steve/steveternet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

restructure services based on host machine

Browse Source
This commit is contained in:
Steve Dudenhoeffer
2024-01-06 01:33:42 +00:00
parent 350eee1ff0
commit f26bfb2063
49 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nuc/audiobookshelf/.env.example Normal file
View File

@@ -0,0 +1,2 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld

43
nuc/audiobookshelf/docker-compose.yml Executable file
View File

@@ -0,0 +1,43 @@
---
version: "3.8"
services:
audiobookshelf:
image: advplyr/audiobookshelf
container_name: audiobookshelf
restart: unless-stopped
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
labels:
- "traefik.http.services.audiobookshelf.loadbalancer.server.port=80"
- "traefik.enable=true"
- "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${DOMAIN_ROOT}`)"
- 'traefik.http.routers.audiobookshelf.middlewares=authelia@docker'
volumes:
- audiobookshelf_config:/config
- audiobookshelf_metadata:/metadata
- audiobookshelf_audiobooks:/audiobooks
- audiobookshelf_podcasts:/podcasts
networks:
- web
networks:
web:
external: true
volumes:
audiobookshelf_config:
external: true
audiobookshelf_metadata:
external: true
audiobookshelf_audiobooks:
external: true
audiobookshelf_podcasts:
external: true

2
nuc/bitwarden/.env.example Normal file
View File

@@ -0,0 +1,2 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld

31
nuc/bitwarden/docker-compose.yml Executable file
View File

@@ -0,0 +1,31 @@
---
version: "3.8"
services:
bitwarden:
image: vaultwarden/server:latest
container_name: bitwarden
restart: unless-stopped
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
labels:
- "traefik.http.services.bitwarden.loadbalancer.server.port=80"
- "traefik.enable=true"
- "traefik.http.routers.bitwarden.rule=Host(`bitwarden.${DOMAIN_ROOT}`)"
- 'traefik.http.routers.bitwarden.middlewares=authelia@docker'
volumes:
- vaultwarden_data:/data
networks:
- web
networks:
web:
external: true
volumes:
vaultwarden_data:
external: true

8
nuc/changedetection/.env.example Normal file
View File

@@ -0,0 +1,8 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld
# USER_ID is the user id to run the service as. 0 for root
USER_ID=1000
# GROUP_ID is the group id to run the service as. 0 for root
GROUP_ID=1000

53
nuc/changedetection/docker-compose.yml Executable file
View File

@@ -0,0 +1,53 @@
version: '3.8'
services:
changedetection:
image: dgtlmoon/changedetection.io
container_name: changedetection
volumes:
- changedetection_data:/datastore
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
- PORT=5000
- PUID=${USER_ID}
- PGID=${GROUP_ID}
- PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000/
- BASE_URL="https://changedetection.${DOMAIN_ROOT}"
labels:
- "traefik.enable=true"
- 'traefik.http.routers.changedetection.rule=Host(`changedetection.${DOMAIN_ROOT}`)'
- 'traefik.http.routers.changedetection.middlewares=authelia@docker'
- "traefik.http.services.changedetection.loadbalancer.server.port=5000"
restart: unless-stopped
networks:
- web
playwright:
container_name: playwright
image: browserless/chrome
restart: unless-stopped
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
labels:
- "traefik.enable=true"
- 'traefik.http.routers.playwright.rule=Host(`playwright.${DOMAIN_ROOT}`)'
- 'traefik.http.routers.playwright.middlewares=authelia@docker'
- "traefik.http.services.playwright.loadbalancer.server.port=3000"
networks:
- web
networks:
web:
external: true
volumes:
changedetection_data:
external: true

2
nuc/cloudflare_tunnel/.env.example Normal file
View File

@@ -0,0 +1,2 @@
# TOKEN is the token for this cloudflare tunnel
TOKEN=XXX

23
nuc/cloudflare_tunnel/docker-compose.yml Normal file
View File

@@ -0,0 +1,23 @@
---
version: "3.8"
services:
bitwarden:
image: cloudflare/cloudflared:latest
container_name: cloudflare-tunnel
restart: unless-stopped
command: tunnel --no-autoupdate run --token ${TOKEN}
environment:
- TOKEN=${TOKEN}
networks:
- web
networks:
web:
external: true
volumes:
vaultwarden_data:
external: true

8
nuc/dashy/.env.example Normal file
View File

@@ -0,0 +1,8 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld
# USER_ID is the user id to run the service as. 0 for root
USER_ID=1000
# GROUP_ID is the group id to run the service as. 0 for root
GROUP_ID=1000

47
nuc/dashy/dashy.yml.example Normal file
View File

@@ -0,0 +1,47 @@
---
# Page meta info, like heading, footer text and nav links
pageInfo:
title: Dashy
description: Welcome to your new dashboard!
navLinks:
- title: GitHub
path: https://github.com/Lissy93/dashy
- title: Documentation
path: https://dashy.to/docs
# Optional app settings and configuration
appConfig:
theme: colorful
# Main content - An array of sections, each containing an array of items
sections:
- name: Getting Started
icon: fas fa-rocket
items:
- title: Dashy Live
description: Development a project management links for Dashy
icon: https://i.ibb.co/qWWpD0v/astro-dab-128.png
url: https://live.dashy.to/
target: newtab
- title: GitHub
description: Source Code, Issues and Pull Requests
url: https://github.com/lissy93/dashy
icon: favicon
- title: Docs
description: Configuring & Usage Documentation
provider: Dashy.to
icon: far fa-book
url: https://dashy.to/docs
- title: Showcase
description: See how others are using Dashy
url: https://github.com/Lissy93/dashy/blob/master/docs/showcase.md
icon: far fa-grin-hearts
- title: Config Guide
description: See full list of configuration options
url: https://github.com/Lissy93/dashy/blob/master/docs/configuring.md
icon: fas fa-wrench
- title: Support
description: Get help with Dashy, raise a bug, or get in contact
url: https://github.com/Lissy93/dashy/blob/master/.github/SUPPORT.md
icon: far fa-hands-helping

37
nuc/dashy/docker-compose.yml Normal file
View File

@@ -0,0 +1,37 @@
version: '3.8'
services:
dashy:
image: lissy93/dashy:latest
container_name: dashy
restart: unless-stopped
labels:
- "traefik.enable=true"
- 'traefik.http.routers.dashy.rule=Host(`dashy.${DOMAIN_ROOT}`) || Host(`dash.${DOMAIN_ROOT}`) || Host(`${DOMAIN_ROOT}`)'
- "traefik.http.services.dashy.loadbalancer.server.port=80"
- 'traefik.http.routers.dashy.middlewares=authelia@docker'
volumes:
- ./dashy.yml:/app/public/conf.yml
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
- NODE_ENV=production
- UID=${USER_ID}
- GID=${GROUP_ID}
# Configure healthchecks
healthcheck:
test: ['CMD', 'node', '/app/services/healthcheck']
interval: 1m30s
timeout: 10s
retries: 3
start_period: 40s
networks:
- web
networks:
web:
external: true

20
nuc/drone/.env.example Normal file
View File

@@ -0,0 +1,20 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.ltd
# HOST_IP is the address of the host machine
HOST_IP=192.168.0.69
# GITEA_CLIENT_ID is the client id for your oauth2 application
GITEA_CLIENT_ID=XXX
# GITEA_CLIENT_SECRET is the secret for your oauth2 application
GITEA_CLIENT_SECRET=gto_xxx
# GITEA_SERVER is the location of your gitea server
GITEA_SERVER=https://gitea
# DRONE_RPC_SECRET is the rpc secret for the drone server
DRONE_RPC_SECRET=xxx
# DRONE_USER is the username for the drone actions to run as
DRONE_USER=user

68
nuc/drone/docker-compose.yml Normal file
View File

@@ -0,0 +1,68 @@
version: "3.8"
services:
drone:
image: drone/drone:2
container_name: drone
labels:
- "traefik.http.services.drone.loadbalancer.server.port=80"
- "traefik.enable=true"
- "traefik.http.routers.drone.rule=Host(`drone.${DOMAIN_ROOT}`)"
- 'traefik.http.routers.drone.middlewares=authelia@docker'
environment:
- DRONE_GITEA_SERVER=https://gitea.${DOMAIN_ROOT}
- DRONE_GITEA_CLIENT_ID=${GITEA_CLIENT_ID}
- DRONE_GITEA_CLIENT_SECRET=${GITEA_CLIENT_SECRET}
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_SERVER_HOST=drone.${DOMAIN_ROOT}
- DRONE_SERVER_PROTO=https
- DRONE_USER_CREATE=username:${DRONE_USER},admin:true
- DOMAIN_ROOT=${DOMAIN_ROOT}
- HOST_IP=${HOST_IP}
volumes:
- drone_data:/data
- /var/run/docker.sock:/var/run/docker.sock
extra_hosts:
- gitea.${DOMAIN_ROOT}:${HOST_IP}
- nuc.${DOMAIN_ROOT}:${HOST_IP}
- gitea-ssh.${DOMAIN_ROOT}:${HOST_IP}
networks:
- default
- web
runner:
image: drone/drone-runner-docker:1
environment:
- DRONE_RPC_PROTO=http
- DRONE_RPC_HOST=drone
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_RUNNER_CAPACITY=2
- DRONE_RUNNER_NAME=runners
- HOST_IP=${HOST_IP}
depends_on:
- drone
volumes:
- /var/run/docker.sock:/var/run/docker.sock
extra_hosts:
- gitea.${DOMAIN_ROOT}:${HOST_IP}
- nuc.${DOMAIN_ROOT}:${HOST_IP}
- gitea-ssh.${DOMAIN_ROOT}:${HOST_IP}
networks:
- default
networks:
web:
external: true
volumes:
drone_data:
external: true

5
nuc/freshrss/.env.example Normal file
View File

@@ -0,0 +1,5 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld
# TIMEZONE
TIMEZONE=America/New_York

