init

roles/vps/templates/docker-compose.bullshiteria.yaml.j2

@@ -0,0 +1,50 @@
+version: '3'
+
+services:
+  db:
+    image: mysql:5.7
+    volumes:
+      - ./db_data:/var/lib/mysql
+    restart: always
+    environment:
+      MYSQL_ROOT_PASSWORD: 7bvCwy2Fmta8hSNl
+      MYSQL_DATABASE: bullshiteria
+      MYSQL_USER: bullshiteria
+      MYSQL_PASSWORD: ZSnmQezh66EyOWyc
+    networks:
+      - internal
+    labels:
+      - "traefik.enable=false"
+
+  wordpress:
+    depends_on:
+      - db
+    image: wordpress:latest
+    volumes:
+      - ./wordpress_data:/var/www/html
+    ports:
+      - "8000:80"
+    restart: always
+    environment:
+      WORDPRESS_DB_HOST: db:3306
+      WORDPRESS_DB_USER: bullshiteria
+      WORDPRESS_DB_PASSWORD: ZSnmQezh66EyOWyc
+      WORDPRESS_DB_NAME: bullshiteria
+    networks:
+      - traefik
+      - internal
+    labels:
+      - "traefik.frontend.rule=Host:bullshiteria.de,www.bullshiteria.de"
+      - "traefik.port=80"
+      - "traefik.backend=wordpress"
+      - "traefik.frontend.entryPoints=https"
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+
+volumes:
+  db_data: {}
+  wordpress_data: {}
+networks:
+  traefik:
+    external: true
+  internal:

roles/vps/templates/docker-compose.gitea.yaml.j2

@@ -0,0 +1,53 @@
+---
+version: '2'
+services:
+  gitea:
+    image: gitea/gitea:latest
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=db:5432
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=y86ene95KGXq%8Bq^9bx^Qme
+      - DISABLE_REGISTRATION=true
+    restart: unless-stopped
+    labels:
+      - "traefik.frontend.rule=Host:git.eichner.cc"
+      - "traefik.port=3000"
+      - "traefik.backend=git"
+      - "traefik.frontend.entryPoints=https"
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+    networks:
+      - gitea
+      - traefik
+    volumes:
+      - ./gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "222:22"
+    depends_on:
+      - db
+
+  db:
+    image: postgres:14
+    restart: always
+    environment:
+      - POSTGRES_USER=gitea
+      - POSTGRES_PASSWORD=y86ene95KGXq%8Bq^9bx^Qme
+      - POSTGRES_DB=gitea
+    networks:
+      - gitea
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+
+networks:
+  gitea:
+    driver: bridge
+  traefik:
+    external: true

roles/vps/templates/docker-compose.joplin.yaml.j2

@@ -0,0 +1,47 @@
+---
+version: '3'
+
+services:
+    db:
+      image: postgres:13
+      volumes:
+        - ./data/postgres:/var/lib/postgresql/data
+      restart: unless-stopped
+      environment:
+        - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+        - POSTGRES_USER=${POSTGRES_USER}
+        - POSTGRES_DB=${POSTGRES_DATABASE}
+      networks:
+        - internal
+      labels:
+        - "traefik.enable=false"
+    app:
+      image: joplin/server:latest
+      depends_on:
+            - db
+        #ports:
+        #    - "22300:22300"
+      restart: unless-stopped
+      environment:
+        - APP_PORT=22300
+        - APP_BASE_URL=${APP_BASE_URL}
+        - DB_CLIENT=pg
+        - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+        - POSTGRES_DATABASE=${POSTGRES_DATABASE}
+        - POSTGRES_USER=${POSTGRES_USER}
+        - POSTGRES_PORT=${POSTGRES_PORT}
+        - POSTGRES_HOST=db
+      networks:
+        - traefik
+        - internal
+      labels:
+        - "traefik.frontend.rule=Host:joplin.eichner.cc"
+        - "traefik.port=22300"
+        - "traefik.backend=joplin"
+        - "traefik.frontend.entryPoints=https"
+        - "traefik.enable=true"
+        - "traefik.docker.network=traefik"
+networks:
+  traefik:
+    external: true
+  internal:

