clean commit

0_skeleton/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+This is an example skeleton to use. Usually combined with Traefik as reverse proxy.

0_skeleton/docker-compose.yml

@@ -0,0 +1,28 @@
+version: '3.3'
+
+services:
+  example:
+    image: user/image:tag
+    container_name: example-container-name
+    restart: unless-stopped
+    #ports:
+    #  - 8080:2368
+    volumes:
+      - /mnt/docker-volumes/example:/example
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+    networks:
+      - proxy
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.CHANGEME.rule=Host(`service.example.com`)
+    #  - traefik.http.services.CHANGEME.loadbalancer.server.port=8080
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only; disable to expose externally
+    #  - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file
+
+networks:
+  proxy:
+    external: true

README.md

@@ -0,0 +1,123 @@
+# Compose-Examples
+Various Docker Compose examples of selfhosted projects.
+
+- Volume bind mounts are assumed to be located at `/mnt/docker-volumes/<container-name>/`
+- Docker networks are not hardcoded and may have to be created or defined manually
+- Example config files are provided but not yet located in the correct volume bind mount path. Adjust!
+- Default credentials should be adjusted to your needs
+
+Otherwise, it should be a matter of:
+````
+git clone https://github.com/Haxxnet/Compose-Examples && cd Compose-Examples
+cd <container-of-interest>
+docker compose up -d 
+````
+
+## Dashboards
+- [Homepage](homepage)
+- [Homer](homer)
+- [Dashy](dashy)
+- [Homarr](homarr)
+- [Flame](flame)
+- [Heimdall](heimdall)
+
+## Password Management
+- [Vaultwarden](vaultwarden)
+- [Bitwarden Unified](bitwarden-unified)
+
+## Reverse Proxies
+- [Traefik](traefik)
+- [Nginx Proxy Manager](nginx-proxy-manager)
+- [Caddy](caddy)
+
+## Virtual Private Network (VPN)
+- [wg-easy](wg-easy)
+- ~~[Netbird](TBD)~~
+- ~~[Firezone](TBD)~~
+- ~~[Wireguard](TBD)~~
+
+## Domain Name Service (DNS)
+- [Adguard Home](adguard-home)
+- [Adguard Home Sync](adguard-home-sync)
+- [Technitium DNS](technitium-dns)
+- [Pihole](pihole)
+- [Cloudflare DDNS](cloudflare-ddns)
+
+## Repository Management & Coding
+- [Gitea](gitea)
+- [Drone](drone)
+- [Code Server](code-server)
+- [Obsidian-Remote](obsidian-remote)
+- ~~[Onedev](TBD)~~
+- ~~[Gitlab](TBD)~~
+
+## Monitoring
+- [Watchtower](watchtower)
+- [Portainer Enterprise](portainer-ee)
+- [Uptimekuma](uptimekuma)
+- [Changedetection](changedetection)
+- [Grafana Stack](grafana-monitoring)
+- [Speedtest-Tracker](speedtest-tracker)
+- [Openspeedtest](openspeedtest)
+- [Goaccess for Nginx Proxy Manager](nginx-proxy-manager-goaccess)
+- [WatchYourLAN](watchyourlan)
+- [Network-Multitool](network-multitool)
+
+## Recipe Managers
+- [Tandoor](tandoor)
+- [Mealie](mealie)
+
+## Media Management
+- [Immich](immich)
+- [Photoprism](photoprism)
+- [Deemix](deemix)
+- [Papermerge](papermerge)
+- [Paperless NGX](paperless-ngx)
+
+## File Sharing
+- [PrivateBin](privatebin)
+- [Nextcloud](nextcloud)
+- [Pwndrop](pwndrop)
+- [Seafile](seafile)
+- [Droppy](droppy)
+- [SFTPGo](sftpgo)
+- [Gokapi](gokapi)
+- [Projectsend](projectsend)
+
+## Publishing, Writing, Hosting
+- [Excalidraw](excalidraw)
+- [Overleaf](overleaf)
+- [Ghost CMS](ghost)
+- [Nginx + PHP](nginx-php)
+
+## Analytics
+- [Matomo](matomo)
+- [Plausible](plausible)
+
+## Security & Vulnerability Management
+- [Nessus](nessus)
+- [Greenbone](greenbone)
+- [SonarQube](sonarqube)
+- [Fail2ban](fail2ban)
+
+## Internet of Things / Smart Home
+- [Home Assistant](homeassistant)
+
+## Asset Management
+- [Domainmod](domainmod)
+- [Snipe-IT](snipe-it)
+
+## Backups
+- [Duplicati](duplicati)
+- [Duplicacy](duplicacy)
+
+## Wiki & Knowledge Base
+- [Bookstack](bookstack)
+- [Answer](answer)
+- [Wiki.js](wikijs)
+- [Obsidian-Remote](obsidian-remote)
+
+## Finance
+- [TRSync](trsync)
+- [Money-Balancer](money-balancer)
+- [Firefly III](firefly-iii)

adguard-home-sync/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/bakito/adguardhome-sync

adguard-home-sync/docker-compose.yml

@@ -0,0 +1,21 @@
+version: "2.1"
+services:
+  adguardhome-sync:
+    image: linuxserver/adguardhome-sync
+    container_name: adguardhome-sync
+    hostname: adguardhome-sync
+    environment:
+      - ORIGIN_URL=http://10.10.10.10:8080 # your main adguard instance for synchronization
+      - ORIGIN_USERNAME=admin1
+      - ORIGIN_PASSWORD=password1
+      - REPLICA_URL=http://20.20.20.20:8080 # your replica adguard instance to be synced with main instance
+      - REPLICA_USERNAME=admin2
+      - REPLICA_PASSWORD=password2
+      - CRON=*/30 * * * * # run every 30 minute; see https://crontab.guru/
+      - RUNONSTART=true
+      - TZ=Europe/Berlin
+      - PUID=1000
+      - PGID=1000
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/adguard-home-sync:/config

adguard-home/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/AdguardTeam/AdGuardHome

adguard-home/docker-compose.yml

@@ -0,0 +1,15 @@
+version: "3"
+
+services:
+  adguard:
+    container_name: adguard
+    hostname: adguard
+    image: adguard/adguardhome:latest
+    ports:
+      - 53:53/tcp
+      - 8080:80/tcp
+      - 53:53/udp
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/adguard-home/work:/opt/adguardhome/work
+      - /mnt/docker-volumes/adguard-home/conf:/opt/adguardhome/conf

answer/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/answerdev/answer

answer/docker-compose.yml

@@ -0,0 +1,10 @@
+version: "3"
+services:
+  answer:
+    container_name: answer
+    image: answerdev/answer
+    ports:
+      - '9080:80'
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/answer/data:/data

bitwarden-unified/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://bitwarden.com/help/install-and-deploy-unified-beta/

bitwarden-unified/docker-compose.yml

@@ -0,0 +1,28 @@
+---
+version: "3.8"
+
+services:
+  bitwarden:
+    container_name: bitwarden_unified
+    depends_on:
+      - db
+    env_file:
+      - settings.env
+    image: bitwarden/self-host:beta
+    restart: always
+    ports:
+      - "8888:80"
+    volumes:
+      - /mnt/docker-volumes/bitwarden-unified/data:/etc/bitwarden
+
+  db:
+    environment:
+      MARIADB_USER: "bitwarden"
+      MARIADB_PASSWORD: "Secure_MariaDB_Password1"
+      MARIADB_DATABASE: "bitwarden_vault"
+      MARIADB_RANDOM_ROOT_PASSWORD: "true"
+    image: mariadb:10
+    container_name: bitwarden_unified_db
+    restart: always
+    volumes:
+      - /mnt/docker-volumes/bitwarden-unified/mariadb:/var/lib/mysql

