first commit

2026-03-15 01:00:14 +01:00
commit c1a4025697
6 changed files with 529 additions and 0 deletions
--- a/administration/docker-compose.yml
+++ b/administration/docker-compose.yml
@@ -0,0 +1,50 @@
+services:
+  portainer:
+    container_name: portainer
+    image: portainer/portainer-ce:sts
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer_data:/data
+    networks:
+      - administration
+      - media
+      - misc
+      - productivity
+      - overleaf
+
+  pocket-id:
+    image: ghcr.io/pocket-id/pocket-id:v2
+    container_name: pocketid
+    restart: unless-stopped
+    env_file: .env
+    networks:
+      - administration
+      - media
+      - misc
+      - productivity
+      - overleaf
+    volumes:
+      - "./pocket-id:/app/data"
+    healthcheck:
+      test: [ "CMD", "/app/pocket-id", "healthcheck" ]
+      interval: 1m30s
+      timeout: 5s
+      retries: 2
+      start_period: 10s
+
+volumes:
+  portainer_data:
+    name: portainer_data
+
+networks:
+  administration:
+    external: true
+  media:
+    external: true
+  misc:
+    external: true
+  productivity:
+    external: true
+  overleaf:
+    external: true
--- a/media/docker-compose.yml
+++ b/media/docker-compose.yml
@@ -0,0 +1,162 @@
+services:
+  radarr:
+    image: lscr.io/linuxserver/radarr:latest
+    container_name: radarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - ./radarr:/config
+      - /mnt/media/jellyfin/movies:/movies
+      - /mnt/media/downloads:/downloads
+    networks:
+      - media
+    restart: unless-stopped
+
+  sonarr:
+    image: lscr.io/linuxserver/sonarr:latest
+    container_name: sonarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - ./sonarr:/config
+      - /mnt/media/jellyfin/series:/tv
+      - /mnt/media/downloads:/downloads
+    networks:
+      - media
+    restart: unless-stopped
+
+  qbittorrent:
+    image: lscr.io/linuxserver/qbittorrent:latest
+    container_name: qbittorrent
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - WEBUI_PORT=8080
+      - TORRENTING_PORT=6881
+    volumes:
+      - ./qbittorrent/appdata:/config
+      - /mnt/media/downloads:/downloads #optional
+    ports:
+      - 6881:6881
+      - 6881:6881/udp
+    networks:
+      - media
+    restart: unless-stopped
+
+  prowlarr:
+    image: lscr.io/linuxserver/prowlarr:latest
+    container_name: prowlarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - ./prowlarr:/config
+    networks:
+      - media
+    restart: unless-stopped
+
+  bazarr:
+    image: lscr.io/linuxserver/bazarr:latest
+    container_name: bazarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - ./bazarr:/config
+      - /mnt/media/jellyfin/movies:/movies
+      - /mnt/media/jellyfin/series:/tv
+    networks:
+      - media
+    restart: unless-stopped
+
+  jellyfin:
+    image: jellyfin/jellyfin
+    container_name: jellyfin
+    user: 1000:1000
+    networks:
+      - media
+    group_add:
+      - 992
+    restart: unless-stopped
+    environment:
+      - JELLYFIN_PublishedServerUrl=https://jellyfin.focaccinacamog.li
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    devices:
+      - /dev/dri:/dev/dri  # Intel GPU VAAPI
+    volumes:
+      - type: bind
+        source: ./jellyfin/config
+        target: /config
+      - type: bind
+        source: ./jellyfin/cache
+        target: /cache
+      - type: bind
+        source: /mnt/media/jellyfin
+        target: /media
+        read_only: true
+      - type: bind
+        source: /usr/share/fonts/truetype
+        target: /usr/local/share/fonts/custom
+        read_only: true
+
+  seerr:
+    image: ghcr.io/seerr-team/seerr:latest
+    init: true
+    container_name: seerr
+    user: 1000:1000
+    networks:
+      - media
+    environment:
+      - LOG_LEVEL=debug
+      - TZ=Etc/UTC
+      - PORT=5055
+    volumes:
+      - ./seerr:/app/config
+    healthcheck:
+      test: wget --no-verbose --tries=1 --spider http://localhost:5055/api/v1/status || exit 1
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      retries: 3
+    restart: unless-stopped
+
+  navidrome:
+    image: deluan/navidrome:latest
+    container_name: navidrome
+    user: 1000:1000
+    restart: unless-stopped
+    volumes:
+      - "./navidrome/data:/data"
+      - "/mnt/media/music:/music:ro"
+    environment:
+      - ND_LASTFM_APIKEY=${LASTFM_APIKEY}
+      - ND_LASTFM_SECRET=${LASTFM_SECRET}
+    networks:
+      - media
+
+  lidarr:
+    image: lscr.io/linuxserver/lidarr:latest
+    container_name: lidarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - ./lidarr/config:/config
+      - /mnt/media/music:/music
+      - /mnt/media/downloads:/downloads
+    restart: unless-stopped
+    networks:
+      - media
+
+networks:
+  media:
+    external: true
--- a/misc/docker-compose.yml
+++ b/misc/docker-compose.yml
@@ -0,0 +1,16 @@
+services:
+  kiwix:
+    image: ghcr.io/kiwix/kiwix-serve:3.8.2
+    container_name: kiwix
+    restart: unless-stopped
+    networks:
+      - misc
+    ports:
+      - "8099:8080"
+    volumes:
+      - /mnt/media/kiwix:/data
+    command: ["/data/wikipedia_en_all_maxi_2025-08.zim"]
+
+networks:
+  misc:
+    external: true
--- a/network/docker-compose.yml
+++ b/network/docker-compose.yml
@@ -0,0 +1,96 @@
+services:
+
+  nginxpm:
+    image: jc21/nginx-proxy-manager:latest
+    container_name: nginxpm
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "81:81"
+      - "443:443"
+    environment:
+      PUID: 1000
+      PGID: 1000
+    volumes:
+      - ./nginxpm/data:/data
+      - ./nginxpm/letsencrypt:/etc/letsencrypt
+      - ./nginxpm/custom:/data/nginx/custom
+    networks:
+      - proxy
+      - media
+      - misc
+      - productivity
+      - overleaf
+      - administration
+
+  adguard:
+    image: adguard/adguardhome:latest
+    container_name: adguard
+    restart: unless-stopped
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "3000:3000"
+    volumes:
+      - ./adguard/conf:/opt/adguardhome/conf
+      - ./adguard/work:/opt/adguardhome/work
+    networks:
+      - proxy
+
+  wg-easy:
+    image: ghcr.io/wg-easy/wg-easy:latest
+    container_name: wg-easy
+    restart: unless-stopped
+    environment:
+      - LANG=en
+      - WG_HOST=focaccinacamog.li
+      - PASSWORD_HASH=${WG_EASY_PW_HASH}
+      - WG_PORT=51820
+      - WG_DEFAULT_ADDRESS=10.8.0.x
+      - WG_DEFAULT_DNS=172.20.0.2
+      - WG_ALLOWED_IPS=0.0.0.0/0
+      - WG_PERSISTENT_KEEPALIVE=25
+    volumes:
+      - ./wireguard:/etc/wireguard
+    ports:
+      - "51820:51820/udp"
+      - "51821:51821/tcp"                  # UI web
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+    networks:
+      - proxy
+
+  fail2ban:
+    image: lscr.io/linuxserver/fail2ban:latest
+    container_name: fail2ban
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+    network_mode: host
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - VERBOSITY=-vv
+    volumes:
+      - ./fail2ban/config:/config
+      - /var/log:/var/log:ro
+    restart: unless-stopped
+
+networks:
+  proxy:
+    driver: bridge
+  media:
+    external: true
+  misc:
+    external: true
+  productivity:
+    external: true
+  overleaf:
+    external: true
+  administration:
+    external: true
--- a/productivity/docker-compose.onlyoffice.yml
+++ b/productivity/docker-compose.onlyoffice.yml
@@ -0,0 +1,75 @@
+services:
+  onlyoffice-documentserver:
+    build:
+      context: .
+    image: onlyoffice/documentserver
+    container_name: onlyoffice-documentserver
+    depends_on:
+      - onlyoffice-postgresql
+      - onlyoffice-rabbitmq
+    environment:
+      - DB_TYPE=postgres
+      - DB_HOST=onlyoffice-postgresql
+      - DB_PORT=5432
+      - DB_NAME=onlyoffice
+      - DB_USER=onlyoffice
+      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
+      - JWT_ENABLED=true
+      - JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
+      - JWT_HEADER=
+    networks:
+      - productivity
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/info/info.json"]
+      interval: 30s
+      retries: 5
+      start_period: 60s
+      timeout: 10s
+    stdin_open: true
+    restart: always
+    stop_grace_period: 60s
+    volumes:
+       - /var/www/onlyoffice/Data
+       - /var/log/onlyoffice
+       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
+       - /var/www/onlyoffice/documentserver-example/public/files
+       - /usr/share/fonts
+       
+  onlyoffice-rabbitmq:
+    container_name: onlyoffice-rabbitmq
+    image: rabbitmq:3
+    restart: always
+    networks:
+      - productivity
+    healthcheck:
+      test: ["CMD", "rabbitmq-diagnostics", "status"]
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      timeout: 10s
+
+  onlyoffice-postgresql:
+    container_name: onlyoffice-postgresql
+    image: postgres:15
+    environment:
+      - POSTGRES_DB=onlyoffice
+      - POSTGRES_USER=onlyoffice
+      - POSTGRES_HOST_AUTH_METHOD=trust
+    restart: always
+    networks:
+      - productivity
+    volumes:
+      - postgresql_data:/var/lib/postgresql
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U onlyoffice"]
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      timeout: 10s
+
+volumes:
+  postgresql_data:
+
+networks:
+  productivity:
+    external: true
--- a/productivity/docker-compose.yml
+++ b/productivity/docker-compose.yml
@@ -0,0 +1,130 @@
+services:
+  nextcloud:
+    image: nextcloud:latest
+    container_name: nextcloud
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - POSTGRES_HOST=postgres
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=nextcloud
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+    volumes:
+      - ./nextcloud/config:/config
+      - ~/data/nextcloud:/data
+    ports:
+      - 9443:80
+    restart: unless-stopped
+    env_file:
+      - .env
+    networks:
+      - productivity
+
+  gitea:
+    image: docker.gitea.com/gitea:1.25.4-rootless
+    restart: always
+    user: 1000:1000
+    volumes:
+      - ~/data/git/data:/var/lib/gitea
+      - ./gitea/config:/etc/gitea
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - productivity
+
+  code-server:
+    image: lscr.io/linuxserver/code-server:latest
+    container_name: code-server
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - PASSWORD=${CODE_PASSWORD}
+      - DEFAULT_WORKSPACE=/repositories
+    volumes:
+      - ./code/config:/config
+      - ~/data/git/data/git/repositories:/repositories
+    restart: unless-stopped
+    networks:
+      - productivity
+
+  sharelatex:
+    restart: always
+    image: sharelatex/sharelatex
+    container_name: sharelatex
+    depends_on:
+      mongo:
+        condition: service_healthy
+      redis:
+        condition: service_started
+    networks:
+      - overleaf
+    stop_grace_period: 60s
+    volumes:
+      - ./overleaf/sharelatex_data:/var/lib/overleaf
+    environment:
+      OVERLEAF_APP_NAME: Overleaf Community Edition
+      OVERLEAF_MONGO_URL: mongodb://mongo/sharelatex
+      OVERLEAF_REDIS_HOST: redis
+      REDIS_HOST: redis
+      ENABLED_LINKED_FILE_TYPES: "project_file,project_output_file"
+      ENABLE_CONVERSIONS: "true"
+      EMAIL_CONFIRMATION_DISABLED: "true"
+      SANDBOXED_COMPILES: "true"
+      SANDBOXED_COMPILES_HOST_DIR_COMPILES: "./overleaf/sharelatex_data/data/compiles"
+      SANDBOXED_COMPILES_HOST_DIR_OUTPUT: "./overleaf/sharelatex_data/data/output"
+      DOCKER_RUNNER: "true"
+      SANDBOXED_COMPILES_SIBLING_CONTAINERS: "true"
+
+  mongo:
+    restart: always
+    image: mongo
+    container_name: mongo
+    command: "--replSet overleaf"
+    volumes:
+      - ./overleaf/mongo_data:/data/db
+      - ./overleaf/bin/shared/mongodb-init-replica-set.js:/docker-entrypoint-initdb.d/mongodb-init-replica-set.js
+    environment:
+      MONGO_INITDB_DATABASE: sharelatex
+    extra_hosts:
+      - mongo:127.0.0.1
+    networks:
+      - overleaf
+    healthcheck:
+      test: echo 'db.stats().ok' | mongosh localhost:27017/test --quiet
+      interval: 10s
+      timeout: 10s
+      retries: 5
+
+  redis:
+    restart: always
+    image: redis:6.2
+    container_name: redis
+    networks:
+      - overleaf
+    volumes:
+      - ./overleaf/redis_data:/data
+
+  postgres:
+    image: postgres:11
+    container_name: postgres_nextcloud
+    restart: unless-stopped
+    volumes:
+      - ./postgres/dbdata:/var/lib/postgresql/data
+      - ./postgres/dbdata/init:/docker-entrypoint-initdb.d
+    env_file:
+      - .env
+    environment:
+      - PGDATA=/var/lib/postgresql/data/nextcloud/
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=nextcloud
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+    networks:
+      - productivity
+
+networks:
+  productivity:
+    external: true
+  overleaf:
+    external: true