35
nuc/freshrss/docker-compose.yml Normal file
View File

@@ -0,0 +1,35 @@
version: "3.8"
services:
freshrss:
image: freshrss/freshrss
environment:
- TZ=${TIMEZONE}
- 'CRON_MIN=1,31'
- DOMAIN_ROOT=${DOMAIN_ROOT}
labels:
- "traefik.http.services.freshrss.loadbalancer.server.port=80"
- "traefik.enable=true"
- "traefik.http.routers.freshrss.rule=Host(`freshrss.${DOMAIN_ROOT}`)"
- 'traefik.http.routers.freshrss.middlewares=authelia@docker'
volumes:
- freshrss_extensions:/var/www/FreshRSS/extensions
- freshrss_data:/var/www/FreshRSS/data
networks:
- web
networks:
web:
external: true
volumes:
freshrss_extensions:
external: true
freshrss_data:
external: true

11
nuc/gitea/.env.example Normal file
View File

@@ -0,0 +1,11 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld
# USER_ID is the user id to run the service as. 0 for root
USER_ID=1000
# GROUP_ID is the group id to run the service as. 0 for root
GROUP_ID=1000
# SSH_PORT is the port that will be opened for ssh
SSH_PORT=222

41
nuc/gitea/docker-compose.yml Executable file
View File

@@ -0,0 +1,41 @@
version: "3"
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
hostname: gitea
environment:
- USER_UID=${GROUP_ID}
- USER_GID=${USER_ID}
- DOMAIN_ROOT=${DOMAIN_ROOT}
- "SSH_PORT=${SSH_PORT:-222}"
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN_ROOT}`)"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
- 'traefik.http.routers.gitea.middlewares=authelia@docker'
volumes:
- gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "${SSH_PORT}:222"
networks:
- web
networks:
web:
external: true
volumes:
gitea_data:
external: true

2
nuc/homarr/.env.example Normal file
View File

@@ -0,0 +1,2 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld

40
nuc/homarr/docker-compose.yml Normal file
View File

@@ -0,0 +1,40 @@
version: "3.8"
services:
homarr:
image: ghcr.io/ajnart/homarr:latest
container_name: homarr
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- homarr_config:/app/data/configs
- homarr_data:/data
- homarr_icons:/app/public/homarr_icons
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
labels:
- "traefik.http.services.homarr.loadbalancer.server.port=7575"
- "traefik.enable=true"
- "traefik.http.routers.homarr.rule=Host(`home.${DOMAIN_ROOT}`)"
- 'traefik.http.routers.homarr.middlewares=authelia@docker'
networks:
- web
networks:
web:
external: true
volumes:
homarr_config:
external: true
homarr_data:
external: true
homarr_icons:
external: true

2
nuc/homeassistant/.env.example Normal file
View File

@@ -0,0 +1,2 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld

18
nuc/homeassistant/docker-compose.yml Normal file
View File

@@ -0,0 +1,18 @@
version: '3'
services:
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
volumes:
- homeassistant_config:/config
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
privileged: true
network_mode: host
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
volumes:
homeassistant_config:
external: true

2
nuc/homepage/.env.example Normal file
View File

@@ -0,0 +1,2 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld

28
nuc/homepage/docker-compose.yml Normal file
View File

@@ -0,0 +1,28 @@
version: "3.3"
services:
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
volumes:
- homepage-config:/app/config # Make sure your local config directory exists
- /var/run/docker.sock:/var/run/docker.sock # (optional) For docker integrations
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
labels:
- "traefik.http.services.homepage.loadbalancer.server.port=3000"
- "traefik.enable=true"
- "traefik.http.routers.homepage.rule=Host(`home.${DOMAIN_ROOT}`)"
- 'traefik.http.routers.homepage.middlewares=authelia@docker'
networks:
- web
volumes:
homepage-config:
external: true
networks:
web:
external: true

25
nuc/mort/.env.example Normal file
View File

@@ -0,0 +1,25 @@
DOMAIN_ROOT=domain.tld
CLOUDFLARE_TUNNEL_TOKEN=XXXXX
MARIADB_ROOT_PASSWORD=XXXXX
DISCORD_BOT_TOKEN=xxx
DATABASE_DSN=USER:PASSWORD@tcp(hostname:3306)/DATABASE?parseTime=true
WOLFRAM_APPID=APPID
TENOR_API_KEY=KEY
TENOR_API_CLI=APP ID
OPENAI_KEY=sk-XXXXXXX
GITEA_ENDPOINT=http://gitea.DOMAIN
GITEA_TOKEN=XXXXXXX
GITEA_USER=username
GITEA_PASS=password
BOBROSS_ENDPOINT=https://bobross.DOMAIN
BOBROSS_API_KEY=KEY
HUGGINGFACE_TOKEN=hf_XXXX
TODOIST_TOKEN=XXXXXX
TVDB_API_KEY=XXXXX
TMDB_API_KEY=XXXXX
TMDB_READ_ACCESS_TOKEN=XXXXX
OVERSEERR_ENDPOINT=https://overseerr.DOMAIN
PLEX_ENDPOINT=https://plex.DOMAIN
PLEX_TOKEN=TOKEN
OPENWEATHERMAP_API_KEY=KEY

