skrd/server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Actualizando configuracion de stacks

Browse Source
This commit is contained in:
Daniel Cortés
2026-02-16 07:51:58 -03:00
parent e425b0c137
commit daccaf3819
49 changed files with 503 additions and 430 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
stacks/.gitignore vendored
View File

@@ -1,2 +1 @@
*.env
!*.env.example
.env

1
stacks/actual/.env.example Normal file
View File

@@ -0,0 +1 @@
DATA_DIR="./data"

6
stacks/actual/actual.yml → stacks/actual/compose.traefik.yml
View File

@@ -1,9 +1,5 @@
services:
actual_server:
image: ghcr.io/actualbudget/actual:latest
restart: unless-stopped
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/actual:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.actual-web.rule=Host(`actual.skrd.fun`)"
@@ -11,9 +7,9 @@ services:
- "traefik.http.routers.actual-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.actual.rule=Host(`actual.skrd.fun`)"
- "traefik.http.routers.actual.entrypoints=websecure"
- "traefik.http.routers.actual.middlewares=crowdsec@file"
- "traefik.http.routers.actual.tls.certresolver=cf"
- "traefik.http.services.actual.loadbalancer.server.port=5006"
networks:
default:
name: traefik

6
stacks/actual/compose.yml Normal file
View File

@@ -0,0 +1,6 @@
services:
actual_server:
image: ghcr.io/actualbudget/actual:latest
restart: unless-stopped
volumes:
- ${DATA_DIR}:/data

3
stacks/crowdsec/.env.example Normal file
View File

@@ -0,0 +1,3 @@
DATA_DIR="./crowdsec"
COLLECTIONS="crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/base-http-scenarios crowdsecurity/sshd crowdsecurity/linux crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-crs"
GID=1000

24
stacks/crowdsec/compose.yml Normal file
View File

@@ -0,0 +1,24 @@
services:
crowdsec:
image: crowdsecurity/crowdsec
restart: unless-stopped
ports:
- 127.0.0.1:9876:8080
expose:
- 8080
- 6060
- 7422
environment:
COLLECTIONS: "${COLLECTIONS}"
GID: "${GID-1000}"
volumes:
- "${DATA_ROOT}/crowdsec/data:/var/lib/crowdsec/data/"
- "${DATA_ROOT}/crowdsec/config:/etc/crowdsec/"
- "${DATA_ROOT}/traefik/logs:/var/log/traefik:ro"
- /var/log/auth.log:/var/log/auth.log:ro
- /var/log/syslog:/var/log/syslog:ro
networks:
- traefik
networks:
traefik:
external: true

1
stacks/ddns/ddns.env.example → stacks/ddns/.env.example
View File

@@ -1 +1,2 @@
API_TOKEN=secret
DOMAINS=

2
stacks/ddns/ddns.yml → stacks/ddns/compose.yml
View File

@@ -8,5 +8,5 @@ services:
security_opt: [no-new-privileges:true]
environment:
CLOUDFLARE_API_TOKEN: ${API_TOKEN}
DOMAINS: direct.skrd.fun
DOMAINS: ${DOMAINS}
PROXIED: false

1
stacks/gametabs/.env.example Normal file
View File

@@ -0,0 +1 @@
DATA_DIR=./gametabs

5
stacks/gametabs/gametabs.yml → stacks/gametabs/compose.traefik.yml
View File

@@ -1,9 +1,5 @@
services:
gametabs:
image: nginx
restart: unless-stopped
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gametabs:/usr/share/nginx/html
labels:
- "traefik.enable=true"
- "traefik.http.routers.gametabs-web.rule=Host(`gametabs.skrd.fun`)"
@@ -11,6 +7,7 @@ services:
- "traefik.http.routers.gametabs-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.gametabs.rule=Host(`gametabs.skrd.fun`)"
- "traefik.http.routers.gametabs.entrypoints=websecure"
- "traefik.http.routers.gametabs.middlewares=crowdsec@file"
- "traefik.http.routers.gametabs.tls.certresolver=cf"
- "traefik.http.services.gametabs.loadbalancer.server.port=80"