bitwarden-unified/settings.env

@@ -0,0 +1,61 @@
+#####################
+# Required Settings #
+#####################
+
+# Server hostname
+BW_DOMAIN=bitwarden.example.com
+
+# Database
+# Available providers are sqlserver, postgresql, or mysql/mariadb
+BW_DB_PROVIDER=mysql
+BW_DB_SERVER=db
+BW_DB_DATABASE=bitwarden_vault
+BW_DB_USERNAME=bitwarden
+BW_DB_PASSWORD=Secure_MariaDB_Password1
+
+# Installation information
+# Get your ID and key from https://bitwarden.com/host/
+BW_INSTALLATION_ID=xxxxxxxx-xxxxxxxx-xxxxxxxxx-xxxxxxxxxxx # change this !!!
+BW_INSTALLATION_KEY=MyInstallationkey # change this !!!
+
+#####################
+# Optional Settings #
+#####################
+# Learn more here: https://bitwarden.com/help/environment-variables/
+
+# SSL
+#BW_ENABLE_SSL=true
+#BW_ENABLE_SSL_CA=true
+#BW_SSL_CERT=ssl.crt
+#BW_SSL_KEY=ssl.key
+#BW_SSL_CA_CERT=ca.crt
+
+# Services
+# Some services, namely for enterprise use cases, are disabled by default. Defaults shown below.
+#BW_ENABLE_ADMIN=true
+#BW_ENABLE_API=true
+#BW_ENABLE_EVENTS=false
+#BW_ENABLE_ICONS=true
+#BW_ENABLE_IDENTITY=true
+#BW_ENABLE_NOTIFICATIONS=true
+#BW_ENABLE_SCIM=false
+#BW_ENABLE_SSO=false
+
+#BW_ICONS_PROXY_TO_CLOUD=false
+
+# Mail
+#globalSettings__mail__replyToEmail=noreply@$BW_DOMAIN
+#globalSettings__mail__smtp__host=smtphost.example.com
+#globalSettings__mail__smtp__port=587
+#globalSettings__mail__smtp__ssl=false
+#globalSettings__mail__smtp__username=smtpusername
+#globalSettings__mail__smtp__password=smtppassword
+
+# Yubikey
+#globalSettings__yubico__clientId=REPLACE
+#globalSettings__yubico__key=REPLACE
+
+# Other
+#globalSettings__disableUserRegistration=true
+#globalSettings__hibpApiKey=REPLACE
+#adminSettings__admins="admin1@email.com,admin2@email.com"

bookstack/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/linuxserver/docker-bookstack

bookstack/docker-compose.yml

@@ -0,0 +1,38 @@
+version: "3"
+
+services:
+  bookstack:
+    image: linuxserver/bookstack
+    container_name: bookstack
+    hostname: bookstack
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - APP_URL=https://wiki.example.com # change this
+      - DB_HOST=bookstack_db
+      - DB_USER=bookstack
+      - DB_PASS=USERPW1
+      - DB_DATABASE=bookstackapp
+    volumes:
+      - /mnt/docker-volumes/bookstack/config:/config
+    restart: unless-stopped
+    ports:
+      - 8099:80
+    depends_on:
+      - bookstack_db
+
+  bookstack_db:
+    image: linuxserver/mariadb
+    container_name: bookstack_db
+    hostname: bookstack_db
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - MYSQL_ROOT_PASSWORD=ROOTPW
+      - TZ=Europe/Berlin
+      - MYSQL_DATABASE=bookstackapp
+      - MYSQL_USER=bookstack
+      - MYSQL_PASSWORD=USERPW1
+    volumes:
+      - /mnt/docker-volumes/bookstack/mariadb-config:/config
+    restart: unless-stopped

caddy/CaddyFile

@@ -0,0 +1,4 @@
+service.example.com {
+  encode zstd gzip
+  reverse_proxy nginx:80
+}

caddy/README.md

@@ -0,0 +1,3 @@
+# References
+
+https://github.com/caddyserver/caddy

caddy/docker-compose.yml

@@ -0,0 +1,15 @@
+version: "3.7"
+services:
+  caddy:
+    image: caddy:latest
+    container_name: caddy
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/Berlin
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /mnt/docker-volumes/caddy/CaddyFile:/etc/caddy/Caddyfile
+      - /mnt/docker-volumes/caddy/data:/data
+      - /mnt/docker-volumes/caddy/config:/config

changedetection/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/linuxserver/docker-changedetection.io

changedetection/docker-compose.yml

@@ -0,0 +1,21 @@
+version: "2.1"
+services:
+  changedetection:
+    image: lscr.io/linuxserver/changedetection.io:latest
+    container_name: changedetection
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+    volumes:
+      - /mnt/docker-volumes/changedetection/config:/config
+    ports:
+      - 5000:5000
+    restart: unless-stopped
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.changedetection.rule=Host(`changedetection.example.com`)
+    #  - traefik.http.services.changedetection.loadbalancer.server.port=5000
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only; disable to expose externally
+    #  - traefik.http.routers.changedetection.middlewares=local-ipwhitelist@file,basic-auth@file

cloudflare-ddns/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://hub.docker.com/r/oznu/cloudflare-ddns/

cloudflare-ddns/docker-compose.yml

@@ -0,0 +1,9 @@
+version: '3.7'
+services:
+  ddns:
+    image: oznu/cloudflare-ddns:latest
+    restart: unless-stopped
+    environment:
+    - API_KEY=MyCloudflareApiToken # change this
+    - ZONE=example.com
+    - SUBDOMAIN=* # either subdomain or wildcard * to update root domain

code-server/README.md

@@ -0,0 +1,5 @@
+# Reference
+
+https://github.com/linuxserver/docker-code-server
+
+

code-server/docker-compose.yml

@@ -0,0 +1,20 @@
+---
+version: "2.1"
+services:
+  code-server:
+    image: lscr.io/linuxserver/code-server:latest
+    container_name: code-server
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - PASSWORD=MyStrongLoginPassword
+      - SUDO_PASSWORD=MyOptionalStrongSudoPassword #optional
+      #- SUDO_PASSWORD_HASH= #optional
+      - PROXY_DOMAIN=vscode.example.com #optional
+      - DEFAULT_WORKSPACE=/config/workspace #optional
+    volumes:
+      - /mnt/docker-volumes/vscode/config:/config
+    ports:
+      - 8443:8443
+    restart: unless-stopped

dashy/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/Lissy93/dashy

dashy/docker-compose.yml

@@ -0,0 +1,21 @@
+---
+version: "3.8"
+services:
+  dashy:
+    container_name: dashy
+    hostname: dashy
+    image: lissy93/dashy
+    volumes:
+      - /mnt/docker-volumes/dashy/config/config.yml:/app/public/conf.yml
+      - /mnt/docker-volumes/dashy/icons:/app/public/item-icons
+    environment:
+      - NODE_ENV=production
+      - UID=1000
+      - GID=1000
+    restart: unless-stopped
+    healthcheck:
+      test: ['CMD', 'node', '/app/services/healthcheck']
+      interval: 1m30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s

deemix/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://gitlab.com/Bockiii/deemix-docker

deemix/docker-compose.yml

@@ -0,0 +1,14 @@
+version: "3"
+
+services:
+  deemix:
+    container_name: deemix
+    environment:
+      - PUID=1000
+      - PGID=1000
+    hostname: deemix
+    image: registry.gitlab.com/bockiii/deemix-docker:latest
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/deemix/config:/config
+      - /mnt/docker-volumes/deemix/downloads:/downloads

domainmod/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/domainmod/domainmod

domainmod/docker-compose.yml

@@ -0,0 +1,40 @@
+---
+version: '3.7'
+services:
+  app:
+    image: domainmod/domainmod:latest
+    container_name: domainmod_app
+    hostname: domainmod_app
+    depends_on:
+      - db
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - DOMAINMOD_WEB_ROOT=
+      - DOMAINMOD_DATABASE_HOST=db
+      - DOMAINMOD_DATABASE=domainmod
+      - DOMAINMOD_USER=domainmod
+      - DOMAINMOD_PASSWORD=password1
+    volumes:
+      - /mnt/docker-volumes/domainmod/app:/var/www/html
+    ports:
+      - 8080:80
+    restart: unless-stopped
+
+  db:
+    image: ghcr.io/linuxserver/mariadb:alpine
+    container_name: domainmod_db
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - MYSQL_DATABASE=domainmod
+      - MYSQL_USER=domainmod
+      - MYSQL_PASSWORD=password1
+      - MYSQL_ROOT_PASSWORD=password2
+    volumes:
+      - /mnt/docker-volumes/domainmod/database:/config
+    #ports:
+    #  - 3306
+    restart: unless-stopped

drone/README.md

@@ -0,0 +1,3 @@
+# References
+
+https://github.com/harness/drone

drone/docker-compose.yml

@@ -0,0 +1,55 @@
+version: "3.7"
+
+services:
+  drone-server:
+    image: drone/drone:latest
+    container_name: drone-server
+    restart: unless-stopped
+    dns:
+      - 192.168.178.100 # specify your internal dns server for proper dns lookups; especially if you are using https and hostnames
+    volumes:
+      - /mnt/docker-volumes/drone/data:/var/lib/drone
+      #- /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - DRONE_DEBUG=true
+      #- DRONE_ADMIN=droneadm
+      #- DRONE_USER_CREATE=username:droneadm,admin:true
+      - DRONE_SERVER_PORT=:80
+      - DRONE_DATABASE_DRIVER=sqlite3
+      - DRONE_GIT_ALWAYS_AUTH=false
+      - DRONE_GITEA_SERVER=https://git.domain.tld # change this to your gitea instance
+      - DRONE_RPC_SECRET=8aff725d2e16ef31fbc42
+      - DRONE_SERVER_HOST=drone.domain.tld # change this to your drone instance
+      - DRONE_HOST=https://drone.domain.tld # change this to your drone instance; adjust http/https
+      - DRONE_SERVER_PROTO=https # adjust http/https
+      - DRONE_TLS_AUTOCERT=false
+      - DRONE_AGENTS_ENABLED=true
+      - DRONE_GITEA_CLIENT_ID=XXX-XXX # change this to your client ID from Gitea; see https://docs.drone.io/server/provider/gitea/
+      - DRONE_GITEA_CLIENT_SECRET=XXX-XXX # change this to your client secret from Gitea; see https://docs.drone.io/server/provider/gitea/
+    networks:
+      - proxy
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.drone-server.rule=Host(`drone.domain.tld`)
+      - traefik.http.services.drone-server.loadbalancer.server.port=80
+      - traefik.docker.network=proxy
+      # Part for local lan services only; disable to expose externally
+      - traefik.http.routers.drone-server.middlewares=local-ipwhitelist@file
+
+  drone-agent:
+    image: drone/agent:1.2.1
+    command: agent
+    restart: unless-stopped
+    container_name: drone-agent
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock # optional; necessary if you run docker runners and need access to docker socket
+    environment:
+      - DRONE_RPC_SERVER=http://drone-server:80
+      - DRONE_RPC_SECRET=8aff725d2e16ef31fbc42
+      - DRONE_RUNNER_CAPACITY=2
+    networks:
+      - proxy
+
+networks:
+  proxy:
+    external: true

