initial composes

2026-02-09 16:04:14 +01:00
commit df054c5ac7
13 changed files with 588 additions and 0 deletions
--- a/RPi/Caddy/Caddyfile
+++ b/RPi/Caddy/Caddyfile
@@ -0,0 +1,174 @@
+vault.casademm.de {
+  log {
+    level INFO
+    output file {$LOG_FILE} {
+      roll_size 10MB
+      roll_keep 10
+    }
+  }
+
+
+  # Use the ACME HTTP-01 challenge to get a cert for the configured domain.
+  tls {$EMAIL}
+
+  # This setting may have compatibility issues with some browsers
+  # (e.g., attachment downloading on Firefox). Try disabling this
+  # if you encounter issues.
+  encode zstd gzip
+
+  # Proxy everything Rocket
+  reverse_proxy vaultwarden:80 {
+       # Send the true remote IP to Rocket, so that vaultwarden can put this in the
+       # log, so that fail2ban can ban the correct IP.
+       header_up X-Real-IP {remote_host}
+  }
+  
+  
+  
+}
+
+https://portainer.casademm.de {
+    tls {$EMAIL}
+
+    reverse_proxy https://portainer:9443 {
+        transport http {
+            tls
+            tls_insecure_skip_verify
+        }
+    }
+}
+
+
+
+https://heimdall.casademm.de {
+    tls {$EMAIL}
+
+    reverse_proxy https://heimdall:443 {
+        transport http {
+            tls
+            tls_insecure_skip_verify
+        }
+    }
+}
+
+https://fritz.casademm.de {
+    tls {$EMAIL}
+
+    reverse_proxy https://192.168.178.1 {
+        transport http {
+            tls
+            tls_insecure_skip_verify
+        }
+    }
+}
+
+
+#https://heidrun.casademm.de {
+#    tls {$EMAIL}
+
+#    reverse_proxy https://192.168.178.23 {
+#        transport http {
+#            tls
+#            tls_insecure_skip_verify
+#        }
+#    }
+#}
+
+hole.casademm.de {
+    tls {$EMAIL}
+
+    reverse_proxy pihole:443 {
+        transport http {
+            tls_insecure_skip_verify
+        }
+    }
+}
+
+mb.casademm.de {
+    tls {$EMAIL}
+
+    reverse_proxy systems.casademm.de:2333 {
+        transport http {
+            tls_insecure_skip_verify
+        }
+    }
+}
+
+ss.casademm.de {
+    tls {$EMAIL}
+
+    reverse_proxy systems.casademm.de:8003 {
+        transport http {
+            tls_insecure_skip_verify
+        }
+    }
+}
+
+ftp.casademm.de {
+    
+
+    reverse_proxy systems.casademm.de:8080 {
+        
+    }
+}
+
+next.casademm.de {
+    reverse_proxy https://nextcloud:443 {
+        transport http {
+            tls_insecure_skip_verify
+        }
+    }
+}
+
+wtw.casademm.de {
+    tls {$EMAIL}
+
+    reverse_proxy http://systems.casademm.de:3630 {
+        
+    }
+}
+https://home.casademm.de {
+    tls {$EMAIL}
+
+    reverse_proxy https://heimdall:443 {
+        transport http {
+            tls
+            tls_insecure_skip_verify
+        }
+    }
+}
+
+
+hsm.casademm.de {
+    tls {$EMAIL}
+
+    reverse_proxy http://systems.casademm.de:3001 {
+        
+    }
+}
+
+gitea.casademm.de {
+    tls {$EMAIL}
+
+    reverse_proxy http://systems.casademm.de:3000 {
+        
+    }
+}
+
+
+
+
+act.casademm.de {
+    #tls {$EMAIL}
+
+    encode gzip zstd
+    reverse_proxy actual-server:5006
+}
+
+php.casademm.de {
+    reverse_proxy http://phpmyadmin:80
+}
+
+maria.casademm.de {
+    reverse_proxy mariadb:3306
+}
--- a/RPi/Caddy/compose.yaml
+++ b/RPi/Caddy/compose.yaml
@@ -0,0 +1,29 @@
+services:
+  caddy:
+    image: dhi.io/caddy:2-debian13-dev
+    container_name: caddy
+    restart: always
+    ports:
+      - 80:80  # Needed for the ACME HTTP-01 challenge.
