rzetzsche/Infrastructure-Gandalf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial

Browse Source
This commit is contained in:
RZ
2026-06-28 23:29:25 +00:00
commit e2f27d11fc
19 changed files with 824 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
data/
*.env

26
audiobookshelf/docker-compose.yml Normal file
View File

@@ -0,0 +1,26 @@
services:
audiobookshelf:
restart: unless-stopped
image: ghcr.io/advplyr/audiobookshelf:latest
volumes:
- ./data/audiobooks:/audiobooks
- ./data/podcasts:/podcasts
- ./data/config:/config
- ./data/metadata:/metadata
- ./data/books:/books
environment:
- TZ=Europe/Berlin
labels:
- "traefik.enable=true"
- "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.gandalf.dfas4.de`)"
- "traefik.http.routers.audiobookshelf.entrypoints=websecure"
- "traefik.http.routers.audiobookshelf.tls=true"
- "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver"
- "traefik.http.services.audiobookshelf.loadbalancer.server.port=80"
- "traefik.http.routers.audiobookshelf.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.audiobookshelf.tls.domains[0].sans=*.gandalf.dfas4.de"
networks:
- proxy
networks:
proxy:
name: proxy

43
beszel/docker-compose.yml Normal file
View File

@@ -0,0 +1,43 @@
services:
beszel:
image: henrygd/beszel:latest
container_name: beszel
restart: unless-stopped
environment:
APP_URL: https://beszel.gandalf.dfas4.de
# ports:
# - 8090:8090
volumes:
- ./data/beszel_data:/beszel_data
- ./data/beszel_socket:/beszel_socket
networks:
- default
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.beszel.rule=Host(`beszel.gandalf.dfas4.de`)"
- "traefik.http.routers.beszel.entrypoints=websecure"
- "traefik.http.routers.beszel.tls=true"
- "traefik.http.routers.beszel.tls.certresolver=myresolver"
- "traefik.http.services.beszel.loadbalancer.server.port=8090"
- "traefik.http.routers.beszel.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.beszel.tls.domains[0].sans=*.gandalf.dfas4.de"
beszel-agent:
image: henrygd/beszel-agent
container_name: beszel-agent
restart: unless-stopped
network_mode: host
volumes:
- ./data/beszel_agent_data:/var/lib/beszel-agent
- ./data/beszel_socket:/beszel_socket
- /var/run/docker.sock:/var/run/docker.sock:ro
# monitor other disks / partitions by mounting a folder in /extra-filesystems
# - /mnt/disk/.beszel:/extra-filesystems/sda1:ro
environment:
LISTEN: 45876
KEY: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWiq6s9INKGBfLViTJzo3yuAFVsa2J521PnWvfVb8+1'
TOKEN: a391a6a3-1e1e-495f-860d-de165ba61562
HUB_URL: https://beszel.gandalf.dfas4.de
networks:
proxy:
name: proxy

28
calibre/docker-compose.yml Normal file
View File

@@ -0,0 +1,28 @@
services:
calibre-web-automated:
image: crocodilestick/calibre-web-automated:latest
container_name: cwa
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- NETWORK_SHARE_MODE=false
volumes:
- ./data/config:/config
- ./data/books:/calibre-library
- ./data/uploads:/cwa-book-ingest
restart: unless-stopped
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.calibre.rule=Host(`calibre.gandalf.dfas4.de`)"
- "traefik.http.routers.calibre.entrypoints=websecure"
- "traefik.http.routers.calibre.tls=true"
- "traefik.http.routers.calibre.tls.certresolver=myresolver"
- "traefik.http.services.calibre.loadbalancer.server.port=8083"
- "traefik.http.routers.calibre.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.calibre.tls.domains[0].sans=*.gandalf.dfas4.de"
networks:
proxy:
name: proxy