6
stacks/gametabs/compose.yml Normal file
View File

@@ -0,0 +1,6 @@
services:
gametabs:
image: nginx
restart: unless-stopped
volumes:
- ${DATA_DIR}:/usr/share/nginx/html

12
stacks/gitea/.env.example Normal file
View File

@@ -0,0 +1,12 @@
DATA_ROOT="./gitea"
USER_UID=1000
USER_GID=1000
GITEA_RUNNER_REGISTRATION_TOKEN=sercret
POSTGRES_PASSWORD=secret
POSTGRES_DB=gitea
POSTGRES_USER=gitea
INSTANCE_URL="https://gitea.skrd.fun"

31
stacks/gitea/compose.traefik.yml Normal file
View File

@@ -0,0 +1,31 @@
services:
gitea:
networks:
- internal
- proxy
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.gitea-web.rule=Host(`git.skrd.fun`)"
- "traefik.http.routers.gitea-web.entrypoints=web"
- "traefik.http.routers.gitea-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.gitea.rule=Host(`git.skrd.fun`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.middlewares=crowdsec@file"
- "traefik.http.routers.gitea.tls.certresolver=cf"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
runner:
networks:
- internal
gitea-db:
networks:
- internal
networks:
internal:
name: gitea
proxy:
name: traefik
external: true

38
stacks/gitea/compose.yml Normal file
View File

@@ -0,0 +1,38 @@
services:
gitea:
image: gitea/gitea:latest
restart: unless-stopped
environment:
USER_UID: ${USER_UID}
USER_GID: ${USER_GID}
volumes:
- ${DATA_ROOT}/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- gitea-db
runner:
image: gitea/act_runner:latest
restart: unless-stopped
environment:
CONFIG_FILE: /config/config.yaml
GITEA_INSTANCE_URL: "${INSTANCE_URL}"
GITEA_RUNNER_NAME: "gitea-runner-1"
GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}"
volumes:
- ${DATA_ROOT}/runner/config:/config
- ${DATA_ROOT}/runner/data:/data
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- gitea
gitea-db:
image: postgres:16
restart: unless-stopped
volumes:
- ${DATA_ROOT}/db:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_DB: "${POSTGRES_DB}"
POSTGRES_USER: "${POSTGRES_USER}"

8
stacks/gitea/gitea.env.example
View File

@@ -1,8 +0,0 @@
USER_UID=1000
USER_GID=1000
GITEA_RUNNER_REGISTRATION_TOKEN=secret
POSTGRES_PASSWORD=secret
POSTGRES_DB=gitea
POSTGRES_USER=gitea

62
stacks/gitea/gitea.yml
View File

@@ -1,62 +0,0 @@
services:
gitea:
image: gitea/gitea:latest
restart: unless-stopped
environment:
USER_UID: ${USER_UID}
USER_GID: ${USER_GID}
networks:
- internal
- proxy
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.gitea-web.rule=Host(`git.skrd.fun`)"
- "traefik.http.routers.gitea-web.entrypoints=web"
- "traefik.http.routers.gitea-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.gitea.rule=Host(`git.skrd.fun`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls.certresolver=cf"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- gitea-db
runner:
image: gitea/act_runner:latest
restart: unless-stopped
environment:
CONFIG_FILE: /config/config.yaml
GITEA_INSTANCE_URL: "https://git.skrd.fun"
GITEA_RUNNER_NAME: "gitea-runner-1"
GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}"
networks:
- internal
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/runner/config:/config
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/runner/data:/data
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- gitea
gitea-db:
image: postgres:16
restart: unless-stopped
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/db:/var/lib/postgresql/data
networks:
- internal
environment:
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_DB: "${POSTGRES_DB}"
POSTGRES_USER: "${POSTGRES_USER}"
networks:
internal:
name: gitea
proxy:
name: traefik
external: true

9
stacks/immich/.env.example Normal file
View File

@@ -0,0 +1,9 @@
UPLOAD_LOCATION=./immich/upload
DB_DATA_LOCATION=./immich/postgres
TZ=America/Santiago
IMMICH_VERSION=v2
DB_PASSWORD=secret
DB_USERNAME=postgres
DB_DATABASE_NAME=immich

35
stacks/immich/compose.traefik.yml Normal file
View File

@@ -0,0 +1,35 @@
services:
immich-server:
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.immich-web.rule=Host(`photos.skrd.fun`)"
- "traefik.http.routers.immich-web.entrypoints=web"
- "traefik.http.routers.immich-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.immich.rule=Host(`photos.skrd.fun`)"
- "traefik.http.routers.immich.entrypoints=websecure"
- "traefik.http.routers.immich.middlewares=crowdsec@file"
- "traefik.http.routers.immich.tls.certresolver=cf"
- "traefik.http.services.immich.loadbalancer.server.port=2283"
networks:
- internal
- proxy
immich-machine-learning:
networks:
- internal
redis:
networks:
- internal
database:
networks:
- internal
networks:
internal:
name: immich
proxy:
name: traefik
external: true

49
stacks/immich/compose.yml Normal file
View File

@@ -0,0 +1,49 @@
services:
immich-server:
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
volumes:
- ${UPLOAD_LOCATION}:/data
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
depends_on:
- redis
- database
restart: unless-stopped
healthcheck:
disable: false
immich-machine-learning:
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
volumes:
- model-cache:/cache
env_file:
- .env
restart: always
healthcheck:
disable: false
redis:
image: docker.io/valkey/valkey:9@sha256:546304417feac0874c3dd576e0952c6bb8f06bb4093ea0c9ca303c73cf458f63
healthcheck:
test: redis-cli ping || exit 1
restart: always
database:
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: "--data-checksums"
DB_STORAGE_TYPE: "HDD"
volumes:
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/immich2/extra:/tmp/extra
shm_size: 128mb
restart: always
healthcheck:
disable: false
volumes:
model-cache:

3
stacks/immich/immich.env.example
View File

@@ -1,3 +0,0 @@
DB_PASSWORD=secret
DB_USERNAME=postgres
DB_DATABASE_NAME=immich

84
stacks/immich/immich.yml
View File

@@ -1,84 +0,0 @@
services:
immich-server:
image: ghcr.io/immich-app/immich-server:release
restart: unless-stopped
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/immich/upload:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
networks:
- internal
- proxy
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.immich-web.rule=Host(`photos.skrd.fun`)"
- "traefik.http.routers.immich-web.entrypoints=web"
- "traefik.http.routers.immich-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.immich.rule=Host(`photos.skrd.fun`)"
- "traefik.http.routers.immich.entrypoints=websecure"
- "traefik.http.routers.immich.tls.certresolver=cf"
- "traefik.http.services.immich.loadbalancer.server.port=2283"
environment:
DB_PASSWORD: ${DB_PASSWORD}
DB_USERNAME: ${DB_USERNAME}
DB_DATABASE_NAME: ${DB_DATABASE_NAME}
depends_on:
- redis
- database
immich-machine-learning:
image: ghcr.io/immich-app/immich-machine-learning:release
restart: unless-stopped
networks:
- internal
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/immich/model-cache:/cache
redis:
image: docker.io/redis:6.2-alpine@sha256:328fe6a5822256d065debb36617a8169dbfbd77b797c525288e465f56c1d392b
restart: unless-stopped
networks:
- internal
healthcheck:
test: redis-cli ping || exit 1
database:
image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
restart: unless-stopped
networks:
- internal
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: "--data-checksums"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/immich/postgres:/var/lib/postgresql/data
healthcheck:
test: pg_isready --dbname='immich' --username='postgres' || exit 1; Chksum="$$(psql --dbname='immich' --username='postgres' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
interval: 5m
start_interval: 30s
start_period: 5m
command:
[
"postgres",
"-c",
"shared_preload_libraries=vectors.so",
"-c",
'search_path="$$user", public, vectors',
"-c",
"logging_collector=on",
"-c",
"max_wal_size=2GB",
"-c",
"shared_buffers=512MB",
"-c",
"wal_compression=on",
]
networks:
internal:
name: immich
proxy:
name: traefik
external: true

