From df054c5ac75c7f01ab428b2fa05fda574cc57e1d Mon Sep 17 00:00:00 2001 From: Toni <81181280+Git-Peacock@users.noreply.github.com> Date: Mon, 9 Feb 2026 16:04:14 +0100 Subject: [PATCH] initial composes --- RPi/Caddy/Caddyfile | 174 ++++++++++++++++++ RPi/Caddy/compose.yaml | 29 +++ RPi/MariaDB/compose.yaml | 33 ++++ RPi/Nextcloud/compose.yaml | 21 +++ RPi/PiHole/compose.yaml | 50 +++++ RPi/Portainer/compose.yaml | 23 +++ RPi/Vaultwarden Docker Compose/compose.yaml | 18 ++ vServer/BeatDock Music Bot/.env | 45 +++++ vServer/BeatDock Music Bot/docker-compose.yml | 38 ++++ vServer/FTP-Server/compose.yaml | 17 ++ vServer/Gitea/compose.yaml | 24 +++ vServer/What-to-Watch/compose.yaml | 55 ++++++ .../hytale-server-manager/docker-compose.yaml | 61 ++++++ 13 files changed, 588 insertions(+) create mode 100644 RPi/Caddy/Caddyfile create mode 100644 RPi/Caddy/compose.yaml create mode 100644 RPi/MariaDB/compose.yaml create mode 100644 RPi/Nextcloud/compose.yaml create mode 100644 RPi/PiHole/compose.yaml create mode 100644 RPi/Portainer/compose.yaml create mode 100644 RPi/Vaultwarden Docker Compose/compose.yaml create mode 100644 vServer/BeatDock Music Bot/.env create mode 100644 vServer/BeatDock Music Bot/docker-compose.yml create mode 100644 vServer/FTP-Server/compose.yaml create mode 100644 vServer/Gitea/compose.yaml create mode 100644 vServer/What-to-Watch/compose.yaml create mode 100644 vServer/hytale-server-manager/docker-compose.yaml diff --git a/RPi/Caddy/Caddyfile b/RPi/Caddy/Caddyfile new file mode 100644 index 0000000..8db0356 --- /dev/null +++ b/RPi/Caddy/Caddyfile @@ -0,0 +1,174 @@ +vault.casademm.de { + log { + level INFO + output file {$LOG_FILE} { + roll_size 10MB + roll_keep 10 + } + } + + + # Use the ACME HTTP-01 challenge to get a cert for the configured domain. + tls {$EMAIL} + + # This setting may have compatibility issues with some browsers + # (e.g., attachment downloading on Firefox). Try disabling this + # if you encounter issues. + encode zstd gzip + + # Proxy everything Rocket + reverse_proxy vaultwarden:80 { + # Send the true remote IP to Rocket, so that vaultwarden can put this in the + # log, so that fail2ban can ban the correct IP. + header_up X-Real-IP {remote_host} + } + + + +} + +https://portainer.casademm.de { + tls {$EMAIL} + + reverse_proxy https://portainer:9443 { + transport http { + tls + tls_insecure_skip_verify + } + } +} + + + +https://heimdall.casademm.de { + tls {$EMAIL} + + reverse_proxy https://heimdall:443 { + transport http { + tls + tls_insecure_skip_verify + } + } +} + +https://fritz.casademm.de { + tls {$EMAIL} + + reverse_proxy https://192.168.178.1 { + transport http { + tls + tls_insecure_skip_verify + } + } +} + + +#https://heidrun.casademm.de { +# tls {$EMAIL} + +# reverse_proxy https://192.168.178.23 { +# transport http { +# tls +# tls_insecure_skip_verify +# } +# } +#} + +hole.casademm.de { + tls {$EMAIL} + + reverse_proxy pihole:443 { + transport http { + tls_insecure_skip_verify + } + } +} + +mb.casademm.de { + tls {$EMAIL} + + reverse_proxy systems.casademm.de:2333 { + transport http { + tls_insecure_skip_verify + } + } +} + +ss.casademm.de { + tls {$EMAIL} + + reverse_proxy systems.casademm.de:8003 { + transport http { + tls_insecure_skip_verify + } + } +} + +ftp.casademm.de { + + + reverse_proxy systems.casademm.de:8080 { + + } +} + +next.casademm.de { + reverse_proxy https://nextcloud:443 { + transport http { + tls_insecure_skip_verify + } + } +} + +wtw.casademm.de { + tls {$EMAIL} + + reverse_proxy http://systems.casademm.de:3630 { + + } +} +https://home.casademm.de { + tls {$EMAIL} + + reverse_proxy https://heimdall:443 { + transport http { + tls + tls_insecure_skip_verify + } + } +} + + +hsm.casademm.de { + tls {$EMAIL} + + reverse_proxy http://systems.casademm.de:3001 { + + } +} + +gitea.casademm.de { + tls {$EMAIL} + + reverse_proxy http://systems.casademm.de:3000 { + + } +} + + + + +act.casademm.de { + #tls {$EMAIL} + + encode gzip zstd + reverse_proxy actual-server:5006 +} + +php.casademm.de { + reverse_proxy http://phpmyadmin:80 +} + +maria.casademm.de { + reverse_proxy mariadb:3306 +} diff --git a/RPi/Caddy/compose.yaml b/RPi/Caddy/compose.yaml new file mode 100644 index 0000000..3f4a1ad --- /dev/null +++ b/RPi/Caddy/compose.yaml @@ -0,0 +1,29 @@ +services: + caddy: + image: dhi.io/caddy:2-debian13-dev + container_name: caddy + restart: always + ports: + - 80:80 # Needed for the ACME HTTP-01 challenge. + - 443:443 + - 443:443/udp # Needed for HTTP/3. + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile:ro + - ./caddy-config:/config + - ./caddy-data:/data + environment: + DOMAIN: "https://vault.casademm.de" # Your domain. + EMAIL: "t.r.martin22699@gmail.com" # The email address to use for ACME registration. + LOG_FILE: "/data/access.log" + networks: + - casa-de-martmann + - proxy + +networks: + casa-de-martmann: + name: casa-de-martmann + external: true + + proxy: + name: proxy + external: true diff --git a/RPi/MariaDB/compose.yaml b/RPi/MariaDB/compose.yaml new file mode 100644 index 0000000..75e818f --- /dev/null +++ b/RPi/MariaDB/compose.yaml @@ -0,0 +1,33 @@ +services: + mariadb: + image: mariadb:latest + container_name: mariadb + restart: always + environment: + MYSQL_ROOT_PASSWORD: bmjsfoznrc + MYSQL_DATABASE: entry + MYSQL_USER: roulette + MYSQL_PASSWORD: bmjsfoznrc + ports: + - "3306:3306" + volumes: + - ./data:/var/lib/mysql + networks: + - casa-de-martmann + + phpmyadmin: + image: phpmyadmin:latest + container_name: phpmyadmin + restart: always + environment: + PMA_HOST: mariadb + ports: + - "8085:80" + depends_on: + - mariadb + networks: + - casa-de-martmann +networks: + casa-de-martmann: + name: casa-de-martmann + external: true diff --git a/RPi/Nextcloud/compose.yaml b/RPi/Nextcloud/compose.yaml new file mode 100644 index 0000000..b73b66a --- /dev/null +++ b/RPi/Nextcloud/compose.yaml @@ -0,0 +1,21 @@ +services: + nextcloud: + image: lscr.io/linuxserver/nextcloud:latest + networks: + - casa-de-martmann + container_name: nextcloud + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - /media/admin/62 GB Volume/Nextcloud_config:/config + - /media/admin/62 GB Volume/Nextcloud_data:/data + ports: + - 4435:443 + restart: unless-stopped + +networks: + casa-de-martmann: + name: casa-de-martmann + external: true diff --git a/RPi/PiHole/compose.yaml b/RPi/PiHole/compose.yaml new file mode 100644 index 0000000..431fa4c --- /dev/null +++ b/RPi/PiHole/compose.yaml @@ -0,0 +1,50 @@ +# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ +services: + pihole: + container_name: pihole + image: pihole/pihole:latest + ports: + # DNS Ports + - "53:53/tcp" + - "53:53/udp" + # Default HTTP Port + - "8081:80/tcp" + # Default HTTPs Port. FTL will generate a self-signed certificate + - "4430:443/tcp" + # Uncomment the line below if you are using Pi-hole as your DHCP server + #- "67:67/udp" + # Uncomment the line below if you are using Pi-hole as your NTP server + #- "123:123/udp" + environment: + # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g: + TZ: 'Europe/Berlin' + # Set a password to access the web interface. Not setting one will result in a random password being assigned + FTLCONF_webserver_api_password: 'bmjsfoznrc' + # If using Docker's default `bridge` network setting the dns listening mode should be set to 'ALL' + FTLCONF_dns_listeningMode: 'ALL' + # Volumes store your data between container upgrades + volumes: + # For persisting Pi-hole's databases and common configuration file + - './etc-pihole:/etc/pihole' + # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true' + #- './etc-dnsmasq.d:/etc/dnsmasq.d' + cap_add: + # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + # Required if you are using Pi-hole as your DHCP server, else not needed + - NET_ADMIN + # Required if you are using Pi-hole as your NTP client to be able to set the host's system time + - SYS_TIME + # Optional, if Pi-hole should get some more processing time + - SYS_NICE + restart: unless-stopped + networks: + - casa-de-martmann + - proxy + +networks: + casa-de-martmann: + name: casa-de-martmann + external: true + proxy: + name: proxy + external: true diff --git a/RPi/Portainer/compose.yaml b/RPi/Portainer/compose.yaml new file mode 100644 index 0000000..fea1eee --- /dev/null +++ b/RPi/Portainer/compose.yaml @@ -0,0 +1,23 @@ +services: + portainer: + container_name: portainer + image: portainer/portainer-ce:lts + restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + + ports: + - 9443:9443 + - 8000:8000 # Remove if you do not intend to use Edge Agents + + networks: + - casa-de-martmann +volumes: + portainer_data: + name: portainer_data + +networks: + casa-de-martmann: + name: casa-de-martmann + external: true diff --git a/RPi/Vaultwarden Docker Compose/compose.yaml b/RPi/Vaultwarden Docker Compose/compose.yaml new file mode 100644 index 0000000..e7d10a7 --- /dev/null +++ b/RPi/Vaultwarden Docker Compose/compose.yaml @@ -0,0 +1,18 @@ +services: + vaultwarden: + networks: + - casa-de-martmann + + image: vaultwarden/server:latest + container_name: vaultwarden + restart: always + environment: + DOMAIN: "https://vault.casademm.de" # Your domain; vaultwarden needs to know it's https to work properly with attachments + SIGNUPS_ALLOWED: "false" + + volumes: + - ./vw-data:/data +networks: + casa-de-martmann: + name: casa-de-martmann + external: true diff --git a/vServer/BeatDock Music Bot/.env b/vServer/BeatDock Music Bot/.env new file mode 100644 index 0000000..a408097 --- /dev/null +++ b/vServer/BeatDock Music Bot/.env @@ -0,0 +1,45 @@ +# Discord Bot Configuration +# Get these from https://discord.com/developers/applications +TOKEN=MTI2Nzc2NTIyODc2NzAyMzE1Ng.Gwa-St.9iFUJwxGvE3aWYGWhS4wqZkg6bWGHh05JoGiWg +CLIENT_ID=1267765228767023156 + +# Optional: Spotify Configuration +# To enable Spotify support, set SPOTIFY_ENABLED=true and provide your credentials +# Get your credentials from: https://developer.spotify.com/dashboard/applications +SPOTIFY_ENABLED=false +SPOTIFY_CLIENT_ID=your_spotify_client_id_here +SPOTIFY_CLIENT_SECRET=your_spotify_client_secret_here + +# Lavalink Server Configuration +LAVALINK_HOST=lavalink +LAVALINK_PORT=2333 +LAVALINK_PASSWORD=youshallnotpass + +# Optional: Language Settings +#DEFAULT_LANGUAGE=en + +# Optional: Disconnection Settings +QUEUE_EMPTY_DESTROY_MS=30000 +EMPTY_CHANNEL_DESTROY_MS=60000 + +# Optional: Permission Settings +# Comma-separated list of role IDs that can use the bot +# Leave empty to allow everyone to use the bot +# Example: ALLOWED_ROLES=123456789012345678,234567890123456789 +ALLOWED_ROLES= + +# Optional: Audio Settings +# Default volume for music playback (0-100, defaults to 80 if not set or invalid) +DEFAULT_VOLUME=80 + +# Optional: Lavalink Reconnection Settings +# Maximum number of reconnection attempts (default: 10) +LAVALINK_MAX_RECONNECT_ATTEMPTS=10 +# Base delay for exponential backoff in milliseconds (default: 1000) +LAVALINK_BASE_DELAY_MS=1000 +# Maximum delay for exponential backoff in milliseconds (default: 30000) +LAVALINK_MAX_DELAY_MS=30000 +# Health check interval in milliseconds (default: 30000) +LAVALINK_HEALTH_CHECK_INTERVAL_MS=30000 +# Reset reconnection attempts after this many minutes (default: 5) +LAVALINK_RESET_ATTEMPTS_AFTER_MINUTES=5 diff --git a/vServer/BeatDock Music Bot/docker-compose.yml b/vServer/BeatDock Music Bot/docker-compose.yml new file mode 100644 index 0000000..659489e --- /dev/null +++ b/vServer/BeatDock Music Bot/docker-compose.yml @@ -0,0 +1,38 @@ +services: + bot: + container_name: beatdock + image: ghcr.io/lazaroagomez/beatdock:latest + build: + context: . + dockerfile: Dockerfile + depends_on: + lavalink: + condition: service_healthy + networks: + - beatdock-network + env_file: .env + + lavalink: + container_name: beatdock-lavalink + image: ghcr.io/lavalink-devs/lavalink:4-alpine + ports: + - "2333:2333" + networks: + - beatdock-network + volumes: + - ./application.yml:/opt/Lavalink/application.yml + environment: + - LAVALINK_PASSWORD=${LAVALINK_PASSWORD:-youshallnotpass} + - SPOTIFY_ENABLED=${SPOTIFY_ENABLED:-false} + - SPOTIFY_CLIENT_ID=${SPOTIFY_CLIENT_ID:-} + - SPOTIFY_CLIENT_SECRET=${SPOTIFY_CLIENT_SECRET:-} + healthcheck: + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "--header=Authorization: ${LAVALINK_PASSWORD:-youshallnotpass}", "http://localhost:2333/version"] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + +networks: + beatdock-network: + name: beatdock_network diff --git a/vServer/FTP-Server/compose.yaml b/vServer/FTP-Server/compose.yaml new file mode 100644 index 0000000..81cb7f9 --- /dev/null +++ b/vServer/FTP-Server/compose.yaml @@ -0,0 +1,17 @@ +services: + file-server: + build: . + container_name: simple-ftp + image: gitea.casademm.de/peacock/simple-ftp:latest + ports: + - "8080:3000" + volumes: + - ./uploads:/app/uploads + environment: + - PORT=3000 + - DB_HOST=maria.casademm.de + - DB_PORT=3306 + - DB_USER=sysftp + - DB_PASSWORD=bmjsfoznrc + - DB_NAME=sysftp + restart: unless-stopped diff --git a/vServer/Gitea/compose.yaml b/vServer/Gitea/compose.yaml new file mode 100644 index 0000000..1a5b803 --- /dev/null +++ b/vServer/Gitea/compose.yaml @@ -0,0 +1,24 @@ +networks: + gitea: + external: false + +services: + gitea: + image: docker.gitea.com/gitea:latest + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + restart: always + networks: + - gitea + volumes: + - gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" + - "222:22" + +volumes: + gitea: \ No newline at end of file diff --git a/vServer/What-to-Watch/compose.yaml b/vServer/What-to-Watch/compose.yaml new file mode 100644 index 0000000..c31eb07 --- /dev/null +++ b/vServer/What-to-Watch/compose.yaml @@ -0,0 +1,55 @@ +# Comments are provided throughout this file to help you get started. +# If you need more help, visit the Docker Compose reference guide at +# https://docs.docker.com/go/compose-spec-reference/ + +# Here the instructions define your application as a service called "server". +# This service is built from the Dockerfile in the current directory. +# You can add other services your application may depend on here, such as a +# database or a cache. For examples, see the Awesome Compose repository: +# https://github.com/docker/awesome-compose +services: + what-to-watch: + restart: unless-stopped + image: gitea.casademm.de/peacock/what-to-watch:latest + container_name: what-to-watch + build: + context: . + env_file: ".env" + environment: + NODE_ENV: production + ports: + - 3630:3630 + +# The commented out section below is an example of how to define a PostgreSQL +# database that your application can use. `depends_on` tells Docker Compose to +# start the database before your application. The `db-data` volume persists the +# database data between container restarts. The `db-password` secret is used +# to set the database password. You must create `db/password.txt` and add +# a password of your choosing to it before running `docker-compose up`. +# depends_on: +# db: +# condition: service_healthy +# db: +# image: postgres +# restart: always +# user: postgres +# secrets: +# - db-password +# volumes: +# - db-data:/var/lib/postgresql/data +# environment: +# - POSTGRES_DB=example +# - POSTGRES_PASSWORD_FILE=/run/secrets/db-password +# expose: +# - 5432 +# healthcheck: +# test: [ "CMD", "pg_isready" ] +# interval: 10s +# timeout: 5s +# retries: 5 +# volumes: +# db-data: +# secrets: +# db-password: +# file: db/password.txt + diff --git a/vServer/hytale-server-manager/docker-compose.yaml b/vServer/hytale-server-manager/docker-compose.yaml new file mode 100644 index 0000000..dbd3eb3 --- /dev/null +++ b/vServer/hytale-server-manager/docker-compose.yaml @@ -0,0 +1,61 @@ +services: + hytale-server-manager: + image: ghcr.io/nebula-codes/hytale-server-manager:0.3.26 + container_name: hytale-server-manager + restart: unless-stopped + ports: + - "3001:3001/tcp" + - "5520-5550:5520-5550/udp" + environment: + # User/Group ID for file permissions (use `id` command to find yours) + - PUID=1000 + - PGID=1000 + - NODE_ENV=production + - PORT=3001 + - HOST=0.0.0.0 + # Required secrets - generate your own! + # Generate with: openssl rand -hex 64 + - JWT_SECRET=9aa8cdb1d18b97eaf60df70887c7f6e56cf115ad3eae2cb18fa3bc3ada63dcb6698da56ba580e4aa27a0d5c4a1cc312ae27f7f0c1c1a2afaaf26f268520a3883 + - JWT_REFRESH_SECRET=4e1c002c146097d359ddaa1981e4c90b017baf745c0cda2b0f088398c69223e59e545333bb0ba722084efb429fbf46e70c23d484cc29419d7f2e43e86223c38a + # Generate with: openssl rand -hex 16 + - SETTINGS_ENCRYPTION_KEY=0858a7eca8008302ac47b9328934240c + - INSECURE_COOKIES=true + # CORS origin - set to your server's URL for external access + - CORS_ORIGIN=https://systems.casademm.de:3001 + # Rate limiting + - RATE_LIMIT_WINDOW=900000 # 15 minutes in milliseconds + - RATE_LIMIT_MAX=1000 # Max requests per window + # Optional: Discord notifications + - DISCORD_ENABLED=true + - DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/1465337328401912022/tWhIgavQrxqEWa7BWlC-65-YoMO5OElHU-J82Yu7g_BXXZXZ2ivFCkzxp7O8zR9SSsjm + # File upload limit + - MAX_FILE_UPLOAD_SIZE=314572800 # 52428800 = 50MB in bytes (default) + volumes: + # Database persistence + - hsm-database:/app/data/db + # Game server files + - hsm-servers:/app/servers + # Backup storage + - hsm-backups:/app/data/backups + # Application logs + - hsm-logs:/app/logs + # SSL certificates (if using HTTPS) + - hsm-certs:/app/data/certs + # Hytale downloader tool + - hsm-downloader:/app/data/hytale-downloader + # Machine ID for system identification + - /etc/machine-id:/etc/machine-id:ro + healthcheck: + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3001/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + +volumes: + hsm-database: + hsm-servers: + hsm-backups: + hsm-logs: + hsm-certs: + hsm-downloader: