Init commit

Author: ehcaning

.github/workflows/deploy.yaml

@@ -0,0 +1,66 @@
+name: Deploy
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    name: Deploy (${{ matrix.config.stack_name }}, ${{ matrix.config.host }})
+    runs-on: self-hosted
+    strategy:
+      matrix:
+        config:
+          - { host: '10.10.0.102', stack_name: 'arr-stack' }
+          - { host: '10.10.0.102', stack_name: 'portainer' }
+          - { host: '10.10.0.102', stack_name: 'uptime-kuma' }
+          - { host: '10.10.0.102', stack_name: 'n8n' }
+          - { host: '10.10.0.102', stack_name: 'wallos' }
+          - { host: '10.10.0.102', stack_name: 'homarr' }
+          - { host: '10.10.0.102', stack_name: 'cadvisor' }
+          - { host: '10.10.0.107', stack_name: 'cadvisor' }
+          - { host: '10.10.0.108', stack_name: 'cadvisor' }
+          - { host: '10.10.0.102', stack_name: 'watchtower', ntfy_title: 'Docker_102', ntfy_topic: 'ehcan-docker-PVBwxrR8Hm'}
+          - { host: '10.10.0.107', stack_name: 'watchtower', ntfy_title: 'Traefik_107', ntfy_topic: 'ehcan-traefik-pVRanLAbLF'}
+          - { host: '10.10.0.108', stack_name: 'watchtower', ntfy_title: 'Grafana_108', ntfy_topic: 'ehcan-grafana-vpSU2BdGnR'}
+
+    env:
+      DOCKER_HOST: tcp://${{ matrix.config.host }}:2375
+      DOCKER_CONTEXT_NAME: ${{ matrix.config.stack_name }}-ctx
+      DOCKER_COMPOSE_FILE: ${{ matrix.config.stack_name }}.yml
+      DOCKER_PROJECT_NAME: ${{ matrix.config.stack_name }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker context
+        run: |
+          docker context \
+            create ${{ env.DOCKER_CONTEXT_NAME }} \
+            --docker host=${{ env.DOCKER_HOST }}
+
+      - name: Inject secrets (arr-stack)
+        if: env.DOCKER_PROJECT_NAME == 'arr-stack'
+        run: |
+          echo "${{ secrets.ARR_CIFS }}" >> $GITHUB_ENV
+      - name: Inject secrets (firefox-vpn)
+        if: env.DOCKER_PROJECT_NAME == 'firefox-vpn'
+        run: |
+          echo "${{ secrets.GLUETUN_SECRETS }}" > gluetun_secrets.env
+      - name: Inject Watchtower configs
+        if: env.DOCKER_PROJECT_NAME == 'watchtower'
+        run: |
+          echo "NTFY_TITLE=${{ matrix.config.ntfy_title }}" >> $GITHUB_ENV
+          echo "NTFY_TOPIC=${{ matrix.config.ntfy_topic }}" >> $GITHUB_ENV
+
+      - name: Deploy with Docker Compose
+        run: |
+          docker --context ${{ env.DOCKER_CONTEXT_NAME }} compose --file ${{ env.DOCKER_COMPOSE_FILE }} pull
+          docker --context ${{ env.DOCKER_CONTEXT_NAME }} compose --file ${{ env.DOCKER_COMPOSE_FILE }} \
+            --project-name ${{ env.DOCKER_PROJECT_NAME }} up -d --remove-orphans
+
+      - name: Cleanup Docker context
+        if: always()
+        run: |
+          docker context rm ${{ env.DOCKER_CONTEXT_NAME }} --force

archived/firefox-vpn.yml

@@ -0,0 +1,33 @@
+name: firefox-vpn
+services:
+  firefox:
+    image: lscr.io/linuxserver/firefox:latest
+    container_name: firefox
+    security_opt:
+      - seccomp:unconfined #optional
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+    volumes:
+      - /data/firefox/config:/config:rw
+    shm_size: "1gb"
+    restart: unless-stopped
+    network_mode: service:gluetun
+    depends_on:
+      - gluetun
+  gluetun:
+    image: qmcgaw/gluetun
+    container_name: gluetun
+    env_file: "gluetun_secrets.env"
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+    ports:
+      - 3303:3001
+    # environment: Update it in GitHub Action Secret
+      # - VPN_SERVICE_PROVIDER=torguard
+      # - OPENVPN_USER
+      # - OPENVPN_PASSWORD
+      # - SERVER_COUNTRIES=Netherlands
+      # - TZ=Europe/Berlin

archived/nextcloud.yml

@@ -0,0 +1,66 @@
+services:
+  nextcloud-aio-mastercontainer:
+    image: nextcloud/all-in-one:latest
+    init: true
+    restart: always
+    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
+    volumes:
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
+    ports:
+      - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - 8080:8080
+      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+    environment: # Is needed when using any of the options below
+      # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
+      APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      APACHE_IP_BINDING: 0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
+      # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+      # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+      # NEXTCLOUD_UPLOAD_LIMIT: 10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
+      # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+      # NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
+      # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
+      # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
+      # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+      # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
+      # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
+      # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
+      SKIP_DOMAIN_VALIDATION: true
+    # networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
+      # - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
+    # security_opt: ["label:disable"] # Is needed when using SELinux
+
+  # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+  # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
+  # caddy:
+  #   image: caddy:alpine
+  #   restart: always
+  #   container_name: caddy
+  #   volumes:
+  #     - ./Caddyfile:/etc/caddy/Caddyfile
+  #     - ./certs:/certs
+  #     - ./config:/config
+  #     - ./data:/data
+  #     - ./sites:/srv
+  #   network_mode: "host"
+
+volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
+  nextcloud_aio_mastercontainer:
+    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
+
+# # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network.
+# # Please make sure to uncomment also the networking lines of the mastercontainer above in order to actually create the network with docker-compose
+# networks:
+#   nextcloud-aio:
+#     name: nextcloud-aio # This line is not allowed to be changed as otherwise the created network will not be used by the other containers of AIO
+#     driver: bridge
+#     enable_ipv6: true
+#     ipam:
+#       driver: default
+#       config:
+#         - subnet: fd12:3456:789a:2::/64 # IPv6 subnet to use

archived/nginx-proxy-manager.yml

@@ -0,0 +1,13 @@
+name: nginx-proxy-manager
+services:
+  nginx-proxy-manager:
+    container_name: nginx-proxy-manager
+    network_mode: host
+    image: 'jc21/nginx-proxy-manager:latest'
+    restart: unless-stopped
+    environment:
+      DB_SQLITE_FILE: '/data/database.sqlite'
+      DISABLE_IPV6: 'true'
+    volumes:
+      - /data/nginx-proxy-manager/data:/data
+      - /data/nginx-proxy-manager/letsencrypt:/etc/letsencrypt

arr-stack.yml

@@ -0,0 +1,135 @@
+name: "arr_stack"
+
+networks:
+  arr-network:
+    name: arr-network
+
+x-arr-service: &x-arr-service
+  environment:
+    - PUID=1000
+    - PGID=1000
+    - TZ=Europe/Berlin
+  networks:
+    - arr-network
+  restart: unless-stopped
+  extra_hosts:
+    - "host.jellyfin.server:10.10.0.101"
+
+services:
+  sonarr:
+    <<: *x-arr-service
+    image: lscr.io/linuxserver/sonarr:latest
+    container_name: sonarr
+    volumes:
+      - /data/sonarr/data:/config
+      - media-server:/media-server
+    ports:
+      - 8989:8989
+
+  radarr:
+    <<: *x-arr-service
+    image: lscr.io/linuxserver/radarr:latest
+    container_name: radarr
+    volumes:
+      - /data/radarr/data:/config
+      - media-server:/media-server
+    ports:
+      - 7878:7878
+
+  readarr:
+    <<: *x-arr-service
+    image: lscr.io/linuxserver/readarr:develop
+    container_name: readarr
+    volumes:
+      - /data/readarr/data:/config
+      - media-server:/media-server
+    ports:
+      - 8787:8787
+
+  lidarr:
+    <<: *x-arr-service
+    image: lscr.io/linuxserver/lidarr:latest
+    container_name: lidarr
+    volumes:
+      - /data/lidarr/data:/config
+      - media-server:/media-server
+    ports:
+      - 8686:8686
+
+  prowlarr:
+    <<: *x-arr-service
+    image: lscr.io/linuxserver/prowlarr:latest
+    container_name: prowlarr
+    volumes:
+      - /data/prowlarr/data:/config
+    ports:
+      - 9696:9696
+
+  bazarr:
+    <<: *x-arr-service
+    image: lscr.io/linuxserver/bazarr:latest
+    container_name: bazarr
+    volumes:
+      - /data/bazarr/data:/config
+      - media-server:/media-server
+    ports:
+      - 6767:6767
+
+  jellyseerr:
+    <<: *x-arr-service
+    image: fallenbagel/jellyseerr:latest
+    container_name: jellyseerr
+    ports:
+      - 5055:5055
+    volumes:
+      - /data/jellyseerr/data:/app/config
+
+  ariang:
+    <<: *x-arr-service
+    container_name: ariang
+    image: hurlenko/aria2-ariang
+    ports:
+      - 8077:8080
+    volumes:
+      - /data/ariang/data:/aria2/conf
+      - media-server:/media-server
+    environment:
+      - RPC_SECRET=Kvih8VMr6SMxgaainUoQkjANMKUUTO
+      - ARIA2RPCPORT=443
+      - TZ=Europe/Berlin
+      - PUID=1000
+      - PGID=1000
+
+  audiobookshelf:
+    <<: *x-arr-service
+    container_name: audiobookshelf
+    image: ghcr.io/advplyr/audiobookshelf:latest
+    ports:
+      - 13378:80
+    volumes:
+      - media-server:/media-server
+      - /data/audiobookshelf/config:/config
+      - /data/audiobookshelf/metadata:/metadata
+
+  metube:
+    <<: *x-arr-service
+    image: ghcr.io/alexta69/metube
+    container_name: metube
+    ports:
+      - "8081:8081"
+    volumes:
+      - media-server:/media-server
+    environment:
+      - DOWNLOAD_DIR=/media-server/Youtube
+    deploy:
+      resources:
+        limits:
+          cpus: '0.7'
+
+volumes:
+  media-server:
+    driver: local
+    driver_opts:
+      type: cifs
+      device: //10.10.0.148/media-server
+      o: username=${CIFS_USERNAME},password=${CIFS_PASSWORD},uid=1000,gid=1000,file_mode=0755,dir_mode=0755

cadvisor.yml

@@ -0,0 +1,20 @@
+name: cadvisor
+services:
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor
+    privileged: true
+    container_name: cadvisor
+    restart: unless-stopped
+    ports:
+      - 9323:8080
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:rw
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /cgroup/cpu:/cgroup/cpu
+      - /cgroup/cpuacct:/cgroup/cpuacct
+      - /cgroup/cpuset:/cgroup/cpuset
+      - /cgroup/memory:/cgroup/memory
+      - /cgroup/blkio:/cgroup/blkio

homarr.yml

@@ -0,0 +1,15 @@
+name: "homarr"
+
+services:
+  homarr:
+    container_name: homarr
+    image: ghcr.io/ajnart/homarr:latest
+    restart: unless-stopped
+    volumes:
+      - /data/homarr/configs:/app/data/configs
+      - /data/homarr/icons:/app/public/icons
+      - /data/homarr/data:/data
+    environment:
+      DISABLE_ANALYTICS: true
+    ports:
+      - '7575:7575'

n8n.yml

@@ -0,0 +1,20 @@
+volumes:
+  n8n_data:
+
+services:
+  n8n:
+    image: docker.n8n.io/n8nio/n8n
+    container_name: n8n
+    restart: unless-stopped
+    ports:
+      - "5678:5678"
+    environment:
+      - N8N_HOST=n8n.ehcan.io
+      - N8N_PORT=5678
+      - N8N_PROTOCOL=https
+      - NODE_ENV=production
+      - WEBHOOK_URL=https://n8n.ehcan.io
+      - GENERIC_TIMEZONE=Europe/Berlin
+      - N8N_DIAGNOSTICS_ENABLED=false
+    volumes:
+      - n8n_data:/home/node/.n8n

portainer.yml

@@ -0,0 +1,16 @@
+name: "portainer"
+
+services:
+  portainer:
+    image: portainer/portainer-ce:latest
+    container_name: portainer
+    restart: unless-stopped
+    network_mode: host
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer_data:/data
+    environment:
+      TZ: Europe/Berlin
+
+volumes:
+  portainer_data: