Talteen

config/docker/current/traefik/config/mw-authentik.yaml

@@ -0,0 +1,19 @@
+http:
+  middlewares:
+    middlewares-authentik:
+      forwardAuth:
+        address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
+          - X-authentik-jwt
+          - X-authentik-meta-jwks
+          - X-authentik-meta-outpost
+          - X-authentik-meta-provider
+          - X-authentik-meta-app
+          - X-authentik-meta-version
+          

config/docker/current/traefik/config/mw-basic-auth.yaml

@@ -5,4 +5,4 @@ http:
         # users:
         #   - "user:$apsdfs.$EntPC0w3FtswWvC/6fTVJ7IUVtX1"
         usersFile: "/users" #be sure to mount the volume through docker-compose.yml
-        realm: "Traefik 2 Basic Auth"
+        realm: "Traefik 3 Basic Auth"

config/docker/current/traefik/config/mw-buffering.yaml

@@ -0,0 +1,18 @@
+################################################################
+# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    # Prevent too large of a body
+    # https://stackoverflow.com/questions/49717670/how-to-config-upload-body-size-restriction-in-traefik
+    middlewares-buffering:
+      buffering:
+        maxRequestBodyBytes: 10485760
+        memRequestBodyBytes: 2097152
+        maxResponseBodyBytes: 10485760
+        memResponseBodyBytes: 2097152
+        retryExpression: "IsNetworkError() && Attempts() <= 2"

config/docker/current/traefik/config/mw-chain-authentik.yaml

@@ -0,0 +1,9 @@
+http:
+  middlewares:        
+    chain-authentik:
+      chain:
+        middlewares:
+#          - middlewares-crowdsec-bouncer
+          - middlewares-rate-limit
+          - middlewares-secure-headers
+          - middlewares-authentik

config/docker/current/traefik/config/mw-chain-no-auth.yaml

@@ -3,7 +3,6 @@ http:
     chain-no-auth:
       chain:
         middlewares:
-          - middlewares-crowdsec-bouncer
           - middlewares-default-whitelist
           - middlewares-rate-limit
           - middlewares-secure-headers

config/docker/current/traefik/config/mw-compress.yaml

@@ -0,0 +1,12 @@
+################################################################
+# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    # Compress to save bandwidth
+    middlewares-compress:
+      compress: {}

config/docker/current/traefik/config/mw-https-redirectscheme.yaml

@@ -0,0 +1,15 @@
+################################################################
+# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
+http:
+  middlewares:
+    # Middleware for Redirection
+    # This can be used instead of global redirection
+    middlewares-https-redirectscheme:
+      redirectScheme:
+        scheme: https
+        permanent: true

config/docker/current/traefik/config/mw-secure-headers.yaml

@@ -1,5 +1,15 @@
+################################################################
+# Middlewares (https://github.com/htpcBeginner/docker-traefik/blob/master/appdata/traefik2/rules/cloudserver/middlewares.yml)
+# 2024 update: https://github.com/htpcBeginner/docker-traefik/tree/master/appdata/traefik3/rules/hs
+# https://www.smarthomebeginner.com/traefik-docker-compose-guide-2022/
+#
+# Dynamic configuration
+################################################################
 http:
   middlewares:
+    ################################################################
+    # Good Basic Security Practices
+    ################################################################
     middlewares-secure-headers:
       headers:
         accessControlAllowMethods:
@@ -9,23 +19,20 @@ http:
         accessControlMaxAge: 100
         hostsProxyHeaders:
           - "X-Forwarded-Host"
-        sslRedirect: true
         stsSeconds: 63072000
         stsIncludeSubdomains: true
         stsPreload: true
         forceSTSHeader: true
-        # frameDeny: true #overwritten by customFrameOptionsValue
+        customFrameOptionsValue: "allow-from https:{{env "DOMAINNAME"}}" #CSP takes care of this but may be needed for organizr.
-        customFrameOptionsValue: "allow-from https:gurulandia.eu" #CSP takes care of this but may be needed for organizr.
+        #customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
         contentTypeNosniff: true
         browserXssFilter: true
         # sslForceHost: true # add sslHost to all of the services
-        # sslHost: "example.com"
+        # sslHost: "{{env "DOMAINNAME"}}"
         referrerPolicy: "same-origin"
-        # Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
+        # permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=()"
-        # the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
-        # contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
-        featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
         customResponseHeaders:
-          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
+          # X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
-          server: ""
+          # server: ""
-          
+          # https://community.traefik.io/t/how-to-make-websockets-work-with-traefik-2-0-setting-up-rancher/1732
+          X-Forwarded-Proto: "https"

config/docker/current/traefik/config/tls-opts.yaml

@@ -1,6 +1,21 @@
+################################################################
+# TLS Options (https://jellyfin.org/docs/general/networking/traefik2.html#traefik-providertoml)
+# toml -> yml
+# 2024 updates to cipherSuites from (https://www.smarthomebeginner.com/traefik-v3-docker-compose-guide-2024/)
+#
+# Set secure options by disabling insecure older TLS/SSL versions
+# and insecure ciphers. SNIStrict disabled leaves TLS1.0 open.
+# If you have problems with older clients, you can may need to relax
+# these minimums. This configuration will give you an A+ SSL security
+# score supporting TLS1.2 and TLS1.3
+#
+# Dynamic configuration
+# https://doc.traefik.io/traefik/https/tls/
+################################################################
 tls:
   options:
     tls-opts:
+      sniStrict: true
       minVersion: VersionTLS12
       cipherSuites:
         - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
@@ -14,6 +29,7 @@ tls:
         - TLS_CHACHA20_POLY1305_SHA256
         - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
       curvePreferences:
-        - CurveP521
+        - secp521r1 # CurveP521
-        - CurveP384
+        - secp384r1 # CurveP384
-      sniStrict: true
+    mintls13:
+      minVersion: VersionTLS13

config/docker/current/traefik/old/config/mw-basic-auth.yaml

@@ -0,0 +1,8 @@
+http:
+  middlewares:
+    middlewares-basic-auth:
+      basicAuth:
+        # users:
+        #   - "user:$apsdfs.$EntPC0w3FtswWvC/6fTVJ7IUVtX1"
+        usersFile: "/users" #be sure to mount the volume through docker-compose.yml
+        realm: "Traefik 2 Basic Auth"

config/docker/current/traefik/old/config/mw-chain-basic-auth.yaml

@@ -0,0 +1,8 @@
+http:
+  middlewares:
+    chain-basic-auth:
+      chain:
+        middlewares:
+          - middlewares-rate-limit
+          - middlewares-secure-headers
+          - middlewares-basic-auth

config/docker/current/traefik/old/config/mw-chain-no-auth.yaml

@@ -0,0 +1,9 @@
+http:
+  middlewares:
+    chain-no-auth:
+      chain:
+        middlewares:
+          - middlewares-crowdsec-bouncer
+          - middlewares-default-whitelist
+          - middlewares-rate-limit
+          - middlewares-secure-headers

config/docker/current/traefik/old/config/mw-crowdsec-bouncer.yaml

@@ -0,0 +1,6 @@
+http:
+  middlewares:    
+    middlewares-crowdsec-bouncer:
+      forwardauth:
+        address: http://bouncer-traefik:8080/api/v1/forwardAuth
+        trustForwardHeader: true

config/docker/current/traefik/old/config/mw-default-whitelist.yaml

@@ -0,0 +1,8 @@
+http:
+  middlewares:
+    middlewares-default-whitelist:
+      ipWhiteList:
+        sourceRange:
+        - "10.0.0.0/8"
+        - "192.168.0.0/16"
+        - "172.16.0.0/12"

config/docker/current/traefik/old/config/mw-rate-limit.yaml

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    middlewares-rate-limit:
+      rateLimit:
+        average: 100
+        burst: 50

config/docker/current/traefik/old/config/mw-secure-headers.yaml

@@ -0,0 +1,31 @@
+http:
+  middlewares:
+    middlewares-secure-headers:
+      headers:
+        accessControlAllowMethods:
+          - GET
+          - OPTIONS
+          - PUT
+        accessControlMaxAge: 100
+        hostsProxyHeaders:
+          - "X-Forwarded-Host"
+        sslRedirect: true
+        stsSeconds: 63072000
+        stsIncludeSubdomains: true
+        stsPreload: true
+        forceSTSHeader: true
+        # frameDeny: true #overwritten by customFrameOptionsValue
+        customFrameOptionsValue: "allow-from https:gurulandia.eu" #CSP takes care of this but may be needed for organizr.
+        contentTypeNosniff: true
+        browserXssFilter: true
+        # sslForceHost: true # add sslHost to all of the services
+        # sslHost: "example.com"
+        referrerPolicy: "same-origin"
+        # Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
+        # the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
+        # contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
+        featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
+        customResponseHeaders:
+          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
+          server: ""
+          

config/docker/current/traefik/old/config/tls-opts.yaml

@@ -0,0 +1,19 @@
+tls:
+  options:
+    tls-opts:
+      minVersion: VersionTLS12
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
+      curvePreferences:
+        - CurveP521
+        - CurveP384
+      sniStrict: true

config/docker/current/traefik/traefik.yaml

@@ -0,0 +1,141 @@
+# Traefik 3.x (YAML)
+# Updated 2024-June-04
+
+################################################################
+# Global configuration - https://doc.traefik.io/traefik/reference/static-configuration/file/
+################################################################
+global:
+  checkNewVersion: true #false
+  sendAnonymousUsage: false
+
+################################################################
+# Entrypoints - https://doc.traefik.io/traefik/routing/entrypoints/
+################################################################
+entryPoints:
+  web:
+    address: ":80"
+    # Global HTTP to HTTPS redirection
+    http:
+#      middlewares:
+#        - crowdsec-bouncer@file
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+          permanent: true
+
+  websecure:
+    address: ":443"
+    http:
+#      middlewares:
+#        - crowdsec-bouncer@file
+      tls:
+        options: tls-opts@file
+        certResolver: dns-cloudflare
+        domains:
+          - main: "{{env "DOMAINNAME0"}}"
+            sans:
+              - "*.{{env "DOMAINNAME0"}}"
+          - main: "{{env "DOMAINNAME1"}}"
+            sans:
+              - "*.{{env "DOMAINNAME1"}}"
+          - main: "{{env "DOMAINNAME2"}}"
+            sans:
+              - "*.{{env "DOMAINNAME2"}}"
+          - main: "{{env "DOMAINNAME3"}}"
+            sans:
+              - "*.{{env "DOMAINNAME3"}}"
+    forwardedHeaders:
+      trustedIPs:
+        # Cloudflare (https://www.cloudflare.com/ips-v4)
+        - "173.245.48.0/20"
+        - "103.21.244.0/22"
+        - "103.22.200.0/22"
+        - "103.31.4.0/22"
+        - "141.101.64.0/18"
+        - "108.162.192.0/18"
+        - "190.93.240.0/20"
+        - "188.114.96.0/20"
+        - "197.234.240.0/22"
+        - "198.41.128.0/17"
+        - "162.158.0.0/15"
+        - "104.16.0.0/13"
+        - "104.24.0.0/14"
+        - "172.64.0.0/13"
+        - "131.0.72.0/22"
+        - "104.16.0.0/13"
+        - "104.24.0.0/14"
+        # Local IPs
+        - "127.0.0.1/32"
+        - "10.0.0.0/8"
+        - "192.168.0.0/16"
+        - "172.16.0.0/12"
+
+################################################################
+# Logs - https://doc.traefik.io/traefik/observability/logs/
+################################################################
+log:
+  level: INFO # Options: DEBUG, PANIC, FATAL, ERROR (Default), WARN, and INFO
+  filePath: /logs/traefik-container.log # Default is to STDOUT
+  # format: json # Uses text format (common) by default
+  noColor: false # Recommended to be true when using common
+  maxSize: 100 # In megabytes
+  compress: true # gzip compression when rotating
+
+################################################################
+# Access logs - https://doc.traefik.io/traefik/observability/access-logs/
+################################################################
+accessLog:
+  addInternals: true  # things like ping@internal
+  filePath: /logs/traefik-access.log # In the Common Log Format (CLF) by default
+  bufferingSize: 100 # Number of log lines
+  fields:
+    names:
+      StartUTC: drop  # Write logs in Container Local Time instead of UTC
+  filters:
+    statusCodes:
+      - "204-299"
+      - "400-499"
+      - "500-599"
+
+################################################################
+# API and Dashboard
+################################################################
+api:
+  dashboard: true
+  # Rely on api@internal and Traefik with Middleware to control access
+  # insecure: true
+
+################################################################
+# Providers - https://doc.traefik.io/traefik/providers/docker/
+################################################################
+providers:
+  docker:
+    #endpoint: "unix:///var/run/docker.sock" # Comment if using socket-proxy
+    endpoint: "tcp://socket-proxy:2375" # Uncomment if using socket proxy
+    exposedByDefault: false
+    network: proxy  # network to use for connections to all containers
+    # defaultRule: TODO
+
+  # Enable auto loading of newly created rules by watching a directory
+  file:
+  # Apps, LoadBalancers, TLS Options, Middlewares, Middleware Chains
+    directory: /config
+    watch: true
+
+################################################################
+# Let's Encrypt (ACME)
+################################################################
+certificatesResolvers:
+  dns-cloudflare:
+    acme:
+      email: "{{env "CF_API_EMAIL"}}"
+      storage: "/acme.json"
+      #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # Comment out when going prod
+      dnsChallenge:
+        provider: cloudflare
+        #delayBeforeCheck: 30 # Default is 2m0s.  This changes the delay (in seconds)
+        # Custom DNS server resolution
+        resolvers:
+          - "1.1.1.1:53"
+          - "8.8.8.8:53"

docker/.env

@@ -29,7 +29,7 @@ DOMAINNAME3=home.gurulandia.fi
 ##### Traefik Container
 TRAEFIK_CONTAINER_NAME=traefik
 TRAEFIK_IMAGE=traefik
-TRAEFIK_VERSION=latest
+TRAEFIK_TAG=latest
 TRAEFIK_RESTART_POLICY=unless-stopped
 #TRAEFIK_IP0=192.168.91.254
 #TRAEFIK_IP1=192.168.92.252
@@ -37,7 +37,7 @@ TRAEFIK_RESTART_POLICY=unless-stopped
 ##### socket-proxy Container
 SOCKET_PROXY_CONTAINER_NAME=socket-proxy
 SOCKET_PROXY_IMAGE=ghcr.io/tecnativa/docker-socket-proxy
-SOCKET_PROXY_VERSION=latest
+SOCKET_PROXY_TAG=latest
 SOCKET_PROXY_RESTART_POLICY=always
 #SOCKET_PROXY_IP=192.168.92.254
 
@@ -61,7 +61,7 @@ RESOLVER1=1.0.0.1:53
 ##### Crowdsec Container
 CROWDSEC_CONTAINER_NAME=crowdsec
 CROWDSEC_IMAGE=crowdsecurity/crowdsec
-CROWDSEC_VERSION=latest
+CROWDSEC_TAG=latest
 CROWDSEC_RESTART_POLICY=unless-stopped
 #CROWDSEC_COLLECTIONS="crowdsecurity/linux crowdsecurity/traefik"
 CROWDSEC_COLLECTIONS="crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/iptables crowdsecurity/linux fulljackz/proxmox"
@@ -70,7 +70,7 @@ CROWDSEC_COLLECTIONS="crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity
 ##### bouncer-traefik Container
 BT_CONTAINER_NAME=bouncer-traefik
 BT_IMAGE=docker.io/fbonalair/traefik-crowdsec-bouncer
-BT_VERSION=latest
+BT_TAG=latest
 BT_RESTART_POLICY=unless-stopped
 GIN_MODE=release
 #BT_IP=192.168.92.251

docker/Lenpaste/compose.yaml

@@ -0,0 +1,25 @@
+version: "3.4"
+
+services:
+  postgres:
+    image: docker.io/library/postgres:16.1
+    environment:
+      - PGDATA=/var/lib/postgresql/data/pgdata
+      - POSTGRES_USER=lenpaste
+      - POSTGRES_PASSWORD=pass
+    volumes:
+      - "${PWD}/data/postgres:/var/lib/postgresql/data"
+
+  lenpaste:
+    image: ghcr.io/lcomrade/lenpaste:1.3.1
+    restart: on-failure:10
+    environment:
+      - LENPASTE_DB_DRIVER=postgres
+      - LENPASTE_DB_SOURCE=postgres://lenpaste:lenpaste@10.0.6.178/lenpaste?sslmode=disable
+    #postgresql://[user[:password]@][netloc][:port][/dbname][?param1=value1&...]
+    volumes:
+      - "${PWD}/data:/data"
+    ports:
+      - "58080:80"
+    depends_on:
+      - postgres

docker/Netbootxyz/compose.yaml

@@ -0,0 +1,23 @@
+services:
+  netbootxyz:
+    # image: ghcr.io/netbootxyz/netbootxyz
+    image: lscr.io/linuxserver/netbootxyz:latest
+    container_name: netbootxyz
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      #- MENU_VERSION=1.9.9 #optional
+      #- PORT_RANGE=30000:30010 #optional
+      #- SUBFOLDER=/ #optional
+      #- MENU_VERSION=2.0.47 # optional
+      - NGINX_PORT=80 # optional
+      - WEB_APP_PORT=3000 # optional
+    volumes:
+      - /gurulandia/data/netbootxyz/config:/config # optional
+      - /gurulandia/data/netbootxyz/assets:/assets # optional
+    ports:
+      - 3001:3000  # optional, destination should match ${WEB_APP_PORT} variable above.
+      - 69:69/udp
+      - 8080:80  # optional, destination should match ${NGINX_PORT} variable above.
+    restart: unless-stopped

docker/PrivateBin/behind-proxy-with-db/compose.override.yml

@@ -14,9 +14,11 @@ services:
         depends_on:
             db:
                 condition: service_healthy
+        networks:
+            - ${PRIVATEBINDB_NETWORk_ID}
     db:
         image: ${PRIVATEBINDB_IMAGE}:${PRIVATEBINDB_TAG}
         container_name: ${PRIVATEBINDB_CONTAINER_NAME}
         restart: ${PRIVATEBINDB_RESTART_POLICY}
         networks:
-            - ${PRIVATEBIN_NETWORk_ID}
+            - ${PRIVATEBINDB_NETWORk_ID}

docker/PrivateBin/behind-proxy-with-db/compose.yaml

@@ -1,8 +1,9 @@
+name: privatebin
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
-  - ../../compose/networks/proxy.yaml
+  - ../../compose/networks/${PRIVATEBIN_NETWORk_ID}.yaml
-  - ../../compose/networks/socket-proxy.yaml
+  - ../../compose/networks/${PRIVATEBINDB_NETWORk_ID}.yaml
 #################### SERVICES ####################
   - ../../compose/postgres.yaml
   - ../../compose/privatebin.yaml

docker/PrivateBin/behind-proxy-with-db/dcc.sh

@@ -1 +0,0 @@
-docker compose --env-file ../../env/.env.stack.privatebin --env-file ../../env/.env.common config

docker/PrivateBin/behind-proxy-with-db/deploy.sh

@@ -0,0 +1,5 @@
+docker compose \
+--env-file ../../env/privatebin-stack.env \
+--env-file ../../env/privatebin-db.env \
+--env-file ../../env/common.env \
+$1

docker/PrivateBin/behind-proxy/compose.yaml

@@ -1,7 +1,7 @@
+name: privatebin
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
-  - ../../compose/networks/proxy.yaml
+  - ../../compose/networks/${PRIVATEBIN_NETWORk_ID}.yaml
-  - ../../compose/networks/socket-proxy.yaml
 #################### SERVICES ####################
   - ../../compose/privatebin.yaml

docker/PrivateBin/behind-proxy/dcc.sh

@@ -1 +0,0 @@
-docker compose --env-file ../../env/.env.stack.privatebin --env-file ../../env/.env.common config

docker/PrivateBin/behind-proxy/deploy.sh

@@ -0,0 +1,4 @@
+docker compose \
+--env-file ../../env/privatebin-stack.env \
+--env-file ../../env/common.env \
+$1

docker/PrivateBin/compose.yaml

@@ -1,7 +1,7 @@
+name: privatebin
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
-  - ../../compose/networks/proxy.yaml
+  - ../../compose/networks/${PRIVATEBIN_NETWORk_ID}.yaml
-  - ../../compose/networks/socket-proxy.yaml
 #################### SERVICES ####################
   - ../../compose/privatebin.yaml

docker/PrivateBin/dcc.sh

@@ -1 +0,0 @@
-docker compose --env-file ../env/.env.stack.privatebin --env-file ../env/.env.common config

docker/PrivateBin/deploy.sh

@@ -0,0 +1,4 @@
+docker compose \
+--env-file ../env/privatebin-stack.env \
+--env-file ../env/common.env \
+$1

docker/PrivateBin/with-db/compose.yml

@@ -1,8 +1,9 @@
+name: privatebin
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
-  - ../../compose/networks/proxy.yaml
+  - ../../compose/networks/${PRIVATEBIN_NETWORk_ID}.yaml
-  - ../../compose/networks/socket-proxy.yaml
+  - ../../compose/networks/${PRIVATEBINDB_NETWORk_ID}.yaml
 #################### SERVICES ####################
   - ../../compose/postgres.yaml
   - ../../compose/privatebin.yaml

docker/PrivateBin/with-db/dcc.sh

@@ -1 +0,0 @@
-docker compose --env-file ../../env/.env.stack.privatebin --env-file ../../env/.env.common config

docker/PrivateBin/with-db/deploy.sh

@@ -0,0 +1,5 @@
+docker compose \
+--env-file ../../env/privatebin-stack.env \
+--env-file ../../env/privatebin-db.env \
+--env-file ../../env/common.env \
+$1

docker/YeetFile/behind-proxy-with-db/compose.override.yml

@@ -14,6 +14,8 @@ services:
         ## HTTP Services
         - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.service=${YEETFILE_HOSTNAME}-svc"
         - "traefik.http.services.${YEETFILE_HOSTNAME}-svc.loadbalancer.server.port=8090"
+        networks:            
+         - ${YEETFILEDB_NETWORk_ID}
         depends_on:
             db:
                 condition: service_healthy
@@ -32,4 +34,4 @@ services:
          test: [ "CMD-SHELL", "pg_isready -U postgres" ]
          interval: 3s
         networks:            
-            - ${YEETFILE_NETWORk_ID}
+            - ${YEETFILEDB_NETWORk_ID}

docker/YeetFile/behind-proxy-with-db/compose.yml

@@ -1,8 +1,9 @@
+name: yeetfile
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
-  - ../../compose/networks/proxy.yaml
+  - ../../compose/networks/${YEETFILE_NETWORk_ID}.yaml  
-  - ../../compose/networks/socket-proxy.yaml
+  - ../../compose/networks/${YEETFILEDB_NETWORk_ID}.yaml  
 #################### SERVICES ####################
   - ../../compose/postgres.yaml
   - ../../compose/yeetfile.yaml

docker/YeetFile/behind-proxy-with-db/dcc.sh

@@ -1 +0,0 @@
-docker compose --env-file ../../env/.env.stack.yeetfile --env-file ../../env/.env.yeetfile --env-file ../../env/.env.common config

docker/YeetFile/behind-proxy-with-db/deploy.sh

@@ -0,0 +1,6 @@
+#docker create network -d brigde proxy
+#docker create network -d bridge backend
+docker compose --env-file ../../env/YeetFile-stack.env \
+--env-file ../../env/YeetFile-db.env \
+--env-file ../../env/YeetFile.env \
+--env-file ../../env/common.env $1

docker/YeetFile/behind-proxy/compose.override.yml

@@ -8,7 +8,7 @@ services:
       - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.entrypoints=https"
       - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.rule=Host(`${YEETFILE_HOSTNAME}.$DOMAINNAME1`)"
       ## Middlewares
-#             - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.middlewares=chain-authelia@file"
+#             - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.middlewares=chain-authentik@file"
       - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.middlewares=chain-no-auth@file"
       ## HTTP Services
       - "traefik.http.routers.${YEETFILE_HOSTNAME}-rtr.service=${YEETFILE_HOSTNAME}-svc"

docker/YeetFile/behind-proxy/compose.yml

@@ -1,7 +1,7 @@
+name: yeetfile
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
-  - ../../compose/networks/proxy.yaml
+  - ../../compose/networks/${YEETFILE_NETWORk_ID}.yaml
-  - ../../compose/networks/socket-proxy.yaml
 #################### SERVICES ####################
   - ../../compose/yeetfile.yaml

docker/YeetFile/behind-proxy/dcc.sh

@@ -1 +0,0 @@
-docker compose --env-file ../../env/.env.stack.yeetfile --env-file ../../env/.env.common config

docker/YeetFile/behind-proxy/deploy.sh

@@ -0,0 +1,2 @@
+#docker create network -d brigde proxy
+docker compose --env-file ../../env/YeetFile-stack.env --env-file ../../env/common.env $1

docker/YeetFile/compose.yml

@@ -1,7 +1,7 @@
+name: yeetfile
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
-  - ../compose/networks/proxy.yaml
+  - ../compose/networks/${YEETFILE_NETWORk_ID}.yaml
-  - ../compose/networks/socket-proxy.yaml
 #################### SERVICES ####################
   - ../compose/yeetfile.yaml

docker/YeetFile/dcc.sh

@@ -1 +0,0 @@
-docker compose --env-file ../env/.env.stack.yeetfile --env-file ../env/.env.common config

docker/YeetFile/deploy.sh

@@ -0,0 +1,2 @@
+#docker create network -d bridge yeetfile
+docker compose --env-file ../env/YeetFile-stack.env --env-file ../env/common.env $1

docker/YeetFile/with-db/compose.yml

@@ -1,9 +1,9 @@
+name: yeetfile
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
-  - ../compose/networks/proxy.yaml
+  - ../../compose/networks/${YEETFILE_NETWORk_ID}.yaml
-  - ../compose/networks/socket-proxy.yaml
 #################### SERVICES ####################
-  - ../compose/postgres.yaml
+  - ../../compose/postgres.yaml
-  - ../compose/yeetfile.yaml
+  - ../../compose/yeetfile.yaml
   

docker/YeetFile/with-db/dcc.sh

@@ -1 +0,0 @@
-docker compose --env-file ../../env/.env.stack.yeetfile --env-file ../../env/.env.yeetfile --env-file ../../env/.env.common config

docker/YeetFile/with-db/deploy.sh

@@ -0,0 +1,6 @@
+#docker create network -d bridge yeetfile
+#docker create network -d bridge backend
+docker compose --env-file ../../env/YeetFile-stack.env \
+--env-file ../../env/YeetFile.env \
+--env-file ../../env/YeetFile-db.env \
+--env-file ../../env/common.env $1

docker/compose/ferretdb.yaml

@@ -0,0 +1,21 @@
+services:
+  ferretdb:
+    container_name: ${FERRETDB_CONTAINER_NAME}
+    image: ${FERRETDB_IMAGE}
+    restart: ${FERRETDB_RESTART_POLICY}
+    security_opt:
+      - no-new-privileges:true
+    labels:
+      - "komodo.skip=" # Prevent Komodo from stopping with StopAllContainers            
+    #depends_on:
+    #  - postgres
+    logging:
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
+    networks:
+      - komodo
+    # ports:
+    #   - 27017:27017
+    env_file: ../env/komodo.env
+    environment:
+      #- FERRETDB_POSTGRESQL_URL=postgres://komodo:komodo@10.0.6.178/komodo?sslmode=disable
+      - FERRETDB_POSTGRESQL_URL=postgres://${PSQL_HOST}:${PSQL_PORT}/${KOMODO_DATABASE_DB_NAME:-komodo}?sslmode=disable

docker/compose/flatnotes.yaml

@@ -14,7 +14,7 @@ services:
       PGID: ${GID:-1000}
       TZ: ${TZ}      
     env_file:
-      - path: ../env/.env.flatnotes
+      - path: ../env/flatnotes.env
     volumes:
       - ${DOCKERDIR}/flatnotes:/data
       # Optional. Allows you to save the search index in a different location: 

docker/compose/homepage.yaml

@@ -0,0 +1,18 @@
+services:
+  homepage:
+    image: ${HOMEPAGE_IMAGE}:${HOMEPAGE_TAG}
+    container_name: ${HOMEPAGE_CONTAINER_NAME}
+    restart: ${FLATNOTES_RESTART_POLICY}
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - ${HOMEPAGE_NETWORK_ID}    
+#    ports:
+#      - 3000:3000
+    volumes:
+      - ${DOCKERDIR}/homepage:/app/config # Make sure your local config directory exists
+#      - /var/run/docker.sock:/var/run/docker.sock:ro # (optional) For docker integrations
+    environment:
+      PUID: ${UID:-1000}
+      PGID: ${GID:-1000}
+      TZ: ${TZ}  

docker/compose/joplin-server.yaml

@@ -14,5 +14,5 @@ services:
       GID: ${GID:-1000}
       TZ: ${TZ}
     env_file:
-      - path: ../env/.env.joplin-srv     
+      - path: ../env/joplin-srv.env
-      - path: ../env/.env.joplin-srv.db-cred   
+      - path: ../env/joplin-srv-db.env

docker/compose/komodo-core.yaml

@@ -0,0 +1,59 @@
+secrets:
+  komodo_passkey:
+    file: ${SECRETSDIR}/komodo/komodo_passkey
+  komodo_webhook_secret:
+    file: ${SECRETSDIR}/komodo/komodo_webhook_secret
+  komodo_jwt_secret:
+    file: ${SECRETSDIR}/komodo/komodo_jwt_secret
+  komodo_oidc_client_id:
+    file: ${SECRETSDIR}/komodo/komodo_oidc_client_id
+  komodo_oidc_client_secret:
+    file: ${SECRETSDIR}/komodo/komodo_oidc_client_secret
+services:
+  core:
+    container_name: ${KOMODO_CORE_CONTAINER_NAME}
+    image: ${KOMODO_CORE_IMAGE}:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
+    restart: ${KOMODO_RESTART_POLICY}
+    secrets:      
+      - komodo_passkey
+      - komodo_webhook_secret
+      - komodo_jwt_secret
+      - komodo_oidc_client_id
+      - komodo_oidc_client_secret
+    labels:                
+      - "komodo.skip=" # Prevent Komodo from stopping with StopAllContainers            
+      - "traefik.enable=true"
+      ## HTTP Routers
+      - "traefik.http.routers.${KOMODO_HOSTNAME}-rtr.entrypoints=https"
+      - "traefik.http.routers.${KOMODO_HOSTNAME}-rtr.rule=Host(`${KOMODO_HOSTNAME}.${DOMAINNAME1}`)"
+      ## Middlewares
+      - "traefik.http.routers.${KOMODO_HOSTNAME}-rtr.middlewares=chain-no-auth@file"
+      ## HTTP Services
+      - "traefik.http.routers.${KOMODO_HOSTNAME}-rtr.service=${KOMODO_HOSTNAME}-svc"
+      - "traefik.http.services.${KOMODO_HOSTNAME}-svc.loadbalancer.server.port=9120"
+    depends_on:
+      - ferretdb
+    logging:
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
+    networks:
+      - ${KOMODO_NETWORk_ID}
+      - komodo      
+#    ports:
+#      - 9120:9120
+    env_file: ../env/komodo.env
+    environment:
+      KOMODO_DATABASE_URI: mongodb://${KOMODO_DB_USERNAME}:${KOMODO_DB_PASSWORD}@ferretdb:27017/${KOMODO_DATABASE_DB_NAME:-komodo}?authMechanism=PLAIN      
+    volumes:
+      ## Core cache for repos for latest commit hash / contents
+      - repo-cache:/repo-cache
+      ## Store sync files on server
+      # - /path/to/syncs:/syncs
+      ## Optionally mount a custom core.config.toml
+      # - /path/to/core.config.toml:/config/config.toml
+    ## Allows for systemd Periphery connection at 
+    ## "http://host.docker.internal:8120"
+    # extra_hosts:
+    #   - host.docker.internal:host-gateway
+volumes:
+  # Core
+  repo-cache:

docker/compose/komodo-periphery.yaml

@@ -0,0 +1,35 @@
+secrets:
+  komodo_passkey:
+    file: ${SECRETSDIR}/komodo/komodo_passkey
+services:
+  ## Deploy Periphery container using this block,
+  ## or deploy the Periphery binary with systemd using 
+  ## https://github.com/mbecker20/komodo/tree/main/scripts
+  periphery:
+    container_name: ${KOMODO_PERTIPHERY_CONTAINER_NAME}
+    image: ${KOMODO_PERTIPHERY_IMAGE}:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
+    restart: ${KOMODO_RESTART_POLICY}    
+    labels:
+      - "komodo.skip=" # Prevent Komodo from stopping with StopAllContainers                  
+    logging:
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
+    networks:
+      - komodo
+    env_file: ../env/komodo.env
+    environment:
+      PERIPHERY_REPO_DIR: ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}/repos
+      PERIPHERY_STACK_DIR: ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}/stacks
+      PERIPHERY_SSL_KEY_FILE: ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}/ssl/key.pem
+      PERIPHERY_SSL_CERT_FILE: ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}/ssl/cert.pem
+    volumes:
+      ## Mount external docker socket
+      - /var/run/docker.sock:/var/run/docker.sock
+      ## Allow Periphery to see processes outside of container
+      - /proc:/proc
+      ## Specify the Periphery agent root directory.
+      ## Must be the same inside and outside the container,
+      ## or docker will get confused. See https://github.com/mbecker20/komodo/discussions/180.
+      ## Default: /etc/komodo.
+      - ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}:${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}
+    secrets:
+      - komodo_passkey

docker/compose/netbootxyz.yaml

@@ -0,0 +1,23 @@
+services:
+  netbootxyz:
+    # image: ghcr.io/netbootxyz/netbootxyz
+    image: lscr.io/linuxserver/netbootxyz:latest
+    container_name: netbootxyz
+    environment:
+      - PUID=${UID:-1000}
+      - PGID=${GID:-1000}
+      - TZ=${TZ}
+      #- MENU_VERSION=1.9.9 #optional
+      #- PORT_RANGE=30000:30010 #optional
+      #- SUBFOLDER=/ #optional
+      #- MENU_VERSION=2.0.47 # optional
+      - NGINX_PORT=80 # optional
+      - WEB_APP_PORT=3000 # optional
+    volumes:
+      - ${DOCKERDIR}/netbootxyz/config:/config # optional
+      - ${DOCKERDIR}/netbootxyz/assets:/assets # optional
+    ports:
+      - 3001:3000  # optional, destination should match ${WEB_APP_PORT} variable above.
+      - 69:69/udp
+      - 8080:80  # optional, destination should match ${NGINX_PORT} variable above.
+    restart: unless-stopped

docker/compose/networks/backend.yaml

@@ -1,4 +1,4 @@
 networks:
   backend:
     name: backend
-    driver: bridge
+    external: true

docker/compose/networks/default.yaml

@@ -1,4 +1,4 @@
 networks:
   default:
-#    name: default
+    name: default
     driver: bridge

docker/compose/networks/komodo.yaml

@@ -0,0 +1,4 @@
+networks:
+  komodo:
+    name: komodo
+    driver: bridge

docker/compose/networks/proxy.yaml

@@ -1,4 +1,4 @@
 networks:
   proxy:
     name: proxy
-    driver: bridge
+    # external: true	

docker/compose/yeetfile.yaml

@@ -10,11 +10,10 @@ services:
     #ports:
     #  - 8090:${YEETFILE_PORT:-8090}    
     environment:
-      UID: ${UID:-1000}
+      - UID=${UID:-1000}
-      GID: ${GID:-1000}
+      - GID=${GID:-1000}
-      TZ: ${TZ}
+      - TZ=${TZ}      
-      YEETFILE_SERVER_SECRET: 2N1oTtwOHTyEbTFtz0yDLuzq3DhgjIWmSKw4gNcH8Vk=
     env_file:
-      - path: ../env/.env.yeetfile   
+      - path: ../env/YeetFile.env
     volumes:
       - ${DOCKERDIR}/yeetfile/uploads:/app/uploads

docker/docker-compose.yml

@@ -28,10 +28,10 @@ networks:
 # Docker Compose v2.20 or greater required to use "include"
 include:
 ########################### SERVICES
-  - compose/dc-traefik.yml
+  - services/dc-traefik.yml
-  - compose/dc-socket-proxy.yml
+  - services/dc-socket-proxy.yml
-  - compose/dc-crowdsec.yml
+  - services/dc-crowdsec.yml
-  - compose/dc-traefik-bouncer.yml
+  - services/dc-traefik-bouncer.yml
 
   # Portainer - WebUI for Containers
  # portainer:

docker/env/.env.proxy

@@ -1,4 +1,4 @@
-BASICAUTHUSER=gurulandia:$$apr1$$kBqxEDFb$$aOgGWvLwFUDhSymDy430m.
+# BASICAUTHUSER=gurulandia:$$apr1$$kBqxEDFb$$aOgGWvLwFUDhSymDy430m.
 # create basic auth with: echo $(htpasswd -nb "<USER>" "<PASSWORD>") | sed -e s/\\$/\\$\\$/g
 
 ##### trustedIPs

docker/env/.env.stack.proxy

@@ -7,11 +7,12 @@ PROXYNAME=proxy
 TRAEFIK_CONTAINER_NAME=traefik
 TRAEFIK_IMAGE=traefik
 TRAEFIK_TAG=latest
-TRAEFIK_RESTART_POLICY=unless-stopped
+TRAEFIK_RESTART_POLICY=always
 
 ##### socket-proxy Container
 SOCKET_PROXY_CONTAINER_NAME=socket-proxy
-SOCKET_PROXY_IMAGE=ghcr.io/tecnativa/docker-socket-proxy
+#SOCKET_PROXY_IMAGE=ghcr.io/tecnativa/docker-socket-proxy
+SOCKET_PROXY_IMAGE=lscr.io/linuxserver/socket-proxy
 SOCKET_PROXY_TAG=latest
 SOCKET_PROXY_RESTART_POLICY=always
 

docker/env/YeetFile-db.env

@@ -0,0 +1,7 @@
+YEETFILEDB_NETWORk_ID=backend
+
+##### YeetFile DB Container
+YEETFILEDB_CONTAINER_NAME=yeetfiledb
+YEETFILEDB_IMAGE=postgres
+YEETFILEDB_TAG=16-alpine
+YEETFILEDB_RESTART_POLICY=unless-stopped

docker/env/YeetFile-stack.env

@@ -1,5 +1,3 @@
-COMPOSE_PROJECT_NAME=yeetfile
-
 YEETFILE_NETWORk_ID=proxy
 YEETFILE_HOSTNAME=yeetfile
 
@@ -8,9 +6,3 @@ YEETFILE_CONTAINER_NAME=yeetfile
 YEETFILE_IMAGE=ghcr.io/benbusby/yeetfile
 YEETFILE_TAG=latest
 YEETFILE_RESTART_POLICY=unless-stopped
-
-##### YeetFile DB Container
-YEETFILEDB_CONTAINER_NAME=yeetfiledb
-YEETFILEDB_IMAGE=postgres
-YEETFILEDB_TAG=16-alpine
-YEETFILEDB_RESTART_POLICY=unless-stopped

docker/env/YeetFile.env

@@ -34,7 +34,7 @@ YEETFILE_DEFAULT_USER_SEND=-1
 
 # The secret value used for encrypting user password hints
 # 32-byte value, base64 encoded
-#YEETFILE_SERVER_SECRET=2N1oTtwOHTyEbTFtz0yDLuzq3DhgjIWmSKw4gNcH8Vk=
+YEETFILE_SERVER_SECRET=2N1oTtwOHTyEbTFtz0yDLuzq3DhgjIWmSKw4gNcH8Vk=
 
 # The domain that the YeetFile instance is hosted on
 # A valid domain string beginning with http:// or https://

docker/env/common.env

@@ -1,6 +1,8 @@
 ##### SYSTEM
 UID=1000
 GID=1000
+PUID=1000
+PGID=1000
 TZ=Europe/HelsinkI
 
 #USERDIR=/home/gurulandia

docker/env/flatnotes-stack.env

@@ -1,5 +1,3 @@
-COMPOSE_PROJECT_NAME=flatnotes
-
 FLATNOTES_NETWORk_ID=proxy
 FLATNOTES_HOSTNAME=flatnotes
 

docker/env/homepage-stack.env

@@ -0,0 +1,8 @@
+HOMEPAGE_NETWORK_ID=proxy
+HOMEPAGE_HOSTNAME=homepage
+
+##### Homepage Container
+HOMEPAGE_CONTAINER_NAME=homepage
+HOMEPAGE_IMAGE=ghcr.io/gethomepage/homepage
+HOMEPAGE_TAG=latest
+HOMEPAGE_RESTART_POLICY=unless-stopped

docker/env/joplin-srv-db.env

@@ -0,0 +1,8 @@
+JOPLINDB_NETWORk_ID=backend
+
+##### Joplin Server DB Container
+
+JOPLINDB_CONTAINER_NAME=joplindb
+JOPLINDB_IMAGE=postgres
+JOPLINDB_TAG=16-alpine
+JOPLINDB_RESTART_POLICY=unless-stopped

docker/env/joplin-srv-stack.env

@@ -1,5 +1,3 @@
-COMPOSE_PROJECT_NAME=joplinserver
-
 JOPLIN_NETWORk_ID=proxy
 JOPLIN_HOSTNAME=joplin
 

docker/env/komodo-stack.env

@@ -0,0 +1,17 @@
+KOMODO_NETWORk_ID=proxy
+KOMODO_HOSTNAME=komodo
+
+KOMODO_RESTART_POLICY=unless-stopped
+
+##### Komodo Core Container
+KOMODO_CORE_CONTAINER_NAME=komodo-core
+KOMODO_CORE_IMAGE=ghcr.io/mbecker20/komodo
+
+##### Komodo Periphery Container
+KOMODO_PERTIPHERY_CONTAINER_NAME=komodo-periphery
+KOMODO_PERTIPHERY_IMAGE=ghcr.io/mbecker20/periphery
+
+##### FerretDB Core Container
+FERRETDB_CONTAINER_NAME=komodo-ferretdb
+FERRETDB_IMAGE=ghcr.io/ferretdb/ferretdb:1
+FERRETDB_RESTART_POLICY=${KOMODO_RESTART_POLICY}

docker/env/komodo.env

@@ -0,0 +1,133 @@
+####################################
+# 🦎 KOMODO COMPOSE - VARIABLES 🦎 #
+####################################
+## These compose variables can be used with all Komodo deployment options.
+## Pass these variables to the compose up command using `--env-file komodo/compose.env`.
+## Additionally, they are passed to both Komodo Core and Komodo Periphery with `env_file: ./compose.env`,
+## so you can pass any additional environment variables to Core / Periphery directly in this file as well.
+
+PSQL_HOST=10.0.6.178
+PSQL_PORT=5432
+## Stick to a specific version, or use `latest`
+COMPOSE_KOMODO_IMAGE_TAG=latest
+
+## Note: 🚨 Podman does NOT support local logging driver 🚨. See Podman options here:
+## `https://docs.podman.io/en/v4.6.1/markdown/podman-run.1.html#log-driver-driver`
+COMPOSE_LOGGING_DRIVER=local # Enable log rotation with the local driver.
+
+## DB credentials - Ignored for Sqlite
+KOMODO_DB_USERNAME=komodo
+KOMODO_DB_PASSWORD=komodo
+
+## Configure a secure passkey to authenticate between Core / Periphery.
+KOMODO_PASSKEY_FILE=/run/secrets/komodo_passkey
+
+#=-------------------------=#
+#= Komodo Core Environment =#
+#=-------------------------=#
+
+## Full variable list + descriptions are available here:
+## 🦎 https://github.com/mbecker20/komodo/blob/main/config/core.config.toml 🦎
+
+## Note. Secret variables also support `${VARIABLE}_FILE` syntax to pass docker compose secrets.
+## Docs: https://docs.docker.com/compose/how-tos/use-secrets/#examples
+
+## Used for Oauth / Webhook url suggestion / Caddy reverse proxy.
+KOMODO_HOST=https://komodo.lab.gurulandia.eu
+
+## Displayed in the browser tab.
+KOMODO_TITLE=Komodo by Gurulandia
+#Komodo
+## Create a server matching this address as the "first server".
+## Use `https://host.docker.internal:8120` when using systemd-managed Periphery.
+KOMODO_FIRST_SERVER=https://periphery:8120
+## Make all buttons just double-click, rather than the full confirmation dialog.
+KOMODO_DISABLE_CONFIRM_DIALOG=true
+
+## Rate Komodo polls your servers for
+## status / container status / system stats / alerting.
+## Options: 1-sec, 5-sec, 15-sec, 1-min, 5-min.
+## Default: 15-sec
+KOMODO_MONITORING_INTERVAL="15-sec"
+## Rate Komodo polls Resources for updates,
+## like outdated commit hash.
+## Options: 1-min, 5-min, 15-min, 30-min, 1-hr.
+## Default: 5-min
+KOMODO_RESOURCE_POLL_INTERVAL="5-min"
+
+## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE
+KOMODO_WEBHOOK_SECRET_FILE=/run/secrets/komodo_webhook_secret
+## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE
+KOMODO_JWT_SECRET_FILE=/run/secrets/komodo_jwt_secret
+
+## Enable login with username + password.
+KOMODO_LOCAL_AUTH=true
+## Disable new user signups.
+KOMODO_DISABLE_USER_REGISTRATION=false
+## All new logins are auto enabled
+KOMODO_ENABLE_NEW_USERS=true
+## Disable non-admins from creating new resources.
+KOMODO_DISABLE_NON_ADMIN_CREATE=false
+## Allows all users to have Read level access to all resources.
+KOMODO_TRANSPARENT_MODE=false
+
+## Time to live for jwt tokens.
+## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk
+KOMODO_JWT_TTL="1-day"
+
+## OIDC Login
+KOMODO_OIDC_ENABLED=true
+## Must reachable from Komodo Core container
+KOMODO_OIDC_PROVIDER=https://authentik.lab.gurulandia.eu/application/o/komodo/
+## Change the host to one reachable be reachable by users (optional if it is the same as above).
+## DO NOT include the `path` part of the URL.
+KOMODO_OIDC_REDIRECT_HOST=https://authentik.lab.gurulandia.eu
+## Your client credentials
+KOMODO_OIDC_CLIENT_ID_FILE=/run/secrets/komodo_oidc_client_id
+KOMODO_OIDC_CLIENT_SECRET_FILE=/run/secrets/komodo_oidc_client_secret
+## Make usernames the full email.
+KOMODO_OIDC_USE_FULL_EMAIL=true
+## Add additional trusted audiences for token claims verification.
+## Supports comma separated list, and passing with _FILE (for compose secrets).
+# KOMODO_OIDC_ADDITIONAL_AUDIENCES=abc,123 # Alt: KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE
+
+## Github Oauth
+KOMODO_GITHUB_OAUTH_ENABLED=false
+# KOMODO_GITHUB_OAUTH_ID= # Alt: KOMODO_GITHUB_OAUTH_ID_FILE
+# KOMODO_GITHUB_OAUTH_SECRET= # Alt: KOMODO_GITHUB_OAUTH_SECRET_FILE
+
+## Google Oauth
+KOMODO_GOOGLE_OAUTH_ENABLED=false
+# KOMODO_GOOGLE_OAUTH_ID= # Alt: KOMODO_GOOGLE_OAUTH_ID_FILE
+# KOMODO_GOOGLE_OAUTH_SECRET= # Alt: KOMODO_GOOGLE_OAUTH_SECRET_FILE
+
+## Aws - Used to launch Builder instances and ServerTemplate instances.
+KOMODO_AWS_ACCESS_KEY_ID= # Alt: KOMODO_AWS_ACCESS_KEY_ID_FILE
+KOMODO_AWS_SECRET_ACCESS_KEY= # Alt: KOMODO_AWS_SECRET_ACCESS_KEY_FILE
+
+## Hetzner - Used to launch ServerTemplate instances
+## Hetzner Builder not supported due to Hetzner pay-by-the-hour pricing model
+KOMODO_HETZNER_TOKEN= # Alt: KOMODO_HETZNER_TOKEN_FILE
+
+#=------------------------------=#
+#= Komodo Periphery Environment =#
+#=------------------------------=#
+
+## Full variable list + descriptions are available here:
+## 🦎 https://github.com/mbecker20/komodo/blob/main/config/periphery.config.toml 🦎
+
+## Periphery passkeys must include KOMODO_PASSKEY to authenticate.
+PERIPHERY_PASSKEYS_FILE=/run/secrets/komodo_passkey
+## Specify the root directory used by Periphery agent.
+PERIPHERY_ROOT_DIRECTORY=/etc/komodo
+
+## Enable SSL using self signed certificates.
+## Connect to Periphery at https://address:8120.
+PERIPHERY_SSL_ENABLED=true
+
+## If the disk size is overreporting, can use one of these to 
+## whitelist / blacklist the disks to filter them, whichever is easier.
+## Accepts comma separated list of paths.
+## Usually whitelisting just /etc/hostname gives correct size.
+PERIPHERY_INCLUDE_DISK_MOUNTS=/etc/hostname
+# PERIPHERY_EXCLUDE_DISK_MOUNTS=/snap,/etc/repos

docker/env/privatebin-db.env

@@ -0,0 +1,7 @@
+PRIVATEBINDB_NETWORk_ID=backend
+
+##### Privatebin DB Container
+PRIVATEBINDB_CONTAINER_NAME=yeetfiledb
+PRIVATEBINDB_IMAGE=postgres
+PRIVATEBINDB_TAG=16-alpine
+PRIVATEBINDB_RESTART_POLICY=unless-stopped

docker/env/privatebin-stack.env

@@ -1,17 +1,9 @@
-COMPOSE_PROJECT_NAME=privatebin
-
 PRIVATEBIN_NETWORk_ID=proxy
 PRIVATEBIN_HOSTNAME=privatebin
 
-##### YeetFile Container
+##### Privatebin Container
 PRIVATEBIN_CONTAINER_NAME=privatebin
 PRIVATEBIN_IMAGE=privatebin/nginx-fpm-alpine
 #PRIVATEBIN_IMAGE=privatebin/pdo
 PRIVATEBIN_TAG=stable
 PRIVATEBIN_RESTART_POLICY=unless-stopped
-
-##### YeetFile DB Container
-PRIVATEBINDB_CONTAINER_NAME=yeetfiledb
-PRIVATEBINDB_IMAGE=postgres
-PRIVATEBINDB_TAG=16-alpine
-PRIVATEBINDB_RESTART_POLICY=unless-stopped

docker/env/technitum-dns-stack.env

@@ -0,0 +1,9 @@
+TECHNITUM_DNS_NETWORk_ID=proxy
+TECHNITUM_DNS_HOSTNAME=komodo
+
+TECHNITUM_DNS_RESTART_POLICY=unless-stopped
+
+##### Komodo Core Container
+TECHNITUM_DNS_CONTAINER_NAME=dns-server
+TECHNITUM_DNS_IMAGE=technitium/dns-server
+TECHNITUM_DNS_TAG=latest

docker/env/technitum-dns.env

@@ -0,0 +1,66 @@
+# The primary domain name used by this DNS Server to identify itself.
+DNS_SERVER_DOMAIN=lab.gurulandia.eu
+
+# DNS web console admin user password.
+# DNS_SERVER_ADMIN_PASSWORD=password
+
+# The path to a file that contains a plain text password for the DNS web console admin user.
+DNS_SERVER_ADMIN_PASSWORD_FILE = /run/secrets/technitium_admin_password
+
+# DNS Server will use IPv6 for querying whenever possible with this option enabled.
+# DNS_SERVER_PREFER_IPV6=false
+
+# Comma separated list of network interface IP addresses that you want the web service to listen on for requests. 
+# The "172.17.0.1" address is the built-in Docker bridge. The "[::]" is the default value if not specified. 
+# Note! This must be used only with "host" network mode.      
+# DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES=172.17.0.1,127.0.0.1
+
+# The TCP port number for the DNS web console over HTTP protocol.
+# DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380 
+
+# The TCP port number for the DNS web console over HTTPS protocol.
+# DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443 #The TCP port number for the DNS web console over HTTPS protocol.
+
+# Enables HTTPS for the DNS web console.
+# DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=false
+
+# Enables self signed TLS certificate for the DNS web console.
+# DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false 
+
+# Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
+# DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false 
+
+# Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworkACL.
+# DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks 
+
+# Comma separated list of IP addresses or network addresses to allow access.
+# Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet.
+# The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback.
+# Valid only for `UseSpecifiedNetworkACL` recursion option.
+# DNS_SERVER_RECURSION_NETWORK_ACL=192.168.10.0/24, !192.168.10.2
+
+# Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option.
+# This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
+# DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24
+
+# Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option.
+# This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
+# DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24
+
+# Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
+# DNS_SERVER_ENABLE_BLOCKING=false 
+
+# Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
+# DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false
+
+# A comma separated list of block list URLs.
+# DNS_SERVER_BLOCK_LIST_URLS= 
+
+# Comma separated list of forwarder addresses.
+# DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8
+
+# Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson.
+# DNS_SERVER_FORWARDER_PROTOCOL=Tcp
+
+# Enable this option to use local time instead of UTC for logging.
+DNS_SERVER_LOG_USING_LOCAL_TIME=true

docker/flatnotes/behind-proxy/compose.yaml

@@ -1,7 +1,7 @@
+name: flatnotes
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
-  - ../../compose/networks/proxy.yaml
+  -  ../../compose/networks/${FLATNOTES_NETWORk_ID}.yaml
-  - ../../compose/networks/socket-proxy.yaml
 #################### SERVICES ####################
   - ../../compose/flatnotes.yaml

docker/flatnotes/behind-proxy/dcc.sh

@@ -1 +0,0 @@
-docker compose --env-file ../../env/.env.stack.flatnotes --env-file ../../env/.env.common config

docker/flatnotes/behind-proxy/deploy.sh

@@ -0,0 +1,2 @@
+docker compose --env-file ../../env/flatnotes-stack.env \
+--env-file ../../env/common.env $1

docker/flatnotes/compose.yaml

@@ -1,7 +1,7 @@
+name: flatnotes
 # Docker Compose v2.20 or greater required to use "include"
 include:
 #################### NETWORKS ####################
-  - ../../compose/networks/proxy.yaml
+  - ../compose/networks/${FLATNOTES_NETWORk_ID}.yaml
-  - ../../compose/networks/socket-proxy.yaml
 #################### SERVICES ####################
-  - ../../compose/flatnotes.yaml
+  - ../compose/flatnotes.yaml

docker/flatnotes/dcc.sh

@@ -1 +0,0 @@
-docker compose --env-file ../env/.env.stack.flatnotes --env-file ../env/.env.common config

docker/flatnotes/deploy.sh

@@ -0,0 +1,2 @@
+docker compose --env-file ../env/flatnotes-stack.env \
+--env-file ../env/common.env $1

docker/homarr/compose.yaml

@@ -0,0 +1,22 @@
+#---------------------------------------------------------------------#
+#     Homarr - A simple, yet powerful dashboard for your server.      #
+#---------------------------------------------------------------------#
+services:
+  homarr:
+    container_name: homarr
+    image: ghcr.io/homarr-labs/homarr:latest
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration
+      - /gurulandia/data/homarr/appdata:/appdata
+    environment:
+      - SECRET_ENCRYPTION_KEY=9a3fb9c060d3ff37ac0e0785177979ec48620144b8fd3e5883c02e27f68b2dba  # <--- can be generated with `openssl rand -hex 32`
+      - DB_DRIVER=mysql2
+      - DB_DIALECT=mysql
+      - DB_HOST=10.0.6.180
+      - DB_PORT=3306
+      - DB_NAME=homarr
+      - DB_USER=homarr
+      - DB_PASSWORD=homarr
+    ports:
+      - 7575:7575

docker/homepage/behind-proxy/compose.override.yaml

@@ -0,0 +1,55 @@
+secrets:
+    title:
+      file: /gurulandia/data/homepage/secrets/title
+services:
+  homepage:
+    image: ghcr.io/gethomepage/homepage:latest
+    container_name: homepage
+    ports:
+      - 3000:3000
+    volumes:
+      - /gurulandia/data/homepage:/app/config # Make sure your local config directory exists
+      - /var/run/docker.sock:/var/run/docker.sock:ro # (optional) For docker integrations
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - HOMEPAGE_VAR_BASE="https://homepage.lab.gurulandia.eu/"
+      #- HOMEPAGE_VAR_TITLE="Gurulandia's Awesome Homepage"
+      - HOMEPAGE_FILE_TITLE=/run/secrets/title
+    networks:
+      - proxy
+      - socket_proxy
+    labels:
+      traefik.enable: true
+      ## HTTP Routers
+      traefik.http.routers.homepage-rtr.entrypoints: https
+      traefik.http.routers.homepage-rtr.rule: Host(`homepage.lab.gurulandia.eu`)
+      ## Middlewares
+      #- "traefik.http.routers.${GOTIFY_HOST_NAME}-rtr.middlewares=chain-authelia@file"
+      traefik.http.routers.homepage-rtr.middlewares: chain-authentik@file
+      #traefik.http.routers.homepage-rtr.middlewares: chain-no-auth@file
+      ## HTTP Services
+      traefik.http.routers.homepage-rtr.service: homepage-svc
+      traefik.http.services.homepage-svc.loadbalancer.server.port: 3000     
+    secrets:
+      - title
+networks:
+  proxy:
+    external: true
+  socket_proxy:
+    external: true
+
+
+#services:
+#  homepage:        
+#    labels:
+#      - "traefik.enable=true"
+      ## HTTP Routers
+#      - "traefik.http.routers.${HOMEPAGE_HOSTNAME}-rtr.entrypoints=https"
+#      - "traefik.http.routers.${HOMEPAGE_HOSTNAME}-rtr.rule=Host(`${HOMEPAGE_HOSTNAME}.$DOMAINNAME1`)"
+      ## Middlewares
+#      - "traefik.http.routers.${HOMEPAGE_HOSTNAME}-rtr.middlewares=chain-authelia@file"
+#      - "traefik.http.routers.${HOMEPAGE_HOSTNAME}-rtr.middlewares=chain-no-auth@file"
+      ## HTTP Services
+#      - "traefik.http.routers.${HOMEPAGE_HOSTNAME}-rtr.service=${HOMEPAGE_HOSTNAME}-svc"
+#      - "traefik.http.services.${HOMEPAGE_HOSTNAME}-svc.loadbalancer.server.port=22300"

docker/homepage/behind-proxy/compose.yaml

@@ -0,0 +1,7 @@
+name: homepagee
+# Docker Compose v2.20 or greater required to use "include"
+include:
+#################### NETWORKS ####################
+  - ../../compose/networks/${HOMEPAGR_NETWORk_ID}.yaml
+#################### SERVICES ####################
+  - ../../compose/homepage.yaml

docker/homepage/behind-proxy/deploy.sh

@@ -0,0 +1,4 @@
+docker compose \
+--env-file ../../env/homepage-stack.env \
+--env-file ../../env/common.env \
+$1