103
nuc/mort/docker-compose.yml Normal file
View File

@@ -0,0 +1,103 @@
version: "3.8"
services:
mort:
image: gitea.dudenhoeffer.casa/steve/mort:latest
restart: unless-stopped
container_name: mort
command: ./mort
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
- DISCORD_BOT_TOKEN=${DISCORD_BOT_TOKEN}
- DATABASE_DSN=${DATABASE_DSN}
- WOLFRAM_APPID=${WOLFRAM_APPID}
- TENOR_API_KEY=${TENOR_API_KEY}
- TENOR_API_CLI=${TENOR_API_CLI}
- OPENAI_KEY=${OPENAI_KEY}
- GITEA_ENDPOINT=${GITEA_ENDPOINT}
- GITEA_TOKEN=${GITEA_TOKEN}
- GITEA_USER=${GITEA_USER}
- GITEA_PASS=${GITEA_PASS}
- BOBROSS_ENDPOINT=${BOBROSS_ENDPOINT}
- BOBROSS_API_KEY=${BOBROSS_API_KEY}
- HUGGINGFACE_TOKEN=${HUGGINGFACE_TOKEN}
- TODOIST_TOKEN=${TODOIST_TOKEN}
- TVDB_API_KEY=${TVDB_API_KEY}
- TMDB_API_KEY=${TMDB_API_KEY}
- TMDB_READ_ACCESS_TOKEN=${TMDB_READ_ACCESS_TOKEN}
- OVERSEERR_ENDPOINT=${OVERSEERR_ENDPOINT}
- PLEX_ENDPOINT=${PLEX_ENDPOINT}
- PLEX_TOKEN=${PLEX_TOKEN}
- OPENWEATHERMAP_API_KEY=${OPENWEATHERMAP_API_KEY}
labels:
- "traefik.enable=true"
- "traefik.http.services.bobross-receiver-mort.loadbalancer.server.port=8080"
- "traefik.http.routers.bobross-receiver-mort.rule=Host(`bobross-receiver-mort.dudenhoeffer.casa`)"
- 'traefik.http.routers.bobross-receiver-mort.middlewares=authelia@docker'
extra_hosts:
- "gitea.dudenhoeffer.casa:192.168.0.197"
networks:
- web
- default
tunnel:
image: cloudflare/cloudflared:latest
command: tunnel --no-autoupdate run --token ${CLOUDFLARE_TUNNEL_TOKEN}
restart: unless-stopped
environment:
- CLOUDFLARE_TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN}
redis:
container_name: redis
image: redis:latest
labels:
- "traefik.enabled=false"
mariadb:
image: mariadb
restart: always
container_name: mariadb
environment:
MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}
ports:
- 3306:3306/tcp
volumes:
- mariadb_data:/var/lib/mysql
networks:
- default
adminer:
image: adminer
restart: always
container_name: adminer
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
labels:
- "traefik.enable=true"
- "traefik.http.routers.adminer.rule=Host(`adminer.${DOMAIN_ROOT}`)"
- "traefik.http.services.adminer.loadbalancer.server.port=8080"
- 'traefik.http.routers.adminer.middlewares=authelia@docker'
networks:
- web
- default
networks:
web:
external: true
volumes:
mariadb_data:
external: true

2
nuc/nextcloud/.env.example Normal file
View File

@@ -0,0 +1,2 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld

33
nuc/nextcloud/docker-compose.yml Normal file
View File

@@ -0,0 +1,33 @@
version: "3.8"
services:
nextcloud:
container_name: nextcloud-aio-mastercontainer
image: nextcloud/all-in-one:latest
restart: unless-stopped
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
- APACHE_PORT=11000
- SKIP_DOMAIN_VALIDATION=true
labels:
- "traefik.enable=false"
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- web
- default
networks:
web:
external: true
volumes:
nextcloud_aio_mastercontainer:
external: true

8
nuc/pihole/.env.example Normal file
View File

@@ -0,0 +1,8 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld
# WEB_UI_PASSWORD is the password for the web ui interface. If unset, it will be randomly generated and retrievable from the logs.
WEB_UI_PASSWORD=password
# TIMEZONE is the timezone you're set in
TIMEZONE=America/New_York

35
nuc/pihole/docker-compose.yml Normal file
View File

@@ -0,0 +1,35 @@
version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- 53:53/udp
environment:
- TZ=${TIMEZONE}
- CORS_HOSTS=pihole.${DOMAIN_ROOT}
- DOMAIN_ROOT=${DOMAIN_ROOT}
- WEBPASSWORD=${WEB_UI_PASSWORD}
network_mode: host
# Volumes store your data between container upgrades
volumes:
- pihole-config_data:/etc/pihole
- pihole-dnsmasq_data:/etc/dnsmasq.d
- ./pihole-lighttpd.conf:/etc/lighttpd/lighttpd.conf
cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
restart: unless-stopped
volumes:
pihole-config_data:
external: true
pihole-dnsmasq_data:
external: true

54
nuc/pihole/pihole-lighttpd.conf Normal file
View File

@@ -0,0 +1,54 @@
server.modules = (
"mod_indexfile",
"mod_access",
"mod_alias",
"mod_redirect",
)
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 8081
# features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
server.feature-flags += ("server.h2proto" => "enable")
server.feature-flags += ("server.h2c" => "enable")
server.feature-flags += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags += ("server.graceful-restart-bg" => "enable")
# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
#"url-query-20-plus" => "enable",# consistency in query string
)
index-file.names = ( "index.php", "index.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
#server.compat-module-load = "disable"
server.modules += (
"mod_dirlisting",
"mod_staticfile",
)

2
nuc/portainer/.env.example Normal file
View File

@@ -0,0 +1,2 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld

33
nuc/portainer/docker-compose.yml Normal file
View File

@@ -0,0 +1,33 @@
version: "3"
services:
portainer:
image: portainer/portainer-ee:latest
container_name: portainer
restart: unless-stopped
ports:
- 9000:9000/tcp
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.${DOMAIN_ROOT}`)"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
volumes:
- portainer_data:/data
- /var/run/docker.sock:/var/run/docker.sock
networks:
- web
networks:
web:
external: true
volumes:
portainer_data:
external: true

2
nuc/privatebin/.env.example Normal file
View File

@@ -0,0 +1,2 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld

261
nuc/privatebin/cfg/conf.php Normal file
View File

@@ -0,0 +1,261 @@
;<?php http_response_code(403); /*
; config file for PrivateBin
;
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
[main]
; (optional) set a project name to be displayed on the website
; name = "PrivateBin"
; The full URL, with the domain name and directories that point to the
; PrivateBin files, including an ending slash (/). This URL is essential to
; allow Opengraph images to be displayed on social networks.
; basepath = "https://privatebin.example.com/"
; enable or disable the discussion feature, defaults to true
discussion = true
; preselect the discussion feature, defaults to false
opendiscussion = false
; enable or disable the password feature, defaults to true
password = true
; enable or disable the file upload feature, defaults to false
fileupload = false
; preselect the burn-after-reading feature, defaults to false
burnafterreadingselected = false
; which display mode to preselect by default, defaults to "plaintext"
; make sure the value exists in [formatter_options]
defaultformatter = "plaintext"
; (optional) set a syntax highlighting theme, as found in css/prettify/
; syntaxhighlightingtheme = "sons-of-obsidian"
; size limit per paste or comment in bytes, defaults to 10 Mebibytes
sizelimit = 10485760
; template to include, default is "bootstrap" (tpl/bootstrap.php)
template = "bootstrap-dark"
; (optional) info text to display
; use single, instead of double quotes for HTML attributes
;info = "More information on the <a href='https://privatebin.info/'>project page</a>."
; (optional) notice to display
; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service."
; by default PrivateBin will guess the visitors language based on the browsers
; settings. Optionally you can enable the language selection menu, which uses
; a session cookie to store the choice until the browser is closed.
languageselection = false
; set the language your installs defaults to, defaults to English
; if this is set and language selection is disabled, this will be the only language
; languagedefault = "en"
; (optional) URL shortener address to offer after a new paste is created.
; It is suggested to only use this with self-hosted shorteners as this will leak
; the pastes encryption key.
; urlshortener = "https://shortener.example.com/api?link="
; (optional) Let users create a QR code for sharing the paste URL with one click.
; It works both when a new paste is created and when you view a paste.
; qrcode = true
; (optional) IP based icons are a weak mechanism to detect if a comment was from
; a different user when the same username was used in a comment. It might get
; used to get the IP of a comment poster if the server salt is leaked and a
; SHA512 HMAC rainbow table is generated for all (relevant) IPs.
; Can be set to one these values:
; "none" / "identicon" (default) / "jdenticon" / "vizhash".
; icon = "none"
; Content Security Policy headers allow a website to restrict what sources are
; allowed to be accessed in its context. You need to change this if you added
; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
; Notes:
; - If you use a bootstrap theme, you can remove the allow-popups from the
; sandbox restrictions.
; - By default this disallows to load images from third-party servers, e.g. when
; they are embedded in pastes. If you wish to allow that, you can adjust the
; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
; for details.
; - The 'unsafe-eval' is used in two cases; to check if the browser supports
; async functions and display an error if not and for Chrome to enable
; webassembly support (used for zlib compression). You can remove it if Chrome
; doesn't need to be supported and old browsers don't need to be warned.
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
; sha256 in HMAC for the deletion token
; zerobincompatibility = false
; Enable or disable the warning message when the site is served over an insecure
; connection (insecure HTTP instead of HTTPS), defaults to true.
; Secure transport methods like Tor and I2P domains are automatically whitelisted.
; It is **strongly discouraged** to disable this.
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
; httpwarning = true
; Pick compression algorithm or disable it. Only applies to pastes/comments
; created after changing the setting.
; Can be set to one these values: "none" / "zlib" (default).
; compression = "zlib"
[expire]
; expire value that is selected per default
; make sure the value exists in [expire_options]
default = "1week"
[expire_options]
; Set each one of these to the number of seconds in the expiration period,
; or 0 if it should never expire
5min = 300
10min = 600
1hour = 3600
1day = 86400
1week = 604800
; Well this is not *exactly* one month, it's 30 days:
1month = 2592000
1year = 31536000
never = 0
[formatter_options]
; Set available formatters, their order and their labels
plaintext = "Plain Text"
syntaxhighlighting = "Source Code"
markdown = "Markdown"
[traffic]
; time limit between calls from the same IP address in seconds
; Set this to 0 to disable rate limiting.
limit = 10
; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
; be exempted, the list needs to be comma separated. Leave unset to disable
; exemptions.
; exempted = "1.2.3.4,10.10.10/24"
; (optional) If you want only some source IP addresses (v4 or v6) or subnets
; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
; ignored. If multiple values are to be exempted, the list needs to be comma
; separated. Leave unset to allow anyone to create pastes.
; creators = "1.2.3.4,10.10.10/24"
; (optional) if your website runs behind a reverse proxy or load balancer,
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
; header = "X_FORWARDED_FOR"
[purge]
; minimum time limit between two purgings of expired pastes, it is only
; triggered when pastes are created
; Set this to 0 to run a purge every time a paste is created.
limit = 300
; maximum amount of expired pastes to delete in one purge
; Set this to 0 to disable purging. Set it higher, if you are running a large
; site
batchsize = 10
[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"
;[model]
; example of a Google Cloud Storage configuration
;class = GoogleCloudStorage
;[model_options]
;bucket = "my-private-bin"
;prefix = "pastes"
;uniformacl = false
;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT
;[model]
; example of DB configuration for SQLite
;class = Database
;[model_options]
;dsn = "sqlite:" PATH "data/db.sq3"
;usr = null
;pwd = null
;opt[12] = true ; PDO::ATTR_PERSISTENT
;[model]
; example of DB configuration for PostgreSQL
;class = Database
;[model_options]
;dsn = "pgsql:host=localhost;dbname=privatebin"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT
;[model]
; example of S3 configuration for Rados gateway / CEPH
;class = S3Storage
;[model_options]
;region = ""
;version = "2006-03-01"
;endpoint = "https://s3.my-ceph.invalid"
;use_path_style_endpoint = true
;bucket = "my-bucket"
;accesskey = "my-rados-user"
;secretkey = "my-rados-pass"
;[model]
; example of S3 configuration for AWS
;class = S3Storage
;[model_options]
;region = "eu-central-1"
;version = "latest"
;bucket = "my-bucket"
;accesskey = "access key id"
;secretkey = "secret access key"
;[model]
; example of S3 configuration for AWS using its SDK default credential provider chain
; if relying on environment variables, the AWS SDK will look for the following:
; - AWS_ACCESS_KEY_ID
; - AWS_SECRET_ACCESS_KEY
; - AWS_SESSION_TOKEN (if needed)
; for more details, see https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain
;class = S3Storage
;[model_options]
;region = "eu-central-1"
;version = "latest"
;bucket = "my-bucket"
[yourls]
; When using YOURLS as a "urlshortener" config item:
; - By default, "urlshortener" will point to the YOURLS API URL, with or without
; credentials, and will be visible in public on the PrivateBin web page.
; Only use this if you allow short URL creation without credentials.
; - Alternatively, using the parameters in this section ("signature" and
; "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin
; instance with "shortenviayourls?link=" appended. For example:
; urlshortener = "${basepath}shortenviayourls?link="
; This URL will in turn call YOURLS on the server side, using the URL from
; "apiurl" and the "access signature" from the "signature" parameters below.
; (optional) the "signature" (access key) issued by YOURLS for the using account
; signature = ""
; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL
; apiurl = "https://yourls.example.com/yourls-api.php"

18
nuc/privatebin/docker-compose.yml Normal file
View File

@@ -0,0 +1,18 @@
version: "3.8"
services:
privatebin:
image: privatebin/nginx-fpm-alpine:latest
container_name: privatebin
restart: unless-stopped
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
volumes:
- privatebin_data:/srv/data
- ./cfg/conf.php:/srv/cfg/conf.php:ro
networks:
- web
volumes:
privatebin_data:
external: true

26
nuc/traefik/.env.example Normal file
View File

@@ -0,0 +1,26 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld
# USER_ID is the user id to run the service as. 0 for root
USER_ID=1000
# GROUP_ID is the group id to run the service as. 0 for root
GROUP_ID=1000
# TIMEZONE is the timezone the server is in
TIMEZONE=America/New_York
# CLOUDFLARE_EMAIL is the email for the cloudflare credentials
CLOUDFLARE_EMAIL=email@address.com
# CLOUDFLARE_KEY is the key for your cloudflare credentials
CLOUDFLARE_KEY=XXXX
# AUTH_JWT_SECRET is the secret used for authelia's json web tokens. (can just be a random string)
AUTH_JWT_SECRET=SOMErandomSTRING
# AUTH_SESSION_SECRET is the secret (random string) used to encrypt session data in redis
AUTH_SESSION_SECRET=SOMEotherRANDOMstring
# AUTH_STORAGE_KEY is the secret (random string) used to encrypt the data at rest
AUTH_STORAGE_KEY=ANOTHERrandomSTRING

13
nuc/traefik/custom/homeassistant.yml Normal file
View File

@@ -0,0 +1,13 @@
http:
routers:
homeassistant-router:
rule: "Host(`homeassistant.dudenhoeffer.casa`)"
service: homeassistant-service
services:
homeassistant-service:
loadBalancer:
servers:
- url: "http://192.168.0.197:8123"
passHostHeader: true

13
nuc/traefik/custom/nas.yml Normal file
View File

@@ -0,0 +1,13 @@
http:
routers:
nas-router:
rule: "Host(`nas.dudenhoeffer.casa`)"
service: nas-service
# Optionally, you can add TLS configuration here if your router is serving HTTPS
services:
nas-service:
loadBalancer:
servers:
- url: "http://192.168.0.145:5000"
passHostHeader: true

40
nuc/traefik/custom/nextcloud.yml Normal file
View File

@@ -0,0 +1,40 @@
http:
routers:
nextcloud:
rule: "Host(`cloud.dudenhoeffer.casa`)"
#entrypoints:
# - "web"
service: nextcloud
#middlewares:
# - nextcloud-chain
services:
nextcloud:
loadBalancer:
#serversTransport: "nextcloud-servers-transport"
servers:
- url: "http://nextcloud-aio-nextcloud:9000" # Use the host's IP address if Traefik runs outside the host network
middlewares:
nextcloud-secure-headers:
headers:
hostsProxyHeaders:
- "X-Forwarded-Host"
referrerPolicy: "same-origin"
https-redirect:
redirectscheme:
scheme: https
nextcloud-chain:
chain:
middlewares:
# - ... (e.g. rate limiting middleware)
- https-redirect
- nextcloud-secure-headers
# Define the serversTransport to skip TLS verification
serversTransports:
nextcloud-servers-transport:
insecureSkipVerify: true

13
nuc/traefik/custom/pihole.yml Normal file
View File

@@ -0,0 +1,13 @@
http:
routers:
pihole-router:
rule: "Host(`pihole.dudenhoeffer.casa`)"
service: pihole-service
services:
pihole-service:
loadBalancer:
servers:
- url: "http://192.168.0.197:8081"
passHostHeader: true

20
nuc/traefik/custom/scrypted.yml Normal file
View File

@@ -0,0 +1,20 @@
http:
routers:
scrypted-router:
rule: "Host(`scrypted.dudenhoeffer.casa`)"
service: scrypted-service
# Optionally, you can add TLS configuration here if your router is serving HTTPS
services:
scrypted-service:
loadBalancer:
servers:
- url: "https://192.168.0.197:10443"
passHostHeader: true
# Skip TLS verification for the self-signed certificate
serversTransport: "scrypted-servers-transport"
# Define the serversTransport to skip TLS verification
serversTransports:
scrypted-servers-transport:
insecureSkipVerify: true

20
nuc/traefik/custom/unifi.yml Normal file
View File

@@ -0,0 +1,20 @@
http:
routers:
unifi-router:
rule: "Host(`unifi.dudenhoeffer.casa`)"
service: unifi-service
# Optionally, you can add TLS configuration here if your router is serving HTTPS
services:
unifi-service:
loadBalancer:
servers:
- url: "https://192.168.0.146"
passHostHeader: true
# Skip TLS verification for the self-signed certificate
serversTransport: "unifi-servers-transport"
# Define the serversTransport to skip TLS verification
serversTransports:
unifi-servers-transport:
insecureSkipVerify: true

13
nuc/traefik/custom/wireguard.yml Normal file
View File

@@ -0,0 +1,13 @@
http:
routers:
wireguard2-router:
rule: "Host(`wireguard2.dudenhoeffer.casa`)"
service: wireguard2-service
services:
wireguard2-service:
loadBalancer:
servers:
- url: "http://192.168.0.197:51821"
passHostHeader: true

89
nuc/traefik/docker-compose.yml Normal file
View File

@@ -0,0 +1,89 @@
---
version: "3.8"
services:
traefik:
image: traefik:latest
container_name: traefik
hostname: traefik
restart: unless-stopped
environment:
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_KEY}
- DOMAIN_ROOT=${DOMAIN_ROOT}
ports:
- mode: host
protocol: tcp
published: 80
target: 80
- mode: host
protocol: tcp
published: 443
target: 443
volumes:
- ./traefik.yml:/etc/traefik/traefik.yml:ro
- ./custom:/etc/traefik/custom:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/letsencrypt
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN_ROOT}`)'
- "traefik.http.routers.traefik.entrypoints=websecure"
- 'entrypoints.websecure.http.tls=true'
- 'entrypoints.websecure.http.tls.certResolver=letsencrypt'
- 'entrypoints.websecure.http.tls.domains[0].main=${DOMAIN_ROOT}'
- 'entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN_ROOT}'
- "traefik.http.routers.traefik.service=api@internal"
- 'traefik.http.routers.traefik.middlewares=strip'
- 'traefik.http.middlewares.strip.stripprefix.prefixes=/traefik'
- 'traefik.http.services.traefik.loadbalancer.server.port=8080'
- 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https://login.${DOMAIN_ROOT}/'
- 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
- 'certificatesresolvers.letsencrypt.acme.dnschallenge=true'
- 'certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare'
- 'certificatesresolvers.letsencrypt.acme.email=${CLOUDFLARE_EMAIL}'
- 'certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json'
networks:
- web
authelia:
image: docker.io/authelia/authelia:latest
container_name: authelia
restart: unless-stopped
environment:
- TZ=${TIMEZONE}
- AUTHELIA_JWT_SECRET=${AUTH_JWT_SECRET}
- AUTHELIA_SESSION_SECRET=${AUTH_SESSION_SECRET}
- AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTH_STORAGE_KEY}
- DOMAIN_ROOT=${DOMAIN_ROOT}
volumes:
- authelia_config:/config
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.authelia.rule=Host(`login.${DOMAIN_ROOT}`)'
- 'traefik.http.services.authelia.loadbalancer.server.port=9091'
networks:
- web
networks:
web:
external: true
volumes:
certs:
external: true
authelia_config:
external: true

230
nuc/traefik/traefik.yml.example Normal file
View File

@@ -0,0 +1,230 @@
################################################################
#
# Configuration sample for Traefik v2.
#
# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml
#
################################################################
################################################################
# Global configuration
################################################################
global:
checkNewVersion: true
sendAnonymousUsage: true
################################################################
# EntryPoints configuration
################################################################
# EntryPoints definition
#
# Optional
#
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
http:
tls:
certResolver: letsencrypt
domains:
- main: domain.tld
sans:
- "*.domain.tld"
middlewares:
- "authelia@docker"
################################################################
# Traefik logs configuration
################################################################
# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
log:
# Log level
#
# Optional
# Default: "ERROR"
#
level: DEBUG
# Sets the filepath for the traefik log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath: log/traefik.log
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format: json
################################################################
# Access logs configuration
################################################################
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
accessLog:
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath: /path/to/log/log.txt
filePath: "/etc/traefik/access.log"
format: common
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format: json
################################################################
# API and dashboard configuration
################################################################
# Enable API and dashboard
#
# Optional
#
api:
# Enable the API in insecure mode
#
# Optional
# Default: false
#
insecure: true
# Enabled Dashboard
#
# Optional
# Default: true
#
dashboard: true
################################################################
# Ping configuration
################################################################
# Enable ping
ping:
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
entryPoint: traefik
################################################################
# Docker configuration backend
################################################################
providers:
# Enable Docker configuration backend
docker:
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
# Default: "unix:///var/run/docker.sock"
#
endpoint: unix:///tmp/docker.sock
# Default host rule.
#
# Optional
# Default: "Host(`{{ normalize .Name }}`)"
#
defaultRule: Host(`{{ normalize .Name }}.domain.tld`)
# Expose containers by default in traefik
#
# Optional
# Default: true
#
exposedByDefault: true
network: home-proxy
file:
directory: /etc/traefik/custom
watch: true
#tls:
# stores:
# default:
# defaultCertificate:
# certFile: /certs/star.domain.tld.crt
# keyFile: /certs/star.domain.tld..key
# certificates:
# - certFile: /certs/star.domain.tld..crt
# keyFile: /certs/star.domain.tld..key
# stores:
# - default
#
certificatesResolvers:
letsencrypt:
acme:
email: email@address.com
storage: /letsencrypt/acme.json
dnsChallenge:
provider: cloudflare
# Used to make sure the dns challenge is propagated to the rights dns servers
# resolvers:
# - "1.1.1.1:53"
# - "1.0.0.1:53"
#
experimental:
plugins:
traefik-real-ip:
moduleName: "github.com/soulbalz/traefik-real-ip"
version: "v1.0.3"
http:
middlewares:
my-traefik-real-ip:
plugin:
traefik-real-ip:
excludednets:
- 1.1.1.1/24
authelia:
forwardAuth:
address: https://authelia:9091/api/verify?rd=https%3A%2F%2Flogin.dudenhoeffer.casa%2F
trustForwardHeader: true
authResponseHeaders:
- "Remote-User"
- "Remote-Groups"
- "Remote-Email"
- "Remote-Name"
authelia-basic:
forwardAuth:
address: https://authelia:9091/api/verify?auth=basic
trustForwardHeader: true
authResponseHeaders:
- "Remote-User"
- "Remote-Groups"
- "Remote-Email"
- "Remote-Name"

2
nuc/whoogle/.env.example Normal file
View File

@@ -0,0 +1,2 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld

19
nuc/whoogle/docker-compose.yml Normal file
View File

@@ -0,0 +1,19 @@
version: "3.8"
services:
whoogle:
image: benbusby/whoogle-search:latest
container_name: whoogle
restart: unless-stopped
networks:
- web
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoogle.rule=Host(`whoogle.${DOMAIN_ROOT}`)"
- "traefik.http.services.whoogle.loadbalancer.server.port=5000"
- 'traefik.http.routers.whoogle.middlewares=authelia@docker'
networks:
web:
external: true

5
nuc/wireguard/.env.example Normal file
View File

@@ -0,0 +1,5 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld
# UI_PASSWORD if set, will be the required password for the admin UI
UI_PASSWORD=

46
nuc/wireguard/docker-compose.yml Normal file
View File

@@ -0,0 +1,46 @@
version: "3"
services:
wireguard:
image: ghcr.io/wg-easy/wg-easy:latest
restart: unless-stopped
container_name: wireguard
labels:
- "traefik.http.services.wireguard.loadbalancer.server.port=51821"
ports:
- target: 51820
published: 51820
protocol: tcp
mode: host
- target: 51820
published: 51820
protocol: udp
mode: host
volumes:
- wireguard_data:/etc/wireguard
environment:
- WG_HOST=wireguard.${DOMAIN_ROOT}
- PASSWORD=${UI_PASSWORD}
- DOMAIN_ROOT=${DOMAIN_ROOT}
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- "net.ipv4.conf.all.src_valid_mark=1"
- "net.ipv4.ip_forward=1"
networks:
- web
networks:
web:
external: true
volumes:
wireguard_data:
external: true