commit e2f27d11fc4b17feaff4710293138b9ab7de9dd6 Author: RZ Date: Sun Jun 28 23:29:25 2026 +0000 initial diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d92b485 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +data/ +*.env diff --git a/audiobookshelf/docker-compose.yml b/audiobookshelf/docker-compose.yml new file mode 100644 index 0000000..31edee3 --- /dev/null +++ b/audiobookshelf/docker-compose.yml @@ -0,0 +1,26 @@ +services: + audiobookshelf: + restart: unless-stopped + image: ghcr.io/advplyr/audiobookshelf:latest + volumes: + - ./data/audiobooks:/audiobooks + - ./data/podcasts:/podcasts + - ./data/config:/config + - ./data/metadata:/metadata + - ./data/books:/books + environment: + - TZ=Europe/Berlin + labels: + - "traefik.enable=true" + - "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.gandalf.dfas4.de`)" + - "traefik.http.routers.audiobookshelf.entrypoints=websecure" + - "traefik.http.routers.audiobookshelf.tls=true" + - "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver" + - "traefik.http.services.audiobookshelf.loadbalancer.server.port=80" + - "traefik.http.routers.audiobookshelf.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.audiobookshelf.tls.domains[0].sans=*.gandalf.dfas4.de" + networks: + - proxy +networks: + proxy: + name: proxy diff --git a/beszel/docker-compose.yml b/beszel/docker-compose.yml new file mode 100644 index 0000000..3cec010 --- /dev/null +++ b/beszel/docker-compose.yml @@ -0,0 +1,43 @@ +services: + beszel: + image: henrygd/beszel:latest + container_name: beszel + restart: unless-stopped + environment: + APP_URL: https://beszel.gandalf.dfas4.de + # ports: + # - 8090:8090 + volumes: + - ./data/beszel_data:/beszel_data + - ./data/beszel_socket:/beszel_socket + networks: + - default + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.beszel.rule=Host(`beszel.gandalf.dfas4.de`)" + - "traefik.http.routers.beszel.entrypoints=websecure" + - "traefik.http.routers.beszel.tls=true" + - "traefik.http.routers.beszel.tls.certresolver=myresolver" + - "traefik.http.services.beszel.loadbalancer.server.port=8090" + - "traefik.http.routers.beszel.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.beszel.tls.domains[0].sans=*.gandalf.dfas4.de" + beszel-agent: + image: henrygd/beszel-agent + container_name: beszel-agent + restart: unless-stopped + network_mode: host + volumes: + - ./data/beszel_agent_data:/var/lib/beszel-agent + - ./data/beszel_socket:/beszel_socket + - /var/run/docker.sock:/var/run/docker.sock:ro + # monitor other disks / partitions by mounting a folder in /extra-filesystems + # - /mnt/disk/.beszel:/extra-filesystems/sda1:ro + environment: + LISTEN: 45876 + KEY: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWiq6s9INKGBfLViTJzo3yuAFVsa2J521PnWvfVb8+1' + TOKEN: a391a6a3-1e1e-495f-860d-de165ba61562 + HUB_URL: https://beszel.gandalf.dfas4.de +networks: + proxy: + name: proxy diff --git a/calibre/docker-compose.yml b/calibre/docker-compose.yml new file mode 100644 index 0000000..755e27d --- /dev/null +++ b/calibre/docker-compose.yml @@ -0,0 +1,28 @@ +services: + calibre-web-automated: + image: crocodilestick/calibre-web-automated:latest + container_name: cwa + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - NETWORK_SHARE_MODE=false + volumes: + - ./data/config:/config + - ./data/books:/calibre-library + - ./data/uploads:/cwa-book-ingest + restart: unless-stopped + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.calibre.rule=Host(`calibre.gandalf.dfas4.de`)" + - "traefik.http.routers.calibre.entrypoints=websecure" + - "traefik.http.routers.calibre.tls=true" + - "traefik.http.routers.calibre.tls.certresolver=myresolver" + - "traefik.http.services.calibre.loadbalancer.server.port=8083" + - "traefik.http.routers.calibre.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.calibre.tls.domains[0].sans=*.gandalf.dfas4.de" +networks: + proxy: + name: proxy diff --git a/immich/docker-compose.yml b/immich/docker-compose.yml new file mode 100644 index 0000000..937dc29 --- /dev/null +++ b/immich/docker-compose.yml @@ -0,0 +1,99 @@ +# +# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose +# +# Make sure to use the docker-compose.yml of the current release: +# +# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml +# +# The compose file on main may not be compatible with the latest release. + +name: immich + +services: + immich-server: + container_name: immich_server + image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} + # extends: + # file: hwaccel.transcoding.yml + # service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding + volumes: + # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file + - ${UPLOAD_LOCATION}:/data +# - /etc/localtime:/etc/localtime:ro + env_file: + - .env +# ports: +# - '2283:2283' + depends_on: + - redis + - database + devices: + - /dev/dri:/dev/dri + restart: always + healthcheck: + disable: false + labels: + - "traefik.enable=true" + - "traefik.http.routers.immich.rule=Host(`immich.gandalf.dfas4.de`)" + - "traefik.http.routers.immich.entrypoints=websecure" + - "traefik.http.routers.immich.tls=true" + - "traefik.http.routers.immich.tls.certresolver=myresolver" + - "traefik.http.services.immich.loadbalancer.server.port=2283" + - "traefik.http.routers.immich.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.immich.tls.domains[0].sans=*.gandalf.dfas4.de" + networks: + - proxy + - default + immich-machine-learning: + container_name: immich_machine_learning + # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag. + # Example tag: ${IMMICH_VERSION:-release}-cuda + image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} + # extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration + # file: hwaccel.ml.yml + # service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable + device_cgroup_rules: + - 'c 189:* rmw' + volumes: + - /dev/bus/usb:/dev/bus/usb + - model-cache:/cache + env_file: + - .env + devices: + - /dev/dri:/dev/dri + restart: always + healthcheck: + disable: false + networks: + - default + + redis: + container_name: immich_redis + image: docker.io/valkey/valkey:9@sha256:fb8d272e529ea567b9bf1302245796f21a2672b8368ca3fcb938ac334e613c8f + healthcheck: + test: redis-cli ping || exit 1 + restart: always + networks: + - default + database: + container_name: immich_postgres + image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23 + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: '--data-checksums' + # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs + # DB_STORAGE_TYPE: 'HDD' + volumes: + # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + shm_size: 128mb + restart: always + networks: + - default +volumes: + model-cache: +networks: + proxy: + external: true diff --git a/invidious/docker-compose.yml b/invidious/docker-compose.yml new file mode 100644 index 0000000..72fa6ed --- /dev/null +++ b/invidious/docker-compose.yml @@ -0,0 +1,107 @@ +version: "3" +services: + + invidious: + image: quay.io/invidious/invidious:latest + #image: quay.io/invidious/invidious:latest-arm64 # ARM64/AArch64 devices + restart: unless-stopped + # Remove "127.0.0.1:" if used from an external IP +# ports: +# - "3010:3000" + environment: + # Please read the following file for a comprehensive list of all available + # configuration options and their associated syntax: + # https://github.com/iv-org/invidious/blob/master/config/config.example.yml + INVIDIOUS_CONFIG: | + db: + dbname: invidious + user: kemal + password: kemal + host: invidious-db + port: 5432 + check_tables: true + invidious_companion: + # URL used for the internal communication between invidious and invidious companion + # There is no need to change that except if Invidious companion does not run on the same docker compose file. + - private_url: "http://companion:8282/companion" + # IT is NOT recommended to use the same key as HMAC KEY. Generate a new key! + # Use the key generated in the 2nd step + invidious_companion_key: "ohph3chaiw1kei4W" + # external_port: + # domain: + # https_only: false + # statistics_enabled: false + # Use the key generated in the 2nd step + hmac_key: "ohzuXohDag4iatoh" + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/stats || exit 1 + interval: 30s + timeout: 5s + retries: 2 + logging: + options: + max-size: "1G" + max-file: "4" + depends_on: + - invidious-db + networks: + - default + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.invidious.rule=Host(`invidious.gandalf.dfas4.de`)" + - "traefik.http.routers.invidious.entrypoints=websecure" + - "traefik.http.routers.invidious.tls=true" + - "traefik.http.routers.invidious.tls.certresolver=myresolver" + - "traefik.http.services.invidious.loadbalancer.server.port=3000" + - "traefik.http.routers.invidious.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.invidious.tls.domains[0].sans=*.gandalf.dfas4.de" + companion: + image: quay.io/invidious/invidious-companion:latest + # Please read the following file for a comprehensive list of all available + # environment variables and their associated syntax: + # https://github.com/iv-org/invidious/blob/master/config/config.example.yml + environment: + # Use the key generated in the 2nd step + - SERVER_SECRET_KEY=ohph3chaiw1kei4W + restart: unless-stopped + # Uncomment only if you have configured "public_url" for Invidious companion + # Or if you want to use Invidious companion as an API in your program. + # Remove "127.0.0.1:" if used from an external IP + #ports: + # - "127.0.0.1:8282:8282" + logging: + options: + max-size: "1G" + max-file: "4" + cap_drop: + - ALL + read_only: true + # cache for youtube library + volumes: + - ./data/companioncache:/var/tmp/youtubei.js:rw + security_opt: + - no-new-privileges:true + networks: + - default + invidious-db: + image: docker.io/library/postgres:14 + restart: unless-stopped + volumes: + - ./data/postgresdata:/var/lib/postgresql/data + - ./data/config/sql:/config/sql + - ./data/docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh + environment: + POSTGRES_DB: invidious + POSTGRES_USER: kemal + POSTGRES_PASSWORD: kemal + healthcheck: + test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"] + networks: + - default +volumes: + postgresdata: + companioncache: +networks: + proxy: + name: proxy diff --git a/jellyfin/docker-compose.yml b/jellyfin/docker-compose.yml new file mode 100644 index 0000000..d818154 --- /dev/null +++ b/jellyfin/docker-compose.yml @@ -0,0 +1,40 @@ +services: + jellyfin: + image: jellyfin/jellyfin:2026050514 + user: 1000:1000 + ports: + - 8096:8096/tcp + - 7359:7359/udp + group_add: + - '105' # Change this to match your "render" host group id and remove this comment +# network_mode: 'host' + volumes: + - /var/data/jellyfin/data/config:/config + - /var/data/jellyfin/data/cache:/cache + - /var/mnt/usb/Serien:/media/series + - /var/mnt/usb/Filme:/media/movies + devices: + - /dev/dri/renderD128:/dev/dri/renderD128 + restart: 'unless-stopped' + labels: + - "traefik.enable=true" + - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.gandalf.dfas4.de`)" + - "traefik.http.routers.jellyfin.entrypoints=websecure" + - "traefik.http.routers.jellyfin.tls=true" + - "traefik.http.routers.jellyfin.tls.certresolver=myresolver" + - "traefik.http.services.jellyfin.loadbalancer.server.port=8096" + - "traefik.http.routers.jellyfin.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.jellyfin.tls.domains[0].sans=*.gandalf.dfas4.de" + # Essential Headers for Chromecast + - "traefik.http.middlewares.jellyfin-cors.headers.accesscontrolalloworiginlist=*" + - "traefik.http.middlewares.jellyfin-cors.headers.accesscontrolallowmethods=GET,POST,OPTIONS" + - "traefik.http.middlewares.jellyfin-cors.headers.accesscontrolallowheaders=*" + - "traefik.http.middlewares.jellyfin-headers.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.middlewares.jellyfin-headers.headers.customrequestheaders.X-Forwarded-Host=jellyfin.gandalf.dfas4.de" + - "traefik.http.routers.jellyfin.middlewares=jellyfin-cors,jellyfin-headers" + networks: + - proxy + +networks: + proxy: + name: proxy diff --git a/karakeep/docker-compose.yml b/karakeep/docker-compose.yml new file mode 100644 index 0000000..b7269cc --- /dev/null +++ b/karakeep/docker-compose.yml @@ -0,0 +1,67 @@ +services: + web: + image: ghcr.io/karakeep-app/karakeep:${KARAKEEP_VERSION:-release} + restart: unless-stopped + volumes: + # By default, the data is stored in a docker volume called "data". + # If you want to mount a custom directory, change the volume mapping to: + # - /path/to/your/directory:/data + - /var/data/karakeep/data:/data +# ports: +# - 3000:3000 + env_file: + - .env + environment: + MEILI_ADDR: http://meilisearch:7700 + BROWSER_WEB_URL: http://chrome:9222 + OAUTH_WELLKNOWN_URL: 'https://pocketid.frodo.dfas4.de/.well-known/openid-configuration' + OAUTH_CLIENT_ID: 'b924f978-a3e8-4842-95ef-f1e106258bb5' + OAUTH_CLIENT_SECRET: 'iuNTyEZDCUhUDJC3Vi8jF2fQt2M2zkvO' + OAUTH_PROVIDER_NAME: 'PocketID' + # OPENAI_API_KEY: ... + + # You almost never want to change the value of the DATA_DIR variable. + # If you want to mount a custom directory, change the volume mapping above instead. + DATA_DIR: /data # DON'T CHANGE THIS + labels: + labels: + - "traefik.enable=true" + - "traefik.http.routers.karakeep.rule=Host(`karakeep.gandalf.dfas4.de`)" + - "traefik.http.routers.karakeep.entrypoints=websecure" + - "traefik.http.routers.karakeep.tls=true" + - "traefik.http.routers.karakeep.tls.certresolver=myresolver" + - "traefik.http.services.karakeep.loadbalancer.server.port=3000" + - "traefik.http.routers.karakeep.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.karakeep.tls.domains[0].sans=*.gandalf.dfas4.de" + networks: + - proxy + - default + chrome: + image: gcr.io/zenika-hub/alpine-chrome:124 + restart: unless-stopped + command: + - --no-sandbox + - --disable-gpu + - --disable-dev-shm-usage + - --remote-debugging-address=0.0.0.0 + - --remote-debugging-port=9222 + - --hide-scrollbars + networks: + - default + meilisearch: + image: getmeili/meilisearch:v1.13.3 + restart: unless-stopped + env_file: + - .env + environment: + MEILI_NO_ANALYTICS: "true" + volumes: + - meilisearch:/meili_data + networks: + - default +volumes: + meilisearch: + data: +networks: + proxy: + name: proxy diff --git a/opennotebook/docker-compose.yml b/opennotebook/docker-compose.yml new file mode 100644 index 0000000..e1dc8d1 --- /dev/null +++ b/opennotebook/docker-compose.yml @@ -0,0 +1,51 @@ +services: + surrealdb: + image: surrealdb/surrealdb:v2 + command: start --log info --user root --pass root rocksdb:/mydata/mydatabase.db + user: root + volumes: + - ./data/surreal:/mydata + restart: always + networks: + - default + open_notebook: + image: lfnovo/open_notebook:v1-latest + environment: + - SURREAL_URL=ws://surrealdb:8000/rpc + - SURREAL_USER=root + - SURREAL_PASSWORD=root + - SURREAL_NAMESPACE=open_notebook + - SURREAL_DATABASE=open_notebook + - API_URL=https://opennotebook-api.gandalf.dfas4.de + env_file: + - .env + volumes: + - ./data/opennotebook:/app/data + depends_on: + - surrealdb + restart: always + networks: + - default + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.opennotebook.rule=Host(`opennotebook.gandalf.dfas4.de`)" + - "traefik.http.routers.opennotebook.entrypoints=websecure" + - "traefik.http.routers.opennotebook.tls=true" + - "traefik.http.routers.opennotebook.tls.certresolver=myresolver" + - "traefik.http.services.opennotebook.loadbalancer.server.port=8502" + - "traefik.http.routers.opennotebook.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.opennotebook.tls.domains[0].sans=*.gandalf.dfas4.de" + - "traefik.http.routers.opennotebook.service=opennotebook" + + - "traefik.http.routers.opennotebookapi.rule=Host(`opennotebook-api.gandalf.dfas4.de`)" + - "traefik.http.routers.opennotebookapi.entrypoints=websecure" + - "traefik.http.routers.opennotebookapi.tls=true" + - "traefik.http.routers.opennotebookapi.tls.certresolver=myresolver" + - "traefik.http.routers.opennotebookapi.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.opennotebookapi.tls.domains[0].sans=*.gandalf.dfas4.de" + - "traefik.http.services.opennotebookapi.loadbalancer.server.port=5055" + - "traefik.http.routers.opennotebookapi.service=opennotebookapi" +networks: + proxy: + name: proxy diff --git a/openwebui/docker-compose.yml b/openwebui/docker-compose.yml new file mode 100644 index 0000000..0202470 --- /dev/null +++ b/openwebui/docker-compose.yml @@ -0,0 +1,30 @@ +services: + open-webui: + image: ghcr.io/open-webui/open-webui:0.9.4 + restart: unless-stopped + environment: + - ENABLE_OLLAMA_API=false + - ENABLE_RAG_WEB_SEARCH=true + - RAG_WEB_SEARCH_ENGINE=searxng + - ENABLE_OAUTH_SIGNUP=true + - ENABLE_SIGNUP=false + - WEBUI_URL=https://openwebui.gandalf.dfas4.de + - USER_AGENT="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" + env_file: + - .env + volumes: + - ./data:/app/backend/data + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.openwebui.rule=Host(`openwebui.gandalf.dfas4.de`)" + - "traefik.http.routers.openwebui.entrypoints=websecure" + - "traefik.http.routers.openwebui.tls=true" + - "traefik.http.routers.openwebui.tls.certresolver=myresolver" + - "traefik.http.services.openwebui.loadbalancer.server.port=8080" + - "traefik.http.routers.openwebui.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.openwebui.tls.domains[0].sans=*.gandalf.dfas4.de" +networks: + proxy: + name: proxy diff --git a/paperless-ngx/docker-compose.yml b/paperless-ngx/docker-compose.yml new file mode 100644 index 0000000..82aad4f --- /dev/null +++ b/paperless-ngx/docker-compose.yml @@ -0,0 +1,64 @@ +# Docker Compose file for running paperless from the Docker Hub. +# This file contains everything paperless needs to run. +# Paperless supports amd64, arm and arm64 hardware. +# +# All compose files of paperless configure paperless in the following way: +# +# - Paperless is (re)started on system boot, if it was running before shutdown. +# - Docker volumes for storing data are managed by Docker. +# - Folders for importing and exporting files are created in the same directory +# as this file and mounted to the correct folders inside the container. +# - Paperless listens on port 8000. +# +# SQLite is used as the database. The SQLite file is stored in the data volume. +# +# To install and update paperless with this file, do the following: +# +# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env' +# and '.env' into a folder. +# - Run 'docker compose pull'. +# - Run 'docker compose run --rm webserver createsuperuser' to create a user. +# - Run 'docker compose up -d'. +# +# For more extensive installation and update instructions, refer to the +# documentation. + +version: "3.4" +services: + broker: + image: docker.io/library/redis:7 + restart: unless-stopped + volumes: + - /var/data/paperless-ngx/data/redisdata:/data + networks: + - default + webserver: + image: ghcr.io/paperless-ngx/paperless-ngx:latest + restart: unless-stopped + depends_on: + - broker +# ports: +# - "8010:8000" + volumes: + - /var/data/paperless-ngx/data/data:/usr/src/paperless/data + - /var/data/paperless-ngx/data/media:/usr/src/paperless/media + - /var/data/paperless-ngx/data/./export:/usr/src/paperless/export + - /var/data/paperless-ngx/data/./consume:/usr/src/paperless/consume + env_file: docker-compose.env + environment: + PAPERLESS_REDIS: redis://broker:6379 + labels: + - "traefik.enable=true" + - "traefik.http.routers.paperless.rule=Host(`paperless.gandalf.dfas4.de`)" + - "traefik.http.routers.paperless.entrypoints=websecure" + - "traefik.http.routers.paperless.tls=true" + - "traefik.http.routers.paperless.tls.certresolver=myresolver" + - "traefik.http.services.paperless.loadbalancer.server.port=8000" + - "traefik.http.routers.paperless.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.paperless.tls.domains[0].sans=*.gandalf.dfas4.de" + networks: + - proxy + - default +networks: + proxy: + name: proxy diff --git a/pocketid/docker-compose.yml b/pocketid/docker-compose.yml new file mode 100644 index 0000000..376e7cd --- /dev/null +++ b/pocketid/docker-compose.yml @@ -0,0 +1,33 @@ +services: + pocketid: + image: ghcr.io/pocket-id/pocket-id:v2 + container_name: pocket-id + restart: unless-stopped + environment: + - APP_URL=https://pocket-id.coreos.home + - ENCRYPTION_KEY_FILE=/keys/key + volumes: + - "./data/keys:/keys" + - "./data/app_data:/app/data" + labels: + - "traefik.enable=true" + - "traefik.http.routers.pocket-id.entrypoints=websecure" + - "traefik.http.routers.pocket-id.rule=Host(`pocket-id.coreos.home`)" + - "traefik.http.routers.pocket-id.tls=true" + - "traefik.http.routers.pocket-id.service=pocket-id" + - "traefik.http.services.pocket-id.loadbalancer.server.port=1411" + - "traefik.docker.network=proxy" + ports: + - 1411:1411 + networks: + - proxy + # Optional healthcheck + healthcheck: + test: [ "CMD", "/app/pocket-id", "healthcheck" ] + interval: 1m30s + timeout: 5s + retries: 2 + start_period: 10s +networks: + proxy: + external: true diff --git a/privatemodeai/docker-compose.yml b/privatemodeai/docker-compose.yml new file mode 100644 index 0000000..227360b --- /dev/null +++ b/privatemodeai/docker-compose.yml @@ -0,0 +1,21 @@ +services: + privatemode-proxy: + image: ghcr.io/edgelesssys/privatemode/privatemode-proxy:latest + restart: unless-stopped + env_file: + - .env + command: ["--apiKey", "${API_KEY}"] + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.privatemode-proxy.rule=Host(`privatemodeai.gandalf.dfas4.de`)" + - "traefik.http.routers.privatemode-proxy.entrypoints=websecure" + - "traefik.http.routers.privatemode-proxy.tls=true" + - "traefik.http.routers.privatemode-proxy.tls.certresolver=myresolver" + - "traefik.http.services.privatemode-proxy.loadbalancer.server.port=8080" + - "traefik.http.routers.privatemode-proxy.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.privatemode-proxy.tls.domains[0].sans=*.gandalf.dfas4.de" +networks: + proxy: + name: proxy diff --git a/searxng/docker-compose.yml b/searxng/docker-compose.yml new file mode 100644 index 0000000..c4c55da --- /dev/null +++ b/searxng/docker-compose.yml @@ -0,0 +1,21 @@ +services: + searxng: + image: searxng/searxng:latest + container_name: searxng + volumes: + - ./data/searxng:/etc/searxng:rw + restart: unless-stopped + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.searxng.rule=Host(`searxng.gandalf.dfas4.de`)" + - "traefik.http.routers.searxng.entrypoints=websecure" + - "traefik.http.routers.searxng.tls=true" + - "traefik.http.routers.searxng.tls.certresolver=myresolver" + - "traefik.http.services.searxng.loadbalancer.server.port=8080" + - "traefik.http.routers.searxng.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.searxng.tls.domains[0].sans=*.gandalf.dfas4.de" +networks: + proxy: + name: proxy diff --git a/sponsor-block/docker-compose.yml b/sponsor-block/docker-compose.yml new file mode 100644 index 0000000..723f7e4 --- /dev/null +++ b/sponsor-block/docker-compose.yml @@ -0,0 +1,8 @@ +version: '3.3' +services: + iSponsorBlockTV: + image: ghcr.io/dmunozv04/isponsorblocktv + container_name: iSponsorBlockTV + restart: unless-stopped + volumes: + - /var/data/sponsor-block/data:/app/data #enter the same pathway as you used for your configurator in step 1 diff --git a/tinfoil-proxy/docker-compose.yml b/tinfoil-proxy/docker-compose.yml new file mode 100644 index 0000000..c6ba8fd --- /dev/null +++ b/tinfoil-proxy/docker-compose.yml @@ -0,0 +1,19 @@ +services: + tinfoil-cli: + restart: unless-stopped + image: ghcr.io/tinfoilsh/tinfoil-cli:latest + command: proxy -e inference.tinfoil.sh -r tinfoilsh/confidential-model-router -b 0.0.0.0 -p 8081 + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.tinfoil-proxy.rule=Host(`tinfoil.gandalf.dfas4.de`)" + - "traefik.http.routers.tinfoil-proxy.entrypoints=websecure" + - "traefik.http.routers.tinfoil-proxy.tls=true" + - "traefik.http.routers.tinfoil-proxy.tls.certresolver=myresolver" + - "traefik.http.services.tinfoil-proxy.loadbalancer.server.port=8081" + - "traefik.http.routers.tinfoil-proxy.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.tinfoil-proxy.tls.domains[0].sans=*.gandalf.dfas4.de" +networks: + proxy: + name: proxy diff --git a/traccar/docker-compose.yml b/traccar/docker-compose.yml new file mode 100644 index 0000000..a301495 --- /dev/null +++ b/traccar/docker-compose.yml @@ -0,0 +1,75 @@ +services: + + database: + image: timescale/timescaledb:latest-pg16 + restart: unless-stopped + environment: + POSTGRES_DB: traccar + POSTGRES_USER: ${DATABASE_USER} + POSTGRES_PASSWORD: ${DATABASE_PASSWORD} + TIMESCALEDB_TELEMETRY: "off" + volumes: + - ./data/db:/var/lib/postgresql/data + networks: + - default + traccar: + image: traccar/traccar:latest + restart: unless-stopped + depends_on: + - database + environment: + CONFIG_USE_ENVIRONMENT_VARIABLES: "true" + DATABASE_DRIVER: org.postgresql.Driver + DATABASE_URL: jdbc:postgresql://database:5432/traccar + DATABASE_USER: ${DATABASE_USER} + DATABASE_PASSWORD: ${DATABASE_PASSWORD} + healthcheck: + test: [ "CMD", "wget", "-q", "--spider", "http://localhost:8082/api/health" ] + interval: 2m + timeout: 5s + start_period: 1h + retries: 3 + # ports: + # - "8082:8082" + # - "5000-5500:5000-5500" + volumes: + - ./data/logs:/opt/traccar/logs + - ./data/config:/opt/traccar/conf + networks: + - default + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.traccar.rule=Host(`traccar.gandalf.dfas4.de`)" + - "traefik.http.routers.traccar.entrypoints=websecure" + - "traefik.http.routers.traccar.tls=true" + - "traefik.http.routers.traccar.tls.certresolver=myresolver" + - "traefik.http.services.traccar.loadbalancer.server.port=8082" + - "traefik.http.routers.traccar.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.traccar.tls.domains[0].sans=*.gandalf.dfas4.de" + autoheal: + image: willfarrell/autoheal:latest + restart: unless-stopped + networks: + - default + environment: + AUTOHEAL_CONTAINER_LABEL: all + AUTOHEAL_INTERVAL: 60 + AUTOHEAL_START_PERIOD: 3600 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + bridge: + restart: unless-stopped + depends_on: + - traccar + build: https://github.com/jannisko/findmy-traccar-bridge.git + volumes: + - ./data/bridge:/bridge/data + - ./data/airtags:/bridge/plists + environment: + BRIDGE_TRACCAR_SERVER: "http://traccar:5055" + networks: + - default +networks: + proxy: + name: proxy diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml new file mode 100644 index 0000000..8eec66e --- /dev/null +++ b/traefik/docker-compose.yml @@ -0,0 +1,67 @@ +# docker-compose.yml +services: + traefik: + image: traefik:v3.6 + container_name: traefik + restart: unless-stopped + security_opt: + - no-new-privileges:true + environment: + - "ACME_DNS_API_BASE=https://acme.frodo.dfas4.de" + - "ACME_DNS_STORAGE_PATH=/etc/traefik/acmedns.json" + command: + # EntryPoints + - "--entrypoints.web.address=:80" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + - "--entrypoints.web.http.redirections.entrypoint.permanent=true" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.websecure.http.tls=true" + + # Attach the static configuration tls.yaml file that contains the tls configuration settings +# - "--providers.file.filename=/dynamic/tls.yaml" + + # Providers + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.network=proxy" + + - "--certificatesresolvers.myresolver.acme.dnschallenge=true" + - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=acmedns" + # API & Dashboard + - "--api.dashboard=true" + - "--api.insecure=false" + + # Observability + - "--log.level=DEBUG" + - "--accesslog=true" + - "--metrics.prometheus=true" + # Traefik Dynamic configuration via Docker labels + labels: + # Enable self‑routing + - "traefik.enable=true" + + # Dashboard router + - "traefik.http.routers.dashboard.rule=Host(`dashboard.gandalf.dfas4.de`)" + - "traefik.http.routers.dashboard.entrypoints=websecure" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.tls=true" + - "traefik.http.routers.dashboard.tls.certresolver=myresolver" + # Basic‑auth middleware + - "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$apr1$$XeLtTjGP$$lGii1xpCSV/Zwj6.POmum/" + - "traefik.http.routers.dashboard.middlewares=dashboard-auth@docker" + - "traefik.http.routers.dashboard.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.dashboard.tls.domains[0].sans=*.gandalf.dfas4.de" + ports: + - "80:80" + - "443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./data/acmedns.json:/etc/traefik/acmedns.json + networks: + - proxy + +networks: + proxy: + name: proxy + diff --git a/vane/docker-compose.yml b/vane/docker-compose.yml new file mode 100644 index 0000000..9a2650e --- /dev/null +++ b/vane/docker-compose.yml @@ -0,0 +1,23 @@ +services: + vane: + image: itzcrazykns1337/vane:slim-latest + container_name: vane + env_file: + - .env + volumes: + - ./data:/home/vane/data + restart: unless-stopped + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.vane.rule=Host(`vane.gandalf.dfas4.de`)" + - "traefik.http.routers.vane.entrypoints=websecure" + - "traefik.http.routers.vane.tls=true" + - "traefik.http.routers.vane.tls.certresolver=myresolver" + - "traefik.http.services.vane.loadbalancer.server.port=3000" + - "traefik.http.routers.vane.tls.domains[0].main=gandalf.dfas4.de" + - "traefik.http.routers.vane.tls.domains[0].sans=*.gandalf.dfas4.de" +networks: + proxy: + name: proxy