diff --git a/homenetwork/nas/gateway.yml b/homenetwork/gateway/gateway.yml similarity index 68% rename from homenetwork/nas/gateway.yml rename to homenetwork/gateway/gateway.yml index 6c4c348..9a6c737 100644 --- a/homenetwork/nas/gateway.yml +++ b/homenetwork/gateway/gateway.yml @@ -8,16 +8,12 @@ services: - PUID=1000 - PGID=100 - TZ=Etc/UTC - - URL=vbchaos.nl + - URL=mitscherlich.nl - VALIDATION=http - - SUBDOMAINS=nc,esp,git,grafana,registry,registrybrowser,svn,vpn,vaultwarden,collabora - - CERTPROVIDER= #optional - - DNSPLUGIN=cloudflare #optional - - PROPAGATION= #optional - - EMAIL= matthias.mitscherlich@gmail.com - - ONLY_SUBDOMAINS=false #optional - - EXTRA_DOMAINS= #optional - - STAGING=false #optional + - SUBDOMAINS=nc,esp,git,jenkins,registry,registrybrowser,svn,vpn,vaultwarden,collabora +# - EMAIL= matthias@mitscherlich.nl + - ONLY_SUBDOMAINS=true + - EXTRA_DOMAINS=nc.vbchaos.nl,vaultwarden.vbchaos.nl,vpn.vbchaos.nl,registry.vbchaos.nl,git.vbchaos.nl #optional volumes: - /docker_config/swag:/config ports: @@ -34,7 +30,7 @@ services: ports: - 5555:80 environment: - - DOMAIN=https://vaultwarden.vbchaos.nl + - DOMAIN=https://vaultwarden.mitscherlich.nl - LOGIN_RATELIMIT_MAX_BURST=10 - LOGIN_RATELIMIT_SECONDS=60 - ADMIN_RATELIMIT_MAX_BURST=10 @@ -47,7 +43,7 @@ services: - SIGNUPS_VERIFY=true - SIGNUPS_VERIFY_RESEND_TIME=3600 - SIGNUPS_VERIFY_RESEND_LIMIT=5 - - SIGNUPS_DOMAINS_WHITELIST=vbchaos.nl + - SIGNUPS_DOMAINS_WHITELIST=vbchaos.nl,mitscherlich.nl - SMTP_HOST=smtp.gmail.com - SMTP_FROM=vaultwarden@vbchaos.nl - SMTP_FROM_NAME=Vaultwarden @@ -70,12 +66,11 @@ services: - /dev/net/tun restart: always - docker_config: - image: registry.vbchaos.nl/rclone - container_name: backup_docker_config - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/docker/gateway - - CRON_SCHEDULE=0 1-23/4 * * * + go-transip-dyndns: + build: + context: ./transip + container_name: transip-dyndns volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /docker_config:/backup + - ./go-transip-dyndns.toml:/etc/go-transip-dyndns.toml + restart: unless-stopped + diff --git a/homenetwork/gateway/go-transip-dyndns.toml b/homenetwork/gateway/go-transip-dyndns.toml new file mode 100644 index 0000000..6815488 --- /dev/null +++ b/homenetwork/gateway/go-transip-dyndns.toml @@ -0,0 +1,126 @@ +[general] +# +# Enable verbose mode (debugging information). +# Disabled by default. +# +verbose = true + +# +# Pull in your public IPv4 address. +# +IPv4 = true + +# +# Pull in your public IPv6 address. +# Only use when you have an IPv6 address. +# +IPv6 = false + +# +# Update in keep running mode every x (in minutes) +# +update-frequency = 10 + +[account] +# +# Your account name on transip. +# +username = "vbchaos" +# +# Private key to get access the API. +# Create your own key here: https://www.transip.nl/cp/account/api/. +# +# You have two options here. +# Include the private key in the configuration file. +# +# Example: +# private-key = """-----BEGIN PRIVATE KEY----- +#...Your certificate data... +#-----END PRIVATE KEY-----""" +# +# or +# +# provide the path to the file that contains the private key. +# +# Example: +# private-key = "/path/to/key.pem" +# +# Mind the """content""" (3x) quote for including the key in the config and the "path" (1) for the path... +# +private-key = """-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD5474i9JqiG3Kg +xhGB5wJE3BosGfMXX46Ct3Y9t1v7i0tGuu977RDRw/IvekLbYhBWSozk5Rsg/gZy +a0hPelJ/N0L17GUwu8YWudRSc/51E2Xik10yDH99CDZAdI7dQYgW2uXhiYcxzNNJ +XnBdv1UejV/zYpRWqXJppHlQzYU2tVFVeXrfXBOuHsXE8kFy1Vi9wUZ9zbuAKu2M +HzmMQNdnZMb/cf+4iSkla4vYhZbXTwxlcOzr/zyhvQuIxM6h/nK/wwHiozVij2bl +zzdx83t4HRUXRjwyUTrvCRqV54LGL5BZLyVwvqsJQCrw8Yot9tfExfzB3UH56WcZ +qIgqXLvhAgMBAAECggEAEqgjQP7cMLA17bT8B6PUsolwVsyVLrCOtkm2RUNUVcJ/ +m0dHrAv2DoM/qLXLGhAHQjoMrOZCEUOF/bLu0ihC0oawtCWzJGFQl8/F/2XzoJAT +MkhoU91FA3PCgStyoyhKXdJ4CU+4TUqKl9a6MvWfCEnr2QMKKjI6fZKvEA5YHM5l +AIqBng/jFD2VKBLu8Le9nmM8GvA+exdi8DkyuS7ui23VqpRwvoiEK6my+qxom7e5 +t1hOUn5SJWZHBoleB+g5mdmzDQat1cqcHDYZkbWoyoxNecIp3CPOU3L7Lwf/drRj +pJM4w6WrTliehcdCkCXTy6K8QbLew+X+KfrqVmDKRQKBgQD+K+o8TbiwDHzYNDOf +CI9PYIqO7EGWulQya3kRmyHIXg1GWTyqwOyf0QHeiiJzImJLLGwpXPfDSuBTrlrf +xGFMrqdRxcyxbGX4mMRkOfG8IbhEMA9k74S5bi9kYQcGHMey2wA0+1GRPyVSGEK4 +F7u4GmX+PytZUyuq9kQ1POniMwKBgQD7r/EtsTaBL2+7kNg3zlNO4+RkedQPq6Iz +U38g29hjnlQLYRan18mZYesHpImUZYnZE6lGNhq/GJRj48+PeP1j55pb5HOWF4S7 +2RdJ48KfrFmeTpB7/+ZGa81HZJU5tUo77oVNH6bPzwbeKYcyYs51cg0gIRy4ok6A +Bj7mFlsdmwKBgQCnZw0TQq1NZiwjyd3l9KFOymr3zysztu0VeCt5KQ+LBEcB+mw2 +mnI+oE324EvoQNE0acGjTJPykDJHayJ3FsRu2OlitkAm6xoOLa/Lw04vdpYCcxTw +icCE0Mlt92nE4Ne2OP9d5djHLSvLcicfUKJWkyxx0/EdF+Y+54vs9H2meQKBgBds +KUK6Ujs1ge1vrl+LKP+Xf8LF/7ExpNen9pXFP98Ndf7VGzmlgFJw5WGBs3gG9wwn +o0IweM6959lf8woEFXi9rgTNPuCB8c1Vh7BNrOgVLwXng9S2XOTC1YjGWIjVUUJA +kVE7F9gRCS+Vp8pNna8aXRRXYIfiOvH5ItNg0zvvAoGBAJi0XYBJl9N5M6X5I1ZQ +t14eETqhvqUfZh/q+VTit5cu1mbz/qkf4+Ok6FfqwV5pWzwNiT1fo5p/NQXTb6ee +NCULDTwiV3x26LJXgQ/Nap7UI7v4UTAI6FPcyuEqhxe2zchiE+eh2J1VPvru1Dii +FM37lMkICyTFFIc/s1x86VNX +-----END PRIVATE KEY-----""" + +# +# The DNS record you want to update. +# You can have as many as you want. +# +#[[record]] +# +# the domain name where the record should be updated. +# +#hostname = "example.com" +# +# The entry key for the domain +# in this example my-home.example.com is the full dns entry we are creating here. +# +# use @ if you want to redirect the root domain. +# +#entry = "my-home" +# +# The caching time in seconds. +# +#ttl = 60 +# +# The record type. +# A for IPv4 +# AAAA for IPv6 +# but can also be MX TXT SRV +# +#type = "A" +# +# content that will be pushed into the record. +# this value is ignored for A and AAAA records. +# for other records you can use the placeholders {{.IPv4}} and {{.IPv6}} +# to inject the IP's +# +# content = "" + +[[record]] +hostname = "vbchaos.nl" +entry = "*" +ttl = 300 +type = "A" +content = "" + +[[record]] +hostname = "vbchaos.nl" +entry = "@" +ttl = 300 +type = "A" +content = "" diff --git a/homenetwork/gateway/transip/Dockerfile b/homenetwork/gateway/transip/Dockerfile new file mode 100644 index 0000000..e22d7ec --- /dev/null +++ b/homenetwork/gateway/transip/Dockerfile @@ -0,0 +1,5 @@ +FROM alpine:latest + +RUN apk add --no-cache tzdata +COPY go-transip-dyndns /usr/bin +CMD ["/usr/bin/go-transip-dyndns", "update", "-k"] diff --git a/homenetwork/gateway/transip/go-transip-dyndns b/homenetwork/gateway/transip/go-transip-dyndns new file mode 100755 index 0000000..ea411f6 Binary files /dev/null and b/homenetwork/gateway/transip/go-transip-dyndns differ diff --git a/homenetwork/nas/magicmirror.yml b/homenetwork/nas/magicmirror.yml new file mode 100644 index 0000000..dc58c50 --- /dev/null +++ b/homenetwork/nas/magicmirror.yml @@ -0,0 +1,17 @@ +services: + magicmirror: + image: karsten13/magicmirror:latest + ports: + - "8083:8080" + volumes: + - magicmirror_config:/opt/magic_mirror/config + - magicmirror_modules:/opt/magic_mirror/modules + - magicmirror_css:/opt/magic_mirror/css + restart: unless-stopped + command: + - npm + - run + - server + deploy: + placement: + constraints: [node.labels.isDNS == false] diff --git a/homenetwork/nas/nextcloud-fpm/docker-compose.yml b/homenetwork/nas/nextcloud-fpm/docker-compose.yml deleted file mode 100644 index 7eabe7e..0000000 --- a/homenetwork/nas/nextcloud-fpm/docker-compose.yml +++ /dev/null @@ -1,141 +0,0 @@ -version: "3" - -volumes: - nchome: - driver: local - driver_opts: - type: none - o: bind - device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/home - ncdb: - driver: local - driver_opts: - type: none - o: bind - device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/database - ncdata: - driver: local - driver_opts: - type: none - o: bind - device: /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/nextcloud/storage - - -services: - db: - image: mariadb:10.6 - restart: always - command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW - volumes: - - ncdb:/var/lib/mysql:Z - environment: - - MYSQL_ROOT_PASSWORD=rootpw - - MYSQL_PASSWORD=password - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - aio-imaginary: - image: nextcloud/aio-imaginary:latest - restart: always - environment: - - PORT=9000 - ports: - - 9999:9000 - command: -concurrency 50 -enable-url-source - - nextcloud: - build: - context: ./nc-fpm - args: - UID: ${MUID} - GID: ${MGID} - restart: always - links: - - db - volumes: - - nchome:/var/www/html:z - - ncdata:/var/www/html/data - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/:/ex_storage/ - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/fearium:/ex_storage/bands/fearium - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/breakpointnine:/ex_storage/bands/breakpointnine - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/lastfloorright:/ex_storage/bands/lastfloorright - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/nofunkallowed:/ex_storage/bands/nofunkallowed - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/music:/ex_storage/music - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/video:/ex_storage/video - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/repositories:/ex_storage/repositories - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/hwsw:/ex_storage/hwsw - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/timelapse:/ex_storage/timelapse - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/pictures:/ex_storage/pictures - - environment: - - MYSQL_PASSWORD=password - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MYSQL_HOST=db - - REDIS_HOST=redis - -# collabora: -# image: collabora/code:latest -# restart: unless-stopped -# environment: -# - password=password -# - username=nextcloud -# - extra_params=--o:ssl.enable=true -# ports: -# - 9980:9980 - - - nginx: - build: - context: ./nginx - args: - UID: ${MUID} - GID: ${MGID} - restart: always - ports: - - 8888:80 - links: - - nextcloud - volumes: - - nchome:/var/www/html:z,ro - - redis: - build: - context: ./redis - args: - UID: ${MUID} - GID: ${MGID} - restart: always - - cron: - build: - context: ./nc-fpm - args: - UID: ${MUID} - GID: ${MGID} - restart: always - volumes: - - nchome:/var/www/html:z - - ncdata:/var/www/html/data - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/:/ex_storage/ - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/fearium:/ex_storage/bands/fearium - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/breakpointnine:/ex_storage/bands/breakpointnine - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/lastfloorright:/ex_storage/bands/lastfloorright - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/nofunkallowed:/ex_storage/bands/nofunkallowed - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/music:/ex_storage/music - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/video:/ex_storage/video - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/repositories:/ex_storage/repositories - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/hwsw:/ex_storage/hwsw - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/timelapse:/ex_storage/timelapse - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/pictures:/ex_storage/pictures - - environment: - - MYSQL_PASSWORD=password - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MYSQL_HOST=db - - REDIS_HOST=redis - entrypoint: /cron.sh - depends_on: - - nextcloud - diff --git a/homenetwork/nas/nextcloud-fpm/nc-fpm/Dockerfile b/homenetwork/nas/nextcloud-fpm/nc-fpm/Dockerfile deleted file mode 100644 index 08834be..0000000 --- a/homenetwork/nas/nextcloud-fpm/nc-fpm/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM nextcloud:fpm - -ARG UID=1000 -ARG GID=1000 - -#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid 82 www-data -RUN usermod -u $UID -o www-data -RUN apt update \ - && apt -y install libmagickcore-6.q16-6-extra ffmpeg imagemagick ghostscript \ - && apt clean - -# Add custom cron job for previews -RUN echo '*/15 * * * * php /var/www/html/occ preview:pre-generate' >> /var/spool/cron/crontabs/www-data diff --git a/homenetwork/nas/nextcloud-fpm/nginx/Dockerfile b/homenetwork/nas/nextcloud-fpm/nginx/Dockerfile deleted file mode 100644 index 5e76d82..0000000 --- a/homenetwork/nas/nextcloud-fpm/nginx/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -#FROM nginx:alpine -FROM nginx:bullseye - -ARG UID=1000 -ARG GID=1000 - -RUN usermod -u $UID -o www-data - -#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid $UID www-data - -COPY nginx.conf /etc/nginx/nginx.conf diff --git a/homenetwork/nas/nextcloud-fpm/nginx/nginx.conf b/homenetwork/nas/nextcloud-fpm/nginx/nginx.conf deleted file mode 100644 index 7b6e48c..0000000 --- a/homenetwork/nas/nextcloud-fpm/nginx/nginx.conf +++ /dev/null @@ -1,175 +0,0 @@ -user www-data; -worker_processes auto; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - # Prevent nginx HTTP Server Detection - server_tokens off; - - keepalive_timeout 65; - - #gzip on; - - upstream php-handler { - server nextcloud:9000; - } - - - server { - listen 80; - - # HSTS settings - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - - # set max upload size - client_max_body_size 512M; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Pagespeed is not supported by Nextcloud, so if your server is built - # with the `ngx_pagespeed` module, uncomment this line to disable it. - #pagespeed off; - - # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - # Specify how to handle directories -- specifying `/index.php$request_uri` - # here as the fallback means that Nginx always exhibits the desired behaviour - # when a client requests a path that corresponds to a directory that exists - # on the server. In particular, if that directory contains an index.php file, - # that file is correctly served; if it doesn't, then the request is passed to - # the front-end controller. This consistent behaviour means that we don't need - # to specify custom rules for certain paths (e.g. images and other assets, - # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus - # `try_files $uri $uri/ /index.php$request_uri` - # always provides the desired behaviour. - index index.php index.html /index.php$request_uri; - - # Rule borrowed from `.htaccess` to handle Microsoft DAV clients - location = / { - if ( $http_user_agent ~ ^DavClnt ) { - return 302 /remote.php/webdav/$is_args$args; - } - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Make a regex exception for `/.well-known` so that clients can still - # access it despite the existence of the regex rule - # `location ~ /(\.|autotest|...)` which would otherwise handle requests - # for `/.well-known`. - location ^~ /.well-known { - # The rules in this block are an adaptation of the rules - # in `.htaccess` that concern `/.well-known`. - - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } - - location /.well-known/acme-challenge { try_files $uri $uri/ =404; } - location /.well-known/pki-validation { try_files $uri $uri/ =404; } - - # Let Nextcloud's API for `/.well-known` URIs handle all other - # requests by passing them to the front-end controller. - return 301 /index.php$request_uri; - } - - # Rules borrowed from `.htaccess` to hide certain paths from clients - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } - - # Ensure this block, which passes PHP files to the PHP process, is above the blocks - # which handle static assets (as seen below). If this block is not declared first, - # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` - # to the URI, resulting in a HTTP 500 error response. - location ~ \.php(?:$|/) { - # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; - - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - set $path_info $fastcgi_path_info; - - try_files $fastcgi_script_name =404; - - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - #fastcgi_param HTTPS on; - - fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice - fastcgi_param front_controller_active true; # Enable pretty urls - fastcgi_pass php-handler; - - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ \.(?:css|js|svg|gif)$ { - try_files $uri /index.php$request_uri; - expires 6M; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - } - - location ~ \.woff2?$ { - try_files $uri /index.php$request_uri; - expires 7d; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - } - - # Rule borrowed from `.htaccess` - location /remote { - return 301 /remote.php$request_uri; - } - - location / { - try_files $uri $uri/ /index.php$request_uri; - } - } -} diff --git a/homenetwork/nas/nextcloud-fpm/redis/Dockerfile b/homenetwork/nas/nextcloud-fpm/redis/Dockerfile deleted file mode 100644 index 5770389..0000000 --- a/homenetwork/nas/nextcloud-fpm/redis/Dockerfile +++ /dev/null @@ -1,6 +0,0 @@ -FROM redis:latest - -ARG UID=1000 -ARG GID=1000 - -RUN usermod -u $UID -o www-data diff --git a/homenetwork/nas/nextcloud-fpm/start.sh b/homenetwork/nas/nextcloud-fpm/start.sh deleted file mode 100755 index 58e6caf..0000000 --- a/homenetwork/nas/nextcloud-fpm/start.sh +++ /dev/null @@ -1,3 +0,0 @@ -MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose build --no-cache -MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose up -d --force-recreate - diff --git a/homenetwork/nas/openvpn.sh b/homenetwork/nas/openvpn.sh deleted file mode 100755 index ebba12d..0000000 --- a/homenetwork/nas/openvpn.sh +++ /dev/null @@ -1,13 +0,0 @@ -OVPN_DATA="ovpn_data" -CLIENTNAME="matthias" - -# Create the docker volume to store certificates and configuration -docker volume create --opt type=none --opt o=bind --opt device=/srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/openvpn --name $OVPN_DATA -docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://vpn.vbchaos.nl -docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki - -docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --name OpenVPN --cap-add=NET_ADMIN --device=/dev/net/tun kylemanna/openvpn - -docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full $CLIENTNAME nopass - -docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn diff --git a/homenetwork/nas/rclone-start.sh b/homenetwork/nas/rclone-start.sh deleted file mode 100755 index 96e7972..0000000 --- a/homenetwork/nas/rclone-start.sh +++ /dev/null @@ -1,2 +0,0 @@ -docker compose -f rclone_storage.yml up -d -docker compose -f rclone_nextcloud.yml up -d diff --git a/homenetwork/nas/rclone_nextcloud.yml b/homenetwork/nas/rclone_nextcloud.yml deleted file mode 100644 index da8700f..0000000 --- a/homenetwork/nas/rclone_nextcloud.yml +++ /dev/null @@ -1,33 +0,0 @@ - -name: backup_nextcloud - -services: - nc_storage: - image: registry.vbchaos.nl/rclone - container_name: backup_nextcloud_storage - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/nextcloud/storage --exclude=storage/appdata_*/** - - CRON_SCHEDULE=0 0-23/1 * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/nextcloud:/backup - - nc_home: - image: registry.vbchaos.nl/rclone - container_name: backup_nextcloud_home - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/nextcloud/home - - CRON_SCHEDULE=0 0-23/1 * * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/home:/backup - - nc_db: - image: registry.vbchaos.nl/rclone - container_name: backup_nextcloud_database - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/nextcloud/database - - CRON_SCHEDULE=0 0-23/1 * * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/database:/backup diff --git a/homenetwork/nas/rclone_storage.yml b/homenetwork/nas/rclone_storage.yml deleted file mode 100644 index 3c6454c..0000000 --- a/homenetwork/nas/rclone_storage.yml +++ /dev/null @@ -1,94 +0,0 @@ - -name: backup_storage - -services: - docker_config: - image: registry.vbchaos.nl/rclone - container_name: backup_docker_config - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/docker_config - - CRON_SCHEDULE=0 1-23/4 * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config:/backup - - bands: - image: registry.vbchaos.nl/rclone - container_name: backup_bands - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/bands - - CRON_SCHEDULE=0 1-23/4 * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands:/backup - - hwsw: - image: registry.vbchaos.nl/rclone - container_name: backup_hwsw - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/hwsw - - CRON_SCHEDULE=0 1-23/4 * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/hwsw:/backup - - music: - image: registry.vbchaos.nl/rclone - container_name: bs_music - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/music - - CRON_SCHEDULE=0 2-23/4 * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/music:/backup - - pictures: - image: registry.vbchaos.nl/rclone - container_name: backup_pictures - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/pictures - - CRON_SCHEDULE=0 2-23/4 * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/pictures:/backup - - repositories: - image: registry.vbchaos.nl/rclone - container_name: backup_repositories - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/repositories - - CRON_SCHEDULE=0 2-23/4 * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/repositories:/backup - - video: - image: registry.vbchaos.nl/rclone - container_name: backup_video - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/video - - CRON_SCHEDULE=0 2-23/4 * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/video:/backup - - work: - image: registry.vbchaos.nl/rclone - container_name: backup_work - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/work - - CRON_SCHEDULE=0 2-23/4 * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/work:/backup - - timelapse: - image: registry.vbchaos.nl/rclone - container_name: backup_timelapse - environment: - - COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/timelapse - - CRON_SCHEDULE=0 0 * * * - volumes: - - ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/timelapse:/backup - diff --git a/homenetwork/nas/vaultwarden.yml b/homenetwork/nas/vaultwarden.yml deleted file mode 100644 index 83d9d9a..0000000 --- a/homenetwork/nas/vaultwarden.yml +++ /dev/null @@ -1,35 +0,0 @@ -version: '3' - -services: - vaultwarden: - container_name: vaultwarden - image: vaultwarden/server:latest - restart: unless-stopped - volumes: - - /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/vaultwarden:/data/ - ports: - - 5555:80 - environment: - - DOMAIN=https://vaultwarden.vbchaos.nl - - LOGIN_RATELIMIT_MAX_BURST=10 - - LOGIN_RATELIMIT_SECONDS=60 - - ADMIN_RATELIMIT_MAX_BURST=10 - - ADMIN_RATELIMIT_SECONDS=2 - - ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$Vv4wT0EpGslsEAHpgw+U1FwxUQjguK9qkwJQB7WLP+k$$7lBaj+G9jLyXj5MxC2RqNGyGw0/vjOzcgwk4ArN6BVM - - SENDS_ALLOWED=true - - EMERGENCY_ACCESS_ALLOWED=true - - WEB_VAULT_ENABLED=true - - SIGNUPS_ALLOWED=false - - SIGNUPS_VERIFY=false - - SIGNUPS_VERIFY_RESEND_TIME=3600 - - SIGNUPS_VERIFY_RESEND_LIMIT=5 -# - SIGNUPS_DOMAINS_WHITELIST=vbchaos.nl,hotmail.com,gmail.com - - SMTP_HOST=smtp.gmail.com - - SMTP_FROM=vaultwarden@vbchaos.nl - - SMTP_FROM_NAME=Vaultwarden - - SMTP_SECURITY=starttls - - SMTP_PORT=587 - - SMTP_USERNAME=matthias.mitscherlich@gmail.com - - SMTP_PASSWORD=oomgyoiqepsqaikn - - SMTP_AUTH_MECHANISM="Login" - diff --git a/homenetwork/swarm/grafana.yml b/homenetwork/swarm/grafana.yml deleted file mode 100644 index 009d37a..0000000 --- a/homenetwork/swarm/grafana.yml +++ /dev/null @@ -1,125 +0,0 @@ -version: '3.8' - -networks: - grafana_network: - driver: overlay - attachable: true - -configs: - prometheus_config: - external: true - -volumes: - prometheus_data: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/grafana_tmp_data/prometheus - - grafana_data: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/grafana_tmp_data/grafana - - loki_data: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/grafana_tmp_data/loki - - - -services: - -# loki: -# image: grafana/loki:2.6.1 -# user: "0:0" -# volumes: -# - loki_data:/loki -# ports: -# - "3100:3100" -# command: -config.file=/etc/loki/local-config.yaml - -# promtail: -# image: grafana/promtail:2.6.1 -# user: "0:0" -# volumes: -# - /var/log:/var/log -# command: -config.file=/etc/promtail/config.yml - - prometheus: -# user: "0:0" - hostname: prometheus - image: prom/prometheus - environment: - - TZ=Europe/Berlin #change Time Zone if needed - configs: - - source: prometheus_config - target: /etc/prometheus/prometheus.yml - volumes: - - prometheus_data:/prometheus - command: - - '--config.file=/etc/prometheus/prometheus.yml' - networks: - - grafana_network - ports: - - 9090:9090 - deploy: - placement: - constraints: [node.labels.isDNS == false] - - grafana: -# user: "0:0" - hostname: grafana - image: grafana/grafana - environment: - - TZ=Europe/Amsterdam -# configs: -# - source: grafana_config -# target: /etc/grafana/grafana.ini - volumes: - - grafana_data:/var/lib/grafana - networks: - - grafana_network - ports: - - 3300:3000 - deploy: - placement: - constraints: [node.labels.isDNS == false] - - - node-exporter: - image: prom/node-exporter:latest - deploy: - mode: global - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /:/rootfs:ro - command: - - '--path.procfs=/host/proc' - - '--path.rootfs=/rootfs' - - '--path.sysfs=/host/sys' - - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' - networks: - - grafana_network - ports: - - "9100:9100" - deploy: - mode: global - - tado-exporter: - image: registry.vbchaos.nl/tado-exporter:arm64 - hostname: tado-exporter - environment: - EXPORTER_USERNAME: matthias.mitscherlich@gmail.com - EXPORTER_PASSWORD: 14Mai1984 - networks: - - grafana_network - ports: - - "9898:9898" - deploy: - placement: - constraints: [node.labels.isDNS == false] - diff --git a/homenetwork/swarm/magicmirror.yml b/homenetwork/swarm/magicmirror.yml deleted file mode 100644 index 8ac1eab..0000000 --- a/homenetwork/swarm/magicmirror.yml +++ /dev/null @@ -1,40 +0,0 @@ -version: '3' - -volumes: - magicmirror_config: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/docker_config/magicmirror/config - - magicmirror_modules: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/docker_config/magicmirror/modules - - magicmirror_css: - driver_opts: - type: nfs - o: addr=dockerstorage,nfsvers=4 - device: :/docker_config/magicmirror/css - - -services: - magicmirror: - image: karsten13/magicmirror:latest - ports: - - "8083:8080" - volumes: - - magicmirror_config:/opt/magic_mirror/config - - magicmirror_modules:/opt/magic_mirror/modules - - magicmirror_css:/opt/magic_mirror/css - restart: unless-stopped - command: - - npm - - run - - server - deploy: - placement: - constraints: [node.labels.isDNS == false] - diff --git a/homenetwork/swarm/portainer-agent-stack.yml b/homenetwork/swarm/portainer-agent-stack.yml deleted file mode 100644 index dc6876c..0000000 --- a/homenetwork/swarm/portainer-agent-stack.yml +++ /dev/null @@ -1,39 +0,0 @@ -version: '3.2' - -services: - agent: - image: portainer/agent:2.19.4 - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /var/lib/docker/volumes:/var/lib/docker/volumes - networks: - - agent_network - deploy: - mode: global - placement: - constraints: [node.platform.os == linux] - - portainer: - image: portainer/portainer-ce:2.19.4 - command: -H tcp://tasks.agent:9001 --tlsskipverify - ports: - - "9443:9443" - - "9000:9000" - - "8000:8000" - volumes: - - portainer_data:/data - networks: - - agent_network - deploy: - mode: replicated - replicas: 1 - placement: - constraints: [node.role == manager] - -networks: - agent_network: - driver: overlay - attachable: true - -volumes: - portainer_data: diff --git a/homenetwork/swarm/start.sh b/homenetwork/swarm/start.sh deleted file mode 100755 index 1a62a81..0000000 --- a/homenetwork/swarm/start.sh +++ /dev/null @@ -1,2 +0,0 @@ -docker stack deploy -c portainer-agent-stack.yml portainer -docker stack deploy -c grafana.yml --with-registry-auth grafana