+      - 443:443
+      - 443:443/udp # Needed for HTTP/3.
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./caddy-config:/config
+      - ./caddy-data:/data
+    environment:
+      DOMAIN: "https://vault.casademm.de"  # Your domain.
+      EMAIL: "t.r.martin22699@gmail.com"                 # The email address to use for ACME registration.
+      LOG_FILE: "/data/access.log"
+    networks:
+      - casa-de-martmann
+      - proxy
+      
+networks:
+  casa-de-martmann:
+    name: casa-de-martmann
+    external: true
+    
+  proxy:
+    name: proxy
+    external: true
--- a/RPi/MariaDB/compose.yaml
+++ b/RPi/MariaDB/compose.yaml
@@ -0,0 +1,33 @@
+services:
+  mariadb:
+    image: mariadb:latest
+    container_name: mariadb
+    restart: always
+    environment:
+      MYSQL_ROOT_PASSWORD: bmjsfoznrc
+      MYSQL_DATABASE: entry
+      MYSQL_USER: roulette
+      MYSQL_PASSWORD: bmjsfoznrc
+    ports:
+      - "3306:3306"
+    volumes:
+      - ./data:/var/lib/mysql
+    networks:
+      - casa-de-martmann
+
+  phpmyadmin:
+    image: phpmyadmin:latest
+    container_name: phpmyadmin
+    restart: always
+    environment:
+      PMA_HOST: mariadb
+    ports:
+      - "8085:80"
+    depends_on:
+      - mariadb
+    networks:
+      - casa-de-martmann
+networks:
+  casa-de-martmann:
+    name: casa-de-martmann
+    external: true
--- a/RPi/Nextcloud/compose.yaml
+++ b/RPi/Nextcloud/compose.yaml
@@ -0,0 +1,21 @@
+services:
+  nextcloud:
+    image: lscr.io/linuxserver/nextcloud:latest
+    networks:
+      - casa-de-martmann
+    container_name: nextcloud
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - /media/admin/62 GB Volume/Nextcloud_config:/config
+      - /media/admin/62 GB Volume/Nextcloud_data:/data
+    ports:
+      - 4435:443
+    restart: unless-stopped
+    
+networks:
+  casa-de-martmann:
+    name: casa-de-martmann
+    external: true
--- a/RPi/PiHole/compose.yaml
+++ b/RPi/PiHole/compose.yaml
@@ -0,0 +1,50 @@
+# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
+services:
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:latest
+    ports:
+      # DNS Ports
+      - "53:53/tcp"
+      - "53:53/udp"
+      # Default HTTP Port
+      - "8081:80/tcp"
+      # Default HTTPs Port. FTL will generate a self-signed certificate
+      - "4430:443/tcp"
+      # Uncomment the line below if you are using Pi-hole as your DHCP server
+      #- "67:67/udp"
+      # Uncomment the line below if you are using Pi-hole as your NTP server
+      #- "123:123/udp"
+    environment:
+      # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
+      TZ: 'Europe/Berlin'
+      # Set a password to access the web interface. Not setting one will result in a random password being assigned
+      FTLCONF_webserver_api_password: 'bmjsfoznrc'
+      # If using Docker's default `bridge` network setting the dns listening mode should be set to 'ALL'
+      FTLCONF_dns_listeningMode: 'ALL'
+    # Volumes store your data between container upgrades
+    volumes:
+      # For persisting Pi-hole's databases and common configuration file
+      - './etc-pihole:/etc/pihole'
+      # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
+      #- './etc-dnsmasq.d:/etc/dnsmasq.d'
+    cap_add:
+      # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+      # Required if you are using Pi-hole as your DHCP server, else not needed
+      - NET_ADMIN