99
immich/docker-compose.yml Normal file
View File

@@ -0,0 +1,99 @@
#
# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
#
# Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends:
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- ${UPLOAD_LOCATION}:/data
# - /etc/localtime:/etc/localtime:ro
env_file:
- .env
# ports:
# - '2283:2283'
depends_on:
- redis
- database
devices:
- /dev/dri:/dev/dri
restart: always
healthcheck:
disable: false
labels:
- "traefik.enable=true"
- "traefik.http.routers.immich.rule=Host(`immich.gandalf.dfas4.de`)"
- "traefik.http.routers.immich.entrypoints=websecure"
- "traefik.http.routers.immich.tls=true"
- "traefik.http.routers.immich.tls.certresolver=myresolver"
- "traefik.http.services.immich.loadbalancer.server.port=2283"
- "traefik.http.routers.immich.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.immich.tls.domains[0].sans=*.gandalf.dfas4.de"
networks:
- proxy
- default
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
device_cgroup_rules:
- 'c 189:* rmw'
volumes:
- /dev/bus/usb:/dev/bus/usb
- model-cache:/cache
env_file:
- .env
devices:
- /dev/dri:/dev/dri
restart: always
healthcheck:
disable: false
networks:
- default
redis:
container_name: immich_redis
image: docker.io/valkey/valkey:9@sha256:fb8d272e529ea567b9bf1302245796f21a2672b8368ca3fcb938ac334e613c8f
healthcheck:
test: redis-cli ping || exit 1
restart: always
networks:
- default
database:
container_name: immich_postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: '--data-checksums'
# Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
# DB_STORAGE_TYPE: 'HDD'
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
shm_size: 128mb
restart: always
networks:
- default
volumes:
model-cache:
networks:
proxy:
external: true

107
invidious/docker-compose.yml Normal file
View File

@@ -0,0 +1,107 @@
version: "3"
services:
invidious:
image: quay.io/invidious/invidious:latest
#image: quay.io/invidious/invidious:latest-arm64 # ARM64/AArch64 devices
restart: unless-stopped
# Remove "127.0.0.1:" if used from an external IP
# ports:
# - "3010:3000"
environment:
# Please read the following file for a comprehensive list of all available
# configuration options and their associated syntax:
# https://github.com/iv-org/invidious/blob/master/config/config.example.yml
INVIDIOUS_CONFIG: |
db:
dbname: invidious
user: kemal
password: kemal
host: invidious-db
port: 5432
check_tables: true
invidious_companion:
# URL used for the internal communication between invidious and invidious companion
# There is no need to change that except if Invidious companion does not run on the same docker compose file.
- private_url: "http://companion:8282/companion"
# IT is NOT recommended to use the same key as HMAC KEY. Generate a new key!
# Use the key generated in the 2nd step
invidious_companion_key: "ohph3chaiw1kei4W"
# external_port:
# domain:
# https_only: false
# statistics_enabled: false
# Use the key generated in the 2nd step
hmac_key: "ohzuXohDag4iatoh"
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/stats || exit 1
interval: 30s
timeout: 5s
retries: 2
logging:
options:
max-size: "1G"
max-file: "4"
depends_on:
- invidious-db
networks:
- default
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.invidious.rule=Host(`invidious.gandalf.dfas4.de`)"
- "traefik.http.routers.invidious.entrypoints=websecure"
- "traefik.http.routers.invidious.tls=true"
- "traefik.http.routers.invidious.tls.certresolver=myresolver"
- "traefik.http.services.invidious.loadbalancer.server.port=3000"
- "traefik.http.routers.invidious.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.invidious.tls.domains[0].sans=*.gandalf.dfas4.de"
companion:
image: quay.io/invidious/invidious-companion:latest
# Please read the following file for a comprehensive list of all available
# environment variables and their associated syntax:
# https://github.com/iv-org/invidious/blob/master/config/config.example.yml
environment:
# Use the key generated in the 2nd step
- SERVER_SECRET_KEY=ohph3chaiw1kei4W
restart: unless-stopped
# Uncomment only if you have configured "public_url" for Invidious companion
# Or if you want to use Invidious companion as an API in your program.
# Remove "127.0.0.1:" if used from an external IP
#ports:
# - "127.0.0.1:8282:8282"
logging:
options:
max-size: "1G"
max-file: "4"
cap_drop:
- ALL
read_only: true
# cache for youtube library
volumes:
- ./data/companioncache:/var/tmp/youtubei.js:rw
security_opt:
- no-new-privileges:true
networks:
- default
invidious-db:
image: docker.io/library/postgres:14
restart: unless-stopped
volumes:
- ./data/postgresdata:/var/lib/postgresql/data
- ./data/config/sql:/config/sql
- ./data/docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
environment:
POSTGRES_DB: invidious
POSTGRES_USER: kemal
POSTGRES_PASSWORD: kemal
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
networks:
- default
volumes:
postgresdata:
companioncache:
networks:
proxy:
name: proxy

40
jellyfin/docker-compose.yml Normal file
View File

@@ -0,0 +1,40 @@
services:
jellyfin:
image: jellyfin/jellyfin:2026050514
user: 1000:1000
ports:
- 8096:8096/tcp
- 7359:7359/udp
group_add:
- '105' # Change this to match your "render" host group id and remove this comment
# network_mode: 'host'
volumes:
- /var/data/jellyfin/data/config:/config
- /var/data/jellyfin/data/cache:/cache
- /var/mnt/usb/Serien:/media/series
- /var/mnt/usb/Filme:/media/movies
devices:
- /dev/dri/renderD128:/dev/dri/renderD128
restart: 'unless-stopped'
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.gandalf.dfas4.de`)"
- "traefik.http.routers.jellyfin.entrypoints=websecure"
- "traefik.http.routers.jellyfin.tls=true"
- "traefik.http.routers.jellyfin.tls.certresolver=myresolver"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
- "traefik.http.routers.jellyfin.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.jellyfin.tls.domains[0].sans=*.gandalf.dfas4.de"
# Essential Headers for Chromecast
- "traefik.http.middlewares.jellyfin-cors.headers.accesscontrolalloworiginlist=*"
- "traefik.http.middlewares.jellyfin-cors.headers.accesscontrolallowmethods=GET,POST,OPTIONS"
- "traefik.http.middlewares.jellyfin-cors.headers.accesscontrolallowheaders=*"
- "traefik.http.middlewares.jellyfin-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.jellyfin-headers.headers.customrequestheaders.X-Forwarded-Host=jellyfin.gandalf.dfas4.de"
- "traefik.http.routers.jellyfin.middlewares=jellyfin-cors,jellyfin-headers"
networks:
- proxy
networks:
proxy:
name: proxy

67
karakeep/docker-compose.yml Normal file
View File

@@ -0,0 +1,67 @@
services:
web:
image: ghcr.io/karakeep-app/karakeep:${KARAKEEP_VERSION:-release}
restart: unless-stopped
volumes:
# By default, the data is stored in a docker volume called "data".
# If you want to mount a custom directory, change the volume mapping to:
# - /path/to/your/directory:/data
- /var/data/karakeep/data:/data
# ports:
# - 3000:3000
env_file:
- .env
environment:
MEILI_ADDR: http://meilisearch:7700
BROWSER_WEB_URL: http://chrome:9222
OAUTH_WELLKNOWN_URL: 'https://pocketid.frodo.dfas4.de/.well-known/openid-configuration'
OAUTH_CLIENT_ID: 'b924f978-a3e8-4842-95ef-f1e106258bb5'
OAUTH_CLIENT_SECRET: 'iuNTyEZDCUhUDJC3Vi8jF2fQt2M2zkvO'
OAUTH_PROVIDER_NAME: 'PocketID'
# OPENAI_API_KEY: ...
# You almost never want to change the value of the DATA_DIR variable.
# If you want to mount a custom directory, change the volume mapping above instead.
DATA_DIR: /data # DON'T CHANGE THIS
labels:
labels:
- "traefik.enable=true"
- "traefik.http.routers.karakeep.rule=Host(`karakeep.gandalf.dfas4.de`)"
- "traefik.http.routers.karakeep.entrypoints=websecure"
- "traefik.http.routers.karakeep.tls=true"
- "traefik.http.routers.karakeep.tls.certresolver=myresolver"
- "traefik.http.services.karakeep.loadbalancer.server.port=3000"
- "traefik.http.routers.karakeep.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.karakeep.tls.domains[0].sans=*.gandalf.dfas4.de"
networks:
- proxy
- default
chrome:
image: gcr.io/zenika-hub/alpine-chrome:124
restart: unless-stopped
command:
- --no-sandbox
- --disable-gpu
- --disable-dev-shm-usage
- --remote-debugging-address=0.0.0.0
- --remote-debugging-port=9222
- --hide-scrollbars
networks:
- default
meilisearch:
image: getmeili/meilisearch:v1.13.3
restart: unless-stopped
env_file:
- .env
environment:
MEILI_NO_ANALYTICS: "true"
volumes:
- meilisearch:/meili_data
networks:
- default
volumes:
meilisearch:
data:
networks:
proxy:
name: proxy

51
opennotebook/docker-compose.yml Normal file
View File

@@ -0,0 +1,51 @@
services:
surrealdb:
image: surrealdb/surrealdb:v2
command: start --log info --user root --pass root rocksdb:/mydata/mydatabase.db
user: root
volumes:
- ./data/surreal:/mydata
restart: always
networks:
- default
open_notebook:
image: lfnovo/open_notebook:v1-latest
environment:
- SURREAL_URL=ws://surrealdb:8000/rpc
- SURREAL_USER=root
- SURREAL_PASSWORD=root
- SURREAL_NAMESPACE=open_notebook
- SURREAL_DATABASE=open_notebook
- API_URL=https://opennotebook-api.gandalf.dfas4.de
env_file:
- .env
volumes:
- ./data/opennotebook:/app/data
depends_on:
- surrealdb
restart: always
networks:
- default
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.opennotebook.rule=Host(`opennotebook.gandalf.dfas4.de`)"
- "traefik.http.routers.opennotebook.entrypoints=websecure"
- "traefik.http.routers.opennotebook.tls=true"
- "traefik.http.routers.opennotebook.tls.certresolver=myresolver"
- "traefik.http.services.opennotebook.loadbalancer.server.port=8502"
- "traefik.http.routers.opennotebook.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.opennotebook.tls.domains[0].sans=*.gandalf.dfas4.de"
- "traefik.http.routers.opennotebook.service=opennotebook"
- "traefik.http.routers.opennotebookapi.rule=Host(`opennotebook-api.gandalf.dfas4.de`)"
- "traefik.http.routers.opennotebookapi.entrypoints=websecure"
- "traefik.http.routers.opennotebookapi.tls=true"
- "traefik.http.routers.opennotebookapi.tls.certresolver=myresolver"
- "traefik.http.routers.opennotebookapi.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.opennotebookapi.tls.domains[0].sans=*.gandalf.dfas4.de"
- "traefik.http.services.opennotebookapi.loadbalancer.server.port=5055"
- "traefik.http.routers.opennotebookapi.service=opennotebookapi"
networks:
proxy:
name: proxy

30
openwebui/docker-compose.yml Normal file
View File

@@ -0,0 +1,30 @@
services:
open-webui:
image: ghcr.io/open-webui/open-webui:0.9.4
restart: unless-stopped
environment:
- ENABLE_OLLAMA_API=false
- ENABLE_RAG_WEB_SEARCH=true
- RAG_WEB_SEARCH_ENGINE=searxng
- ENABLE_OAUTH_SIGNUP=true
- ENABLE_SIGNUP=false
- WEBUI_URL=https://openwebui.gandalf.dfas4.de
- USER_AGENT="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
env_file:
- .env
volumes:
- ./data:/app/backend/data
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.openwebui.rule=Host(`openwebui.gandalf.dfas4.de`)"
- "traefik.http.routers.openwebui.entrypoints=websecure"
- "traefik.http.routers.openwebui.tls=true"
- "traefik.http.routers.openwebui.tls.certresolver=myresolver"
- "traefik.http.services.openwebui.loadbalancer.server.port=8080"
- "traefik.http.routers.openwebui.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.openwebui.tls.domains[0].sans=*.gandalf.dfas4.de"
networks:
proxy:
name: proxy

64
paperless-ngx/docker-compose.yml Normal file
View File

@@ -0,0 +1,64 @@
# Docker Compose file for running paperless from the Docker Hub.
# This file contains everything paperless needs to run.
# Paperless supports amd64, arm and arm64 hardware.
#
# All compose files of paperless configure paperless in the following way:
#
# - Paperless is (re)started on system boot, if it was running before shutdown.
# - Docker volumes for storing data are managed by Docker.
# - Folders for importing and exporting files are created in the same directory
# as this file and mounted to the correct folders inside the container.
# - Paperless listens on port 8000.
#
# SQLite is used as the database. The SQLite file is stored in the data volume.
#
# To install and update paperless with this file, do the following:
#
# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env'
# and '.env' into a folder.
# - Run 'docker compose pull'.
# - Run 'docker compose run --rm webserver createsuperuser' to create a user.
# - Run 'docker compose up -d'.
#
# For more extensive installation and update instructions, refer to the
# documentation.
version: "3.4"
services:
broker:
image: docker.io/library/redis:7
restart: unless-stopped
volumes:
- /var/data/paperless-ngx/data/redisdata:/data
networks:
- default
webserver:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
restart: unless-stopped
depends_on:
- broker
# ports:
# - "8010:8000"
volumes:
- /var/data/paperless-ngx/data/data:/usr/src/paperless/data
- /var/data/paperless-ngx/data/media:/usr/src/paperless/media
- /var/data/paperless-ngx/data/./export:/usr/src/paperless/export
- /var/data/paperless-ngx/data/./consume:/usr/src/paperless/consume
env_file: docker-compose.env
environment:
PAPERLESS_REDIS: redis://broker:6379
labels:
- "traefik.enable=true"
- "traefik.http.routers.paperless.rule=Host(`paperless.gandalf.dfas4.de`)"
- "traefik.http.routers.paperless.entrypoints=websecure"
- "traefik.http.routers.paperless.tls=true"
- "traefik.http.routers.paperless.tls.certresolver=myresolver"
- "traefik.http.services.paperless.loadbalancer.server.port=8000"
- "traefik.http.routers.paperless.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.paperless.tls.domains[0].sans=*.gandalf.dfas4.de"
networks:
- proxy
- default
networks:
proxy:
name: proxy

33
pocketid/docker-compose.yml Normal file
View File

@@ -0,0 +1,33 @@
services:
pocketid:
image: ghcr.io/pocket-id/pocket-id:v2
container_name: pocket-id
restart: unless-stopped
environment:
- APP_URL=https://pocket-id.coreos.home
- ENCRYPTION_KEY_FILE=/keys/key
volumes:
- "./data/keys:/keys"
- "./data/app_data:/app/data"
labels:
- "traefik.enable=true"
- "traefik.http.routers.pocket-id.entrypoints=websecure"
- "traefik.http.routers.pocket-id.rule=Host(`pocket-id.coreos.home`)"
- "traefik.http.routers.pocket-id.tls=true"
- "traefik.http.routers.pocket-id.service=pocket-id"
- "traefik.http.services.pocket-id.loadbalancer.server.port=1411"
- "traefik.docker.network=proxy"
ports:
- 1411:1411
networks:
- proxy
# Optional healthcheck
healthcheck:
test: [ "CMD", "/app/pocket-id", "healthcheck" ]
interval: 1m30s
timeout: 5s
retries: 2
start_period: 10s
networks:
proxy:
external: true

21
privatemodeai/docker-compose.yml Normal file
View File

@@ -0,0 +1,21 @@
services:
privatemode-proxy:
image: ghcr.io/edgelesssys/privatemode/privatemode-proxy:latest
restart: unless-stopped
env_file:
- .env
command: ["--apiKey", "${API_KEY}"]
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.privatemode-proxy.rule=Host(`privatemodeai.gandalf.dfas4.de`)"
- "traefik.http.routers.privatemode-proxy.entrypoints=websecure"
- "traefik.http.routers.privatemode-proxy.tls=true"
- "traefik.http.routers.privatemode-proxy.tls.certresolver=myresolver"
- "traefik.http.services.privatemode-proxy.loadbalancer.server.port=8080"
- "traefik.http.routers.privatemode-proxy.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.privatemode-proxy.tls.domains[0].sans=*.gandalf.dfas4.de"
networks:
proxy:
name: proxy

21
searxng/docker-compose.yml Normal file
View File

@@ -0,0 +1,21 @@
services:
searxng:
image: searxng/searxng:latest
container_name: searxng
volumes:
- ./data/searxng:/etc/searxng:rw
restart: unless-stopped
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.searxng.rule=Host(`searxng.gandalf.dfas4.de`)"
- "traefik.http.routers.searxng.entrypoints=websecure"
- "traefik.http.routers.searxng.tls=true"
- "traefik.http.routers.searxng.tls.certresolver=myresolver"
- "traefik.http.services.searxng.loadbalancer.server.port=8080"
- "traefik.http.routers.searxng.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.searxng.tls.domains[0].sans=*.gandalf.dfas4.de"
networks:
proxy:
name: proxy

8
sponsor-block/docker-compose.yml Normal file
View File

@@ -0,0 +1,8 @@
version: '3.3'
services:
iSponsorBlockTV:
image: ghcr.io/dmunozv04/isponsorblocktv
container_name: iSponsorBlockTV
restart: unless-stopped
volumes:
- /var/data/sponsor-block/data:/app/data #enter the same pathway as you used for your configurator in step 1

19
tinfoil-proxy/docker-compose.yml Normal file
View File

@@ -0,0 +1,19 @@
services:
tinfoil-cli:
restart: unless-stopped
image: ghcr.io/tinfoilsh/tinfoil-cli:latest
command: proxy -e inference.tinfoil.sh -r tinfoilsh/confidential-model-router -b 0.0.0.0 -p 8081
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.tinfoil-proxy.rule=Host(`tinfoil.gandalf.dfas4.de`)"
- "traefik.http.routers.tinfoil-proxy.entrypoints=websecure"
- "traefik.http.routers.tinfoil-proxy.tls=true"
- "traefik.http.routers.tinfoil-proxy.tls.certresolver=myresolver"
- "traefik.http.services.tinfoil-proxy.loadbalancer.server.port=8081"
- "traefik.http.routers.tinfoil-proxy.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.tinfoil-proxy.tls.domains[0].sans=*.gandalf.dfas4.de"
networks:
proxy:
name: proxy

75
traccar/docker-compose.yml Normal file
View File

@@ -0,0 +1,75 @@
services:
database:
image: timescale/timescaledb:latest-pg16
restart: unless-stopped
environment:
POSTGRES_DB: traccar
POSTGRES_USER: ${DATABASE_USER}
POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
TIMESCALEDB_TELEMETRY: "off"
volumes:
- ./data/db:/var/lib/postgresql/data
networks:
- default
traccar:
image: traccar/traccar:latest
restart: unless-stopped
depends_on:
- database
environment:
CONFIG_USE_ENVIRONMENT_VARIABLES: "true"
DATABASE_DRIVER: org.postgresql.Driver
DATABASE_URL: jdbc:postgresql://database:5432/traccar
DATABASE_USER: ${DATABASE_USER}
DATABASE_PASSWORD: ${DATABASE_PASSWORD}
healthcheck:
test: [ "CMD", "wget", "-q", "--spider", "http://localhost:8082/api/health" ]
interval: 2m
timeout: 5s
start_period: 1h
retries: 3
# ports:
# - "8082:8082"
# - "5000-5500:5000-5500"
volumes:
- ./data/logs:/opt/traccar/logs
- ./data/config:/opt/traccar/conf
networks:
- default
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.traccar.rule=Host(`traccar.gandalf.dfas4.de`)"
- "traefik.http.routers.traccar.entrypoints=websecure"
- "traefik.http.routers.traccar.tls=true"
- "traefik.http.routers.traccar.tls.certresolver=myresolver"
- "traefik.http.services.traccar.loadbalancer.server.port=8082"
- "traefik.http.routers.traccar.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.traccar.tls.domains[0].sans=*.gandalf.dfas4.de"
autoheal:
image: willfarrell/autoheal:latest
restart: unless-stopped
networks:
- default
environment:
AUTOHEAL_CONTAINER_LABEL: all
AUTOHEAL_INTERVAL: 60
AUTOHEAL_START_PERIOD: 3600
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
bridge:
restart: unless-stopped
depends_on:
- traccar
build: https://github.com/jannisko/findmy-traccar-bridge.git
volumes:
- ./data/bridge:/bridge/data
- ./data/airtags:/bridge/plists
environment:
BRIDGE_TRACCAR_SERVER: "http://traccar:5055"
networks:
- default
networks:
proxy:
name: proxy

67
traefik/docker-compose.yml Normal file
View File

@@ -0,0 +1,67 @@
# docker-compose.yml
services:
traefik:
image: traefik:v3.6
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
environment:
- "ACME_DNS_API_BASE=https://acme.frodo.dfas4.de"
- "ACME_DNS_STORAGE_PATH=/etc/traefik/acmedns.json"
command:
# EntryPoints
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls=true"
# Attach the static configuration tls.yaml file that contains the tls configuration settings
# - "--providers.file.filename=/dynamic/tls.yaml"
# Providers
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=proxy"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=acmedns"
# API & Dashboard
- "--api.dashboard=true"
- "--api.insecure=false"
# Observability
- "--log.level=DEBUG"
- "--accesslog=true"
- "--metrics.prometheus=true"
# Traefik Dynamic configuration via Docker labels
labels:
# Enable selfrouting
- "traefik.enable=true"
# Dashboard router
- "traefik.http.routers.dashboard.rule=Host(`dashboard.gandalf.dfas4.de`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=myresolver"
# Basicauth middleware
- "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$apr1$$XeLtTjGP$$lGii1xpCSV/Zwj6.POmum/"
- "traefik.http.routers.dashboard.middlewares=dashboard-auth@docker"
- "traefik.http.routers.dashboard.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.dashboard.tls.domains[0].sans=*.gandalf.dfas4.de"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data/acmedns.json:/etc/traefik/acmedns.json
networks:
- proxy
networks:
proxy:
name: proxy

23
vane/docker-compose.yml Normal file
View File

@@ -0,0 +1,23 @@
services:
vane:
image: itzcrazykns1337/vane:slim-latest
container_name: vane
env_file:
- .env
volumes:
- ./data:/home/vane/data
restart: unless-stopped
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.vane.rule=Host(`vane.gandalf.dfas4.de`)"
- "traefik.http.routers.vane.entrypoints=websecure"
- "traefik.http.routers.vane.tls=true"
- "traefik.http.routers.vane.tls.certresolver=myresolver"
- "traefik.http.services.vane.loadbalancer.server.port=3000"
- "traefik.http.routers.vane.tls.domains[0].main=gandalf.dfas4.de"
- "traefik.http.routers.vane.tls.domains[0].sans=*.gandalf.dfas4.de"
networks:
proxy:
name: proxy