accesslog 96 | - ${VOLUME_DIR}/traefik-data/letsencrypt:/srv/traefik/letsencrypt 97 | - ./rules:/srv/traefik/rules 98 | - ./credentials:/srv/traefik/credentials 99 | - /var/run/docker.sock:/var/run/docker.sock:ro 100 | labels: 101 | ## Watchtower configuration: Only enable monitoring ## 102 | - com.centurylinklabs.watchtower.enable=true 103 | - com.centurylinklabs.watchtower.monitor-only=true 104 | 105 | ## Diun configuration ## 106 | - diun.enable=true 107 | 108 | ## Traefik configuration ## 109 | # Enable Traefik and global configuration # 110 | - traefik.enable=true 111 | 112 | # Global HTTP -> HTTPS redirection 113 | # - traefik.http.routers.http-catchall.entrypoints=http 114 | # - traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`) 115 | # - traefik.http.routers.http-catchall.middlewares=redirect-to-https 116 | # - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https 117 | 118 | # Force global wildcard certificates generation 119 | - traefik.http.routers.wildcard-certs.entrypoints=websecure 120 | - traefik.http.routers.wildcard-certs.tls.certresolver=letsencrypt 121 | - traefik.http.routers.wildcard-certs.tls.domains[0].main=*.${DOMAIN1} 122 | - traefik.http.routers.wildcard-certs.tls.domains[0].sans=${DOMAIN1} 123 | - traefik.http.routers.wildcard-certs.tls.domains[1].main=*.${DOMAIN2} 124 | - traefik.http.routers.wildcard-certs.tls.domains[1].sans=${DOMAIN2} 125 | - traefik.http.routers.wildcard-certs.tls.domains[2].main=*.${DOMAIN3} 126 | - traefik.http.routers.wildcard-certs.tls.domains[2].sans=${DOMAIN3} 127 | 128 | ## Traefik dashboard configuration ## 129 | # Set HTTP domain and HTTP -> HTTPS redirection # 130 | - traefik.http.routers.api.rule=Host(`${DASHBOARD_DOMAIN}`) 131 | - traefik.http.routers.api.entrypoints=web 132 | - traefik.http.routers.api.middlewares=https-redirect@file 133 | 134 | # Set HTTPS domain # 135 | - traefik.http.routers.api-secure.rule=Host(`${DASHBOARD_DOMAIN}`) 136 | - traefik.http.routers.api-secure.entrypoints=websecure 137 | - traefik.http.routers.api-secure.service=api@internal 138 | - traefik.http.routers.api-secure.middlewares=authelia@docker 139 | 140 | networks: 141 | default: 142 | name: traefik-network 143 | external: true 144 | -------------------------------------------------------------------------------- /services/traefik/rules/rules.yml: -------------------------------------------------------------------------------- 1 | ## Setting up tls configuration: https://adminsecurity.guru/traefik-v2-ssllabs-A-plus ## 2 | tls: 3 | options: 4 | default: 5 | minVersion: VersionTLS12 6 | sniStrict: true 7 | cipherSuites: 8 | - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 9 | - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 10 | - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 11 | - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 12 | - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 13 | - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 14 | - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 15 | - TLS_AES_128_GCM_SHA256 16 | - TLS_AES_256_GCM_SHA384 17 | - TLS_CHACHA20_POLY1305_SHA256 18 | curvePreferences: 19 | - CurveP521 20 | - CurveP384 21 | alpnProtocols: 22 | - h2 23 | - http/1.1 24 | mintls13: 25 | minVersion: VersionTLS13 26 | 27 | ## Setting up the middleware for redirect to https ## 28 | http: 29 | middlewares: 30 | https-redirect: 31 | redirectScheme: 32 | scheme: https 33 | permanent: true 34 | 35 | non-www-redirect: 36 | redirectregex: 37 | regex: "^https?://www\\.(.+)" 38 | replacement: "https://${1}" 39 | permanent: true 40 | 41 | www-redirect: 42 | redirectregex: 43 | regex: "^https?://(?:www\\.)?(.+)" 44 | replacement: "https://www.${1}" 45 | permanent: true 46 | 47 | compression: 48 | compress: 49 | excludedContentTypes: 50 | - text/event-stream 51 | 52 | cors-allow-all: 53 | headers: 54 | accessControlAllowOriginList: ["*"] 55 | addVaryHeader: true 56 | 57 | basic-auth: 58 | basicAuth: 59 | usersFile: /srv/traefik/credentials/users-credentials 60 | 61 | security-headers: 62 | headers: 63 | addVaryHeader: true 64 | forceSTSHeader: true 65 | browserXssFilter: true 66 | contentTypeNosniff: true 67 | frameDeny: true 68 | sslRedirect: true 69 | stsIncludeSubdomains: true 70 | stsPreload: true 71 | stsSeconds: 31536000 72 | customFrameOptionsValue: SAMEORIGIN 73 | customRequestHeaders: 74 | X-Frame-Options: SAMEORIGIN 75 | -------------------------------------------------------------------------------- /services/vaultwarden/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/vaultwarden/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := vaultwarden 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/vaultwarden/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### vaultwarden: An alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients ### 5 | vaultwarden: 6 | image: vaultwarden/server 7 | container_name: vaultwarden 8 | restart: always 9 | environment: 10 | - WEBSOCKET_ENABLED=true 11 | - TZ=${TZ} 12 | volumes: 13 | - ${VOLUME_DIR}/vaultwarden-data:/data 14 | networks: 15 | - default 16 | - traefik-network 17 | labels: 18 | ## Watchtower configuration ## 19 | - com.centurylinklabs.watchtower.enable=true 20 | - com.centurylinklabs.watchtower.monitor-only=true 21 | 22 | ## Diun configuration ## 23 | - diun.enable=true 24 | 25 | ## Traefik configuration ## 26 | # Enable Traefik # 27 | - traefik.enable=true 28 | - traefik.docker.network=traefik-network 29 | 30 | # Set entrypoint port # 31 | - traefik.http.services.vaultwarden-ui.loadbalancer.server.port=80 32 | - traefik.http.services.vaultwarden-ws.loadbalancer.server.port=3012 33 | 34 | # Set HTTP domain and HTTP -> HTTPS redirection # 35 | - traefik.http.routers.vaultwarden.rule=Host(`${DOMAIN}`) 36 | - traefik.http.routers.vaultwarden.service=vaultwarden-ui 37 | - traefik.http.routers.vaultwarden.entrypoints=web 38 | - traefik.http.routers.vaultwarden.middlewares=https-redirect@file 39 | - traefik.http.routers.vaultwarden-websocket.rule=Host(`${DOMAIN}`) && Path(`/notifications/hub`) 40 | - traefik.http.routers.vaultwarden-websocket.service=vaultwarden-ws 41 | - traefik.http.routers.vaultwarden-websocket.entrypoints=web 42 | - traefik.http.routers.vaultwarden-websocket.middlewares=https-redirect@file 43 | 44 | # Set HTTPS domain # 45 | - traefik.http.routers.vaultwarden-secure.rule=Host(`${DOMAIN}`) 46 | - traefik.http.routers.vaultwarden-secure.service=vaultwarden-ui 47 | - traefik.http.routers.vaultwarden-secure.entrypoints=websecure 48 | - traefik.http.routers.vaultwarden-websocket-secure.rule=Host(`${DOMAIN}`) && Path(`/notifications/hub`) 49 | - traefik.http.routers.vaultwarden-websocket-secure.service=vaultwarden-ws 50 | - traefik.http.routers.vaultwarden-websocket-secure.entrypoints=websecure 51 | 52 | networks: 53 | default: 54 | name: vaultwarden-network 55 | traefik-network: 56 | name: traefik-network 57 | external: true 58 | -------------------------------------------------------------------------------- /services/watchtower/.env.template: -------------------------------------------------------------------------------- 1 | ## Notifications settings ## 2 | NOTIFICATIONS_LEVEL= 3 | GOTIFY_ENDPOINT= 4 | GOTIFY_TOKEN= 5 | 6 | ## Timezone configuration ## 7 | TZ= 8 | -------------------------------------------------------------------------------- /services/watchtower/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := watchtower 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | -------------------------------------------------------------------------------- /services/watchtower/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Watchover: A process for automating Docker container base image updates ### 5 | watchtower: 6 | image: containrrr/watchtower 7 | container_name: watchtower 8 | restart: always 9 | environment: 10 | - WATCHTOWER_LABEL_ENABLE=true 11 | - WATCHTOWER_DEBUG=true 12 | - WATCHTOWER_CLEANUP=true 13 | - WATCHTOWER_REMOVE_VOLUMES=true 14 | - WATCHTOWER_SCHEDULE=0 0 8 * * * 15 | - WATCHTOWER_NOTIFICATIONS_LEVEL=${NOTIFICATIONS_LEVEL} 16 | - WATCHTOWER_NOTIFICATIONS=gotify 17 | - WATCHTOWER_NOTIFICATION_GOTIFY_URL=${GOTIFY_ENDPOINT} 18 | - WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN=${GOTIFY_TOKEN} 19 | - TZ=${TZ} 20 | volumes: 21 | - /var/run/docker.sock:/var/run/docker.sock 22 | labels: 23 | ## Watchtower configuration ## 24 | - com.centurylinklabs.watchtower.enable=true 25 | 26 | ## Diun configuration ## 27 | - diun.enable=true 28 | 29 | networks: 30 | default: 31 | name: watchtower-network 32 | -------------------------------------------------------------------------------- /services/wordpress/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Database configuration ## 8 | MYSQL_ROOT_PASSWORD= 9 | MYSQL_USER= 10 | MYSQL_PASSWORD= 11 | MYSQL_DATABASE= 12 | 13 | ## Timezone configuration ## 14 | TZ= 15 | -------------------------------------------------------------------------------- /services/wordpress/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := wordpress 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | 17 | .PHONY: fix-permissions 18 | fix-permissions: ## Fix volume permissions 19 | @$(DOCKER) exec --user root $(SERVICE) chown -R www-data:www-data /var/www 20 | -------------------------------------------------------------------------------- /services/wordpress/config/php.ini: -------------------------------------------------------------------------------- 1 | memory_limit = 512M 2 | -------------------------------------------------------------------------------- /services/wordpress/config/uploads.ini: -------------------------------------------------------------------------------- 1 | file_uploads = On 2 | upload_max_filesize = 500M 3 | post_max_size = 500M 4 | max_execution_time = 600 5 | max_input_vars = 100000 6 | -------------------------------------------------------------------------------- /services/wordpress/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Wordpress database: MariaDB ### 5 | wordpress-mariadb: 6 | image: mariadb 7 | container_name: wordpress-mariadb 8 | restart: always 9 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 10 | environment: 11 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 12 | - MYSQL_USER=${MYSQL_USER} 13 | - MYSQL_PASSWORD=${MYSQL_PASSWORD} 14 | - MYSQL_DATABASE=${MYSQL_DATABASE} 15 | volumes: 16 | - ${VOLUME_DIR}/wordpress-db:/var/lib/mysql 17 | ## Wordpress: WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL, which runs on a web hosting service ## 18 | wordpress: 19 | image: wordpress 20 | container_name: wordpress 21 | restart: always 22 | depends_on: 23 | - wordpress-mariadb 24 | environment: 25 | - WORDPRESS_DB_HOST=wordpress-mariadb:3306 26 | - WORDPRESS_DB_USER=${MYSQL_USER} 27 | - WORDPRESS_DB_PASSWORD=${MYSQL_PASSWORD} 28 | - WORDPRESS_DB_NAME=${MYSQL_DATABASE} 29 | - WORDPRESS_CONFIG_EXTRA= 30 | define('WP_MEMORY_LIMIT', '256M'); 31 | define('WP_MAX_MEMORY_LIMIT', '512M'); 32 | - TZ=${TZ} 33 | volumes: 34 | - ./config/php.ini:/usr/local/etc/php/php.ini 35 | - ./config/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini 36 | - ${VOLUME_DIR}/wordpress-data:/var/www/html 37 | networks: 38 | - default 39 | - traefik-network 40 | labels: 41 | ## Watchtower configuration ## 42 | - com.centurylinklabs.watchtower.enable=true 43 | 44 | ## Diun configuration ## 45 | - diun.enable=true 46 | 47 | ## Traefik configuration ## 48 | # Enable Traefik # 49 | - traefik.enable=true 50 | - traefik.docker.network=traefik-network 51 | 52 | # Set entrypoint port # 53 | - traefik.http.services.wordpress.loadbalancer.server.port=80 54 | 55 | # Set HTTP domain and HTTP -> HTTPS redirection # 56 | - traefik.http.routers.wordpress.rule=Host(`${DOMAIN}`) 57 | - traefik.http.routers.wordpress.entrypoints=web 58 | - traefik.http.routers.wordpress.middlewares=https-redirect@file 59 | 60 | # Set HTTPS domain # 61 | - traefik.http.routers.wordpress-secure.rule=Host(`${DOMAIN}`) 62 | - traefik.http.routers.wordpress-secure.entrypoints=websecure 63 | 64 | networks: 65 | default: 66 | name: wordpress-network 67 | traefik-network: 68 | name: traefik-network 69 | external: true 70 | -------------------------------------------------------------------------------- /services/your-spotify/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Database configuration ## 8 | MONGO_ROOT_USERNAME= 9 | MONGO_ROOT_PASSWORD= 10 | 11 | ## Spotify secrets ## 12 | SPOTIFY_PUBLIC= 13 | SPOTIFY_SECRET= 14 | 15 | ## Timezone configuration ## 16 | TZ= 17 | -------------------------------------------------------------------------------- /services/your-spotify/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := your-spotify 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @$(DOCKER_COMPOSE) up -d 11 | 12 | .PHONY: uninstall 13 | uninstall: ## Stop all containers and remove all data 14 | @$(DOCKER_COMPOSE) down -v 15 | @sudo rm -rf $(VOLUME_DIR) 16 | -------------------------------------------------------------------------------- /services/your-spotify/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Your Spotify sERVER: Self hosted Spotify tracking dashboard ### 5 | your-spotify-server: 6 | image: yooooomi/your_spotify_server 7 | container_name: your-spotify-server 8 | restart: always 9 | depends_on: 10 | - your-spotify-mongodb 11 | environment: 12 | - PORT=8080 13 | - API_ENDPOINT=https://${DOMAIN}/api 14 | - CLIENT_ENDPOINT=https://${DOMAIN} 15 | - SPOTIFY_PUBLIC=${SPOTIFY_PUBLIC} 16 | - SPOTIFY_SECRET=${SPOTIFY_SECRET} 17 | - MONGO_ENDPOINT=mongodb://${MONGO_ROOT_USERNAME}:${MONGO_ROOT_PASSWORD}@your-spotify-mongodb:27017/your_spotify?authSource=admin 18 | - TZ=${TZ} 19 | ports: 20 | - 8080:8080 21 | networks: 22 | - default 23 | - traefik-network 24 | labels: 25 | ## Watchtower configuration ## 26 | - com.centurylinklabs.watchtower.enable=true 27 | - com.centurylinklabs.watchtower.monitor-only=true 28 | 29 | ## Diun configuration ## 30 | - diun.enable=true 31 | 32 | ## Traefik configuration ## 33 | # Enable Traefik # 34 | - traefik.enable=true 35 | - traefik.docker.network=traefik-network 36 | 37 | # Set entrypoint port # 38 | - traefik.http.services.your-spotify-server.loadbalancer.server.port=8080 39 | 40 | # Set HTTP domain and HTTP -> HTTPS redirection # 41 | - traefik.http.routers.your-spotify-server.rule=Host(`${DOMAIN}`) && PathPrefix(`/api`) 42 | - traefik.http.routers.your-spotify-server.entrypoints=web 43 | - traefik.http.routers.your-spotify-server.middlewares=https-redirect@file 44 | 45 | # Set HTTPS domain # 46 | - traefik.http.routers.your-spotify-server-secure.rule=Host(`${DOMAIN}`) && PathPrefix(`/api`) 47 | - traefik.http.routers.your-spotify-server-secure.entrypoints=websecure 48 | - traefik.http.routers.your-spotify-server-secure.middlewares=your-spotify-server-strip 49 | 50 | # Specific OnlyOffice configuration # 51 | - traefik.http.middlewares.your-spotify-server-strip.stripprefix.prefixes=/api 52 | - traefik.http.middlewares.your-spotify-server-strip.stripprefix.forceSlash=true 53 | 54 | ### Your Spotify database: Mongo ### 55 | your-spotify-mongodb: 56 | image: mongo:4 57 | container_name: your-spotify-mongodb 58 | restart: always 59 | environment: 60 | - MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USERNAME} 61 | - MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD} 62 | volumes: 63 | - ${VOLUME_DIR}/db:/data/db 64 | 65 | your-spotify-web: 66 | image: yooooomi/your_spotify_client 67 | container_name: your-spotify-web 68 | restart: always 69 | environment: 70 | - API_ENDPOINT=https://${DOMAIN}/api 71 | - TZ=${TZ} 72 | ports: 73 | - 3000:3000 74 | networks: 75 | - default 76 | - traefik-network 77 | labels: 78 | ## Watchtower configuration ## 79 | - com.centurylinklabs.watchtower.enable=true 80 | - com.centurylinklabs.watchtower.monitor-only=true 81 | 82 | ## Diun configuration ## 83 | - diun.enable=true 84 | 85 | ## Traefik configuration ## 86 | # Enable Traefik # 87 | - traefik.enable=true 88 | - traefik.docker.network=traefik-network 89 | 90 | # Set entrypoint port # 91 | - traefik.http.services.your-spotify-web.loadbalancer.server.port=3000 92 | 93 | # Set HTTP domain and HTTP -> HTTPS redirection # 94 | - traefik.http.routers.your-spotify-web.rule=Host(`${DOMAIN}`) 95 | - traefik.http.routers.your-spotify-web.entrypoints=web 