droppy/README.md

@@ -0,0 +1,3 @@
+# References
+
+https://github.com/silverwind/droppy

droppy/docker-compose.yml

@@ -0,0 +1,16 @@
+version: '2'
+
+services:
+  droppy:
+    container_name: droppy
+    image: silverwind/droppy
+    ports:
+      - 8989:8989
+    volumes:
+      - /mnt/docker-volumes/droppy/config:/config
+      - /path/to/my/data/for/sharing:/files # path to shared files
+    environment:
+      - UID=1000
+      - GID=1000
+      - TZ="Europe/Berlin"
+    restart: unless-stopped

duplicacy/README.md

@@ -0,0 +1,4 @@
+# References
+
+- https://hub.docker.com/r/saspus/duplicacy-web
+- https://spin.atomicobject.com/2021/02/06/duplicacy-docker-image/

duplicacy/docker-compose.yml

@@ -0,0 +1,19 @@
+---
+version: '3.7'
+
+services:
+  duplicacy-web:
+    container_name: duplicacy-web
+    image: saspus/duplicacy-web:v1.4.1
+    environment:
+      - USR_ID=1000 # user account id on the system
+      - GRP_ID=1000 # group id on the system
+      - TZ=Europe/Berlin
+    ports:
+      - "3875:3875/tcp"
+    volumes:
+      - /mnt/docker-volumes/duplicacy-web/config:/config
+      - /mnt/docker-volumes/duplicacy-web/logs:/logs
+      - /mnt/docker-volumes/duplicacy-web/cache:/cache
+      - /path/to/my/data/dir1:/data/dir1:ro # 1st path to your data for backup
+      - /path/to/my/data/dir2:/data/dir2:ro # 2nd path to your data for backup

duplicati/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/duplicati/duplicati

duplicati/docker-compose.yml

@@ -0,0 +1,28 @@
+version: "3"
+
+services:
+  duplicati:
+    container_name: duplicati
+    entrypoint:
+      - /init
+    ports:
+      - 8200:8200 # MGMT UI
+    environment:
+      - PUID=0
+      - PGID=1000
+      - TZ=Europe/Berlin
+    hostname: duplicati
+    image: linuxserver/duplicati:latest
+    #labels:
+    #  - com.centurylinklabs.watchtower.enable=false
+    #  - traefik.enable=true
+    #  - traefik.http.routers.duplicati.rule=Host(`duplicati.example.com`)
+    #  - traefik.http.services.duplicati.loadbalancer.server.port=8200
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only
+    #  - traefik.http.routers.duplicati.middlewares=local-ipwhitelist@file
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/duplicati/backups:/backups
+      - /mnt/docker-volumes/duplicati/config:/config
+      - /path/to/my/data/to/backup:/source # change this

excalidraw/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/excalidraw/excalidraw

excalidraw/docker-compose.yml

@@ -0,0 +1,32 @@
+version: "3.8"
+
+services:
+  excalidraw:
+    container_name: excalidraw
+    image: excalidraw/excalidraw:latest
+    ports:
+      - "3000:80"
+    restart: unless-stopped
+    stdin_open: true
+    healthcheck:
+      disable: true
+    environment:
+      - NODE_ENV=production
+    networks:
+      - proxy
+    #volumes:
+    #  - ./:/opt/node_app/app:delegated
+    #  - ./package.json:/opt/node_app/package.json
+    #  - ./yarn.lock:/opt/node_app/yarn.lock
+    #  - notused:/opt/node_app/app/node_modules
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.excalidraw.rule=Host(`draw.example.com`)
+    #  - traefik.http.services.excalidraw.loadbalancer.server.port=80
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only; disable to expose externally
+    #  - traefik.http.routers.excalidraw.middlewares=local-ipwhitelist@file
+
+networks:
+  proxy:
+   external: true

fail2ban/README.md

@@ -0,0 +1,6 @@
+# Reference
+
+- https://github.com/crazy-max/docker-fail2ban
+- https://blog.lrvt.de/configuring-fail2ban-with-traefik/
+- https://blog.lrvt.de/fail2ban-with-nginx-proxy-manager/
+- https://github.com/l4rm4nd/F2BFilters

fail2ban/docker-compose.yml

@@ -0,0 +1,18 @@
+version: "3"
+
+services:
+  fail2ban:
+    container_name: fail2ban
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+    environment:
+      - TZ=Europe/Berlin
+      - F2B_DB_PURGE_AGE=14d
+    image: crazymax/fail2ban:latest
+    network_mode: host
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/fail2Ban/data:/data
+      - /path/to/my/logs/to/monitor:/var/log
+      #- /mnt/docker-volumes/traefik/logs:/var/log/traefik

firefly-iii/.env

@@ -0,0 +1,316 @@
+# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
+# Never set it to "testing".
+APP_ENV=local
+
+# Set to true if you want to see debug information in error screens.
+APP_DEBUG=false
+
+# This should be your email address.
+# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE
+# The variable is used in some errors shown to users who aren't admin.
+SITE_OWNER=mail@example.com
+
+# The encryption key for your sessions. Keep this very secure.
+# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it.
+# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE
+#
+# Avoid the "#" character in your APP_KEY, it may break things.
+#
+APP_KEY=SomeRandomStringOf32CharsExactly
+
+# Firefly III will launch using this language (for new users and unauthenticated visitors)
+# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang
+#
+# If text is still in English, remember that not everything may have been translated.
+DEFAULT_LANGUAGE=en_US
+
+# The locale defines how numbers are formatted.
+# by default this value is the same as whatever the language is.
+DEFAULT_LOCALE=equal
+
+# Change this value to your preferred time zone.
+# Example: Europe/Amsterdam
+# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+TZ=Europe/Berlin
+
+# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
+# Set it to ** and reverse proxies work just fine.
+TRUSTED_PROXIES=*
+
+# The log channel defines where your log entries go to.
+# Several other options exist. You can use 'single' for one big fat error log (not recommended).
+# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself.
+# A rotating log option is 'daily', creates 5 files that (surprise) rotate.
+# A cool option is 'papertrail' for cloud logging
+# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time.
+LOG_CHANNEL=stack
+
+#
+# Used when logging to papertrail:
+#
+PAPERTRAIL_HOST=
+PAPERTRAIL_PORT=
+
+# Log level. You can set this from least severe to most severe:
+# debug, info, notice, warning, error, critical, alert, emergency
+# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
+# nothing will get logged, ever.
+APP_LOG_LEVEL=notice
+
+# Audit log level.
+# Set this to "emergency" if you dont want to store audit logs, leave on info otherwise.
+AUDIT_LOG_LEVEL=info
+
+# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
+# For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+# Use "pgsql" for PostgreSQL
+# Use "mysql" for MySQL and MariaDB.
+# Use "sqlite" for SQLite.
+DB_CONNECTION=mysql
+DB_HOST=db
+DB_PORT=3306
+DB_DATABASE=firefly
+DB_USERNAME=firefly
+DB_PASSWORD=MySecretDatabasePassword
+# leave empty or omit when not using a socket connection
+DB_SOCKET=
+
+# MySQL supports SSL. You can configure it here.
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+MYSQL_USE_SSL=false
+MYSQL_SSL_VERIFY_SERVER_CERT=true
+# You need to set at least of these options
+MYSQL_SSL_CAPATH=/etc/ssl/certs/
+MYSQL_SSL_CA=
+MYSQL_SSL_CERT=
+MYSQL_SSL_KEY=
+MYSQL_SSL_CIPHER=
+
+# PostgreSQL supports SSL. You can configure it here.
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+PGSQL_SSL_MODE=prefer
+PGSQL_SSL_ROOT_CERT=null
+PGSQL_SSL_CERT=null
+PGSQL_SSL_KEY=null
+PGSQL_SSL_CRL_FILE=null
+
+# more PostgreSQL settings
+PGSQL_SCHEMA=public
+
+# If you're looking for performance improvements, you could install memcached or redis
+CACHE_DRIVER=file
+SESSION_DRIVER=file
+
+# If you set either of the options above to 'redis', you might want to update these settings too
+# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or
+# REDIS_PORT_FILE to set the value from a file instead of from an environment variable
+
+# can be tcp, unix or http
+REDIS_SCHEME=tcp
+
+# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise.
+REDIS_PATH=
+
+# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise.
+REDIS_HOST=127.0.0.1
+REDIS_PORT=6379
+
+# Use only with Redis 6+ with proper ACL set. Leave empty otherwise.
+REDIS_USERNAME=
+REDIS_PASSWORD=
+
+# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly.
+REDIS_DB="0"
+REDIS_CACHE_DB="1"
+
+# Cookie settings. Should not be necessary to change these.
+# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set
+# the value from a file instead of from an environment variable
+# Setting samesite to "strict" may give you trouble logging in.
+COOKIE_PATH="/"
+COOKIE_DOMAIN=
+COOKIE_SECURE=false
+COOKIE_SAMESITE=lax
+
+# If you want Firefly III to email you, update these settings
+# For instructions, see: https://docs.firefly-iii.org/advanced-installation/email
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+MAIL_MAILER=log
+MAIL_HOST=null
+MAIL_PORT=2525
+MAIL_FROM=changeme@example.com
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+
+# Other mail drivers:
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+MAILGUN_DOMAIN=
+MAILGUN_SECRET=
+
+# If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net
+# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
+MAILGUN_ENDPOINT=api.mailgun.net
+
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+MANDRILL_SECRET=
+SPARKPOST_SECRET=
+
+# Firefly III can send you the following messages.
+SEND_ERROR_MESSAGE=true
+
+# These messages contain (sensitive) transaction information:
+SEND_REPORT_JOURNALS=true
+
+# Set this value to true if you want to set the location
+# of certain things, like transactions. Since this involves an external service, it's optional
+# and disabled by default.
+ENABLE_EXTERNAL_MAP=false
+
+# Set this value to true if you want Firefly III to download currency exchange rates
+# from the internet. These rates are hosted by the creator of Firefly III inside
+# an Azure Storage Container.
+# Not all currencies may be available. Rates may be wrong.
+ENABLE_EXTERNAL_RATES=false
+
+# The map will default to this location:
+MAP_DEFAULT_LAT=51.983333
+MAP_DEFAULT_LONG=5.916667
+MAP_DEFAULT_ZOOM=6
+
+#
+# Firefly III authentication settings
+#
+
+#
+# Firefly III supports a few authentication methods:
+# - 'web' (default, uses built in DB)
+# - 'remote_user_guard' for Authelia etc
+# Read more about these settings in the documentation.
+# https://docs.firefly-iii.org/advanced-installation/authentication
+#
+# LDAP is no longer supported :(
+#
+AUTHENTICATION_GUARD=web
+
+#
+# Remote user guard settings
+#
+AUTHENTICATION_GUARD_HEADER=REMOTE_USER
+AUTHENTICATION_GUARD_EMAIL=
+
+#
+# Firefly III generates a basic keypair for your OAuth tokens.
+# If you want, you can overrule the key with your own (secure) value.
+# It's also possible to set PASSPORT_PUBLIC_KEY_FILE or PASSPORT_PRIVATE_KEY_FILE
+# if you're using Docker secrets or similar solutions for secret management
+#
+PASSPORT_PRIVATE_KEY=
+PASSPORT_PUBLIC_KEY=
+
+#
+# Extra authentication settings
+#
+CUSTOM_LOGOUT_URL=
+
+# You can disable the X-Frame-Options header if it interferes with tools like
+# Organizr. This is at your own risk. Applications running in frames run the risk
+# of leaking information to their parent frame.
+DISABLE_FRAME_HEADER=false
+
+# You can disable the Content Security Policy header when you're using an ancient browser
+# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
+# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
+# This is at your own risk.
+DISABLE_CSP_HEADER=false
+
+# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here.
+# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to.
+# Do not prepend the TRACKER_URL with http:// or https://
+# The only tracker supported is Matomo.
+# You can set the following variables from a file by appending them with _FILE:
+TRACKER_SITE_ID=
+TRACKER_URL=
+
+#
+# Firefly III supports webhooks. These are security sensitive and must be enabled manually first.
+#
+ALLOW_WEBHOOKS=false
+
+#
+# The static cron job token can be useful when you use Docker and wish to manage cron jobs.
+# 1. Set this token to any 32-character value (this is important!).
+# 2. Use this token in the cron URL instead of a user's command line token.
+#
+# For more info: https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/
+#
+# You can set this variable from a file by appending it with _FILE
+#
+STATIC_CRON_TOKEN=
+
+# You can fine tune the start-up of a Docker container by editing these environment variables.
+# Use this at your own risk. Disabling certain checks and features may result in lots of inconsistent data.
+# However if you know what you're doing you can significantly speed up container start times.
+# Set each value to true to enable, or false to disable.
+
+# Set this to true to build all locales supported by Firefly III.
+# This may take quite some time (several minutes) and is generally not recommended.
+# If you wish to change or alter the list of locales, start your Docker container with
+# `docker run -v locale.gen:/etc/locale.gen -e DKR_BUILD_LOCALE=true`
+# and make sure your preferred locales are in your own locale.gen.
+DKR_BUILD_LOCALE=false
+
+# Check if the SQLite database exists. Can be skipped if you're not using SQLite.
+# Won't significantly speed up things.
+DKR_CHECK_SQLITE=true
+
+# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists
+# and is up to date.
+DKR_RUN_MIGRATION=true
+
+# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date
+# with the latest fixes (outside of migrations!)
+DKR_RUN_UPGRADE=true
+
+# Verify database integrity. Includes all data checks and verifications.
+# Disabling this makes Firefly III assume your DB is intact.
+DKR_RUN_VERIFY=true
+
+# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state.
+# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues.
+DKR_RUN_REPORT=true
+
+# Generate OAuth2 keys.
+# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if)
+# you had previously generated keys already and they're stored in your database for restoration.
+DKR_RUN_PASSPORT_INSTALL=true
+
+# Leave the following configuration vars as is.
+# Unless you like to tinker and know what you're doing.
+APP_NAME=FireflyIII
+BROADCAST_DRIVER=log
+QUEUE_DRIVER=sync
+CACHE_PREFIX=firefly
+PUSHER_KEY=
+IPINFO_TOKEN=
+PUSHER_SECRET=
+PUSHER_ID=
+DEMO_USERNAME=
+DEMO_PASSWORD=
+IS_HEROKU=false
+FIREFLY_III_LAYOUT=v1
+
+#
+# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable.
+# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking.
+# This configuration value WILL NOT HELP.
+#
+# Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff.
+#
+# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else.
+# So when configuring anything WEB related this variable doesn't do anything. Nothing
+#
+# If you're stuck I understand you get desperate but look SOMEWHERE ELSE.
+#
+APP_URL=http://localhost

firefly-iii/README.md

@@ -0,0 +1,4 @@
+# References
+
+- https://github.com/firefly-iii/docker
+- https://docs.firefly-iii.org/firefly-iii/installation/docker/

firefly-iii/docker-compose.yml

@@ -0,0 +1,26 @@
+version: '3.3'
+
+services:
+  app:
+    image: fireflyiii/core:latest
+    container_name: firefly
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/firefly/upload:/var/www/html/storage/upload
+    env_file: .env
+    ports:
+      - 80:8080
+    depends_on:
+      - db
+  
+  db:
+    image: mariadb    
+    container_name: firefly-db
+    restart: unless-stopped
+    environment:
+      - MYSQL_RANDOM_ROOT_PASSWORD=yes
+      - MYSQL_USER=firefly
+      - MYSQL_PASSWORD=MySecretDatabasePassword # if changed --> also update in .env file
+      - MYSQL_DATABASE=firefly
+    volumes:
+      - /mnt/docker-volumes/firefly/mysql:/var/lib/mysql

flame/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/pawelmalak/flame

flame/docker-compose.yml

@@ -0,0 +1,14 @@
+version: '3.6'
+
+services:
+  flame:
+    image: pawelmalak/flame
+    container_name: flame
+    volumes:
+      - /mnt/docker-volumes/flame:/app/data
+      #- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration
+    ports:
+      - 5005:5005
+    environment:
+      - PASSWORD=MyStrongLoginPassword
+    restart: unless-stopped

ghost/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/TryGhost/Ghost

ghost/docker-compose-rpi-arm.yml

@@ -0,0 +1,41 @@
+version: '3.3'
+
+services:
+  blog:
+    image: ghost:5
+    container_name: ghost
+    restart: always
+    ports:
+      - 8080:2368
+    volumes:
+      - /mnt/docker-volumes/ghost/content:/var/lib/ghost/content
+    environment:
+      # see https://ghost.org/docs/config/#configuration-options
+      database__client: mysql
+      database__connection__host: database
+      database__connection__user: ghost_dbuser
+      database__connection__password: SecureDatabasePassword
+      database__connection__database: ghost
+      url: https://blog.example.com
+      NODE_ENV: production
+      #mail__transport: SMTP
+      #mail__options__host: smtp.google.com
+      #mail__options__port: 587
+      #mail__options__auth__user: blog@example.com
+      #mail__options__auth__pass: SecureSmtpPassword
+      #mail__from: My Blog <blog@example.com>
+
+  database:
+    image: linuxserver/mariadb
+    container_name: ghost-db
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - MYSQL_ROOT_PASSWORD=SecureDatabaseRootPassword
+      - TZ=Europe/Berlin
+      - MYSQL_DATABASE=ghost
+      - MYSQL_USER=ghost_dbuser
+      - MYSQL_PASSWORD=SecureDatabasePassword
+    volumes:
+      - /mnt/docker-volumes/ghost/mariadb/config:/config
+    restart: unless-stopped

ghost/docker-compose.yml

@@ -0,0 +1,47 @@
+version: '3.3'
+
+services:
+  blog:
+    image: ghost:5
+    container_name: ghost
+    restart: always
+    ports:
+      - 8080:2368
+    volumes:
+      - /mnt/docker-volumes/ghost/content:/var/lib/ghost/content
+    environment:
+      # see https://ghost.org/docs/config/#configuration-options
+      database__client: mysql
+      database__connection__host: database
+      database__connection__user: root
+      database__connection__password: MyStrongDatabasePassword
+      database__connection__database: ghost
+      url: https://blog.example.com # change this
+      NODE_ENV: production
+      #mail__transport: SMTP
+      #mail__options__host: smtp.gmail.com
+      #mail__options__port: 587
+      #mail__options__auth__user: blog@example.com
+      #mail__options__auth__pass: MyStrongSmtpLoginPassword
+      #mail__from: Ghost Blog <blog@example.com>
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.ghost.rule=Host(`blog.example.com`)
+    #  - traefik.http.services.ghost.loadbalancer.server.port=2368
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only
+    #  #- traefik.http.routers.ghost.middlewares=external-secure@file
+
+  database:
+    image: mysql:8
+    container_name: ghost_db
+    restart: always
+    volumes:
+      - /mnt/docker-volumes/ghost/mysql:/var/lib/mysql
+    #ports:
+    #  - "13928:3306"
+    environment:
+      MYSQL_ROOT_PASSWORD: AnotherStrongDatabasePasswordForRootUser
+      MYSQL_DATABASE: ghost
+      MYSQL_USER: user
+      MYSQL_PASSWORD: MyStrongDatabasePassword

gitea/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/go-gitea/gitea

gitea/docker-compose.yml

@@ -0,0 +1,23 @@
+version: "3"
+
+services:
+  gitea:
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+    hostname: gitea
+    ports:
+      - 3000:3000 #webgui
+      - 2222:22 #ssh
+    image: gitea/gitea:latest
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/gitea/data:/data
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.gitea.rule=Host(`git.example.com`)
+    #  - traefik.http.services.gitea.loadbalancer.server.port=3000
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only
+    #  - traefik.http.routers.gitea.middlewares=local-ipwhitelist@file

gokapi/README.md

@@ -0,0 +1,3 @@
+# References
+
+https://github.com/Forceu/Gokapi

gokapi/docker-compose.yml

@@ -0,0 +1,12 @@
+version: "3.7"
+
+services:
+  gokapi:
+    image: f0rc3/gokapi:latest
+    container_name: gokapi
+    restart: unless-stopped
+    ports:
+      - 53842:53842
+    volumes:
+      - /mnt/docker-volumes/gokapi/data:/app/data
+      - /mnt/docker-volumes/gokapi/config:/app/config

grafana-monitoring/README.md

@@ -0,0 +1,3 @@
+# References
+- https://blog.lrvt.de/monitoring-dashboard-with-grafana-telegraf-influxdb-and-docker/
+- https://blog.lrvt.de/log-visualization-with-grafana-loki-promtail/

grafana-monitoring/docker-compose.yml

@@ -0,0 +1,104 @@
+version: "2"
+
+services:
+
+  loki:
+    image: grafana/loki:latest
+    hostname: loki
+    container_name: loki
+    volumes:
+      - /mnt/docker-volumes/loki:/etc/loki # see example-configs and place loki-config.yml
+    ports:
+      - "127.0.0.1:3100:3100"
+    restart: unless-stopped
+    user: 1000:1000
+    command: -config.file=/etc/loki/loki-config.yml  
+    networks:
+      - monitoring_default
+
+  promtail:
+    image: grafana/promtail:latest
+    container_name: promtail
+    depends_on:
+      - loki
+    hostname: promtail
+    volumes:
+      - /var/log:/var/log
+      - /mnt/docker-volumes/promtail:/etc/promtail # see example-configs and place promtail-config.yml
+      #- /mnt/docker-volumes/traefik/logs:/var/log/traefik
+    restart: unless-stopped
+    command: -config.file=/etc/promtail/promtail-config.yml
+    networks:
+      - monitoring_default
+
+  influxdb:
+    image: influxdb:1.8.10
+    container_name: influxdb
+    hostname: influxdb
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/influxdb/data:/var/lib/influxdb
+      - /mnt/docker-volumes/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf:ro # see example-configs and place infuxdb.conf
+      - /mnt/docker-volumes/influxdb/init:/docker-entrypoint-initdb.d # see example-configs and place create-database.iql
+    environment:
+      - INFLUXDB_ADMIN_USER=admin
+      - INFLUXDB_ADMIN_PASSWORD=SuperDuperAdminPW
+    networks:
+      - monitoring_default
+
+  telegraf:
+    image: telegraf:latest
+    restart: unless-stopped
+    user: telegraf:998 # see: https://www.influxdata.com/blog/docker-run-telegraf-as-non-root/
+    container_name: telegraf
+    hostname: telegraf
+    dns:
+      - 1.1.1.1
+      - 8.8.8.8
+    depends_on:
+      - influxdb
+    volumes:
+      - /mnt/docker-volumes/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro # see example-configs and place telegraf.conf
+      - /:/hostfs:ro
+      - /etc:/hostfs/etc:ro
+      - /proc:/hostfs/proc:ro
+      - /sys:/hostfs/sys:ro
+      - /var/run/utmp:/var/run/utmp:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - HOST_ETC=/hostfs/etc
+      - HOST_PROC=/hostfs/proc
+      - HOST_SYS=/hostfs/sys
+      - HOST_MOUNT_PREFIX=/hostfs
+    networks:
+      - monitoring_default
+
+  grafana:
+    container_name: grafana
+    hostname: grafana
+    user: 1000:1000
+    depends_on:
+      - influxdb
+      - loki
+      - promtail
+    image: grafana/grafana:latest
+    restart: unless-stopped
+    #environment:
+    #  - GF_SERVER_ROOT_URL=https://grafana.example.com # optional
+    volumes:
+      - /mnt/docker-volumes/grafana:/var/lib/grafana
+    #ports:
+    #  - 3000:3000
+    networks:
+      - monitoring_default
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.grafana.rule=Host(`grafana.example.com`)
+    #  - traefik.http.services.grafana.loadbalancer.server.port=3000
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only
+    #  - traefik.http.routers.grafana.middlewares=local-ipwhitelist@file
+
+networks:
+  monitoring_default:
+   external: true

grafana-monitoring/example-configs/create-database.iql

@@ -0,0 +1,3 @@
+CREATE DATABASE telegraf WITH DURATION 31d
+CREATE USER telegrafuser WITH PASSWORD 'MyStrongTelegrafPassword'
+GRANT ALL ON telegraf to telegrafuser

grafana-monitoring/example-configs/influxdb.conf

@@ -0,0 +1,24 @@
+# Bind address to use for the RPC service for backup and restore.
+bind-address = "127.0.0.1:8088"
+[meta]
+  dir = "/var/lib/influxdb/meta"
+[data]
+  dir = "/var/lib/influxdb/data"
+  wal-dir = "/var/lib/influxdb/wal"
+  series-id-set-cache-size = 100
+[http]
+  enabled = true
+  bind-address = ":8086"
+  auth-enabled = true
+[logging]
+[subscriber]
+[[graphite]]
+[[collectd]]
+[[opentsdb]]
+[[udp]]
+[continuous_queries]
+[tls]
+[coordinator]
+[retention]
+[shard-precreation]
+[monitor]

grafana-monitoring/example-configs/loki-config.yml

@@ -0,0 +1,48 @@
+auth_enabled: false
+
+server:
+  http_listen_port: 3100
+  grpc_listen_port: 9096
+
+common:
+  path_prefix: /tmp/loki
+  storage:
+    filesystem:
+      chunks_directory: /tmp/loki/chunks
+      rules_directory: /tmp/loki/rules
+  replication_factor: 1
+  ring:
+    instance_addr: 127.0.0.1
+    kvstore:
+      store: inmemory
+
+limits_config:
+   reject_old_samples: true
+   reject_old_samples_max_age: 168h
+   retention_period: 360h
+   max_query_series: 100000
+   max_query_parallelism: 2
+
+schema_config:
+  configs:
+    - from: 2020-10-24
+      store: boltdb-shipper
+      object_store: filesystem
+      schema: v11
+      index:
+        prefix: index_
+        period: 24h
+
+query_range:
+  split_queries_by_interval: 0
+  parallelise_shardable_queries: false
+
+querier:
+  max_concurrent: 2048
+
+frontend:
+  max_outstanding_per_tenant: 4096
+  compress_responses: true
+
+ruler:
+  alertmanager_url: http://localhost:9093

grafana-monitoring/example-configs/promtail-config.yml

@@ -0,0 +1,35 @@
+server:
+  http_listen_port: 9080
+  grpc_listen_port: 0
+
+positions:
+  filename: /tmp/positions.yaml
+
+clients:
+  - url: http://loki:3100/loki/api/v1/push
+
+# local machine logs
+scrape_configs:
+  - job_name: vpn
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: vpnlogs
+        __path__: /var/log/openvpn.log
+
+  - job_name: auth
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: authlogs
+        __path__: /var/log/auth.log
+
+  - job_name: traefik
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: traefiklogs
+        __path__: /var/log/traefik/*.log

grafana-monitoring/example-configs/telegraf.conf

@@ -0,0 +1,159 @@
+# Telegraf Configuration
+#
+# Telegraf is entirely plugin driven. All metrics are gathered from the
+# declared inputs, and sent to the declared outputs.
+#
+# Plugins must be declared in here to be active.
+# To deactivate a plugin, comment out the name and any variables.
+#
+# Use 'telegraf -config telegraf.conf -test' to see what metrics a config
+# file would generate.
+#
+# Environment variables can be used anywhere in this config file, simply surround
+# them with ${}. For strings the variable must be within quotes (ie, "${STR_VAR}"),
+# for numbers and booleans they should be plain (ie, ${INT_VAR}, ${BOOL_VAR})
+
+
+# CUSTOM Docker
+# ------------------------------------
+
+[[inputs.net]]
+  interfaces = ["eth*", "tun0", "docker0", "dockernet*"]
+  ignore_protocol_stats = false
+
+#[[inputs.file]]
+#  files = ["/sys/class/thermal/thermal_zone0/temp"]
+#  name_override = "cpu_temperature"
+#  data_format = "value"
+#  data_type = "integer"
+
+[[inputs.http_response]]
+  urls = ["https://reddit.com", "https://google.com"]
+  method = "HEAD"
+  follow_redirects = true
+
+[[inputs.dns_query]]
+  servers = ["8.8.8.8", "1.1.1.1"]
+
+# influx v1.8
+[[outputs.influxdb]]
+   urls = ["http://influxdb:8086"]
+   database = "telegraf"
+   username = "telegrafuser"
+   password = "MyStrongTelegrafPassword"
+   skip_database_creation = true
+
+[[inputs.docker]]
+  endpoint = "unix:///var/run/docker.sock"
+  gather_services = false
+  container_name_include = []
+  container_name_exclude = []
+  timeout = "5s"
+  docker_label_include = []
+  docker_label_exclude = []
+  perdevice = true
+  total = false
+  
+[[inputs.cpu]]
+  percpu = true
+  totalcpu = true
+  collect_cpu_time = false
+  report_active = false
+
+[[inputs.disk]]
+  ignore_fs = ["tmpfs", "devtmpfs", "devfs", "iso9660", "overlay", "aufs", "squashfs"]
+
+[[inputs.diskio]]
+
+[[inputs.kernel]]
+
+[[inputs.mem]]
+
+[[inputs.processes]]
+
+[[inputs.swap]]
+
+[[inputs.system]]  
+
+# --------------------------------------
+
+# Global tags can be specified here in key="value" format.
+[global_tags]
+  # dc = "us-east-1" # will tag all metrics with dc=us-east-1
+  # rack = "1a"
+  ## Environment variables can be used as tags, and throughout the config file
+  # user = "$USER"
+
+# Configuration for telegraf agent
+[agent]
+  ## Default data collection interval for all inputs
+  interval = "30s"
+  
+  ## Rounds collection interval to 'interval'
+  ## ie, if interval="10s" then always collect on :00, :10, :20, etc.
+  round_interval = true
+  
+  ## Telegraf will send metrics to outputs in batches of at most
+  ## metric_batch_size metrics.
+  ## This controls the size of writes that Telegraf sends to output plugins.
+  metric_batch_size = 1000
+
+  ## Maximum number of unwritten metrics per output.  Increasing this value
+  ## allows for longer periods of output downtime without dropping metrics at the
+  ## cost of higher maximum memory usage.
+  metric_buffer_limit = 10000
+
+  ## Collection jitter is used to jitter the collection by a random amount.
+  ## Each plugin will sleep for a random time within jitter before collecting.
+  ## This can be used to avoid many plugins querying things like sysfs at the
+  ## same time, which can have a measurable effect on the system.
+  collection_jitter = "0s"
+
+  ## Default flushing interval for all outputs. Maximum flush_interval will be
+  ## flush_interval + flush_jitter
+  flush_interval = "10s"
+  ## Jitter the flush interval by a random amount. This is primarily to avoid
+  ## large write spikes for users running a large number of telegraf instances.
+  ## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s
+  flush_jitter = "0s"
+
+  ## By default or when set to "0s", precision will be set to the same
+  ## timestamp order as the collection interval, with the maximum being 1s.
+  ##   ie, when interval = "10s", precision will be "1s"
+  ##       when interval = "250ms", precision will be "1ms"
+  ## Precision will NOT be used for service inputs. It is up to each individual
+  ## service input to set the timestamp at the appropriate precision.
+  ## Valid time units are "ns", "us" (or "µs"), "ms", "s".
+  precision = ""
+    
+  ## Override default hostname, if empty use os.Hostname()
+  #hostname = "My-Hostname"
+  ## If set to true, do no set the "host" tag in the telegraf agent.
+  omit_hostname = false
+
+  ## Log at debug level.
+  # debug = false
+  ## Log only error level messages.
+  # quiet = false
+
+  ## Log target controls the destination for logs and can be one of "file",
+  ## "stderr" or, on Windows, "eventlog".  When set to "file", the output file
+  ## is determined by the "logfile" setting.
+  # logtarget = "file"
+
+  ## Name of the file to be logged to when using the "file" logtarget.  If set to
+  ## the empty string then logs are written to stderr.
+  # logfile = ""
+
+  ## The logfile will be rotated after the time interval specified.  When set
+  ## to 0 no time based rotation is performed.  Logs are rotated only when
+  ## written to, if there is no log activity rotation may be delayed.
+  # logfile_rotation_interval = "0d"
+
+  ## The logfile will be rotated when it becomes larger than the specified
+  ## size.  When set to 0 no size based rotation is performed.
+  # logfile_rotation_max_size = "0MB"
+
+  ## Maximum number of rotated archives to keep, any older logs are deleted.
+  ## If set to -1, no archives are removed.
+  # logfile_rotation_max_archives = 5

greenbone/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://hub.docker.com/r/securecompliance/gvm

greenbone/docker-compose.yml

@@ -0,0 +1,23 @@
+version: "3"
+services:
+    gvm:
+        image: securecompliance/gvm
+        volumes:
+          - /mnt/docker-volumes/greenbone/database:/opt/database
+          - /mnt/docker-volumes/greenbone/gvm:/var/lib/gvm
+          - /mnt/docker-volumes/greenbone/plugins:/var/lib/openvas/plugins
+        environment:
+          - USERNAME="admin"
+          - PASSWORD="admin"
+          - RELAYHOST="smtp.gmail.com"
+          - SMTPPORT=465
+          - AUTO_SYNC=true
+          - HTTPS=true
+          - TZ="Europe/Berlin"
+          - SSHD=false
+          - DB_PASSWORD="none"
+        ports:
+          - "9392:9392"  # Web interface
+          #- "5432:5432" # Access PostgreSQL database from external tools
+          #- "2222:22"   # SSH for remote sensors
+        restart: unless-stopped

heimdall/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/linuxserver/Heimdall

heimdall/docker-compose.yml

@@ -0,0 +1,16 @@
+version: "3"
+
+services:
+  heimdall:
+    container_name: heimdall
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+    ports:
+      - 8099:80
+    hostname: heimdall
+    image: linuxserver/heimdall:latest
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/heimdall:/config

homarr/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/ajnart/homarr

homarr/docker-compose.yml

@@ -0,0 +1,14 @@
+version: '3'
+services:
+  homarr:
+    container_name: homarr
+    image: ghcr.io/ajnart/homarr:latest
+    restart: unless-stopped
+    environment:
+      - PASSWORD=MySecureLoginPassword
+      - TZ="Europe/Berlin"
+    volumes:
+      - /mnt/docker-volumes/homarr/configs:/app/data/configs
+      #- /mnt/docker-volumes/homarr/icons:/app/public/icons # optional for custom icons
+    ports:
+      - '7575:7575'

homeassistant/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/linuxserver/docker-homeassistant

homeassistant/docker-compose.yml

@@ -0,0 +1,18 @@
+---
+version: "2.1"
+services:
+  homeassistant:
+    image: linuxserver/homeassistant:latest
+    container_name: homeassistant
+    network_mode: host
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+    volumes:
+      - /mnt/docker-volumes/homeassistant/config:/config
+    #ports:
+    #  - 8123:8123 #optional
+    #devices:
+    #  - /path/to/device:/path/to/device #optional
+    restart: unless-stopped

homepage/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/benphelps/homepage

homepage/docker-compose.yml

@@ -0,0 +1,22 @@
+version: "3.3"
+services:
+  homepage:
+    image: ghcr.io/benphelps/homepage:latest
+    container_name: homepage
+    restart: unless-stopped
+    ports:
+      - 3000:3000
+    environment:
+      - PUID=1000
+      - PGID=1000
+    volumes:
+      - /mnt/docker-volumes/homepage/config:/app/config # Make sure your local config directory exists
+      - /mnt/docker-volumes/homepage/icons:/app/public/icons
+    #  - /var/run/docker.sock:/var/run/docker.sock:ro # (optional) For docker integrations
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.homepage.rule=Host(`home.example.com`)
+    #  - traefik.http.services.homepage.loadbalancer.server.port=3000
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only
+    #  - traefik.http.routers.homepage.middlewares=local-ipwhitelist@file

homer/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/bastienwirtz/homer

homer/docker-compose.yml

@@ -0,0 +1,12 @@
+version: '3.6'
+
+services:
+  homer:
+    image: b4bz/homer:latest
+    container_name: homer
+    volumes:
+      - /mnt/docker-volumes/homer:/www/assets
+    restart: unless-stopped
+    environment:
+      - UID=1000
+      - GID=1000

immich/.env

@@ -0,0 +1,23 @@
+# Database
+DB_HOSTNAME=immich-database
+DB_USERNAME=postgres
+DB_PASSWORD=MySecureDatabasePassword # change this
+DB_DATABASE_NAME=immich-psgdb
+DB_DATABASE_LOCATION=/mnt/docker-volumes/immich/database # change this
+
+# Redis
+REDIS_HOSTNAME=immich-redis
+
+# Upload File Config
+UPLOAD_LOCATION=/mnt/docker-volumes/immich/uploads # change this
+
+# JWT SECRET
+JWT_SECRET=9C9E6EE5B56F137D2123123123123 # change this to a secure random secret
+
+# MAPBOX
+## ENABLE_MAPBOX is either true of false -> if true, you have to provide MAPBOX_KEY
+ENABLE_MAPBOX=false
+
+# WEB
+MAPBOX_KEY=
+VITE_SERVER_ENDPOINT=http://localhost:2283/api

immich/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/immich-app/immich

immich/docker-compose.yml

@@ -0,0 +1,102 @@
+version: "3.8"
+
+services:
+  immich-server:
+    container_name: immich-server
+    image: altran1502/immich-server:release
+    entrypoint: ["/bin/sh", "./start-server.sh"]
+    volumes:
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
+    env_file:
+      - .env
+    environment:
+      - NODE_ENV=production
+    depends_on:
+      - redis
+      - database
+    restart: unless-stopped
+    #labels:
+    #  - "com.centurylinklabs.watchtower.enable=true"
+
+  immich-microservices:
+    container_name: immich-microservices
+    image: altran1502/immich-server:release
+    entrypoint: ["/bin/sh", "./start-microservices.sh"]
+    volumes:
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
+    env_file:
+      - .env
+    environment:
+      - NODE_ENV=production
+    depends_on:
+      - redis
+      - database
+    restart: unless-stopped
+    #labels:
+    #  - "com.centurylinklabs.watchtower.enable=true"
+
+  #immich-machine-learning:
+  #  image: altran1502/immich-machine-learning:release
+  #  container_name: immich-ml
+  #  entrypoint: ["/bin/sh", "./entrypoint.sh"]
+  #  volumes:
+  #    - ${UPLOAD_LOCATION}:/usr/src/app/upload
+  #  env_file:
+  #    - .env
+  #  environment:
+  #    - NODE_ENV=production
+  #  depends_on:
+  #    - database
+  #  restart: always
+  #  labels:
+  #    - "com.centurylinklabs.watchtower.enable=true"
+
+  immich-web:
+    image: altran1502/immich-web:release
+    container_name: immich-web
+    entrypoint: ["/bin/sh", "./entrypoint.sh"]
+    env_file:
+      - .env
+    restart: unless-stopped
+    #labels:
+    #  - "com.centurylinklabs.watchtower.enable=true"
+
+  redis:
+    container_name: immich-redis
+    image: redis:6.2
+    restart: unless-stopped
+    #labels:
+    #  - "com.centurylinklabs.watchtower.enable=true"
+
+  database:
+    container_name: immich-database
+    image: postgres:14
+    env_file:
+      - .env
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      PG_DATA: /var/lib/postgresql/data
+    volumes:
+      - ${DB_DATABASE_LOCATION}:/var/lib/postgresql/data
+    restart: unless-stopped
+    #labels:
+    #  - "com.centurylinklabs.watchtower.enable=true"
+
+  immich-proxy:
+    container_name: immich-proxy
+    image: altran1502/immich-proxy:release
+#    ports:
+#      - 8080:8080 # WEB UI via proxy; do not remove this proxy service, use it!
+    depends_on:
+      - immich-server
+    restart: unless-stopped
+    #labels:
+    #  - traefik.enable=false
+    #  - traefik.http.routers.immich.rule=Host(`immich.example.com`)
+    #  - traefik.http.services.immich.loadbalancer.server.port=8080
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only
+    #  - traefik.http.routers.immich.middlewares=local-ipwhitelist@file
+    #  - "com.centurylinklabs.watchtower.enable=true"

matomo/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/matomo-org/matomo

matomo/db.env

@@ -0,0 +1,8 @@
+MYSQL_PASSWORD=makeitup2
+MYSQL_DATABASE=matomo
+MYSQL_USER=matomo
+MATOMO_DATABASE_ADAPTER=mysql
+MATOMO_DATABASE_TABLES_PREFIX=matomo_
+MATOMO_DATABASE_USERNAME=matomo
+MATOMO_DATABASE_PASSWORD=
+MATOMO_DATABASE_DBNAME=matomo

matomo/docker-compose.yml

@@ -0,0 +1,41 @@
+version: "2"
+
+services:
+  matomo:
+    container_name: matomo
+    image: matomo
+    ports:
+      - 8099:80
+    volumes:
+      - /mnt/docker-volumes/matomo/apache/apache2.conf:/etc/apache2/apache2.conf:ro
+      - /mnt/docker-volumes/matomo/html:/var/www/html
+    environment:
+      - MATOMO_DATABASE_HOST=matomo_db
+      #- VIRTUAL_HOST=matomo.example.com
+      #- LETSENCRYPT_HOST=stats.mysite.ext
+      #- LETSENCRYPT_EMAIL=email@something.ext
+    env_file:
+      - ./db.env
+    depends_on:
+      - matomo_db
+    restart: unless-stopped
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.matomo.rule=Host(`matomo.example.com`)
+    #  - traefik.http.services.matomo.loadbalancer.server.port=80
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only
+    #  # - traefik.http.routers.matomo.middlewares=local-ipwhitelist@file
+
+
+  matomo_db:
+    container_name: matomo_db
+    image: mariadb
+    command: --max-allowed-packet=64MB
+    environment:
+      - MYSQL_ROOT_PASSWORD=makeitup
+    env_file:
+      - ./db.env
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/matomo/database:/var/lib/mysql

mealie/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/hay-kot/mealie

mealie/docker-compose.yml

@@ -0,0 +1,14 @@
+version: "3"
+
+services:
+  mealie:
+    container_name: mealie
+    environment:
+      - DB_TYPE=sqlite
+      - PRODUCTION=true
+    hostname: mealie
+    image: hkotel/mealie:latest
+    restart: unless-stopped
+    volumes:
+      - /mnt/docker-volumes/mealie:/app/data
+    working_dir: /app

money-balancer/README.de

@@ -0,0 +1,3 @@
+# References
+
+https://github.com/dorianim/money-balancer

money-balancer/docker-compose.yml

@@ -0,0 +1,12 @@
+version: "3"
+services:
+  money-balancer:
+    image: ghcr.io/dorianim/money-balancer
+    restart: unless-stopped
+    container_name: money-balancer
+    ports:
+      - 8000:8000
+    volumes:
+      - /mnt/docker-volumes/money-balancer/data:/data
+    environment:
+      - JWT_SECRET=ThisIsAVerySecretString # change this

nessus/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://docs.tenable.com/nessus/Content/DeployNessusDocker.htm

nessus/docker-compose.yml

@@ -0,0 +1,13 @@
+version: "3.7"
+services:
+  nessus:
+    hostname: nessus
+    container_name: nessus
+    image: tenableofficial/nessus:latest
+    ports:
+      - 8834:8834/tcp # WEB UI
+    environment:
+      - ACTIVATION_CODE=XXX-XXXXX-XXXXX-XXXX # change this
+      - USERNAME=nessus
+      - PASSWORD=MyVeryStrongNessusLoginPassword
+    restart: always

network-multitool/README.md

@@ -0,0 +1,3 @@
+# References
+
+https://hub.docker.com/r/praqma/network-multitool

network-multitool/docker-compose.yml

@@ -0,0 +1,10 @@
+version: "3"
+
+services:
+  network-multitool:
+    image: praqma/network-multitool:alpine-extra
+    container_name: network-multitool
+    environment:
+      - HTTP_PORT=9988 # useful to daemonize the container; see https://hub.docker.com/r/praqma/network-multitool
+      - HTTPS_PORT=9989 # useful to daemonize the container; see https://hub.docker.com/r/praqma/network-multitool
+    restart: unless-stopped

nextcloud/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://hub.docker.com/r/linuxserver/nextcloud

nextcloud/docker-compose-redis.yml

@@ -0,0 +1,43 @@
+services:
+  nc:
+    image: nextcloud
+    container_name: nextcloud
+    restart: always
+    ports:
+      - 8080:80
+    volumes:
+      - /mnt/docker-volumes/nextcloud/apps:/var/www/html/custom_apps
+      - /mnt/docker-volumes/nextcloud/config:/var/www/html/config
+      - /mnt/docker-volumes/nextcloud/data:/var/www/html/data
+      - /mnt/docker-volumes/nextcloud/wwwroot:/var/www/html
+      #- /mnt/docker-volumes/nextcloud/theme:/var/www/html/themes/<YOUR_CUSTOM_THEME>
+    environment:
+      - REDIS_HOST=redis
+      - MYSQL_HOST=db
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_PASSWORD=nextcloud
+  
+  redis:
+    image: redis:alpine
+    container_name: nextcloud-redis
+    restart: always
+    volumes:
+      - /mnt/docker-volumes/nextcloud/redis:/data
+    expose:
+      - 6379
+  
+  db:
+    image: mariadb:10.5
+    container_name: nextcloud-mariadb
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    restart: always
+    volumes:
+      - /mnt/docker-volumes/nextcloud/mysql:/var/lib/mysql
+    environment:
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_ROOT_PASSWORD=nextcloud
+      - MYSQL_PASSWORD=nextcloud
+    expose:
+      - 3306   

nextcloud/docker-compose.yml

@@ -0,0 +1,16 @@
+---
+version: "2.1"
+services:
+  nextcloud:
+    image: linuxserver/nextcloud:latest
+    container_name: nextcloud
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+    volumes:
+      - /mnt/docker-volumes/nextcloud/config:/config
+      - /mnt/docker-volumes/nextcloud/data:/data
+    ports:
+      - 9443:443
+    restart: unless-stopped

nginx-php/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://hub.docker.com/_/nginx

nginx-php/docker-compose.yml

@@ -0,0 +1,29 @@
+version: "3"
+
+services:
+  web:
+    image: nginx:latest
+    hostname: nginx
+    volumes:
+      - /mnt/docker-volumes/nginx/www-data:/var/www
+      - /mnt/docker-volumes/nginx/nginx-conf:/etc/nginx/conf.d
+      - /mnt/docker-volumes/nginx/logs:/var/log/nginx
+    links:
+        - php
+    container_name: nginx
+    restart: unless-stopped
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.nginx.rule=Host(`nginx.example.com`)
+    #  - traefik.http.services.nginx.loadbalancer.server.port=80
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only
+    #  #- traefik.http.routers.nginx.middlewares=error-pages-middleware@docker
+  php:
+    image: php:8-fpm-alpine
+    hostname: php
+    volumes:
+      - /mnt/docker-volumes/nginx/www-data:/var/www
+    container_name: php
+    restart: unless-stopped
+    working_dir: /var/www

nginx-php/nginx.conf

@@ -0,0 +1,30 @@
+server {
+    listen 80;
+    server_name nginx.example.com;
+    root /var/www/;
+    index index.html index.php;
+	
+    #error_page 404 /error/404.html;
+
+    client_max_body_size 10M; # change this
+    set_real_ip_from  172.16.0.0/12;
+    set_real_ip_from 192.168.0.0/16;
+    real_ip_header    X-Forwarded-For;
+    proxy_hide_header X-Powered-By;
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    location ~ \.php$ {
+        fastcgi_pass php:9000;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PHP_VALUE "error_log=/etc/nginx/conf.d/php_error.log";
+        fastcgi_buffers 16 16k;
+        fastcgi_buffer_size 32k;
+        include fastcgi_params;
+    }
+	
+	server_tokens off;
+	etag off;
+}

nginx-proxy-manager-goaccess/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/xavier-hernandez/goaccess-for-nginxproxymanager

nginx-proxy-manager-goaccess/docker-compose.yml

@@ -0,0 +1,14 @@
+goaccess:
+    image: xavierh/goaccess-for-nginxproxymanager:latest
+    container_name: goaccess
+    restart: always
+    volumes:
+        - /mnt/docker-volumes/nginx-proxy-manager/data/logs:/opt/log:ro
+    environment:
+        - PUID=1000
+        - PGID=1000
+        - TZ=Europe/Berlin
+        - SKIP_ARCHIVED_LOGS=False #optional
+        - BASIC_AUTH=False #optional
+        - BASIC_AUTH_USERNAME=user #optional
+        - BASIC_AUTH_PASSWORD=pass #optional

nginx-proxy-manager/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/NginxProxyManager/nginx-proxy-manager

nginx-proxy-manager/docker-compose.yml

@@ -0,0 +1,28 @@
+version: "3"
+
+services:
+  npm:
+    container_name: npm
+    environment:
+      - TZ=Europe/Berlin
+    hostname: npm
+    user: 0:1000
+    networks:
+      - npm_proxy
+    image: jc21/nginx-proxy-manager:latest
+    ports:
+      - 443:443/tcp # HTTPS
+      - 81:81/tcp # MGMT UI
+      - 80:80/tcp # HTTP
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "/bin/check-health"]
+      interval: 30s
+      timeout: 3s
+    volumes:
+      - /mnt/docker-volumes/nginx-proxy-manager/data:/data
+      - /mnt/docker-volumes/nginx-proxy-manager/letsencrypt:/etc/letsencrypt
+
+networks:
+  npm_proxy:
+    external: true

obsidian-remote/README.md

@@ -0,0 +1,3 @@
+# References
+
+https://github.com/sytone/obsidian-remote

obsidian-remote/docker-compose.yml

@@ -0,0 +1,19 @@
+version: '3.8'
+services:
+  obsidian:
+    image: 'ghcr.io/sytone/obsidian-remote:latest'
+    container_name: obsidian-remote
+    restart: unless-stopped
+    ports:
+      - 8080:8080 # Obsidian Web Interface
+      #- 27123:27123 # Local REST API Plugin HTTP Server Port
+      #- 27124:27124 # Local REST API Plugin HTTPS Server Port
+    volumes:
+      - /mnt/docker-volumes/obsidian-remote/vaults:/vaults # The location on the host for your Obsidian Vaults
+      - /mnt/docker-volumes/obsidian-remote/config:/config # The location to store Obsidan configuration and ssh data for obsidian-git
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - DOCKER_MODS=linuxserver/mods:universal-git # Use to add mods to the container like git.
+      - KEYBOARD=de-de-qwertz # Used to se the keyboard being used for input. E.g. KEYBOARD=en-us-qwerty or KEYBOARD=de-de-qwertz

openspeedtest/README.md

@@ -0,0 +1,3 @@
+# Reference
+
+https://github.com/openspeedtest/Speed-Test

openspeedtest/docker-compose.yml

@@ -0,0 +1,18 @@
+version: "3"
+services:
+  openspeedtest:
+    image: openspeedtest/latest:latest
+    container_name: openspeedtest
+    ports:
+      - 3380:3000 # HTTP
+      - 3001:3001 # HTTPS
+    restart: always
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.openspeedtest.middlewares=local-ipwhitelist@file, limit
+    #  - traefik.http.routers.openspeedtest.rule=Host(`speedtest.example.com`)
+    #  - traefik.http.services.openspeedtest.loadbalancer.server.port=3000
+    #  - traefik.docker.network=proxy
+    #  # Part for local lan services only
+    #  - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=10000000000
+    #  - traefik.http.middlewares.test-compress.compress=true