roles/vps/templates/docker-compose.lisa.yaml.j2

@@ -0,0 +1,50 @@
+version: '3'
+
+services:
+  db:
+    image: mysql:latest
+    volumes:
+      - ./db_data:/var/lib/mysql
+    restart: always
+    environment:
+      MYSQL_ROOT_PASSWORD: 74T3WXbwbwH0AKQl8VTcQggd
+      MYSQL_DATABASE: lisa
+      MYSQL_USER: lisa
+      MYSQL_PASSWORD: TBPeXEXdu4Kjre81X1veU4zA
+    networks:
+      - internal
+    labels:
+      - "traefik.enable=false"
+
+  wordpress:
+    depends_on:
+      - db
+    image: wordpress:latest
+    volumes:
+      - ./wordpress_data:/var/www/html
+    ports:
+      - "8001:80"
+    restart: always
+    environment:
+      WORDPRESS_DB_HOST: db:3306
+      WORDPRESS_DB_USER: lisa
+      WORDPRESS_DB_PASSWORD: TBPeXEXdu4Kjre81X1veU4zA
+      WORDPRESS_DB_NAME: lisa
+    networks:
+      - traefik
+      - internal
+    labels:
+      - "traefik.frontend.rule=Host:lisa.eichner.cc"
+      - "traefik.port=80"
+      - "traefik.backend=lisa"
+      - "traefik.frontend.entryPoints=https"
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+
+volumes:
+  db_data: {}
+  wordpress_data: {}
+networks:
+  traefik:
+    external: true
+  internal:

roles/vps/templates/docker-compose.mailu.yaml.j2

@@ -0,0 +1,148 @@
+# This file is auto-generated by the Mailu configuration wizard.
+# Please read the documentation before attempting any change.
+# Generated for compose flavor
+
+version: '3.6'
+
+services:
+
+  # External dependencies
+  redis:
+    image: redis:alpine
+    restart: always
+    volumes:
+      - "./redis:/data"
+
+  # Core services
+  front:
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.7}
+    restart: always
+    env_file: mailu.env
+    logging:
+      driver: json-file
+    ports:
+      - target: 25
+        published: 25
+      - target: 465
+        published: 465
+      - target: 587
+        published: 587
+      - target: 110
+        published: 110
+      - target: 995
+        published: 995
+      - target: 143
+        published: 143
+      - target: 993
+        published: 993
+    volumes:
+      - "./certs:/certs"
+      - "./overrides/nginx:/overrides"
+      - "./static:/static"
+    networks:
+      - traefik
+      - default
+    labels:
+      traefik.enable: "true"
+      traefik.port: "80"
+      traefik.frontend.rule: "Host:mail.eichner.cc"
+      traefik.docker.network: "traefik"
+
+  certdumper:
+    image: mailu/traefik-certdumper:${MAILU_VERSION:-1.7}
+    env_file: mailu.env
+    environment:
+      - DOMAIN=mail.eichner.cc
+    volumes:
+      - "/etc/traefik/acme/acme.json:/traefik/acme.json"
+      - "./certs:/output"
+
+  database:
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postgresql:${MAILU_VERSION:-1.7}
+    restart: always
+    env_file: mailu.env
+    volumes:
+      - "./data/psql_db:/data"
+      - "./data/psql_backup:/backup"
+
+  admin:
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-1.7}
+    restart: always
+    env_file: mailu.env
+    volumes:
+      - "./data:/data"
+      - "./dkim:/dkim"
+    depends_on:
+      - redis
+
+  imap:
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.7}
+    restart: always
+    env_file: mailu.env
+    volumes:
+      - "./mail:/mail"
+      - "./overrides:/overrides"
+    depends_on:
+      - front
+
+  smtp:
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.7}
+    restart: always
+    env_file: mailu.env
+    volumes:
+      - "./overrides:/overrides"
+    depends_on:
+      - front
+
+  antispam:
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.7}
+    restart: always
+    env_file: mailu.env
+    volumes:
+      - "./filter:/var/lib/rspamd"
+      - "./dkim:/dkim"
+      - "./overrides/rspamd:/etc/rspamd/override.d"
+      - "./rspamd/local.d:/etc/rspamd/local.d"
+    depends_on:
+      - front
+
+  # Optional services
+  antivirus:
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}clamav:${MAILU_VERSION:-1.7}
+    restart: always
+    env_file: mailu.env
+    volumes:
+      - "./filter:/data"
+
+  webdav:
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-1.7}
+    restart: always
+    env_file: mailu.env
+    volumes:
+      - "./dav:/data"
+
+  fetchmail:
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.7}
+    restart: always
+    env_file: mailu.env
+
+  # Webmail
+#  webmail:
+#    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rainloop:${MAILU_VERSION:-1.7}
+#    restart: always
+#    env_file: mailu.env
+#    volumes:
+#      - "./webmail:/data"
+#    depends_on:
+#      - imap
+
+networks:
+  traefik:
+    driver: bridge
+    external: true
+  default:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 192.168.203.0/24

roles/vps/templates/docker-compose.nextcloud.yaml.j2

@@ -0,0 +1,114 @@
+version: '3'
+
+services:
+  db:
+    image: mariadb
+    container_name: nextcloud-mariadb
+    networks:
+      - internal
+    command: --innodb-read-only-compressed=OFF
+    volumes:
+      - ./db:/var/lib/mysql
+      - /etc/localtime:/etc/localtime:ro
+    env_file:
+      - db.env
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=false"
+
+  redis:
+    image: redis
+    container_name: redis
+    volumes:
+      - redis:/data
+    networks:
+      - internal
+    restart: unless-stopped
+
+  app:
+    image: nextcloud:latest
+    container_name: nextcloud
+    restart: always
+    volumes:
+      - ./nextcloud:/var/www/html # Pulls from /var/lib/docker/volumes/nextcloud_nextcloud/_data/
+      - ./nextcloud/config:/var/www/html/config # Pulls from local dir
+      - ./stuff:/mnt/hdd # Pulls from root
+      - ./nextcloud/apps:/var/www/html/custom_apps
+      - ./nextcloud/data:/var/www/html/data
+      - /opt/docker/podgrab/data:/mnt/podcasts
+#      - ./apache:/etc/apache2/sites-enabled
+    environment:
+      - VIRTUAL_HOST=cloud.eichner.cc
+      - DEFAULT_LANGUAGE="de"
+      - DEFAULT_LOCALE="de_DE"
+    env_file:
+      - db.env
+    depends_on:
+      - db
+      - redis
+    networks:
+      - traefik
+      - internal
+    labels:
+      - "traefik.backend=nextcloud"
+      - "traefik.docker.network=traefik"
+      - "traefik.enable=true"
+      - "traefik.frontend.rule=Host:cloud.eichner.cc"
+      - "traefik.port=80"
+      - traefik.frontend.headers.forceSTSHeader=true
+      - traefik.frontend.headers.SSLRedirect=true
+      - traefik.frontend.headers.STSPreload=true
+      - traefik.frontend.headers.STSSeconds=15552000
+
+  cron:
+    image: nextcloud
+    volumes:
+      - /opt/docker/nextcloud/nextcloud/nextcloud/:/var/www/html
+    user: www-data
+    restart: unless-stopped
+    networks:
+      - internal
+    entrypoint: |
+      bash -c 'bash -s <<EOF
+        trap "break;exit" SIGHUP SIGINT SIGTERM
+        while [ ! -f /var/www/html/config/config.php ]; do
+          sleep 1
+        done
+        while true; do
+          php -f /var/www/html/cron.php
+          sleep 15m
+        done
+      EOF'
+
+  documentserver:
+    image: onlyoffice/documentserver:7.1
+    restart: always
+    container_name: documentserver
+    networks:
+      - traefik
+    environment:
+      - "TZ=UTC"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.port=80"
+      - "traefik.backend=office"
+      - "traefik.docker.network=traefik"
+      - "traefik.frontend.rule=Host:office.eichner.cc"
+      - "traefik.frontend.passHostHeader=true"
+      - "traefik.frontend.headers.forceSTSHeader=true"
+      - "traefik.frontend.headers.STSSeconds=31536000"
+      - "traefik.frontend.headers.STSIncludeSubdomains=true"
+      - "traefik.frontend.redirect.entryPoint=https"
+      - "traefik.frontend.redirect.permanent=true"
+
+networks:
+  internal:
+  traefik:
+    external: true
+
+volumes:
+  db:
+  nextcloud:
+  database-dump:
+  redis:
+#  apache:

roles/vps/templates/docker-compose.traefik.yaml.j2

@@ -0,0 +1,48 @@
+---
+version: "3"
+services:
+  traefik:
+    container_name: traefik
+    image: traefik:1.7
+    command:
+      - "--api"
+      - "--entryPoints=Name:http Address::80 Redirect.EntryPoint:https"
+      - "--entryPoints=Name:https Address::443 TLS"
+      - "--defaultentrypoints=http,https"
+      - "--acme"
+      - "--acme.storage=/etc/traefik/acme/acme.json"
+      - "--acme.entryPoint=https"
+      - "--acme.httpChallenge.entryPoint=http"
+      - "--acme.caServer=https://acme-v02.api.letsencrypt.org/directory"
+      - "--acme.onHostRule=true"
+      - "--acme.onDemand=false"
+      - "--acme.email=kleinmaddin@googlemail.com"
+      - "--acme.acmelogging=true"
+      - "--docker"
+#      - "--docker.watch"
+      - "--logLevel=INFO"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /etc/traefik/acme/acme.json:/etc/traefik/acme/acme.json
+      - /etc/traefik:/etc/traefik
+      - ./logs:/var/log/traefik
+    networks:
+      - traefik
+    ports:
+      - "80:80"
+      - "443:443"
+    labels:
+      traefik.frontend.rule: "Host:traefik.eichner.cc"
+      traefik.port: "8080"
+      traefik.frontend.auth.forward.address: "http://89.58.15.160:5252"
+      traefik.frontend.auth.forward.authResponseHeaders: "cookie"
+      traefik.backend: "traefik"
+      traefik.frontend.entryPoints: "https"
+#      traefik.frontend.auth.basic.users: "admin:$$apr1$S0AMFtfZ$yMnkgnpJzsG3JRAO2EXQ1/"
+      traefik.frontend.auth.basic.usersFile: "/etc/traefik/.htpasswd"
+    restart: unless-stopped
+
+networks:
+  traefik:
+    external:
+      name: traefik

roles/vps/templates/docker-compose.vaultwarden.yaml.j2

@@ -0,0 +1,74 @@
+---
+version: "3"
+services:
+  traefik:
+    container_name: traefik
+    image: traefik:1.7
+    command:
+      - "--api"
+      - "--entryPoints=Name:http Address::80 Redirect.EntryPoint:https"
+      - "--entryPoints=Name:https Address::443 TLS"
+      - "--defaultentrypoints=http,https"
+      - "--acme"
+      - "--acme.storage=/etc/traefik/acme/acme.json"
+      - "--acme.entryPoint=https"
+      - "--acme.httpChallenge.entryPoint=http"
+      - "--acme.caServer=https://acme-v02.api.letsencrypt.org/directory"
+      - "--acme.onHostRule=true"
+      - "--acme.onDemand=false"
+      - "--acme.email=kleinmaddin@googlemail.com"
+      - "--acme.acmelogging=true"
+      - "--docker"
+#      - "--docker.watch"
+      - "--logLevel=INFO"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /etc/traefik/acme/acme.json:/etc/traefik/acme/acme.json
+      - /etc/traefik:/etc/traefik
+      - ./logs:/var/log/traefik
+    networks:
+      - traefik
+    ports:
+      - "80:80"
+      - "443:443"
+    labels:
+      traefik.frontend.rule: "Host:traefik.eichner.cc"
+      traefik.port: "8080"
+      traefik.frontend.auth.forward.address: "http://89.58.15.160:5252"
+      traefik.frontend.auth.forward.authResponseHeaders: "cookie"
+      traefik.backend: "traefik"
+      traefik.frontend.entryPoints: "https"
+#      traefik.frontend.auth.basic.users: "admin:$$apr1$S0AMFtfZ$yMnkgnpJzsG3JRAO2EXQ1/"
+      traefik.frontend.auth.basic.usersFile: "/etc/traefik/.htpasswd"
+    restart: unless-stopped
+
+networks:
+  traefik:
+    external:
+      name: traefik
+
+
+root@eichner:/opt/docker# cat vaultwarden/docker-compose.yml
+version: '3'
+
+services:
+  bitwarden:
+    container_name: bitwarden
+    image: vaultwarden/server:latest
+    env_file: .env
+    networks:
+      - traefik
+    labels:
+      - "traefik.frontend.rule=Host:vault.eichner.cc"
+      - "traefik.port=80"
+      - "traefik.backend=bitwarden"
+      - "traefik.frontend.entryPoints=https"
+    volumes:
+        - "/var/run/docker.sock:/var/run/docker.sock"
+        - "./data:/data"
+    restart: unless-stopped
+
+networks:
+  traefik:
+    external:
+      name: traefik