96 | - traefik.http.routers.your-spotify-web.middlewares=https-redirect@file 97 | 98 | # Set HTTPS domain # 99 | - traefik.http.routers.your-spotify-web-secure.rule=Host(`${DOMAIN}`) 100 | - traefik.http.routers.your-spotify-web-secure.entrypoints=websecure 101 | 102 | networks: 103 | default: 104 | name: your-spotify-network 105 | traefik-network: 106 | name: traefik-network 107 | external: true 108 | -------------------------------------------------------------------------------- /services/zot/.env.template: -------------------------------------------------------------------------------- 1 | ## Volume settings ## 2 | VOLUME_DIR= 3 | 4 | ## Domain settings ## 5 | DOMAIN= 6 | 7 | ## Timezone configuration ## 8 | TZ= 9 | -------------------------------------------------------------------------------- /services/zot/Makefile: -------------------------------------------------------------------------------- 1 | ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 2 | SERVICE := zot 3 | include $(ROOT_DIR)/../../core/common.mk 4 | include .env 5 | 6 | .ONESHELL: 7 | 8 | .PHONY: install 9 | install: ## Start all containers in background 10 | @mkdir -p credentials 11 | @touch credentials/users-credentials 12 | @$(DOCKER_COMPOSE) up -d 13 | 14 | .PHONY: uninstall 15 | uninstall: ## Stop all containers and remove all data 16 | @$(DOCKER_COMPOSE) down -v 17 | @sudo rm -rf $(VOLUME_DIR) 18 | 19 | .PHONY: add-user 20 | add-user: ## Add a new user for Zot Registry 21 | @read -p "Enter username: " username 22 | @read -p "Enter password: " password 23 | @echo $$(htpasswd -bBn $${username} $${password}) >> credentials/users-credentials 24 | @$(DOCKER_COMPOSE) restart 25 | -------------------------------------------------------------------------------- /services/zot/config/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "distSpecVersion": "1.1.0-dev", 3 | "storage": { 4 | "rootDirectory": "/tmp/zot" 5 | }, 6 | "http": { 7 | "address": "0.0.0.0", 8 | "port": "5000", 9 | "auth": { 10 | "htpasswd": { 11 | "path": "/tmp/credentials" 12 | } 13 | } 14 | }, 15 | "log": { 16 | "level": "debug", 17 | "output": "/tmp/logs/zot.log", 18 | "audit": "/tmp/logs/zot-audit.log" 19 | }, 20 | "extensions": { 21 | "search": { 22 | "enable": true, 23 | "cve": { 24 | "updateInterval": "2h" 25 | } 26 | }, 27 | "ui": { 28 | "enable": true 29 | }, 30 | "mgmt": { 31 | "enable": true 32 | }, 33 | "scrub": { 34 | "enable": true, 35 | "interval": "24h" 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /services/zot/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | ### Zot: OCI-native container image registry, simplified. ### 5 | zot: 6 | image: ghcr.io/project-zot/zot-linux-amd64:v2.0.0-rc6 7 | container_name: zot 8 | restart: always 9 | environment: 10 | - TZ=${TZ} 11 | volumes: 12 | - ./config/config.json:/etc/zot/config.json:ro 13 | - ./credentials/users-credentials:/tmp/credentials 14 | - ${VOLUME_DIR}/data:/tmp/zot 15 | - ${VOLUME_DIR}/logs:/tmp/logs 16 | networks: 17 | - default 18 | - traefik-network 19 | labels: 20 | ## Watchtower configuration ## 21 | - com.centurylinklabs.watchtower.enable=true 22 | - com.centurylinklabs.watchtower.monitor-only=true 23 | 24 | ## Diun configuration ## 25 | - diun.enable=true 26 | 27 | ## Traefik configuration ## 28 | # Enable Traefik # 29 | - traefik.enable=true 30 | - traefik.docker.network=traefik-network 31 | 32 | # Set entrypoint port # 33 | - traefik.http.services.zot.loadbalancer.server.port=5000 34 | 35 | # Set HTTP domain and HTTP -> HTTPS redirection # 36 | - traefik.http.routers.zot.rule=Host(`${DOMAIN}`) 37 | - traefik.http.routers.zot.entrypoints=web 38 | - traefik.http.routers.zot.middlewares=https-redirect@file 39 | 40 | # Set HTTPS domain # 41 | - traefik.http.routers.zot-secure.rule=Host(`${DOMAIN}`) 42 | - traefik.http.routers.zot-secure.entrypoints=websecure 43 | 44 | networks: 45 | default: 46 | name: zot-network 47 | traefik-network: 48 | name: traefik-network 49 | external: true 50 | --------------------------------------------------------------------------------