diff --git a/README.md b/README.md index 801e176..559b514 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ DNS intern: `*.iot` → VLAN 40 (z. B. `homeassistant.iot` → 192.168.40.254) ``` docu/ ├── README.md ← diese Datei +├── guests/ ← Compose & Stack-Config pro VM/CT (ohne Daten) ├── migration/ ← Schritt-für-Schritt Updates & Tuning ├── shared/ ← übergreifend (MQTT, Git, Netzwerk) ├── pve1/ ← nur pve1 @@ -32,6 +33,7 @@ docu/ | [shared/mqtt-homeassistant.md](shared/mqtt-homeassistant.md) | MQTT-Broker, HA Discovery, Credentials | | [shared/git-und-repos.md](shared/git-und-repos.md) | Gitea, Tokens, Clone-Pfade | | [migration/nextcloud-optimierung-und-updates.md](migration/nextcloud-optimierung-und-updates.md) | Nextcloud VM 101: Updates, Tuning, notify_push | +| [guests/](guests/) | Docker-Stacks pro Gast (Compose, ohne Volumes/Daten) | ## Code-Repos (separat von dieser Doku) diff --git a/guests/README.md b/guests/README.md new file mode 100644 index 0000000..193e335 --- /dev/null +++ b/guests/README.md @@ -0,0 +1,21 @@ +# Gäste — Stack-Konfiguration (Compose & Anhang) + +Compose-Dateien und stack-relevante Konfiguration **ohne** Volumes, Datenbanken, App-Daten oder Secrets. + +| Ordner | Gast | Host | Rolle | +|--------|------|------|-------| +| [vm101-ubuntu/](vm101-ubuntu/) | VM 101 `ubuntu` | pve1 | Docker-Host: Nextcloud, NPM, Gitea, … | + +**Live-Pfad auf dem Gast:** `/opt/stacks//` + +Passwörter in den Repo-Dateien sind durch `REDACTED` ersetzt. Live-Werte nur auf dem jeweiligen Gast. + +**Sync vom Gast (Beispiel VM 101):** + +```bash +# Von einem Host mit SSH-Zugang — nur Compose + Config, keine Daten +rsync -av --exclude='data/' --exclude='db/' --exclude='mysql/' --exclude='gitea/' \ + --exclude='config/www/' --exclude='config/log/' --exclude='letsencrypt/' \ + jean@192.168.10.10:/opt/stacks/ ./guests/vm101-ubuntu/stacks-live/ +# Anschließend Secrets redigieren, dann ins Repo übernehmen +``` diff --git a/guests/vm101-ubuntu/README.md b/guests/vm101-ubuntu/README.md new file mode 100644 index 0000000..6e12469 --- /dev/null +++ b/guests/vm101-ubuntu/README.md @@ -0,0 +1,44 @@ +# VM 101 — ubuntu (Docker-Host) + +| | | +|---|---| +| **Proxmox** | pve1, VMID 101 | +| **IP** | 192.168.10.10 | +| **Stacks** | `/opt/stacks/` | +| **Stack-UI** | Dockge → `:5001` | +| **Docker** | `iptables: false` → [docker-daemon.json](docker-daemon.json), NAT: [../pve1/scripts/vm101-docker-nat-rules.sh](../pve1/scripts/vm101-docker-nat-rules.sh) | + +## Netzwerk `docbr0` + +Externes Docker-Netz für Container mit **festen IPs** (`10.2.2.0/24`). + +| Stack / Service | Container | IP (docbr0) | +|-----------------|-----------|-------------| +| phpipam | phpipam-web | 10.2.2.19 | +| vaultwarden | vaultwarden | 10.2.2.18 | +| git2 | gitea server | 10.2.2.22 | +| sabnzbd | sabnzbd | 10.2.2.45 | +| audio | audiobookshelf | 10.2.2.40 | +| audio | airsonic | 10.2.2.43 | +| audio | refix | 10.2.2.44 | +| audio | navidrome | 10.2.2.48 | +| jeanavril | web | 10.2.2.100 | +| jeanavril | gitea | 10.2.2.101 | +| nextcloud | nextcloud | 10.2.2.253 | +| npm | app | 10.2.2.254 | + +## Stacks + +| Stack | Compose | Anmerkung | +|-------|---------|----------| +| [nextcloud](stacks/nextcloud/) | `compose.yml` | NC, Collabora, notify_push Sidecar; PHP/Nginx-Tuning unter `config/` | +| [npm](stacks/npm/) | `docker-compose.yml` | Reverse Proxy | +| [git2](stacks/git2/) | `compose.yml` | Gitea (git2) | +| [jeanavril](stacks/jeanavril/) | `compose.yml` | Website + Gitea | +| [audio](stacks/audio/) | `compose.yml` | Audiobookshelf, Airsonic, Navidrome, Refix | +| [dockge](stacks/dockge/) | `compose.yaml` | Stack-Verwaltung | +| [phpipam](stacks/phpipam/) | `compose.yml` | IPAM | +| [sabnzbd](stacks/sabnzbd/) | `compose.yml` | Usenet | +| [vaultwarden](stacks/vaultwarden/) | `compose.yml` | Passwortmanager | + +Details Nextcloud-Betrieb: [../../pve1/06_ubuntu-vm-nextcloud.md](../../pve1/06_ubuntu-vm-nextcloud.md) diff --git a/guests/vm101-ubuntu/docker-daemon.json b/guests/vm101-ubuntu/docker-daemon.json new file mode 100644 index 0000000..0823417 --- /dev/null +++ b/guests/vm101-ubuntu/docker-daemon.json @@ -0,0 +1,9 @@ +{ + "iptables": false, + "ip6tables": false, + "log-driver": "json-file", + "log-opts": { + "max-size": "50m", + "max-file": "3" + } +} diff --git a/guests/vm101-ubuntu/stacks/audio/compose.yml b/guests/vm101-ubuntu/stacks/audio/compose.yml new file mode 100644 index 0000000..c39d1b4 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/audio/compose.yml @@ -0,0 +1,72 @@ +x-logging: &default-logging + driver: json-file + options: + max-size: "50m" + max-file: "3" + +networks: + docbr0: + external: true + +services: + audiobookshelf: + logging: *default-logging + image: ghcr.io/advplyr/audiobookshelf + restart: unless-stopped + volumes: + - /mnt/service_data/audio/audiobookshelf/audiobooks:/audiobooks + - /mnt/service_data/audio/audiobookshelf/metadata:/metadata + - /mnt/service_data/audio/audiobookshelf/config:/config + - /mnt/storage/media:/mnt/storage/media + networks: + docbr0: + ipv4_address: 10.2.2.40 + + airsonic: + logging: *default-logging + image: lscr.io/linuxserver/airsonic-advanced:latest + container_name: airsonic + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - CONTEXT_PATH=/api + - JAVA_OPTS=-Xms512m -Xmx2g -XX:+UseG1GC -XX:+ExitOnOutOfMemoryError -Dserver.use-forward-headers=true + volumes: + - /mnt/service_data/audio/airsonic/config:/config + - /mnt/storage/media:/music/storage/media:ro + restart: always + networks: + docbr0: + ipv4_address: 10.2.2.43 + + navidrome: + logging: *default-logging + image: deluan/navidrome:latest + user: "1000:1000" + restart: unless-stopped + environment: + ND_SCANSCHEDULE: 1h + ND_LOGLEVEL: info + ND_SESSIONTIMEOUT: 24h + ND_MUSICFOLDER: /mnt/storage/media/music + ND_PORT: "80" + ND_BASEURL: /navidrome + ND_AUTOIMPORTPLAYLISTS: "false" + ND_ENABLESHARING: "true" + volumes: + - /mnt/service_data/audio/navidrome:/data + - /mnt/storage/media/music:/mnt/storage/media/music:ro + networks: + docbr0: + ipv4_address: 10.2.2.48 + + refix: + logging: *default-logging + image: tamland/airsonic-refix:latest + restart: always + environment: + - SERVER_URL=https://music.apollo.jeanavril.com/api + networks: + docbr0: + ipv4_address: 10.2.2.44 diff --git a/guests/vm101-ubuntu/stacks/dockge/compose.yaml b/guests/vm101-ubuntu/stacks/dockge/compose.yaml new file mode 100644 index 0000000..f00d193 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/dockge/compose.yaml @@ -0,0 +1,12 @@ +services: + dockge: + image: louislam/dockge:1 + restart: unless-stopped + ports: + - 5001:5001 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./data:/app/data + - /opt/stacks:/opt/stacks + environment: + - DOCKGE_STACKS_DIR=/opt/stacks diff --git a/guests/vm101-ubuntu/stacks/git2/compose.yml b/guests/vm101-ubuntu/stacks/git2/compose.yml new file mode 100644 index 0000000..9383cf6 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/git2/compose.yml @@ -0,0 +1,47 @@ +x-logging: &default-logging + driver: json-file + options: + max-size: "50m" + max-file: "3" + +networks: + gitea: + external: false + docbr0: + external: true + +services: + server: + logging: *default-logging + image: gitea/gitea:latest + environment: + - USER_UID=1000 + - USER_GID=1000 + - DB_TYPE=mysql + - DB_HOST=db:3306 + - DB_NAME=gitea + - DB_USER=gitea + - DB_PASSWD=REDACTED + restart: always + networks: + gitea: + docbr0: + ipv4_address: 10.2.2.22 + volumes: + - ./gitea:/data + depends_on: + - db + + db: + logging: *default-logging + image: mysql:5.7 + restart: always + environment: + - MYSQL_ROOT_PASSWORD=REDACTED + - MYSQL_USER=gitea + - MYSQL_PASSWORD=REDACTED + - MYSQL_DATABASE=gitea + networks: + - gitea + volumes: + - ./mysql:/var/lib/mysql diff --git a/guests/vm101-ubuntu/stacks/jeanavril/compose.yml b/guests/vm101-ubuntu/stacks/jeanavril/compose.yml new file mode 100644 index 0000000..a5aa7a1 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/jeanavril/compose.yml @@ -0,0 +1,68 @@ +x-logging: &default-logging + driver: json-file + options: + max-size: "50m" + max-file: "3" + +networks: + docbr0: + external: true + default: + external: false + +services: + web: + logging: *default-logging + image: git.jeanavril.com/jean/website:latest + container_name: jeanavril-web + restart: unless-stopped + environment: + - NODE_ENV=production + - DATABASE_URL=/app/data/local.db + volumes: + - ./website:/app/data + healthcheck: + test: [ "CMD", "wget", "--spider", "http://127.0.0.1:3000" ] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + networks: + default: + docbr0: + ipv4_address: 10.2.2.100 + depends_on: + - gitea + + gitea: + logging: *default-logging + image: gitea/gitea:latest + environment: + - USER_UID=1000 + - USER_GID=1000 + - DB_TYPE=mysql + - DB_HOST=giteadb:3306 + - DB_NAME=gitea + - DB_USER=gitea + - DB_PASSWD=REDACTED + restart: always + volumes: + - ./gitea/gitea:/data + depends_on: + - giteadb + networks: + default: + docbr0: + ipv4_address: 10.2.2.101 + + giteadb: + logging: *default-logging + image: mysql:5.7 + restart: always + environment: + - MYSQL_ROOT_PASSWORD=REDACTED + - MYSQL_USER=gitea + - MYSQL_PASSWORD=REDACTED + - MYSQL_DATABASE=gitea + volumes: + - ./gitea/mysql:/var/lib/mysql diff --git a/guests/vm101-ubuntu/stacks/nextcloud/README.md b/guests/vm101-ubuntu/stacks/nextcloud/README.md new file mode 100644 index 0000000..087e0d3 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/nextcloud/README.md @@ -0,0 +1,22 @@ +# Stack: nextcloud + +Live: `/opt/stacks/nextcloud/` + +## Enthalten im Repo + +| Pfad | Zweck | +|------|-------| +| `compose.yml` | MariaDB, Redis, Nextcloud, Collabora, notify_push Sidecar | +| `db.env` | DB-Credentials (REDACTED) | +| `config/php/www2.conf` | PHP-FPM Tuning | +| `config/php/php-local.ini` | APCu 128M | +| `config/custom-cont-init.d/` | custom_apps-Symlink | +| `config/nginx/site-confs/default.conf` | Nginx inkl. `/push/` für notify_push | + +## Nicht im Repo (nur auf dem Gast) + +- `config/www/` — Nextcloud-Installation, `config.php`, Apps +- `db/` — MariaDB-Daten +- `/mnt/nextcloud-data` — NFS User-Daten + +Betrieb & Tuning: [../../../pve1/06_ubuntu-vm-nextcloud.md](../../../pve1/06_ubuntu-vm-nextcloud.md) diff --git a/guests/vm101-ubuntu/stacks/nextcloud/compose.yml b/guests/vm101-ubuntu/stacks/nextcloud/compose.yml new file mode 100644 index 0000000..cb0c8eb --- /dev/null +++ b/guests/vm101-ubuntu/stacks/nextcloud/compose.yml @@ -0,0 +1,76 @@ +x-logging: &default-logging + driver: json-file + options: + max-size: "50m" + max-file: "3" + +networks: + default: + external: false + docbr0: + external: true +services: + db: + logging: *default-logging + image: mariadb + command: --transaction-isolation=READ-COMMITTED --character-set-server=utf8 + --innodb-read-only-compressed=OFF --log-bin=binlog --binlog-format=ROW + --expire_logs_days=7 + restart: always + volumes: + - ./db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=REDACTED + - MARIADB_AUTO_UPGRADE=1 + env_file: + - db.env + redis: + logging: *default-logging + image: redis:alpine + restart: always + nextcloud: + logging: *default-logging + image: lscr.io/linuxserver/nextcloud:latest + container_name: nextcloud + hostname: cloud + domainname: cloud.jeanavril.com + extra_hosts: + - cloud.jeanavril.com:127.0.0.1 + environment: + - PUID=33 + - PGID=33 + - TZ=Etc/UTC + volumes: + - ./config:/config + - /mnt/nextcloud-data:/data + restart: unless-stopped + depends_on: + - db + - redis + networks: + default: + docbr0: + ipv4_address: 10.2.2.253 + collabora: + logging: *default-logging + image: collabora/code + container_name: collabora + environment: + - domain=cloud.jeanavril.com + - username=admin + - password=REDACTED + cap_add: + - MKNOD + restart: always + + notify_push: + logging: *default-logging + image: ghcr.io/nextcloud/notify_push:latest + container_name: nextcloud-notify-push + restart: unless-stopped + network_mode: "service:nextcloud" + depends_on: + - nextcloud + volumes: + - ./config/www/nextcloud/config/config.php:/config/config.php:ro + command: ["/notify_push", "--port", "7867", "--nextcloud-url", "http://127.0.0.1", "/config/config.php"] diff --git a/guests/vm101-ubuntu/stacks/nextcloud/config/custom-cont-init.d/99-custom-apps-symlink b/guests/vm101-ubuntu/stacks/nextcloud/config/custom-cont-init.d/99-custom-apps-symlink new file mode 100644 index 0000000..aecc950 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/nextcloud/config/custom-cont-init.d/99-custom-apps-symlink @@ -0,0 +1,2 @@ +#!/usr/bin/with-contenv bash +ln -sfn /config/www/nextcloud/custom_apps /app/www/public/custom_apps diff --git a/guests/vm101-ubuntu/stacks/nextcloud/config/nginx/site-confs/default.conf b/guests/vm101-ubuntu/stacks/nextcloud/config/nginx/site-confs/default.conf new file mode 100644 index 0000000..c78c67b --- /dev/null +++ b/guests/vm101-ubuntu/stacks/nextcloud/config/nginx/site-confs/default.conf @@ -0,0 +1,180 @@ +## Version 2025/07/10 - Changelog: https://github.com/linuxserver/docker-nextcloud/commits/master/root/defaults/nginx/site-confs/default.conf.sample + +# Set the `immutable` cache control options only for assets with a cache busting `v` argument +map $arg_v $asset_immutable { + "" ""; + default "immutable"; +} + +server { + listen 80 default_server; + listen [::]:80 default_server; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + listen 443 quic reuseport default_server; + listen [::]:443 quic reuseport default_server; + + server_name _; + + include /config/nginx/ssl.conf; + + root /app/www/public; + + # display real ip in nginx logs when connected through reverse proxy via docker network + set_real_ip_from 172.16.0.0/12; + real_ip_header X-Forwarded-For; + + # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx + + # set max upload size and increase upload timeout: + client_max_body_size 0; + client_body_timeout 300s; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml text/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. + #pagespeed off; + + # The settings allows you to optimize the HTTP2 bandwidth. + # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ + # for tuning hints + client_body_buffer_size 512k; + + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + # Required for legacy support + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + set $path_info $fastcgi_path_info; + + try_files $fastcgi_script_name =404; + + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls + fastcgi_pass 127.0.0.1:9000; + + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + + fastcgi_max_temp_file_size 0; + } + + # Serve static files + location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + access_log off; # Optional: Don't log access to assets + + location ~ \.wasm$ { + default_type application/wasm; + } + + } + + location ~ \.woff2?$ { + try_files $uri /index.php$request_uri; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } + + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + # Support for the Client Push (notify_push) plugin, needs mod installed https://github.com/linuxserver/docker-mods/tree/nextcloud-notify-push + location ^~ /push/ { + proxy_pass http://127.0.0.1:7867/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + } + + location / { + # enable for basic auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + try_files $uri $uri/ /index.php$request_uri; + } + + # deny access to .htaccess/.htpasswd files + location ~ /\.ht { + deny all; + } +} diff --git a/guests/vm101-ubuntu/stacks/nextcloud/config/php/php-local.ini b/guests/vm101-ubuntu/stacks/nextcloud/config/php/php-local.ini new file mode 100644 index 0000000..e0529d3 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/nextcloud/config/php/php-local.ini @@ -0,0 +1,4 @@ +; Edit this file to override php.ini directives + +date.timezone = Etc/UTC +apc.shm_size=128M diff --git a/guests/vm101-ubuntu/stacks/nextcloud/config/php/www2.conf b/guests/vm101-ubuntu/stacks/nextcloud/config/php/www2.conf new file mode 100644 index 0000000..c4f7b10 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/nextcloud/config/php/www2.conf @@ -0,0 +1,13 @@ +; Edit this file to override www.conf and php-fpm.conf directives and restart the container +; Freigabe 2026-06-28 — siehe docu/migration/nextcloud-tuning-freigabe.md + +[www] +pm = dynamic +pm.max_children = 12 +pm.start_servers = 3 +pm.min_spare_servers = 2 +pm.max_spare_servers = 6 +pm.max_requests = 500 +request_terminate_timeout = 300 +request_slowlog_timeout = 10s +slowlog = /config/log/php/fpm-slow.log diff --git a/guests/vm101-ubuntu/stacks/nextcloud/db.env b/guests/vm101-ubuntu/stacks/nextcloud/db.env new file mode 100644 index 0000000..9268883 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/nextcloud/db.env @@ -0,0 +1,3 @@ +MYSQL_PASSWORD=REDACTED +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud diff --git a/guests/vm101-ubuntu/stacks/npm/docker-compose.yml b/guests/vm101-ubuntu/stacks/npm/docker-compose.yml new file mode 100644 index 0000000..3c51d87 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/npm/docker-compose.yml @@ -0,0 +1,50 @@ +x-logging: &default-logging + driver: json-file + options: + max-size: "50m" + max-file: "3" + +services: + app: + logging: *default-logging + image: 'jc21/nginx-proxy-manager:latest' + restart: unless-stopped + ports: + - '80:80' + - '443:443' + - '81:81' + environment: + DB_MYSQL_HOST: "db" + DB_MYSQL_PORT: 3306 + DB_MYSQL_USER: "npm" + DB_MYSQL_PASSWORD: "REDACTED" + DB_MYSQL_NAME: "npm" + DISABLE_IPV6: 'true' + volumes: + - ./data:/data + - ./letsencrypt:/etc/letsencrypt + depends_on: + - db + networks: + default: + docbr0: + ipv4_address: 10.2.2.254 + db: + logging: *default-logging + image: 'jc21/mariadb-aria:latest' + restart: unless-stopped + environment: + MYSQL_ROOT_PASSWORD: 'REDACTED' + MYSQL_DATABASE: 'npm' + MYSQL_USER: 'npm' + MYSQL_PASSWORD: 'REDACTED' + MARIADB_AUTO_UPGRADE: '1' + volumes: + - ./mysql:/var/lib/mysql +networks: + docbr0: + logging: *default-logging + external: true + default: + logging: *default-logging + external: false diff --git a/guests/vm101-ubuntu/stacks/phpipam/compose.yml b/guests/vm101-ubuntu/stacks/phpipam/compose.yml new file mode 100644 index 0000000..3aa6f03 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/phpipam/compose.yml @@ -0,0 +1,55 @@ +x-logging: &default-logging + driver: json-file + options: + max-size: "50m" + max-file: "3" + +networks: + docbr0: + external: true + default: + external: false + +services: + phpipam-web: + logging: *default-logging + image: phpipam/phpipam-www:latest + networks: + default: + docbr0: + ipv4_address: 10.2.2.19 + environment: + - TZ=Europe/Berlin + - IPAM_DATABASE_HOST=phpipam-mariadb + - IPAM_DATABASE_PASS=REDACTED + - IPAM_DATABASE_WEBHOST=% + restart: unless-stopped + volumes: + - ./data/logo:/phpipam/css/images/logo + depends_on: + - phpipam-mariadb + + phpipam-cron: + logging: *default-logging + image: phpipam/phpipam-cron:latest + environment: + - TZ=Europe/Berlin + - IPAM_DATABASE_HOST=phpipam-mariadb + - IPAM_DATABASE_PASS=REDACTED + - SCAN_INTERVAL=1h + restart: unless-stopped + depends_on: + - phpipam-mariadb + + phpipam-mariadb: + logging: *default-logging + image: mariadb:latest + environment: + - MYSQL_ROOT_PASSWORD=REDACTED + - MYSQL_DATABASE=phpipam + - MYSQL_USER=phpipam + - MYSQL_PASSWORD=REDACTED + restart: unless-stopped + volumes: + - ./data/db-data:/var/lib/mysql + - ./data/init:/docker-entrypoint-initdb.d diff --git a/guests/vm101-ubuntu/stacks/sabnzbd/compose.yml b/guests/vm101-ubuntu/stacks/sabnzbd/compose.yml new file mode 100644 index 0000000..0393ea9 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/sabnzbd/compose.yml @@ -0,0 +1,25 @@ +x-logging: &default-logging + driver: json-file + options: + max-size: "50m" + max-file: "3" + +networks: + docbr0: + external: true + +services: + sabnzbd: + logging: *default-logging + image: lscr.io/linuxserver/sabnzbd + environment: + - PUID=1000 + - PGID=1001 + - TZ=Europe/Berlin + volumes: + - ./config:/config + - /mnt/storage/media:/mnt/storage/media + restart: unless-stopped + networks: + docbr0: + ipv4_address: 10.2.2.45 diff --git a/guests/vm101-ubuntu/stacks/vaultwarden/compose.yml b/guests/vm101-ubuntu/stacks/vaultwarden/compose.yml new file mode 100644 index 0000000..2f43497 --- /dev/null +++ b/guests/vm101-ubuntu/stacks/vaultwarden/compose.yml @@ -0,0 +1,24 @@ +x-logging: &default-logging + driver: json-file + options: + max-size: "50m" + max-file: "3" + +services: + vaultwarden: + logging: *default-logging + image: vaultwarden/server:latest + restart: always + environment: + - WEBSOCKET_ENABLED=true + - ADMIN_TOKEN=REDACTED + - SIGNUPS_ALLOWED=true + volumes: + - ./data:/data + networks: + docbr0: + ipv4_address: 10.2.2.18 +networks: + docbr0: + logging: *default-logging + external: true diff --git a/pve1/00_README.md b/pve1/00_README.md index 10ad539..ae26bfe 100644 --- a/pve1/00_README.md +++ b/pve1/00_README.md @@ -16,6 +16,7 @@ | 05 | [05_speicher_wartung.md](05_speicher_wartung.md) | Speicher & Wartung | | 06 | [06_ubuntu-vm-nextcloud.md](06_ubuntu-vm-nextcloud.md) | VM 101 ubuntu, Nextcloud Status & Optimierung | | — | [scripts/](scripts/) | VM-101-Skripte (NAT, Wartungs-Cron, crontab) | +| — | [../guests/vm101-ubuntu/](../guests/vm101-ubuntu/) | VM 101 Docker-Stacks (Compose, ohne Daten) | ## Shared diff --git a/pve1/06_ubuntu-vm-nextcloud.md b/pve1/06_ubuntu-vm-nextcloud.md index b15ed98..061efe8 100644 --- a/pve1/06_ubuntu-vm-nextcloud.md +++ b/pve1/06_ubuntu-vm-nextcloud.md @@ -26,7 +26,8 @@ Daten: im Container: /data Stack-Pfad auf der VM: /opt/stacks/nextcloud/ -Compose: /opt/stacks/nextcloud/compose.yml +Compose (Repo): [guests/vm101-ubuntu/stacks/nextcloud/](../guests/vm101-ubuntu/stacks/nextcloud/) +Compose (Live): /opt/stacks/nextcloud/compose.yml Nextcloud-Config: /opt/stacks/nextcloud/config/www/nextcloud/config/config.php Image: lscr.io/linuxserver/nextcloud:latest (NC 34.0.0.12 = Hub 26 Spring) ```