+      # Required if you are using Pi-hole as your NTP client to be able to set the host's system time
+      - SYS_TIME
+      # Optional, if Pi-hole should get some more processing time
+      - SYS_NICE
+    restart: unless-stopped
+    networks:
+      - casa-de-martmann
+      - proxy
+      
+networks:
+  casa-de-martmann:
+    name: casa-de-martmann
+    external: true
+  proxy:
+    name: proxy
+    external: true
--- a/RPi/Portainer/compose.yaml
+++ b/RPi/Portainer/compose.yaml
@@ -0,0 +1,23 @@
+services:
+  portainer:
+    container_name: portainer
+    image: portainer/portainer-ce:lts
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer_data:/data
+
+    ports:
+      - 9443:9443
+      - 8000:8000  # Remove if you do not intend to use Edge Agents
+      
+    networks:
+      - casa-de-martmann
+volumes:
+  portainer_data:
+    name: portainer_data
+
+networks:
+  casa-de-martmann:
+    name: casa-de-martmann
+    external: true
--- a/Compose/compose.yaml
+++ b/Compose/compose.yaml
@@ -0,0 +1,18 @@
+services:
+  vaultwarden:
+    networks:
+      - casa-de-martmann
+      
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: always
+    environment:
+      DOMAIN: "https://vault.casademm.de"  # Your domain; vaultwarden needs to know it's https to work properly with attachments
+      SIGNUPS_ALLOWED: "false"
+      
+    volumes:
+      - ./vw-data:/data
+networks:
+  casa-de-martmann:
+    name: casa-de-martmann
+    external: true
--- a/vServer/BeatDock
+++ b/vServer/BeatDock
@@ -0,0 +1,45 @@
+# Discord Bot Configuration
+# Get these from https://discord.com/developers/applications
+TOKEN=MTI2Nzc2NTIyODc2NzAyMzE1Ng.Gwa-St.9iFUJwxGvE3aWYGWhS4wqZkg6bWGHh05JoGiWg
+CLIENT_ID=1267765228767023156
+
+# Optional: Spotify Configuration
+# To enable Spotify support, set SPOTIFY_ENABLED=true and provide your credentials
+# Get your credentials from: https://developer.spotify.com/dashboard/applications
+SPOTIFY_ENABLED=false
+SPOTIFY_CLIENT_ID=your_spotify_client_id_here
+SPOTIFY_CLIENT_SECRET=your_spotify_client_secret_here
+
+# Lavalink Server Configuration
+LAVALINK_HOST=lavalink
+LAVALINK_PORT=2333
+LAVALINK_PASSWORD=youshallnotpass
+
+# Optional: Language Settings
+#DEFAULT_LANGUAGE=en
+
+# Optional: Disconnection Settings
+QUEUE_EMPTY_DESTROY_MS=30000
+EMPTY_CHANNEL_DESTROY_MS=60000
+
+# Optional: Permission Settings
+# Comma-separated list of role IDs that can use the bot
+# Leave empty to allow everyone to use the bot
+# Example: ALLOWED_ROLES=123456789012345678,234567890123456789
+ALLOWED_ROLES=
+
+# Optional: Audio Settings
+# Default volume for music playback (0-100, defaults to 80 if not set or invalid)
+DEFAULT_VOLUME=80
+
+# Optional: Lavalink Reconnection Settings
+# Maximum number of reconnection attempts (default: 10)
+LAVALINK_MAX_RECONNECT_ATTEMPTS=10
+# Base delay for exponential backoff in milliseconds (default: 1000)
+LAVALINK_BASE_DELAY_MS=1000
+# Maximum delay for exponential backoff in milliseconds (default: 30000)
+LAVALINK_MAX_DELAY_MS=30000
+# Health check interval in milliseconds (default: 30000)
+LAVALINK_HEALTH_CHECK_INTERVAL_MS=30000
+# Reset reconnection attempts after this many minutes (default: 5)
+LAVALINK_RESET_ATTEMPTS_AFTER_MINUTES=5
--- a/Bot/docker-compose.yml
+++ b/Bot/docker-compose.yml
@@ -0,0 +1,38 @@
+services:
+  bot:
+    container_name: beatdock
+    image: ghcr.io/lazaroagomez/beatdock:latest
+    build:
+      context: .
+      dockerfile: Dockerfile
+    depends_on:
+      lavalink:
+        condition: service_healthy
+    networks:
+      - beatdock-network
+    env_file: .env
+
+  lavalink:
+    container_name: beatdock-lavalink
+    image: ghcr.io/lavalink-devs/lavalink:4-alpine
+    ports:
+      - "2333:2333"
+    networks:
+      - beatdock-network
+    volumes:
+      - ./application.yml:/opt/Lavalink/application.yml
+    environment:
+      - LAVALINK_PASSWORD=${LAVALINK_PASSWORD:-youshallnotpass}
+      - SPOTIFY_ENABLED=${SPOTIFY_ENABLED:-false}
+      - SPOTIFY_CLIENT_ID=${SPOTIFY_CLIENT_ID:-}
+      - SPOTIFY_CLIENT_SECRET=${SPOTIFY_CLIENT_SECRET:-}
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "--header=Authorization: ${LAVALINK_PASSWORD:-youshallnotpass}", "http://localhost:2333/version"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+
+networks:
+  beatdock-network:
+    name: beatdock_network
--- a/vServer/FTP-Server/compose.yaml
+++ b/vServer/FTP-Server/compose.yaml
@@ -0,0 +1,17 @@
+services:
+  file-server:
+    build: .
+    container_name: simple-ftp
+    image: gitea.casademm.de/peacock/simple-ftp:latest
+    ports:
+      - "8080:3000"
+    volumes:
+      - ./uploads:/app/uploads
+    environment:
+      - PORT=3000
+      - DB_HOST=maria.casademm.de
+      - DB_PORT=3306
+      - DB_USER=sysftp
+      - DB_PASSWORD=bmjsfoznrc
+      - DB_NAME=sysftp
+    restart: unless-stopped
--- a/vServer/Gitea/compose.yaml
+++ b/vServer/Gitea/compose.yaml
@@ -0,0 +1,24 @@
+networks:
+  gitea:
+    external: false
+
+services:
+  gitea:
+    image: docker.gitea.com/gitea:latest
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+    restart: always
+    networks:
+      - gitea
+    volumes:
+      - gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "222:22"
+
+volumes:
+  gitea:
--- a/vServer/What-to-Watch/compose.yaml
+++ b/vServer/What-to-Watch/compose.yaml
@@ -0,0 +1,55 @@
+# Comments are provided throughout this file to help you get started.
+# If you need more help, visit the Docker Compose reference guide at
+# https://docs.docker.com/go/compose-spec-reference/
+
+# Here the instructions define your application as a service called "server".
+# This service is built from the Dockerfile in the current directory.
+# You can add other services your application may depend on here, such as a
+# database or a cache. For examples, see the Awesome Compose repository:
+# https://github.com/docker/awesome-compose
+services:
+  what-to-watch:
+    restart: unless-stopped
+    image: gitea.casademm.de/peacock/what-to-watch:latest
+    container_name: what-to-watch
+    build:
+      context: .
+    env_file: ".env"
+    environment:
+      NODE_ENV: production
+    ports:
+      - 3630:3630
+
+# The commented out section below is an example of how to define a PostgreSQL
+# database that your application can use. `depends_on` tells Docker Compose to
+# start the database before your application. The `db-data` volume persists the
+# database data between container restarts. The `db-password` secret is used
+# to set the database password. You must create `db/password.txt` and add
+# a password of your choosing to it before running `docker-compose up`.
+#     depends_on:
+#       db:
+#         condition: service_healthy
+#   db:
+#     image: postgres
+#     restart: always
+#     user: postgres
+#     secrets:
+#       - db-password
+#     volumes:
+#       - db-data:/var/lib/postgresql/data
+#     environment:
+#       - POSTGRES_DB=example
+#       - POSTGRES_PASSWORD_FILE=/run/secrets/db-password
+#     expose:
+#       - 5432
+#     healthcheck:
+#       test: [ "CMD", "pg_isready" ]
+#       interval: 10s
+#       timeout: 5s
+#       retries: 5
+# volumes:
+#   db-data:
+# secrets:
+#   db-password:
+#     file: db/password.txt
+
--- a/vServer/hytale-server-manager/docker-compose.yaml
+++ b/vServer/hytale-server-manager/docker-compose.yaml
@@ -0,0 +1,61 @@
+services:
+  hytale-server-manager:
+    image: ghcr.io/nebula-codes/hytale-server-manager:0.3.26
+    container_name: hytale-server-manager
+    restart: unless-stopped
+    ports:
+      - "3001:3001/tcp"
+      - "5520-5550:5520-5550/udp"
+    environment:
+      # User/Group ID for file permissions (use `id` command to find yours)
+      - PUID=1000
+      - PGID=1000
+      - NODE_ENV=production
+      - PORT=3001
+      - HOST=0.0.0.0
+      # Required secrets - generate your own!
+      # Generate with: openssl rand -hex 64
+      - JWT_SECRET=9aa8cdb1d18b97eaf60df70887c7f6e56cf115ad3eae2cb18fa3bc3ada63dcb6698da56ba580e4aa27a0d5c4a1cc312ae27f7f0c1c1a2afaaf26f268520a3883
+      - JWT_REFRESH_SECRET=4e1c002c146097d359ddaa1981e4c90b017baf745c0cda2b0f088398c69223e59e545333bb0ba722084efb429fbf46e70c23d484cc29419d7f2e43e86223c38a
+      # Generate with: openssl rand -hex 16
+      - SETTINGS_ENCRYPTION_KEY=0858a7eca8008302ac47b9328934240c
+      - INSECURE_COOKIES=true
+      # CORS origin - set to your server's URL for external access
+      - CORS_ORIGIN=https://systems.casademm.de:3001
+      # Rate limiting
+      - RATE_LIMIT_WINDOW=900000   # 15 minutes in milliseconds
+      - RATE_LIMIT_MAX=1000         # Max requests per window
+      # Optional: Discord notifications
+      - DISCORD_ENABLED=true
+      - DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/1465337328401912022/tWhIgavQrxqEWa7BWlC-65-YoMO5OElHU-J82Yu7g_BXXZXZ2ivFCkzxp7O8zR9SSsjm
+      # File upload limit
+      - MAX_FILE_UPLOAD_SIZE=314572800 # 52428800 = 50MB in bytes (default)
+    volumes:
+      # Database persistence
+      - hsm-database:/app/data/db
+      # Game server files
+      - hsm-servers:/app/servers
+      # Backup storage
+      - hsm-backups:/app/data/backups
+      # Application logs
+      - hsm-logs:/app/logs
+      # SSL certificates (if using HTTPS)
+      - hsm-certs:/app/data/certs
+      # Hytale downloader tool
+      - hsm-downloader:/app/data/hytale-downloader
+      # Machine ID for system identification
+      - /etc/machine-id:/etc/machine-id:ro
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3001/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+
+volumes:
+  hsm-database:
+  hsm-servers:
+  hsm-backups:
+  hsm-logs:
+  hsm-certs:
+  hsm-downloader: