skobkin/docker-stacks
skobkin/docker-stacks
2
2
Fork 0
Code Issues 45 Pull requests 1 Releases Activity

Compare commits

base: skobkin:master
Branches Tags
skobkin:master
skobkin:feature_94_mqtt
skobkin:feature_remark42
..
compare: skobkin:feature_remark42
Branches Tags
skobkin:master
skobkin:feature_94_mqtt
skobkin:feature_remark42

4 commits
master ... feature_re

Author SHA1 Message Date
Alexey Skobkin 461fa16d50 remark42. port binding fixed.
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details
2022-04-10 19:09:15 +03:00
Alexey Skobkin 8c1a95bdb1 remark42. Telegram configuration fix.
All checks were successful
continuous-integration/drone/push Build is passing
Details
2022-04-10 18:34:17 +03:00
Alexey Skobkin 69307ca7ac remark42. fix IMAGE env var.
All checks were successful
continuous-integration/drone/push Build is passing
Details
2022-04-10 17:58:35 +03:00
Alexey Skobkin f8a786c720
remark42. draft.
All checks were successful
continuous-integration/drone/push Build is passing
Details
2022-04-10 16:30:17 +03:00
119 changed files with 603 additions and 1865 deletions
Show stats Expand all files Collapse all files

12
.drone.yml
View file

@ -1,16 +1,10 @@
kind: pipeline
type: docker
name: validate-pr
name: default
steps:
- name: validate
image: 'dockette/docker:latest'
image: 'docker/compose:1.29.2'
commands:
- for DIR in */ ; do if [[ $(expr match "$DIR" "_.*") != 0 ]] ; then echo "SKIPPING $DIR" && continue; fi && test -f $DIR/.env.dist && cp $DIR/.env.dist $DIR/.env ; done
- for DIR in */ ; do if [[ $(expr match "$DIR" "_.*") != 0 ]] ; then echo "SKIPPING $DIR" && continue; fi && echo $DIR && cd $DIR && docker compose config && cd .. ; done
trigger:
event:
include:
- pull_request
- for DIR in */ ; do if [[ $(expr match "$DIR" "_.*") != 0 ]] ; then echo "SKIPPING $DIR" && continue; fi && echo $DIR && cd $DIR && docker-compose config && cd .. ; done

34
README.md
View file

@ -33,54 +33,44 @@ You need to change your database configuration to be able to do that. Check
Not every stack is tested to fully work.
| App Name | Status | Image | Description | Links |
|-------------------------|-------------|----------------------------------------------|-------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|-------------------------|---------------|----------------------------------------------|----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ARK Server | ✅ | `thmhoag/arkserver` | ARK: Survival Evolved game server with ArkManager. | [Website](http://playark.com), [Steam](https://store.steampowered.com/app/346110/ARK_Survival_Evolved/), [Image Github](https://github.com/thmhoag/arkserver), [ArkManager](https://github.com/arkmanager/ark-server-tools) |
| Castopod | ✅ | `castopod/castopod` | Self-hosted federated podcasting platform | [Website](https://castopod.org), [Gitlab](https://code.castopod.org/adaures/castopod) |
| Drone | ✅ | `drone/drone` | Continuous integration platform. | [Website](https://www.drone.io), [Github](https://github.com/harness/drone), [Image](https://hub.docker.com/r/drone/drone) |
| Drone Docker Runner | ✅ | `drone/drone-runner-docker` | CI runner daemon for Docker. | [Website](https://www.drone.io), [Github](https://github.com/drone-runners/drone-runner-docker), [Image](https://hub.docker.com/r/drone/drone-runner-docker) |
| Duplicati | ✅ | `linuxserver/duplicati` | Backup solution with many storage backends. | [Website](https://www.duplicati.com), [Github](https://github.com/duplicati/duplicati) |
| Element-web | ✅ | `vectorim/element-web` | Web Matrix client. | [Website](https://element.io), [Github](https://github.com/vector-im/element-web/) |
| emby | ✅ | `emby/embyserver` | Media server with online transcoding support. | [Website](https://emby.media) |
| Firefly III | Not tested | `fireflyiii/core` | Bookkeeping software. | [Website](https://docs.firefly-iii.org), [Github](https://github.com/firefly-iii/firefly-iii) |
| Folding@Home | ✅ | `johnktims/folding-at-home` | Protein folding distributed computing platform. | [Website](https://foldingathome.org), [My guide](https://skobk.in/2020/06/folding-at-home-quick-start/) |
| Forgejo | ✅ | `codeberg.org/forgejo/forgejo` | Lightweight Git hosting platform. | [Website](https://forgejo.org), [Github](https://codeberg.org/forgejo/forgejo) |
| Gatus | ✅ | `twinproduction/gatus` | Advanced service(s) status page. | [Website](https://gatus.io), [Github](https://github.com/TwiN/gatus) |
| HedgeDoc | ✅ | `lscr.io/linuxserver/hedgedoc` | Collaborative text editor. | [Website](https://hedgedoc.org), [Github](https://github.com/hedgedoc/hedgedoc) |
| Home Assistant | ✅ | `ghcr.io/home-assistant/home-assistant` | Home automation suite. | [Website](https://www.home-assistant.io/), [Github](https://github.com/home-assistant) |
| Gitea | ✅ | `gitea/gitea` | Lightweight Git hosting platfom. | [Website](https://gitea.io/), [Github](https://github.com/go-gitea/gitea) |
| Homer | ✅ | `b4bz/homer` | Server homepage generator. | [Github](https://github.com/bastienwirtz/homer), [Demo](https://homer-demo.netlify.app), [Configuration](https://github.com/bastienwirtz/homer/blob/main/docs/configuration.md) |
| I2PD | ✅ | `purplei2p/i2pd` | The Invisible Internet router. | [Website](https://i2pd.website), [Github](https://github.com/PurpleI2P/i2pd/), [I2P project](https://geti2p.net/) |
| Immich | ✅ | `ghcr.io/immich-app/immich-server` | Self-hosted photo and video management solution. | [Website](https://immich.app), [Github](https://github.com/immich-app/immich) |
| InBucket | ✅ | `inbucket/inbucket` | Testing SMTP/POP3 mail server with web interface. | [Website](https://www.inbucket.org), [Github](https://github.com/inbucket/inbucket) |
| Killing Floor 2 server | ✅ Abandoned | `jeeaaasustest/killingfloor2-srv` | Killing Floor 2 game server. | |
| ~~JDownloader~~ | ✅ Abandoned | `jaymoulin/jdownloader` | Download manager with paid/ad file hosting support. | [Website](https://jdownloader.org) |
| ~~Joplin~~ | ✅ Abandoned | `joplin/server` | Markdown GTD / notes manager synchronization server. | [Website](https://joplinapp.org), [Github](https://github.com/laurent22/joplin) |
| Lidarr | Not tested | `linuxserver/lidarr` | Music downloader and manager. | [Website](https://lidarr.audio), [Github](https://github.com/Lidarr/Lidarr), [Wiki](https://wiki.servarr.com/lidarr) |
| magnetico-web | ✅ | `skobkin/magnetico-web` | DHT indexer private web search front-end. | [Git](https://git.skobk.in/skobkin/magnetico-web), [Git mirror](https://gitlab.com/skobkin/magnetico-web) |
| magnetico-web-telegram | ✅ | `skobkin/magnetico-web-telegram-bot` | Magnetico Web Telegram bot. | [Bitbucket](https://bitbucket.org/skobkin/magnetico-web-telegram-bot/) |
| magneticod | ✅ | `boramalper/magneticod` | DHT indexing daemon. | [Website](https://www.boramalper.org/labs/magnetico/), [Github](https://github.com/boramalper/magnetico) |
| Matrix Telegram Bridge | ✅ | `dock.mau.dev/mautrix/telegram` | Telegram bridge for Matrix server | [Gitlab](https://mau.dev/mautrix/telegram/) |
| ~~magneticod-python~~ | ✅ Abandoned | `skobkin/magneticod-python` | DHT indexing daemon (legacy version) | [Website](https://www.boramalper.org/labs/magnetico/), [Github](https://github.com/boramalper/magnetico) |
| ~~mariadb-common~~ | ❌ Unfinished | `mariadb` | MariaDB database for common use. | [Website](https://mariadb.org) |
| Metube | ✅ | `alexta69/metube` | Web GUI for yt-dlp. | [Github](https://github.com/alexta69/metube) |
| Mosquitto | ✅ | `iegomez/mosquitto-go-auth` | Simple and fast MQTT server with Go Auth plugin. | [Plugin Github](https://github.com/iegomez/mosquitto-go-auth), [Mosquitto website](https://mosquitto.org) |
| Murmur (Mumble server) | ✅ | `registry.gitlab.com/skobkin/docker-murmur` | Mumble VoIP server (custom build) | [Website](https://www.mumble.info), [Github](https://github.com/mumble-voip/mumble) |
| Ollama | ✅ | `ollama/ollama` | Toolkit for easily running LLM's locally. | [Website](https://ollama.com), [Github](https://github.com/ollama/ollama) |
| Murmur | ✅ | `registry.gitlab.com/skobkin/docker-murmur` | Mumble VoIP server (custom build) | [Website](https://www.mumble.info), [Github](https://github.com/mumble-voip/mumble) |
| NextCloud | ❌ Unfinished | `nextcloud` | File management, synchronization, management and GTD platform. | [Website](https://nextcloud.com), [Github](https://github.com/nextcloud/server) |
| Open Streaming Platform | ✅ | `deamos/openstreamingplatform` | Live streaming platform. | [Website](https://openstreamingplatform.com), [Gitlab](https://gitlab.com/osp-group/flask-nginx-rtmp-manager) |
| OpenVPN | ✅ | `kylemanna/openvpn` | OpenVPN server with some management toolkit. | [Website](https://openvpn.net), [Image Github](https://www.github.com/kylemanna/docker-openvpn) |
| Owncast | ✅ | `gabekangas/owncast` | Live streaming platform with federation support. | [Website](https://owncast.online), [Github](https://github.com/owncast/owncast) |
| Portainer | ✅ | `portainer/portainer` | Docker Container management web UI. | [Website](https://www.portainer.io), [Github](https://github.com/portainer/portainer) |
| ~~Postgres Common~~ | ❌ Unfinished | `postgres` | PostgreSQL database for common use. | [Website](https://www.postgresql.org) |
| Proxy MTProto | ✅ | `mtproxy/mtproxy` | MTProto Telegram proxy. | [Website](https://telegram.org), [Github](https://github.com/TelegramMessenger/MTProxy) |
| Proxy Socks5 | ✅ | `serjs/go-socks5-proxy` | Simple SOCKS5 proxy. | [Github](https://github.com/serjs/socks5-server) |
| qBittorrent | ✅ | `linuxserver/qbittorrent` | qBittorrent (noX) | [Website](https://www.qbittorrent.org), [LinuxServer Fleet](https://fleet.linuxserver.io/image?name=linuxserver/qbittorrent) |
| Radarr | ✅ | `linuxserver/radarr` | Movie downloader and manager. | [Website](https://radarr.video), [Github](https://github.com/Radarr/Radarr), [Wiki](https://wiki.servarr.com/radarr) |
| Redis | ✅ | `redis` | Redis storage server. | [Website](https://redis.io), [Github](https://github.com/redis/redis-io) |
| Shadowsocks Client | ✅ | `ghcr.io/shadowsocks/sslocal-rust:latest` | Shadowsocks client (and SOCKS/HTTP/tunnel server). | [Website](https://shadowsocks.org), [Github](https://github.com/shadowsocks/shadowsocks-rust), [Configuration](https://github.com/shadowsocks/shadowsocks-rust#getting-started) |
| Sish | ✅ | `antoniomika/sish` | Localhost tunneling solution over SSH | [Docs](https://docs.ssi.sh/getting-started), [Github](https://github.com/antoniomika/sish) |
| Shinobi | ✅ | `shinobisystems/shinobi` | Shinobi surveillance system | [Website](https://shinobi.video), [Github](https://github.com/ShinobiCCTV/Shinobi) |
| Remark42 | ❌ Unfinished | `umputun/remark42` | Privacy-oriented comment system. | [Website](https://remark42.com/), [Github](https://github.com/umputun/remark42), [Docs](https://remark42.com/docs/getting-started/installation/) |
| Sonarr | ✅ | `linuxserver/sonarr` | TV Shows, series and anime downloader and manager. | [Website](https://sonarr.tv), [Github](https://github.com/Sonarr/Sonarr), [Wiki](https://wiki.servarr.com/sonarr) |
| Speedtest | ✅ | `adolfintel/speedtest` | Libre speed test implementation. | [Website](https://librespeed.org), [Github](https://github.com/librespeed/speedtest) |
| Synapse | ✅ | `matrixdotorg/synapse` | Matrix reference server written in Python. | [Website](https://matrix.org/docs/projects/server/synapse), [Github](https://github.com/matrix-org/synapse), [Installation and configuration](https://matrix-org.github.io/synapse/latest/setup/installation.html) |
| Syncthing | ✅ | `linuxserver/syncthing` | P2P file synchronization daemon. | [Website](https://syncthing.net), [Github](https://github.com/syncthing/syncthing) |
| Telegram LLM Bot | ✅ | `skobkin/telegram-llm-bot` | Simple Telegram bot to interact with LLM running in Ollama | [Forgejo repository](https://git.skobk.in/skobkin/telegram-ollama-reply-bot) |
| Telegram RSS Bot | ✅ | `miroslavsckaya/tg-rss-bot` | Telegram RSS Bot by @Miroslavsckaya. | [Gitea](https://git.skobk.in/Miroslavsckaya/tg_rss_bot/), [Github Mirror](https://github.com/Miroslavsckaya/tg_rss_bot) |
| Tor OBFS4 Bridge | ✅ | `thetorproject/obfs4-bridge` | Tor OBFS4 Bridge for Tor blocking bypass. | [Website](https://community.torproject.org/relay/setup/bridge/), [Gitlab](https://gitlab.torproject.org/tpo/anti-censorship/docker-obfs4-bridge), [Manual](https://community.torproject.org/relay/setup/bridge/docker/) |
| Tor Privoxy | ✅ | `registry.gitlab.com/skobkin/torproxy-obfs4` | Tor image with integrated privoxy and OBFS4 bridge support. | [Original image Github](https://github.com/dperson/torproxy), [OBFS4 support image Gitlab](https://gitlab.com/skobkin/torproxy-obfs4) |
| Transmission | ✅ | `lscr.io/linuxserver/transmission` | Torrent client suitable for NAS. | [Github](https://github.com/linuxserver/docker-transmission), [LinuxServer Fleet](https://hub.docker.com/r/linuxserver/transmission) |
| Watchtower | ✅ | `containrrr/watchtower` | Docker container auto-update daemon. | [Website](https://containrrr.dev/watchtower/), [Github](https://github.com/containrrr/watchtower) |
| Webhook.site | | `webhooksite/webhook.site` | HTTP callback testing tool | [Website](https://webhook.site), [Github](https://github.com/webhooksite/webhook.site) |
| Wireguard | ❌ Unfinished | `cmulk/wireguard-docker` | WireGuard VPN. | [Website](https://www.wireguard.com), [Image Github](https://github.com/cmulk/wireguard-docker) |
| ~~Wordpress~~ | ❌ Unfinished | `wordpress` | Wordpress blogging platform. | [Webiste](https://wordpress.org), [SVN](https://build.trac.wordpress.org/browser) |

57
castopod/.env.dist
View file

@ -1,57 +0,0 @@
# see https://docs.castopod.org/main/en/getting-started/docker/
# see https://hub.docker.com/r/castopod/castopod
# see https://docs.castopod.org/main/en/getting-started/docker/#environment-variables
IMAGE_TAG=latest
# Ports
EXTERNAL_ADDRESS=127.0.0.1
EXTERNAL_PORT=8393
# Castopod Settings
CP_BASEURL=https://cp.domain.tld
#CP_MEDIA_BASEURL=https://cp.domain.tld
CP_ANALYTICS_SALT=changeme
#CP_CACHE_HANDLER=redis
#CP_REDIS_HOST=redis
CP_REDIS_PASSWORD=changeme
#CP_ADMIN_GATEWAY=custom-admin-path
#CP_AUTH_GATEWAY=custom-auth-path
#CP_ENABLE_2FA=true
CP_DATABASE_HOSTNAME=host.docker.internal
CP_DATABASE_NAME=castopod
CP_DATABASE_USERNAME=castopod
CP_DATABASE_PASSWORD=changeme
# Storage
MEDIA_PATH=./media
REDIS_DATA_PATH=./redis_data
# See https://docs.castopod.org/main/en/getting-started/install/#s3
#CP_MEDIA_FILE_MANAGER="s3"
#CP_MEDIA_S3_ENDPOINT="your_s3_host"
#CP_MEDIA_S3_KEY="your_s3_key"
#CP_MEDIA_S3_SECRET="your_s3_secret"
#CP_MEDIA_S3_REGION="your_s3_region"
##CP_MEDIA_S3_BUCKET="your_s3_bucket"
##CP_MEDIA_S3_PROTOCOL=
##CP_MEDIA_S3_PATH_STYLE_ENDPOINT=
##CP_MEDIA_S3_KEY_PREFIX=
#CP_MAX_BODY_SIZE=512M
# Mailing
#CP_EMAIL_FROM=your_email_address
#CP_EMAIL_SMTP_HOST=your_smtp_host
#CP_EMAIL_SMTP_USERNAME=your_smtp_user
#CP_EMAIL_SMTP_PASSWORD=your_smtp_password
##CP_EMAIL_SMTP_PORT=12345
##CP_EMAIL_SMTP_CRYPTO=tls
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

46
castopod/docker-compose.yml
View file

@ -1,46 +0,0 @@
services:
castopod:
image: 'castopod/castopod:${IMAGE_TAG:-latest}'
container_name: 'castopod'
volumes:
- '${MEDIA_PATH:-./media}:/var/www/castopod/public/media'
environment:
MYSQL_DATABASE: '${CP_DATABASE_NAME:-castopod}'
MYSQL_USER: '${CP_DATABASE_USERNAME:-castopod}'
MYSQL_PASSWORD: '${CP_DATABASE_PASSWORD}'
CP_BASEURL: "${CP_BASEURL}"
CP_ANALYTICS_SALT: '${CP_ANALYTICS_SALT}'
CP_CACHE_HANDLER: '${CP_CACHE_HANDLER:-redis}'
CP_REDIS_HOST: '${CP_REDIS_HOST:-redis}'
CP_REDIS_PASSWORD: '${CP_REDIS_PASSWORD}'
env_file: '.env'
networks:
- castopod
extra_hosts:
- 'host.docker.internal:host-gateway'
ports:
- '${EXTERNAL_ADDRESS:-127.0.0.1}:${EXTERNAL_PORT:-8393}:8000'
restart: unless-stopped
logging:
driver: 'json-file'
options:
max-size: '${LOG_MAX_SIZE:-5m}'
max-file: '${LOG_MAX_FILE:-5}'
redis:
image: 'redis:7.2-alpine'
container_name: 'castopod-redis'
command: '--requirepass ${CP_REDIS_PASSWORD}'
volumes:
- '${REDIS_DATA_PATH:-./redis_data}:/data'
networks:
- castopod
restart: unless-stopped
logging:
driver: 'json-file'
options:
max-size: '${LOG_MAX_SIZE:-5m}'
max-file: '${LOG_MAX_FILE:-5}'
networks:
castopod:

3
emby/.env.dist
View file

@ -11,9 +11,6 @@ HOST_MULTIMEDIA_DIR=/mnt/multimedia
# Leave as it is unless you really need something else
INT_MULTIMEDIA_DIR=/libraries
# Uncomment this for AMD GPU video acceleration
#VIDEO_ACCEL_DEVICE=/dev/dri/renderD128
WEBUI_BIND_ADDR=0.0.0.0
WEBUI_BIND_PORT=8096
WEBUI_INT_BIND_PORT=8096

4
emby/docker-compose.yml
View file

@ -1,5 +1,5 @@
# https://hub.docker.com/r/emby/embyserver
version: '3.8'
version: '3.7'
services:
emby:
@ -8,8 +8,6 @@ services:
volumes:
- "${HOST_CONFIG_DIR:-./config}:/config"
- "${HOST_MULTIMEDIA_DIR}:${INT_MULTIMEDIA_DIR:-/libraries}"
devices:
- "${VIDEO_ACCEL_DEVICE:-/dev/null}:${VIDEO_ACCEL_DEVICE:-/dev/null}"
ports:
- "${WEBUI_BIND_ADDR:-127.0.0.1}:${WEBUI_BIND_PORT:-8096}:${WEBUI_INT_BIND_PORT:-8096}/tcp"
# Use reverse-proxy instead

315
firefly-iii/.env.dist
View file

@ -1,315 +0,0 @@
# see https://docs.firefly-iii.org/how-to/firefly-iii/installation/docker/
# see https://hub.docker.com/r/fireflyiii/core
IMAGE_TAG=latest
WEB_BIND_ADDR=127.0.0.1
WEB_BIND_PORT=8392
UPLOAD_DIR=./upload
DB_DIR=./db
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5
# Firefly
#
# Please make sure this URL matches the external URL of your Firefly III installation.
# It is used to validate specific requests and to generate URLs in emails.
#
APP_URL=http://localhost
# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
# Never set it to "testing".
APP_ENV=production
# Set to true if you want to see debug information in error screens.
APP_DEBUG=false
# This should be your email address.
# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE
# The variable is used in some errors shown to users who aren't admin.
SITE_OWNER=mail@example.com
# The encryption key for your sessions. Keep this very secure.
# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it.
# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE
#
# Avoid the "#" character in your APP_KEY, it may break things.
#
APP_KEY=SomeRandomStringOf32CharsExactly
# Firefly III will launch using this language (for new users and unauthenticated visitors)
# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang
#
# If text is still in English, remember that not everything may have been translated.
DEFAULT_LANGUAGE=en_US
# The locale defines how numbers are formatted.
# by default this value is the same as whatever the language is.
DEFAULT_LOCALE=equal
# Change this value to your preferred time zone.
# Example: Europe/Amsterdam
# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=Europe/Moscow
# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
# Set it to ** and reverse proxies work just fine.
TRUSTED_PROXIES=**
# The log channel defines where your log entries go to.
# Several other options exist. You can use 'single' for one big fat error log (not recommended).
# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself.
# A rotating log option is 'daily', creates 5 files that (surprise) rotate.
# A cool option is 'papertrail' for cloud logging
# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time.
LOG_CHANNEL=stack
# Log level. You can set this from least severe to most severe:
# debug, info, notice, warning, error, critical, alert, emergency
# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
# nothing will get logged, ever.
APP_LOG_LEVEL=notice
# Audit log level.
# The audit log is used to log notable Firefly III events on a separate channel.
# These log entries may contain sensitive financial information.
# The audit log is disabled by default.
#
# To enable it, set AUDIT_LOG_LEVEL to "info"
# To disable it, set AUDIT_LOG_LEVEL to "emergency"
AUDIT_LOG_LEVEL=emergency
#
# If you want, you can redirect the audit logs to another channel.
# Set 'audit_stdout', 'audit_syslog', 'audit_errorlog' to log to the system itself.
# Use audit_daily to log to a rotating file.
# Use audit_papertrail to log to papertrail.
#
# If you do this, the audit logs may be mixed with normal logs because the settings for these channels
# are often the same as the settings for the normal logs.
AUDIT_LOG_CHANNEL=
#
# Used when logging to papertrail:
# Also used when audit logs log to papertrail:
#
PAPERTRAIL_HOST=
PAPERTRAIL_PORT=
# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
# For other database types, please see the FAQ: https://docs.firefly-iii.org/references/faq/install/#i-want-to-use-sqlite
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
# Use "pgsql" for PostgreSQL
# Use "mysql" for MySQL and MariaDB.
# Use "sqlite" for SQLite.
DB_CONNECTION=mysql
DB_HOST=db
DB_PORT=3306
DB_DATABASE=firefly
DB_USERNAME=firefly
DB_PASSWORD=secret_firefly_password
# leave empty or omit when not using a socket connection
DB_SOCKET=
# MySQL supports SSL. You can configure it here.
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MYSQL_USE_SSL=false
MYSQL_SSL_VERIFY_SERVER_CERT=true
# You need to set at least of these options
MYSQL_SSL_CAPATH=/etc/ssl/certs/
MYSQL_SSL_CA=
MYSQL_SSL_CERT=
MYSQL_SSL_KEY=
MYSQL_SSL_CIPHER=
# If you're looking for performance improvements, you could install memcached or redis
# Check https://raw.githubusercontent.com/firefly-iii/firefly-iii/main/.env.example for Redis example
CACHE_DRIVER=file
SESSION_DRIVER=file
# Cookie settings. Should not be necessary to change these.
# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set
# the value from a file instead of from an environment variable
# Setting samesite to "strict" may give you trouble logging in.
COOKIE_PATH="/"
COOKIE_DOMAIN=
COOKIE_SECURE=false
COOKIE_SAMESITE=lax
# If you want Firefly III to email you, update these settings
# For instructions, see: https://docs.firefly-iii.org/how-to/firefly-iii/advanced/notifications/#email
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
#MAIL_MAILER=log
MAIL_MAILER=smtp
MAIL_HOST=smtp-relay.sendinblue.com
MAIL_PORT=587
MAIL_FROM=firefly@domain.tld
MAIL_USERNAME=username
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
#MAIL_SENDMAIL_COMMAND=
# Firefly III can send you the following messages.
SEND_ERROR_MESSAGE=true
# These messages contain (sensitive) transaction information:
#SEND_REPORT_JOURNALS=true
SEND_REPORT_JOURNALS=false
# Set this value to true if you want to set the location of certain things, like transactions.
# Since this involves an external service, it's optional and disabled by default.
ENABLE_EXTERNAL_MAP=false
#
# Enable or disable exchange rate conversion. This function isn't used yet by Firefly III
#
ENABLE_EXCHANGE_RATES=false
# Set this value to true if you want Firefly III to download currency exchange rates
# from the internet. These rates are hosted by the creator of Firefly III inside
# an Azure Storage Container.
# Not all currencies may be available. Rates may be wrong.
ENABLE_EXTERNAL_RATES=false
# The map will default to this location:
MAP_DEFAULT_LAT=51.983333
MAP_DEFAULT_LONG=5.916667
MAP_DEFAULT_ZOOM=6
#
# Some objects have room for an URL, like transactions and webhooks.
# By default, the following protocols are allowed:
# http, https, ftp, ftps, mailto
#
# To change this, set your preferred comma separated set below.
# Be sure to include http, https and other default ones if you need to.
#
VALID_URL_PROTOCOLS=
#
# Firefly III authentication settings
#
#
# Firefly III supports a few authentication methods:
# - 'web' (default, uses built in DB)
# - 'remote_user_guard' for Authelia etc
# Read more about these settings in the documentation.
# https://docs.firefly-iii.org/how-to/firefly-iii/advanced/authentication/
#
# LDAP is no longer supported :(
#
AUTHENTICATION_GUARD=web
#
# Remote user guard settings
#
AUTHENTICATION_GUARD_HEADER=REMOTE_USER
AUTHENTICATION_GUARD_EMAIL=
#
# Firefly III generates a basic keypair for your OAuth tokens.
# If you want, you can overrule the key with your own (secure) value.
# It's also possible to set PASSPORT_PUBLIC_KEY_FILE or PASSPORT_PRIVATE_KEY_FILE
# if you're using Docker secrets or similar solutions for secret management
#
PASSPORT_PRIVATE_KEY=
PASSPORT_PUBLIC_KEY=
#
# Extra authentication settings
#
CUSTOM_LOGOUT_URL=
# You can disable the X-Frame-Options header if it interferes with tools like
# Organizr. This is at your own risk. Applications running in frames run the risk
# of leaking information to their parent frame.
DISABLE_FRAME_HEADER=false
# You can disable the Content Security Policy header when you're using an ancient browser
# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
# This is at your own risk.
DISABLE_CSP_HEADER=false
# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here.
# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to.
# Do not prepend the TRACKER_URL with http:// or https://
# The only tracker supported is Matomo.
# You can set the following variables from a file by appending them with _FILE:
TRACKER_SITE_ID=
TRACKER_URL=
#
# Firefly III supports webhooks. These are security sensitive and must be enabled manually first.
#
ALLOW_WEBHOOKS=false
#
# The static cron job token can be useful when you use Docker and wish to manage cron jobs.
# 1. Set this token to any 32-character value (this is important!).
# 2. Use this token in the cron URL instead of a user's command line token that you can find in /profile
#
# For more info: https://docs.firefly-iii.org/how-to/firefly-iii/advanced/cron/
#
# You can set this variable from a file by appending it with _FILE
#
STATIC_CRON_TOKEN=ChangeThisValueToSomeSecret
# You can fine tune the start-up of a Docker container by editing these environment variables.
# Use this at your own risk. Disabling certain checks and features may result in lots of inconsistent data.
# However if you know what you're doing you can significantly speed up container start times.
# Set each value to true to enable, or false to disable.
# Set this to true to build all locales supported by Firefly III.
# This may take quite some time (several minutes) and is generally not recommended.
# If you wish to change or alter the list of locales, start your Docker container with
# `docker run -v locale.gen:/etc/locale.gen -e DKR_BUILD_LOCALE=true`
# and make sure your preferred locales are in your own locale.gen.
DKR_BUILD_LOCALE=false
# Check if the SQLite database exists. Can be skipped if you're not using SQLite.
# Won't significantly speed up things.
DKR_CHECK_SQLITE=true
# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists
# and is up to date.
DKR_RUN_MIGRATION=true
# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date
# with the latest fixes (outside of migrations!)
DKR_RUN_UPGRADE=true
# Verify database integrity. Includes all data checks and verifications.
# Disabling this makes Firefly III assume your DB is intact.
DKR_RUN_VERIFY=true
# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state.
# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues.
DKR_RUN_REPORT=true
# Generate OAuth2 keys.
# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if)
# you had previously generated keys already and they're stored in your database for restoration.
DKR_RUN_PASSPORT_INSTALL=true
# Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing.
APP_NAME=FireflyIII
BROADCAST_DRIVER=log
QUEUE_DRIVER=sync
CACHE_PREFIX=firefly
PUSHER_KEY=
IPINFO_TOKEN=
PUSHER_SECRET=
PUSHER_ID=
DEMO_USERNAME=
DEMO_PASSWORD=
#
# The v2 layout is very experimental. If it breaks you get to keep both parts.
# Be wary of data loss.
#
FIREFLY_III_LAYOUT=v1

2
firefly-iii/db/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

50
firefly-iii/docker-compose.yml
View file

@ -1,50 +0,0 @@
version: '3.8'
services:
app:
image: 'fireflyiii/core:${IMAGE_TAG:-latest}'
hostname: app
container_name: firefly_iii_core
restart: always
volumes:
- '${UPLOAD_DIR:-./upload}:/var/www/html/storage/upload'
env_file: .env
networks:
- firefly_iii
ports:
- '${WEB_BIND_ADDR:-127.0.0.1}:${WEB_BIND_PORT:-8392}:8080/tcp'
depends_on:
- db
db:
image: mariadb:lts
hostname: db
container_name: firefly_iii_db
restart: always
env_file: .env
environment:
MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
MYSQL_USER: '${DB_USERNAME:-firefly}'
MYSQL_PASSWORD: '${DB_PASSWORD}'
MYSQL_DATABASE: '${DB_DATABASE:-firefly}'
networks:
- firefly_iii
volumes:
- '${DB_DIR:-./db}:/var/lib/mysql'
cron:
#
# To make this work, set STATIC_CRON_TOKEN in your .env file or as an environment variable and replace REPLACEME below
# The STATIC_CRON_TOKEN must be *exactly* 32 characters long
#
image: alpine
restart: always
container_name: firefly_iii_cron
env_file: .env
command: sh -c "echo \"0 3 * * * wget -qO- http://app:8080/api/v1/cron/${STATIC_CRON_TOKEN}\" | crontab - && crond -f -L /dev/stdout"
networks:
- firefly_iii
networks:
firefly_iii:
driver: bridge

23
firefly-iii/nginx/firefly.conf
View file

@ -1,23 +0,0 @@
server {
listen 443 ssl http2;
server_name ff.domain.tld;
access_log /var/log/nginx/ff.domain.tld.access;
error_log /var/log/nginx/ff.domain.tld.error;
charset utf-8;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8392;
}
#include config/gzip.conf;
# SSL config
#include ssl/domain.tld.conf;
}

2
firefly-iii/upload/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

2
forgejo/data/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

21
forgejo/docker-compose.yml
View file

@ -1,21 +0,0 @@
version: '3.7'
services:
server:
image: "codeberg.org/forgejo/forgejo:${IMAGE_TAG:-1.21}"
container_name: forgejo
restart: unless-stopped
network_mode: host
ports:
- "${HTTP_BIND_ADDR:-127.0.0.1}:${EXT_HTTP_PORT:-3000}:3000"
- "${EXT_SSH_PORT:-222}:22"
volumes:
- "${HOST_DATA_DIR:-./data}:/data"
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- "FORGEJO__database__DB_TYPE=postgres"
- "FORGEJO__database__HOST=${DB_HOST:-db}:${DB_PORT:-5432}"
- "FORGEJO__database__NAME=${DB_NAME:-forgejo}"
- "FORGEJO__database__USER=${DB_USER:-forgejo}"
- "FORGEJO__database__PASSWD=${DB_PASSWD:-forgejo}"

10
forgejo/.env.dist → gitea/.env.dist
View file

@ -1,9 +1,7 @@
# see https://forgejo.org/docs/latest/admin/installation-docker/
# see https://docs.gitea.io/en-us/install-with-docker/
USER_UID=1000
USER_GID=1000
IMAGE_TAG=1.21
HOST_DATA_DIR=./data
HOST_PG_DATA_DIR=./db
HTTP_BIND_ADDR=127.0.0.1
@ -14,9 +12,9 @@ EXT_SSH_PORT=222
# Leave default for embedded database
DB_HOST=db
DB_PORT=5432
DB_NAME=forgejo
DB_USER=forgejo
DB_PASSWD=forgejo
DB_NAME=gitea
DB_USER=gitea
DB_PASSWD=gitea
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

0
castopod/media/.gitignore → gitea/data/.gitignore vendored
View file

21
gitea/docker-compose.yml Normal file
View file

@ -0,0 +1,21 @@
version: '3.7'
services:
server:
image: gitea/gitea:latest
container_name: gitea
restart: unless-stopped
network_mode: host
ports:
- "${HTTP_BIND_ADDR:-127.0.0.1}:${EXT_HTTP_PORT:-3000}:3000"
- "${EXT_SSH_PORT:-222}:22"
volumes:
- "${HOST_DATA_DIR:-./data}:/data"
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- GITEA__database__DB_TYPE=postgres
- "GITEA__database__HOST=${DB_HOST:-db}:${DB_PORT:-5432}"
- "GITEA__database__NAME=${DB_NAME:-gitea}"
- "GITEA__database__USER=${DB_USER:-gitea}"
- "GITEA__database__PASSWD=${DB_PASSWD:-gitea}"

26
forgejo/docker-compose_embedded_db.yml → gitea/docker-compose_embedded_db.yml
View file

@ -1,18 +1,18 @@
version: '3.7'
networks:
forgejo:
gitea:
external: false
services:
server:
image: "codeberg.org/forgejo/forgejo:${IMAGE_TAG:-1.21}"
container_name: forgejo
image: gitea/gitea:latest
container_name: gitea
depends_on:
- db
restart: unless-stopped
networks:
- forgejo
- gitea
ports:
- "${HTTP_BIND_ADDR:-127.0.0.1}:${EXT_HTTP_PORT:-3000}:3000"
- "${EXT_SSH_PORT:-222}:22"
@ -21,20 +21,20 @@ services:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- "FORGEJO__database__DB_TYPE=postgres"
- "FORGEJO__database__HOST=${DB_HOST:-db}:${DB_PORT:-5432}"
- "FORGEJO__database__NAME=${DB_NAME:-forgejo}"
- "FORGEJO__database__USER=${DB_USER:-forgejo}"
- "FORGEJO__database__PASSWD=${DB_PASSWD:-forgejo}"
- GITEA__database__DB_TYPE=postgres
- "GITEA__database__HOST=${DB_HOST:-db}:${DB_PORT:-5432}"
- "GITEA__database__NAME=${DB_NAME:-gitea}"
- "GITEA__database__USER=${DB_USER:-gitea}"
- "GITEA__database__PASSWD=${DB_PASSWD:-gitea}"
db:
image: postgres:13
restart: unless-stopped
environment:
- "POSTGRES_USER=${DB_USER:-forgejo}"
- "POSTGRES_PASSWORD=${DB_PASSWD:-forgejo}"
- "POSTGRES_DB=${DB_NAME:-forgejo}"
- "POSTGRES_USER=${DB_USER:-gitea}"
- "POSTGRES_PASSWORD=${DB_PASSWD:-gitea}"
- "POSTGRES_DB=${DB_NAME:-gitea}"
networks:
- forgejo
- gitea
volumes:
- "${HOST_PG_DATA_DIR:-./db}:/var/lib/postgresql/data"

0
forgejo/nginx/gitea.conf → gitea/nginx/gitea.conf
View file

31
hedgedoc/.env.dist
View file

@ -1,31 +0,0 @@
# https://hub.docker.com/r/linuxserver/hedgedoc
# https://docs.hedgedoc.org/configuration/
#IMAGE_TAG=latest
USER_ID=1000
GROUP_ID=1000
WEB_ADDRESS=127.0.0.1
WEB_PORT=8394
DOMAIN=hedgedoc.domain.tld
DIR_CONFIG=./config
DATABASE_HOST=host.docker.internal
DATABASE_PORT=3306
#DATABASE_NAME=hedgedoc
#DATABASE_USER=hedgedoc
DATABASE_PASS=*ChangeMe*
#DATABASE_DIALECT=postgres
TIMEZONE=Europe/Moscow
#CMD_ALLOW_GRAVATAR=false
# https://docs.hedgedoc.org/configuration/#login-methods
# Github Login
#CMD_GITHUB_CLIENTID=123
#CMD_GITHUB_CLIENTSECRET=456

2
hedgedoc/config/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

32
hedgedoc/docker-compose.yml
View file

@ -1,32 +0,0 @@
services:
hedgedoc:
image: 'lscr.io/linuxserver/hedgedoc:${IMAGE_TAG:-latest}'
container_name: 'hedgedoc'
env_file: '.env'
environment:
- 'PUID=${USER_ID:-1000}'
- 'PGID=${GROUP_ID:-1000}'
- 'TZ=${TIMEZONE:-Europe/Moscow}'
- 'DB_HOST=${DATABASE_HOST:-host.docker.internal}'
- 'DB_PORT=${DATABASE_PORT:-3306}'
- 'DB_USER=${DATABASE_USER:-hedgedoc}'
- 'DB_PASS=${DATABASE_PASS}'
- 'DB_NAME=${DATABASE_NAME:-hedgedoc}'
- 'CMD_DOMAIN=${DOMAIN}'
#- 'CMD_URL_ADDPORT=false' #optional
- 'CMD_PROTOCOL_USESSL=true' #optional
- 'CMD_PORT=${WEB_PORT:-8394}' #optional
- 'CMD_DB_DIALECT=${DATABASE_DIALECT:-mariadb}' #optional
- CMD_ALLOW_ORIGIN=['${DOMAIN}'] #optional
volumes:
- '${DIR_CONFIG:-./config}:/config'
extra_hosts:
- 'host.docker.internal:host-gateway'
ports:
- '${WEB_ADDRESS:-127.0.0.1}:${WEB_PORT:-8394}:${WEB_PORT:-8394}'
restart: unless-stopped
logging:
driver: 'json-file'
options:
max-size: '${LOG_MAX_SIZE:-5m}'
max-file: '${LOG_MAX_FILE:-5}'

44
hedgedoc/nginx/hedgedoc.conf
View file

@ -1,44 +0,0 @@
upstream hedgedoc {
server 127.0.0.1:8394;
}
server {
listen 443 ssl http2;
server_name hedgedoc.domain.tld;
access_log /var/log/nginx/hedgedoc.domain.tld.access;
error_log /var/log/nginx/hedgedoc.domain.tld.error;
charset utf-8;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_pass http://hedgedoc;
}
location /socket.io/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_pass http://hedgedoc;
}
include config/gzip.conf;
# Wildcard certificate config
include ssl/domain.tld.conf;
}

8
home-assistant/.env.dist
View file

@ -1,8 +0,0 @@
# see https://www.home-assistant.io/installation/linux#install-home-assistant-container
#IMAGE_TAG=stable
HOST_CONFIG_DIR=./config
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

17
home-assistant/README.md
View file

@ -1,17 +0,0 @@
# Home Assistant
## Using with reverse proxy (like Nginx)
If you're using Home Assistant with reverse proxy, you need to enable it and add trusted proxy address. Otherwise you
will get 400 (Bad Request) each time you try to open HA's web interface.
To achieve that edit `configuration.yaml` after it was generated at first launch and add missing options.
```yaml
# config/configuration.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- '127.0.0.1'
- '::1'
```

2
home-assistant/config/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

19
home-assistant/docker-compose.yml
View file

@ -1,19 +0,0 @@
# https://www.home-assistant.io/installation/linux#install-home-assistant-container
version: '3.8'
services:
homeassistant:
container_name: homeassistant
image: 'ghcr.io/home-assistant/home-assistant:${IMAGE_TAG:-stable}'
volumes:
- '${HOST_CONFIG_DIR:-./config}:/config'
- '/etc/localtime:/etc/localtime:ro'
restart: unless-stopped
privileged: true
network_mode: host
env_file: .env
logging:
driver: 'json-file'
options:
max-size: '${LOG_MAX_SIZE:-5m}'
max-file: '${LOG_MAX_FILE:-5}'

24
home-assistant/nginx/home-assistant.conf
View file

@ -1,24 +0,0 @@
server {
listen 80;
server_name ha.domain.tld;
#charset utf-8;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_hide_header X-Powered-By; ## Hides nginx server version from bad guys.
proxy_set_header Range $http_range; ## Allows specific chunks of a file to be requested.
proxy_set_header If-Range $http_if_range; ## Allows specific chunks of a file to be requested.
#proxy_set_header X-Real-IP $http_CF_Connecting_IP; ## if you use cloudflare un-comment this line and comment out above line.
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_pass http://localhost:8123/;
}
}

38
immich/.env.dist
View file

@ -1,38 +0,0 @@
# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables
BIND_ADDRESS=127.0.0.1
BIND_PORT=2283
# Available modes: shared, internal
# Shared allows to publish database ports on host which may be useful for a backup
# Internal mode leave the database inside the stack network
#DB_MODE=shared
#DB_EXTERNAL_ADDRESS=127.0.0.1
#DB_EXTERNAL_PORT=5430
# The location where your uploaded files are stored
UPLOAD_LOCATION=./library
MODEL_CACHE_LOCATION=./model-cache
# The location where your database files are stored
DB_DATA_LOCATION=./db
# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
# TZ=Etc/UTC
#HWACCEL_TRANSCODING=vaapi
#HWACCEL_ML=
# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=release
# Connection secret for postgres. You should change it to a random password
# Please use only the characters `A-Za-z0-9`, without special characters or spaces
DB_PASSWORD=ChangeMe
# The values below this line do not need to be changed
###################################################################################
DB_USERNAME=immich
DB_DATABASE_NAME=immich
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

110
immich/docker-compose.yml
View file

@ -1,110 +0,0 @@
#
# WARNING: Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
#
name: immich
services:
immich-server:
container_name: immich_server
image: 'ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}'
extends:
file: 'hwaccel.transcoding.yml'
service: '${HWACCEL_TRANSCODING:-cpu}' # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- '${UPLOAD_LOCATION:-./upload}:/usr/src/app/upload'
- '/etc/localtime:/etc/localtime:ro'
env_file:
- .env
ports:
- '${BIND_ADDRESS:-127.0.0.1}:${BIND_PORT:-2283}:2283'
depends_on:
- redis
- database
restart: unless-stopped
# healthcheck:
# disable: false
logging:
driver: 'json-file'
options:
max-size: '${LOG_MAX_SIZE:-5m}'
max-file: '${LOG_MAX_FILE:-5}'
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: 'ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}'
extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
file: 'hwaccel.ml.yml'
service: '${HWACCEL_ML:-cpu}' # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- '${MODEL_CACHE_LOCATION:-./model-cache}:/cache'
env_file:
- .env
restart: unless-stopped
# healthcheck:
# disable: false
logging:
driver: 'json-file'
options:
max-size: '${LOG_MAX_SIZE:-5m}'
max-file: '${LOG_MAX_FILE:-5}'
redis:
container_name: immich_redis
image: 'docker.io/redis:6.2-alpine@sha256:2ba50e1ac3a0ea17b736ce9db2b0a9f6f8b85d4c27d5f5accc6a416d8f42c6d5'
healthcheck:
test: redis-cli ping || exit 1
restart: unless-stopped
logging:
driver: 'json-file'
options:
max-size: '${LOG_MAX_SIZE:-5m}'
max-file: '${LOG_MAX_FILE:-5}'
database:
container_name: immich_postgres
image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
extends:
file: 'share_db.yaml'
service: '${DB_MODE:-internal}' # set to one of [shared, internal]
environment:
POSTGRES_PASSWORD: '${DB_PASSWORD}'
POSTGRES_USER: '${DB_USERNAME}'
POSTGRES_DB: '${DB_DATABASE_NAME}'
POSTGRES_INITDB_ARGS: '--data-checksums'
volumes:
- '${DB_DATA_LOCATION:-./db}:/var/lib/postgresql/data'
healthcheck:
test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
interval: 5m
#start_interval: 30s
start_period: 5m
command:
[
'postgres',
'-c',
'shared_preload_libraries=vectors.so',
'-c',
'search_path="$$user", public, vectors',
'-c',
'logging_collector=on',
'-c',
'max_wal_size=2GB',
'-c',
'shared_buffers=512MB',
'-c',
'wal_compression=on',
]
restart: unless-stopped
logging:
driver: 'json-file'
options:
max-size: '${LOG_MAX_SIZE:-5m}'
max-file: '${LOG_MAX_FILE:-5}'

43
immich/hwaccel.ml.yml
View file

@ -1,43 +0,0 @@
# Configurations for hardware-accelerated machine learning
# If using Unraid or another platform that doesn't allow multiple Compose files,
# you can inline the config for a backend by copying its contents
# into the immich-machine-learning service in the docker-compose.yml file.
# See https://immich.app/docs/features/ml-hardware-acceleration for info on usage.
services:
armnn:
devices:
- /dev/mali0:/dev/mali0
volumes:
- /lib/firmware/mali_csffw.bin:/lib/firmware/mali_csffw.bin:ro # Mali firmware for your chipset (not always required depending on the driver)
- /usr/lib/libmali.so:/usr/lib/libmali.so:ro # Mali driver for your chipset (always required)
cpu: {}
cuda:
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities:
- gpu
openvino:
device_cgroup_rules:
- 'c 189:* rmw'
devices:
- /dev/dri:/dev/dri
volumes:
- /dev/bus/usb:/dev/bus/usb
openvino-wsl:
devices:
- /dev/dri:/dev/dri
- /dev/dxg:/dev/dxg
volumes:
- /dev/bus/usb:/dev/bus/usb
- /usr/lib/wsl:/usr/lib/wsl

54
immich/hwaccel.transcoding.yml
View file

@ -1,54 +0,0 @@
# Configurations for hardware-accelerated transcoding
# If using Unraid or another platform that doesn't allow multiple Compose files,
# you can inline the config for a backend by copying its contents
# into the immich-microservices service in the docker-compose.yml file.
# See https://immich.app/docs/features/hardware-transcoding for more info on using hardware transcoding.
services:
cpu: {}
nvenc:
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities:
- gpu
- compute
- video
quicksync:
devices:
- /dev/dri:/dev/dri
rkmpp:
security_opt: # enables full access to /sys and /proc, still far better than privileged: true
- systempaths=unconfined
- apparmor=unconfined
group_add:
- video
devices:
- /dev/rga:/dev/rga
- /dev/dri:/dev/dri
- /dev/dma_heap:/dev/dma_heap
- /dev/mpp_service:/dev/mpp_service
#- /dev/mali0:/dev/mali0 # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
volumes:
#- /etc/OpenCL:/etc/OpenCL:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
#- /usr/lib/aarch64-linux-gnu/libmali.so.1:/usr/lib/aarch64-linux-gnu/libmali.so.1:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
vaapi:
devices:
- /dev/dri:/dev/dri
vaapi-wsl: # use this for VAAPI if you're running Immich in WSL2
devices:
- /dev/dri:/dev/dri
volumes:
- /usr/lib/wsl:/usr/lib/wsl
environment:
- LIBVA_DRIVER_NAME=d3d12

2
immich/model-cache/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

6
immich/share_db.yaml
View file

@ -1,6 +0,0 @@
services:
internal: {}
shared:
ports:
- '${DB_EXTERNAL_ADDRESS:-127.0.0.1}:${DB_EXTERNAL_PORT:-5430}:5432'

2
immich/upload/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

26
inbucket/.env.dist
View file

@ -1,26 +0,0 @@
HOST_SMTP_ADDR=0.0.0.0
HOST_SMTP_PORT=2500
HOST_POP3_ADDR=0.0.0.0
HOST_POP3_PORT=1100
HOST_HTTP_ADDR=0.0.0.0
HOST_HTTP_PORT=8389
# https://github.com/inbucket/inbucket/blob/main/doc/config.md
INBUCKET_STORAGE_TYPE=memory
INBUCKET_STORAGE_RETENTIONPERIOD=24h
INBUCKET_STORAGE_MAILBOXMSGCAP=500
INBUCKET_WEB_MONITORVISIBLE=true
INBUCKET_WEB_MONITORHISTORY=30
INBUCKET_POP3_DOMAIN=inbucket
INBUCKET_SMTP_DOMAIN=inbucket
#INBUCKET_SMTP_ACCEPTDOMAINS=
#INBUCKET_SMTP_REJECTDOMAINS=
INBUCKET_SMTP_DEFAULTSTORE=true
#INBUCKET_SMTP_STOREDOMAINS=
#INBUCKET_SMTP_DISCARDDOMAINS=
# Use local or full addressing
INBUCKET_MAILBOXNAMING=local
# debug, info, warn, or error
INBUCKET_LOGLEVEL=warn

2
inbucket/data/.gitignore vendored
View file

@ -1,2 +0,0 @@
*
!.gitignore

15
inbucket/docker-compose.yml
View file

@ -1,15 +0,0 @@
version: '3.7'
services:
inbucket:
image: inbucket/inbucket:latest
container_name: inbucket
ports:
- "${HOST_HTTP_ADDR:-0.0.0.0}:${HOST_HTTP_PORT:-8389}:9000/tcp"
- "${HOST_SMTP_ADDR:-0.0.0.0}:${HOST_SMTP_PORT:-8389}:2500/tcp"
- "${HOST_POP3_ADDR:-0.0.0.0}:${HOST_POP3_PORT:-8389}:1100/tcp"
volumes:
# Not used by default, you need to configure storage parameters to store on disk.
- ./data:/data/
env_file: .env
restart: unless-stopped

16
jdownloader/.env.dist Normal file
View file

@ -0,0 +1,16 @@
# see # https://hub.docker.com/r/jaymoulin/jdownloader
HOST_USER=1000
HOST_GROUP=1000
CONFIG_PATH=./config/config
LOGS_PATH=./config/logs
DOWNLOADS_PATH=./data
MYJD_BIND_PORT=3129
MYJD_USER=xxx@yyy.tld
MYJD_PASSWORD=qwerty
MYJD_DEVICE_NAME=mydevice
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

2
jdownloader/config/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
/*
!/.gitignore

2
jdownloader/data/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
/*
!/.gitignore

27
jdownloader/docker-compose.yml Normal file
View file

@ -0,0 +1,27 @@
# https://hub.docker.com/r/jaymoulin/jdownloader
version: '3.7'
services:
jdownloader:
image: jaymoulin/jdownloader
container_name: jdownloader
restart: unless-stopped
user: "${HOST_USER}:${HOST_GROUP}"
volumes:
- "${CONFIG_PATH:-./config/config}:/opt/JDownloader/app/cfg"
- "${DOWNLOADS_PATH:-./data}:/opt/JDownloader/Downloads"
- "${LOGS_PATH:-./config/logs}:/opt/JDownloader/app/logs" #optional
- /etc/localtime:/etc/localtime:ro #optional
env_file: ".env"
#environment:
#MYJD_USER: email@email.com #optional (see [Identify](https://github.com/jaymoulin/docker-jdownloader#identify))
#MYJD_PASSWORD: bar #optional (see [Identify](https://github.com/jaymoulin/docker-jdownloader#identify))
#MYJD_DEVICE_NAME: "${MYJD_DEVICE_NAME}" #optional
#XDG_DOWNLOAD_DIR: /opt/JDownloader/Downloads #optional
ports:
- "${MYJD_BIND_PORT:-3129}:3129"
logging:
driver: "json-file"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"

11
joplin/.env.dist Normal file
View file

@ -0,0 +1,11 @@
DB_CLIENT=pg
POSTGRES_PASSWORD=joplin
POSTGRES_DATABASE=joplin
POSTGRES_USER=joplin
POSTGRES_PORT=5432
#POSTGRES_HOST=db
APP_BASE_URL=https://domain.tld
APP_PORT=22300
EXTERNAL_PORT=8030

2
joplin/data/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
/*
!/.gitignore

22
joplin/docker-compose.yml Normal file
View file

@ -0,0 +1,22 @@
version: "3.7"
services:
db:
image: postgres:13
volumes:
- ./data/postgres:/var/lib/postgresql/data
expose:
- "5432"
restart: unless-stopped
env_file: .env
app:
image: joplin/server:latest
depends_on:
- db
ports:
- "127.0.0.1:${EXTERNAL_PORT:-8030}:22300"
env_file: .env
environment:
- POSTGRES_HOST=${POSTGRES_HOST:-db}
restart: unless-stopped
user: '${HOST_USER:-0}'

17
joplin/nginx/joplin.conf Normal file
View file

@ -0,0 +1,17 @@
server {
listen 443 ssl http2;
server_name joplin.domain.tld;
access_log /var/log/nginx/joplin.domain.tld.access;
error_log /var/log/nginx/joplin.domain.tld.error;
charset utf-8;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8030;
}
# Wildcard certificate config
#include ssl/joplin.domain.tld.conf;
}

35
magnetico-web/.env.dist
View file

@ -1,35 +0,0 @@
# For up-to-date reference check: https://git.skobk.in/skobkin/magnetico-web/src/branch/master/.env
APP_SECRET=abcxyz
APP_DATABASE_URL=postgres://magnetico-web:password@host.docker.internal:5432/magnetico-web?application_name=magnetico_web
MAGNETICOD_DATABASE_URL=postgres://magneticod:password@host.docker.internal:5432/magneticod?application_name=magnetico_web
REDIS_DSN=redis://host.docker.internal:6379/0
# !!! USE 'REMOTE_ADDR' ONLY BEHIND REVERSE PROXY !!!
TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR
###> sentry/sentry-symfony ###
SENTRY_DSN=https://abcxyz@sentry.io/123456
###< sentry/sentry-symfony ###
###> symfony/mailer ###
MAILER_DSN=smtp://mail@domain.tld:password@smtp.domain.tld:587
MAILER_FROM=no-reply@domain.tld
###< symfony/mailer ###
###> excelwebzone/recaptcha-bundle ###
EWZ_RECAPTCHA_SITE_KEY=key
EWZ_RECAPTCHA_SECRET=secret
###< excelwebzone/recaptcha-bundle ###
# docker-compose
LOG_PATH=./logs
#HOST_USER=0
#HOST_USER=www-data
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

2
magnetico-web/.gitignore vendored
View file

@ -1,2 +0,0 @@
logs/*
!logs/.gitkeep

21
magnetico-web/docker-compose.yml
View file

@ -1,21 +0,0 @@
version: '3.7'
services:
magnetico-web:
image: skobkin/magnetico-web
container_name: magnetico-web
hostname: magnetico-web
extra_hosts:
- 'host.docker.internal:host-gateway'
ports:
- "127.0.0.1:${EXT_HTTP_PORT:-8080}:8080/tcp"
restart: unless-stopped
user: "${HOST_USER:-0}"
volumes:
- "${LOG_PATH:-./logs}:/app/var/log"
env_file: .env
logging:
driver: "json-file"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"

6
magneticod-python/.env.dist Normal file
View file

@ -0,0 +1,6 @@
# see https://cloud.docker.com/repository/docker/skobkin/magneticod-python
MAGNETICO_PORT=64879
# docker-compose substitution
HOST_DB_PATH=/root/.local/share/magneticod
HOST_USER=0

17
magneticod-python/docker-compose.yml Normal file
View file

@ -0,0 +1,17 @@
version: '3.7'
services:
magneticod:
image: skobkin/magneticod-python:latest
container_name: magneticod-python
# Using host mode to be able to simply apply firewall rules to disable connection tracking
# https://github.com/boramalper/magnetico/blob/master/cmd/magneticod/README.md#setup
network_mode: "host"
ports:
- "${MAGNETICO_PORT}:${MAGNETICO_PORT}/udp"
env_file: .env
volumes:
- "${HOST_DB_PATH}:/data"
user: "${HOST_USER}"
restart: unless-stopped
command: "--node-addr 0.0.0.0:${MAGNETICO_PORT} --database-file /data/database.sqlite3"

4
magneticod/docker-compose.yml
View file

@ -6,9 +6,7 @@ services:
container_name: magneticod
# Using host mode to be able to simply apply firewall rules to disable connection tracking
# https://github.com/boramalper/magnetico/blob/master/cmd/magneticod/README.md#setup
#network_mode: "host"
extra_hosts:
- 'host.docker.internal:host-gateway'
network_mode: "host"
ports:
- "${MAGNETICO_PORT}:${MAGNETICO_PORT}/udp"
env_file: .env

2
mariadb-common/.env.dist Normal file
View file

@ -0,0 +1,2 @@
MYSQL_ROOT_PASSWORD=password
COMMON_DATABASE_NETWORK=database-net

23
mariadb-common/docker-compose.yml Normal file
View file

@ -0,0 +1,23 @@
version: '3.7'
services:
mariadb-common:
image: mariadb:10
container_name: mariadb-common
env_file: .env
networks:
- db-network
ports:
- "127.0.0.1:3306:3306/tcp"
volumes:
# Database files
- mariadb-data:/var/lib/mysql
restart: unless-stopped
volumes:
mariadb-data:
networks:
db-network:
name: "${COMMON_DATABASE_NETWORK:-database-network}"
external: true

16
mosquitto/.env.dist
View file

@ -1,16 +0,0 @@
# Image version for Mosquitto with Go auth plugin
IMAGE_VERSION=latest
# External address binding for Mosquitto ports
BIND_ADDR=127.0.0.1
BIND_PORT_MQTT=1883
BIND_PORT_WS=1884
# Paths for configuration and data persistence
CONFIG_DIR=./config
DATA_DIR=./data
LOG_DIR=./logs
# Logging options
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

27
mosquitto/README.md
View file

@ -1,27 +0,0 @@
# Usage
## Configuration
```shell
cp config/files/acls.dist config/files/acls
cp config/files/passwords.dist config/files/passwords
cp config/files/passwords.dist config/files/passwords
cp config/mosquitto.conf.dist config/mosquitto.conf
cp -r config/conf.d.dist config/conf.d
```
Edit configuration to suit your needs.
## Passwords
To generate password hashes, you can use `pw` tool located at the `/mosquitto/pw` inside the container.
```shell
docker compose exec mosquitto sh
/mosquitto/pw --help
/mosquitto/pw -p MyPasswordString
```
## ACL's
Refer to the [documentation](https://github.com/iegomez/mosquitto-go-auth?tab=readme-ov-file#acl-file).

3
mosquitto/config/.gitignore vendored
View file

@ -1,3 +0,0 @@
mosquitto.conf
files/passwords
files/acls

19
mosquitto/config/conf.d.dist/go-auth.conf
View file

@ -1,19 +0,0 @@
# Path to the Go auth plugin shared object
auth_plugin /mosquitto/go-auth.so
# Configure the authentication backends (adjust as needed)
auth_opt_backends files
# Specify the paths for passwords and ACLs
# https://github.com/iegomez/mosquitto-go-auth?tab=readme-ov-file#files
# Hashes may be generated using the `/mosquitto/pw` utility
auth_opt_files_password_path /etc/mosquitto/files/passwords
auth_opt_files_acl_path /etc/mosquitto/files/acls
# Plugin-specific options (examples)
# https://github.com/iegomez/mosquitto-go-auth?tab=readme-ov-file#configuration
# auth_opt_postgres_host=db
# auth_opt_postgres_port=5432
# auth_opt_postgres_user=user
# auth_opt_postgres_password=password
# auth_opt_postgres_dbname=mqtt

12
mosquitto/config/files/acls.dist
View file

@ -1,12 +0,0 @@
user test1
topic write test/topic/1
topic read test/topic/2
user test2
topic read test/topic/+
user test3
topic read test/#
pattern read test/%u
pattern read test/%c

2
mosquitto/config/files/passwords.dist
View file

@ -1,2 +0,0 @@
test1:PBKDF2$sha512$100000$2WQHK5rjNN+oOT+TZAsWAw==$TDf4Y6J+9BdnjucFQ0ZUWlTwzncTjOOeE00W4Qm8lfPQyPCZACCjgfdK353jdGFwJjAf6vPAYaba9+z4GWK7Gg==
test2:PBKDF2$sha512$100000$o513B9FfaKTL6xalU+UUwA==$mAUtjVg1aHkDpudOnLKUQs8ddGtKKyu+xi07tftd5umPKQKnJeXf1X7RpoL/Gj/ZRdpuBu5GWZ+NZ2rYyAsi1g==

18
mosquitto/config/mosquitto.conf.dist
View file

@ -1,18 +0,0 @@
# Mosquitto configuration
persistence true
persistence_location /data
#log_dest file /logs/mosquitto.log
# Default listener for unencrypted connections
listener 1883
allow_anonymous false
# Optional TLS listener
listener 1884
# Uncomment and configure the following for TLS
# cafile /etc/mosquitto/ca_certificates/ca.crt
# certfile /etc/mosquitto/certs/server.crt
# keyfile /etc/mosquitto/certs/server.key
# Include directory for additional configuration files
include_dir /etc/mosquitto/conf.d

2
mosquitto/data/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

19
mosquitto/docker-compose.yml
View file

@ -1,19 +0,0 @@
services:
mosquitto:
image: "iegomez/mosquitto-go-auth:${IMAGE_VERSION:-latest}"
container_name: mosquitto
hostname: mosquitto
volumes:
- "${CONFIG_DIR:-./config}:/etc/mosquitto"
- "${DATA_DIR:-./data}:/data"
- "${LOG_DIR:-./logs}:/logs"
ports:
- "${BIND_ADDR:-127.0.0.1}:${BIND_PORT_MQTT:-1883}:1883"
- "${BIND_ADDR:-127.0.0.1}:${BIND_PORT_WS:-1884}:1884"
env_file: .env
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"

2
mosquitto/logs/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

3
murmur/.env.dist
View file

@ -1,7 +1,4 @@
# see https://cloud.docker.com/repository/docker/skobkin/murmur-official-static
#IMAGE_TAG=latest
MURMUR_HOSTNAME=mumble.skobk.in
LOG_MAX_SIZE=5m

5
murmur/docker-compose.yml
View file

@ -1,6 +1,8 @@
version: '3.7'
services:
murmur:
image: 'skobkin/murmur:${IMAGE_TAG:-latest}'
image: registry.gitlab.com/skobkin/docker-murmur:latest
container_name: murmur
ports:
- "64738:64738/tcp"
@ -20,3 +22,4 @@ services:
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"
# TODO: try to integrate with neilpang/acme.sh

16
nextcloud/.env.dist Normal file
View file

@ -0,0 +1,16 @@
PUID=1000
PGID=1000
TZ=Europe/Moscow
EXT_PORT=8443
# Volumes
# Database and configs
CONFIG_PATH=/path/to/config
# Location of user files
DATA_PATH=/path/to/data
# Logs
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

30
nextcloud/README.md Normal file
View file

@ -0,0 +1,30 @@
# Configuration
## Serve HTTP from the container
By default NextCloud internal Nginx config has redirects from internal 80 port
to 443 (HTTPS).
So if you want to reverse-proxy Nextcloud, you'll need to have a plain HTTP
connection to the Nextcloud.
Example of `/config/nginx/site-confs/default` changes:
```
#server {
# listen 80;
# listen [::]:80;
# server_name _;
# return 301 https://$host$request_uri;
#}
server {
#listen 443 ssl http2;
listen 80;
listen [::]:80;
#listen [::]:443 ssl http2;
server_name _;
#ssl_certificate /config/keys/cert.crt;
#ssl_certificate_key /config/keys/cert.key;
```
You'll have access to the Nextcloud Nginx config after first run of Nextcloud
container. Don't forget to configure `/config` bind mount.

21
nextcloud/docker-compose.yml Normal file
View file

@ -0,0 +1,21 @@
version: '3.7'
services:
nextcloud:
# https://hub.docker.com/r/linuxserver/nextcloud
image: linuxserver/nextcloud
container_name: nextcloud
#network_mode: "host"
ports:
# You need to modify /config/nginx/site-confs/default first to allow 80 port
- "127.0.0.1:${EXT_PORT}:80/tcp"
env_file: .env
volumes:
- "${CONFIG_PATH}:/config"
- "${DATA_PATH}:/data"
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"

18
nextcloud/etc/nginx/sites-available/nextcloud.domain.tld.conf.dist Normal file
View file

@ -0,0 +1,18 @@
server {
listen 443 ssl http2;
server_name nextcloud.server.tld;
#access_log /var/log/nginx/nextcloud.server.tld.access;
error_log /var/log/nginx/nextcloud.server.tld.error;
charset utf-8;
location / {
proxy_pass http://127.0.0.1:8443;
}
#include config/gzip.conf;
# Wildcard certificate config
#include ssl/server.tld.conf;
}

24
ollama/.env.dist
View file

@ -1,24 +0,0 @@
# see https://hub.docker.com/r/ollama/ollama
#OLLAMA_IMAGE_TAG=rocm
#OLLAMA_IMAGE_TAG=0.1.28-rocm
OLLAMA_IMAGE_TAG=latest
UI_IMAGE_TAG=main
# Ollama
HOST_OLLAMA_DATA_DIR=./data/ollama
HTTP_OLLAMA_BIND_ADDR=127.0.0.1
HTTP_OLLAMA_BIND_PORT=11434
DEV_KFD=/dev/kfd
DEV_DRI=/dev/dri
# The duration that models stay loaded in memory (default is "5m"
#OLLAMA_KEEP_ALIVE=5m
# Open WebUI
HOST_UI_DATA_DIR=./data/open-webui
HTTP_UI_BIND_ADDR=127.0.0.1
HTTP_UI_BIND_PORT=8010
UI_SECRET_KEY=changeme
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

2
ollama/data/ollama/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

2
ollama/data/open-webui/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

38
ollama/docker-compose.yml
View file

@ -1,38 +0,0 @@
version: '3.9'
services:
webui:
image: "ghcr.io/open-webui/open-webui:${UI_IMAGE_TAG:-main}"
container_name: ollama-open-webui
volumes:
- "${HOST_UI_DATA_DIR:-./data/open-webui}:/app/backend/data"
depends_on:
- ollama
ports:
- "${HTTP_UI_BIND_ADDR:-127.0.0.1}:${HTTP_UI_BIND_PORT-3000}:8080"
environment:
- "OLLAMA_API_BASE_URL=http://ollama:11434/api"
- "OLLAMA_BASE_URL=http://ollama:11434"
- 'WEBUI_SECRET_KEY=${UI_SECRET_KEY:-changeme}'
#extra_hosts:
# - host.docker.internal:host-gateway
restart: unless-stopped
ollama:
image: "ollama/ollama:${OLLAMA_IMAGE_TAG:-latest}"
container_name: ollama
#user: "${HOST_USER:-1000}"
volumes:
- "${HOST_OLLAMA_DATA_DIR:-./data}:/root/.ollama"
ports:
- "${HTTP_OLLAMA_BIND_ADDR:-127.0.0.1}:${HTTP_OLLAMA_BIND_PORT:-11434}:11434/tcp"
devices:
- "${DEV_DRI:-/dev/dri}:${DEV_DRI:-/dev/dri}"
- "${DEV_KFD:-/dev/kfd}:${DEV_KFD:-/dev/kfd}"
env_file: .env
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"

22
ollama/nginx/ollama-webui.conf
View file

@ -1,22 +0,0 @@
server {
listen 80;
server_name ai.domain.tld;
#charset utf-8;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_pass http://127.0.0.1:8010/;
}
}

2
postgres-common/.env.dist Normal file
View file

@ -0,0 +1,2 @@
POSTGRES_PASSWORD=password
COMMON_DATABASE_NETWORK=database-net

23
postgres-common/docker-compose.yml Normal file
View file

@ -0,0 +1,23 @@
version: '3.7'
services:
postgres-common:
image: postgres:12-alpine
container_name: postgres-common
env_file: .env
networks:
- db-network
ports:
- "127.0.0.1:5432:5432/tcp"
volumes:
# Database files
- postgres-data:/var/lib/postgresql/data
restart: unless-stopped
volumes:
postgres-data:
networks:
db-network:
name: "${COMMON_DATABASE_NETWORK:-database-network}"
external: true

6
redis/.env.dist
View file

@ -1,11 +1,7 @@
# https://hub.docker.com/_/redis
# Uncomment to use directory binding instead of docker volume (almost always not needed)
HOST_DATA_DIR=./data
# https://redis.io/docs/management/persistence/#snapshotting
PERSISTENCE_PERIOD_SEC=60
PERSISTENCE_MIN_OPS=1
LOG_LEVEL=warning
#DATA_PATH=/some/path
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

2
redis/data/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

9
redis/docker-compose.yml
View file

@ -1,13 +1,10 @@
version: '3.8'
version: '3.7'
services:
redis:
# https://hub.docker.com/_/redis
image: redis:alpine
container_name: redis
command: "redis-server --save ${PERSISTENCE_PERIOD_SEC:-60} ${PERSISTENCE_MIN_OPS:-1} --loglevel ${LOG_LEVEL:-warning}"
volumes:
- "${HOST_DATA_DIR:-./data}:/data"
ports:
- "127.0.0.1:6379:6379/tcp"
env_file: .env
@ -17,3 +14,7 @@ services:
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"
#volumes:
# redis_data:
# name: redis_data

76
remark42/.env.dist Normal file
View file

@ -0,0 +1,76 @@
# see https://hub.docker.com/r/umputun/remark42
IMAGE=umputun/remark42:latest
HOST_DATA_DIR=./data
WEBUI_BIND_ADDR=127.0.0.1
WEBUI_BIND_PORT=8388
# Remark42 settings
REMARK_URL=https://remark.domain.tld
SITE=site1,site2,site3
SECRET=AnyLongAndHardToGuessString
ADMIN_PASSWD=password
ADMIN_SHARED_ID=github_xxx,telegram_yyy
# Comment settings
LOW_SCORE=-5
CRITICAL_SCORE=-10
EDIT_TIME=5m
#RESTRICTED_NAMES=your-name
#EMOJI=false
#SIMPLE_VIEW=false
DEBUG=false
# Auth settings
# Anonymous
#AUTH_ANON=false
# Disqus
#AUTH_DISQUS_CID=xxx
#AUTH_DISQUS_CSEC=yyy
# Facebook
#AUTH_FACEBOOK_CID=xxx
#AUTH_FACEBOOK_CSEC=yyy
# Github
AUTH_GITHUB_CID=xxx
AUTH_GITHUB_CSEC=yyy
# Google
AUTH_GOOGLE_CID=xxx
AUTH_GOOGLE_CSEC=yyy
# Microsoft
#AUTH_MICROSOFT_CID=xxx
#AUTH_MICROSOFT_CSEC=yyy
# Patreon
#AUTH_PATREON_CID=xxx
#AUTH_PATREON_CSEC=yyy
# Telegram
#AUTH_TELEGRAM=false
#TELEGRAM_TOKEN=xxx:yyy
# Twitter
AUTH_TWITTER_CID=xxx
AUTH_TWITTER_CSEC=yyy
# Yandex
#AUTH_YANDEX_CID=xxx
#AUTH_YANDEX_CSEC=yyy
# Notifications
#NOTIFY_USERS=email
#NOTIFY_ADMINS=telegram
#NOTIFY_TELEGRAM_CHAN=xxx
#NOTIFY_EMAIL_FROM=xxx
#TELEGRAM_TOKEN=xxx
#SMTP_HOST=xxx
#SMTP_PORT=xxx
#SMTP_USERNAME=xxx
#SMTP_PASSWORD=xxx
#SMTP_TLS=xxx
# SSL
# Handled using reverse-proxy
SSL_TYPE=none
# Service settings
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

18
remark42/README.md Normal file
View file

@ -0,0 +1,18 @@
# Remark42
## Installation
Check [this documentation](https://remark42.com/docs/getting-started/installation/).
## Configuration
Check parameter list [here](https://remark42.com/docs/configuration/parameters/).
## Reverse Proxy configuration
- [Nginx](https://remark42.com/docs/manuals/nginx/)
- [Reproxy](https://remark42.com/docs/manuals/reproxy/)
## Migration from other platforms and backups
Check [this](https://remark42.com/docs/backup/migration/).

0
castopod/redis_data/.gitignore → remark42/data/.gitignore vendored
View file

19
remark42/docker-compose.yml Normal file
View file

@ -0,0 +1,19 @@
# https://hub.docker.com/r/umputun/remark42
version: '3.7'
services:
remark:
image: '${IMAGE:-umputun/remark42:latest}'
container_name: 'remark42'
hostname: 'remark42'
restart: unless-stopped
ports:
- '${WEBUI_BIND_ADDR:-127.0.0.1}:${WEBUI_BIND_PORT:-8388}:8080'
env_file: .env
volumes:
- '${HOST_DATA_DIR:-./data}:/srv/var'
logging:
driver: 'json-file'
options:
max-size: '${LOG_MAX_SIZE:-5m}'
max-file: '${LOG_MAX_FILE:-5}'

4
shadowsocks-client/.env.dist
View file

@ -1,4 +0,0 @@
LOCAL_PORT=1050
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

3
shadowsocks-client/config/.gitignore vendored
View file

@ -1,3 +0,0 @@
*
!.gitignore
!config.json.dist

26
shadowsocks-client/config/config.json.dist
View file

@ -1,26 +0,0 @@
{
"servers": [
{
"address": "127.0.0.1",
"port": 8388,
"password": "hello-world",
"method": "aes-256-gcm",
"timeout": 7200
},
{
"address": "127.0.0.1",
"port": 8389,
"password": "hello-kitty",
"method": "chacha20-ietf-poly1305"
},
{
"disabled": true,
"address": "eg.disable.me",
"port": 8390,
"password": "hello-internet",
"method": "chacha20-ietf-poly1305"
}
],
"local_port": 1050,
"local_address": "0.0.0.0"
}

18
shadowsocks-client/docker-compose.yml
View file

@ -1,18 +0,0 @@
version: '3.7'
services:
sslocal:
# https://github.com/shadowsocks/shadowsocks-rust
image: ghcr.io/shadowsocks/sslocal-rust:latest
container_name: sslocal
ports:
- "${LOCAL_PORT:-1050}:1050/tcp"
volumes:
- "./config/config.json:/etc/shadowsocks-rust/config.json:ro"
env_file: .env
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"

16
sish/.env.dist
View file

@ -1,16 +0,0 @@
# see https://hub.docker.com/r/antoniomika/sish
IMAGE_VERSION=latest
HTTP_BIND_ADDR=127.0.0.1
HTTP_BIND_PORT=8395
SSH_BIND_ADDR=0.0.0.0
SSH_BIND_PORT=2222
PUBKEYS_PATH=./pubkeys
BASE_DOMAIN=si.sh
# Service settings
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

27
sish/docker-compose.yml
View file

@ -1,27 +0,0 @@
# https://hub.docker.com/r/antoniomika/sish
services:
sish:
image: 'antoniomika/sish:${IMAGE_VERSION:-latest}'
container_name: sish
volumes:
- '${PUBKEYS_PATH:-./pubkeys}:/pubkeys'
# see https://docs.ssi.sh/getting-started#docker
command: |
--ssh-address=${SSH_BIND_ADDR:-0.0.0.0}:${SSH_BIND_PORT:-2222}
--http-address=:${HTTP_BIND_PORT:-8395}
--authentication=true
--authentication-keys-directory=/pubkeys
--bind-random-ports=false
--bind-random-subdomains=false
--domain=${BASE_DOMAIN:-si.sh}
#network_mode: host
ports:
- '${SSH_BIND_ADDR:-0.0.0.0}:${SSH_BIND_PORT:-2222}:${SSH_BIND_PORT:-2222}'
- '${HTTP_BIND_ADDR:-127.0.0.1}:${HTTP_BIND_PORT:-8395}:${HTTP_BIND_PORT:-8395}'
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"

36
sish/nginx/sish.conf
View file

@ -1,36 +0,0 @@
upstream sish {
server 127.0.0.1:8395;
}
server {
server_name *.sish.domain.tld;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 60s;
proxy_send_timeout 60s;
client_max_body_size 512M;
proxy_pass http://sish;
}
#listen [::]:443 ssl http2 ipv6only=on;
listen 443 ssl http2;
include /etc/nginx/ssl/sish.domain.tld.conf;
error_log /var/log/nginx/sish.domain.tld_error.log;
access_log /var/log/nginx/sish.domain.tld.in_access.log;
}

0
sish/pubkeys/.gitkeep
View file

12
synapse/.env.dist
View file

@ -27,17 +27,5 @@ SYNAPSE_REPORT_STATS=no
#UID=991
#GID=991
# Sliding sync settings
SS_PROXY_IMAGE_TAG=latest
SYNCV3_SERVER=https://skobk.in
SYNCV3_DB='user=matrix-ss dbname=matrix-ss sslmode=disable host=host.docker.internal password=database_password'
SYNCV3_SECRET=very_long_and_random_secret
SS_BIND_ADDR=0.0.0.0
SS_BIND_PORT=8889
SS_EXT_ADR=127.0.0.1
SS_EXT_PORT=8889
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

23
synapse/docker-compose.yml
View file

@ -29,29 +29,6 @@ services:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"
sliding-sync:
# https://github.com/matrix-org/sliding-sync
image: "ghcr.io/matrix-org/sliding-sync:${SS_PROXY_IMAGE_TAG:-latest}"
container_name: matrix-ss
depends_on:
- synapse
extra_hosts:
- 'host.docker.internal:host-gateway'
ports:
- "${SS_EXT_ADR:-127.0.0.1}:${SS_EXT_PORT:-8889}:${SS_BIND_PORT:-8889}"
environment:
# https://github.com/matrix-org/sliding-sync?tab=readme-ov-file#setup
- "SYNCV3_SERVER=${SYNCV3_SERVER}"
- "SYNCV3_DB=${SYNCV3_DB}"
- "SYNCV3_SECRET=${SYNCV3_SECRET}"
- "SYNCV3_BINDADDR=${SS_BIND_ADDR:-0.0.0.0}:${SS_BIND_PORT:-8889}"
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"
networks:
matrix:
external: true

74
synapse/nginx/site-and-matrix-example.conf
View file

@ -1,74 +0,0 @@
# HTTP with HTTPS redirect
server {
listen 80;
server_name www.domain.tld domain.tld;
return 301 https://domain.tld$request_uri;
}
# Main domain
server {
listen 443 ssl http2;
# Matrix server
# For the federation port
listen 8448 ssl default_server;
listen [::]:8448 ssl default_server;
server_name domain.tld;
access_log /var/log/nginx/domain.tld.access;
error_log /var/log/nginx/domain.tld.error;
# Certificate config
include ssl/domain.tld.conf;
# ========= Web-site section =========
# Site files directory
root /var/www/domain.tld/web;
charset utf-8;
include config/wordpress.conf;
#include config/static_max_cache.conf;
#include config/gzip.conf;
# ========= Matrix server section =========
# Sliding Sync Proxy
location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
proxy_pass http://localhost:8889;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
# Synapse
# https://github.com/matrix-org/sliding-sync?tab=readme-ov-file#same-hostname
location ~ ^(\/_matrix|\/_synapse\/client) {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 50M;
proxy_pass http://localhost:8008;
}
# Matrix WKD
# Client
location /.well-known/matrix/client {
add_header Content-Type application/json;
return 200 '{"m.homeserver": {"base_url":"https://domain.tld/"}, "org.matrix.msc3575.proxy": {"url": "https://domain.tld"}}';
}
# Server
# https://matrix-org.github.io/synapse/latest/delegate.html#well-known-delegation
# https://spec.matrix.org/latest/server-server-api/#server-discovery
location /.well-known/matrix/server {
add_header Content-Type application/json;
return 200 '{"m.server": "domain.tld:8448"}';
}
}

17
telegram-llm-bot/.env.dist
View file

@ -1,17 +0,0 @@
# see https://hub.docker.com/r/skobkin/telegram-llm-bot
# Telegram
TELEGRAM_TOKEN=12345
# API settings
OPENAI_API_TOKEN=12345
OPENAI_API_BASE_URL=http://host.docker.internal:11434
# Models selection
# Model used for simple /hey requests
MODEL_TEXT_REQUEST="llama3.1:8b-instruct-q6_K"
# Model used for /summarize requests
MODEL_SUMMARIZE_REQUEST="mistral-nemo:12b-instruct-2407-q4_K_M"
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

16
telegram-llm-bot/docker-compose.yml
View file

@ -1,16 +0,0 @@
# https://hub.docker.com/r/skobkin/telegram-llm-bot
version: '3.9'
services:
telegram-llm-bot:
image: "skobkin/telegram-llm-bot:${IMAGE_VERSION:-latest}"
container_name: telegram-llm-bot
extra_hosts:
- "host.docker.internal:host-gateway"
env_file: .env
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"

12
tg-rss-bot/.env.dist
View file

@ -1,12 +0,0 @@
# https://hub.docker.com/r/miroslavsckaya/tg-rss-bot
#IMAGE_VERSION=latest
RSSBOT_DSN=postgres://username:password@hostname/database_name
RSSBOT_TG_TOKEN=1234567890:yourbotstoken
# https://github.com/mcuadros/ofelia#configuration
#SCHEDULER_UPDATE=1h
LOG_MAX_SIZE=5m
LOG_MAX_FILE=5

34
tg-rss-bot/docker-compose.yml
View file

@ -1,34 +0,0 @@
version: '3.7'
services:
app:
# https://hub.docker.com/r/miroslavsckaya/tg-rss-bot
image: 'miroslavsckaya/tg-rss-bot:${IMAGE_VERSION:-latest}'
env_file: .env
restart: unless-stopped
extra_hosts:
- 'host.docker.internal:host-gateway'
labels:
ofelia.enabled: "true"
ofelia.job-exec.update-feeds.schedule: "@every ${SCHEDULER_UPDATE:-1h}"
ofelia.job-exec.update-feeds.command: "python /bot/update.py"
logging:
driver: "json-file"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"
scheduler:
# https://hub.docker.com/r/mcuadros/ofelia
image: mcuadros/ofelia:latest
restart: unless-stopped
depends_on:
- app
command: daemon --docker
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
logging:
driver: "json-file"
options:
max-size: "${LOG_MAX_SIZE:-5m}"
max-file: "${LOG_MAX_FILE:-5}"

2
tor-obfs4-bridge/.env.dist
View file

@ -1,5 +1,3 @@
DATA_PATH=./data
# Set required variables
OR_PORT=443
PT_PORT=444

2
tor-obfs4-bridge/data/.gitignore vendored
View file

@ -1,2 +0,0 @@
/*
!/.gitignore

Some files were not shown because too many files have changed in this diff Show more