6
stacks/jellyfin/.env.example Normal file
View File

@@ -0,0 +1,6 @@
DATA_ROOT="./data"
MEDIA_ANIME="./anime"
MEDIA_MOVIES="./movies"
MEDIA_TV="./tv"
SERVER_URL="localhost"

16
stacks/jellyfin/compose.traefik.yml Normal file
View File

@@ -0,0 +1,16 @@
services:
jellyfin:
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin-web.rule=Host(`jelly.skrd.fun`)"
- "traefik.http.routers.jellyfin-web.entrypoints=web"
- "traefik.http.routers.jellyfin-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.jellyfin.rule=Host(`jelly.skrd.fun`)"
- "traefik.http.routers.jellyfin.entrypoints=websecure"
- "traefik.http.routers.jellyfin.tls.certresolver=cf"
- "traefik.http.routers.jellyfin.middlewares=crowdsec@file"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
networks:
default:
name: traefik
external: true

13
stacks/jellyfin/compose.yml Normal file
View File

@@ -0,0 +1,13 @@
services:
jellyfin:
image: jellyfin/jellyfin
restart: "unless-stopped"
user: 1000:1000
volumes:
- ${DATA_ROOT}/config:/config
- ${DATA_ROOT}/cache:/cache
- ${MEDIA_ANIME}:/data/anime
- ${MEDIA_MOVIES}:/data/movies
- ${MEDIA_TV}:/data/tv
environment:
- JELLYFIN_PublishedServerUrl=${SERVER_URL}

26
stacks/jellyfin/jellyfin.yml
View File

@@ -1,26 +0,0 @@
services:
jellyfin:
image: jellyfin/jellyfin
restart: "unless-stopped"
user: 1000:1000
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin-web.rule=Host(`jelly.skrd.fun`)"
- "traefik.http.routers.jellyfin-web.entrypoints=web"
- "traefik.http.routers.jellyfin-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.jellyfin.rule=Host(`jelly.skrd.fun`)"
- "traefik.http.routers.jellyfin.entrypoints=websecure"
- "traefik.http.routers.jellyfin.tls.certresolver=cf"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/jellyfin/config:/config
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/jellyfin/cache:/cache
- /srv/dev-disk-by-uuid-5392509c-5ccd-4d8f-8719-60064c4404d6/anime:/data/anime
- /srv/dev-disk-by-uuid-c7a96ee1-c08e-48b1-8afa-79c75380d142/movies:/data/movies
- /srv/dev-disk-by-uuid-c7a96ee1-c08e-48b1-8afa-79c75380d142/tv:/data/tv
environment:
- JELLYFIN_PublishedServerUrl=https://jelly.skrd.fun
networks:
default:
name: traefik
external: true

2
stacks/kavita/.env.example Normal file
View File

@@ -0,0 +1,2 @@
DATA_ROOT="/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker"
MEDIA_BOOKS="/srv/dev-disk-by-uuid-5392509c-5ccd-4d8f-8719-60064c4404d6/books"

19
stacks/kavita/compose.traefik.yml Normal file
View File

@@ -0,0 +1,19 @@
services:
kavita:
labels:
- "traefik.enable=true"
- "traefik.http.routers.books-web.rule=Host(`books.skrd.fun`)"
- "traefik.http.routers.books-web.entrypoints=web"
- "traefik.http.routers.books-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.books.rule=Host(`books.skrd.fun`)"
- "traefik.http.routers.books.entrypoints=websecure"
- "traefik.http.routers.books.middlewares=crowdsec@file"
- "traefik.http.routers.books.tls.certresolver=cf"
- "traefik.http.services.books.loadbalancer.server.port=5000"
networks:
default:
name: traefik
external: true

7
stacks/kavita/compose.yml Normal file
View File

@@ -0,0 +1,7 @@
services:
kavita:
image: jvmilazz0/kavita:latest
restart: unless-stopped
volumes:
- "${MEDIA_BOOKS}:/books"
- "${DATA_ROOT}/kavita/config:/kavita/config"

10
stacks/miniflux/.env.example Normal file
View File

@@ -0,0 +1,10 @@
POSTGRES_USER="miniflux"
POSTGRES_PASSWORD="secret"
POSTGRES_DB="miniflux"
DATABASE_URL="postgres://miniflux:secret@db/miniflux?sslmode=disable"
ADMIN_USERNAME="ryuuji"
ADMIN_PASSWORD="secret"
BASE_URL="https://rss.skrd.fun"

26
stacks/miniflux/compose.traefik.yml Normal file
View File

@@ -0,0 +1,26 @@
services:
miniflux:
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.rss-web.rule=Host(`rss.skrd.fun`)"
- "traefik.http.routers.rss-web.entrypoints=web"
- "traefik.http.routers.rss-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.rss.rule=Host(`rss.skrd.fun`)"
- "traefik.http.routers.rss.entrypoints=websecure"
- "traefik.http.routers.rss.middlewares=crowdsec@file"
- "traefik.http.routers.rss.tls.certresolver=cf"
- "traefik.http.services.rss.loadbalancer.server.port=8080"
networks:
- internal
- proxy
db:
networks:
- internal
networks:
internal:
name: miniflux
proxy:
name: traefik
external: true

28
stacks/miniflux/compose.yml Normal file
View File

@@ -0,0 +1,28 @@
services:
miniflux:
image: miniflux/miniflux:latest
depends_on:
db:
condition: service_healthy
environment:
DATABASE_URL: ${DATABASE_URL}
RUN_MIGRATIONS: 1
CREATE_ADMIN: 1
ADMIN_USERNAME: ${ADMIN_USERNAME}
ADMIN_PASSWORD: ${ADMIN_PASSWORD}
BASE_URL: ${BASE_URL}
db:
image: postgres:18
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
volumes:
- miniflux-db:/var/lib/postgresql
healthcheck:
test: ["CMD", "pg_isready", "-U", "miniflux"]
interval: 10s
start_period: 30s
volumes:
miniflux-db:

63
stacks/moka/moka.env.example
View File

@@ -1,63 +0,0 @@
APP_NAME=Moka
APP_ENV=production
APP_KEY=secret
APP_DEBUG=false
APP_URL=https://moka.skrd.fun
APP_LOCALE=es
APP_FALLBACK_LOCALE=en
APP_FAKER_LOCALE=en_US
APP_MAINTENANCE_DRIVER=file
HTTPS=on
PHP_CLI_SERVER_WORKERS=4
BCRYPT_ROUNDS=12
LOG_CHANNEL=stack
LOG_STACK=single
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug
DB_CONNECTION=pgsql
DB_HOST=pgsql
DB_PORT=5432
DB_DATABASE=moka
DB_USERNAME=moka
DB_PASSWORD=secret
SESSION_DRIVER=database
SESSION_LIFETIME=120
SESSION_ENCRYPT=false
SESSION_PATH=/
SESSION_DOMAIN=null
BROADCAST_CONNECTION=log
FILESYSTEM_DISK=local
QUEUE_CONNECTION=database
CACHE_STORE=database
MEMCACHED_HOST=127.0.0.1
REDIS_CLIENT=phpredis
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_MAILER=log
MAIL_SCHEME=null
MAIL_HOST=127.0.0.1
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_FROM_ADDRESS="hello@example.com"
MAIL_FROM_NAME="${APP_NAME}"
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false
VITE_APP_NAME="${APP_NAME}"
OCTANE_SERVER=frankenphp

133
stacks/moka/moka.yml
View File

@@ -1,133 +0,0 @@
services:
moka:
image: git.skrd.fun/skrd/moka:v0.3.9.1
restart: unless-stopped
env_file:
- .env
environment:
- SERVICE=server
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.moka.rule=Host(`moka.skrd.fun`)"
- "traefik.http.routers.moka.entrypoints=websecure"
- "traefik.http.routers.moka.tls.certresolver=cf"
- "traefik.http.services.moka.loadbalancer.server.port=80"
- "traefik.http.routers.moka.middlewares=redirect-to-https@file"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/moka:/app/storage
depends_on:
redis:
condition: service_healthy
pgsql:
condition: service_healthy
networks:
- internal
- proxy
init: true
healthcheck:
test:
["CMD-SHELL", "curl -fsS http://localhost:80/up >/dev/null || exit 1"]
interval: 30s
timeout: 5s
start_period: 20s
schedule:
image: git.skrd.fun/skrd/moka:v0.3.9.1
restart: unless-stopped
env_file:
- .env
environment:
- SERVICE=schedule
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/moka:/app/storage
depends_on:
redis:
condition: service_healthy
pgsql:
condition: service_healthy
networks:
- internal
init: true
healthcheck:
test:
["CMD-SHELL", "pgrep -f 'artisan schedule:work' >/dev/null || exit 1"]
interval: 30s
timeout: 5s
retries: 3
start_period: 15s
queue:
image: git.skrd.fun/skrd/moka:v0.3.9.1
restart: unless-stopped
env_file:
- .env
environment:
- SERVICE=queue
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/moka:/app/storage
depends_on:
redis:
condition: service_healthy
pgsql:
condition: service_healthy
networks:
- internal
init: true
healthcheck:
test: ["CMD-SHELL", "pgrep -f 'artisan queue:work' >/dev/null || exit 1"]
interval: 30s
timeout: 5s
retries: 3
start_period: 15s
redis:
image: redis:alpine
restart: unless-stopped
volumes:
- redis_data:/data
networks:
- internal
healthcheck:
test: ["CMD-SHELL", "redis-cli -h 127.0.0.1 ping | grep -q PONG"]
interval: 3s
timeout: 3s
retries: 10
start_period: 5s
pgsql:
image: "postgres:18"
restart: unless-stopped
shm_size: 128mb
environment:
PGPASSWORD: "${DB_PASSWORD:-secret}"
POSTGRES_DB: "${DB_DATABASE}"
POSTGRES_USER: "${DB_USERNAME}"
POSTGRES_PASSWORD: "${DB_PASSWORD:-secret}"
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- internal
init: true
healthcheck:
test:
[
"CMD-SHELL",
"pg_isready -h 127.0.0.1 -p 5432 -U ${POSTGRES_USER:-postgres} -d ${POSTGRES_DB:-postgres}",
]
interval: 3s
timeout: 3s
retries: 10
start_period: 10s
volumes:
redis_data:
postgres_data:
networks:
internal:
name: moka
proxy:
name: traefik
external: true

4
stacks/navidrome/.env.example Normal file
View File

@@ -0,0 +1,4 @@
BASE_URL="http://localhost"
DATA_DIR="./data"
MEDIA_MUSIC="./music"

9
stacks/navidrome/navidrome.yml → stacks/navidrome/compose.traefik.yml
View File

@@ -1,10 +1,5 @@
services:
navidrome:
image: deluan/navidrome:latest
user: 1000:1000
restart: unless-stopped
environment:
ND_BASEURL: "https:://navi.skrd.fun"
labels:
- "traefik.enable=true"
- "traefik.http.routers.navidrome-web.rule=Host(`navi.skrd.fun`)"
@@ -12,11 +7,9 @@ services:
- "traefik.http.routers.navidrome-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.navidrome.rule=Host(`navi.skrd.fun`)"
- "traefik.http.routers.navidrome.entrypoints=websecure"
- "traefik.http.routers.navidrome.middlewares=crowdsec@file"
- "traefik.http.routers.navidrome.tls.certresolver=cf"
- "traefik.http.services.navidrome.loadbalancer.server.port=4533"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/navidrome:/data
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/music:/music:ro
networks:
default:

10
stacks/navidrome/compose.yml Normal file
View File

@@ -0,0 +1,10 @@
services:
navidrome:
image: deluan/navidrome:latest
user: 1000:1000
restart: unless-stopped
environment:
ND_BASEURL: ${BASE_URL}
volumes:
- ${DATA_DIR}:/data
- ${MEDIA_MUSIC}:/music:ro

8
stacks/qbittorrent/.env.example Normal file
View File

@@ -0,0 +1,8 @@
DATA_DIR=./data
DOWNLOADS_DIR=./downloads
PUID=1000
PGID=1000
TZ=America/Santiago
WEBUI_PORT=80
TORRENTING_PORT=6881

16
stacks/qbittorrent/qbittorrent.yml → stacks/qbittorrent/compose.traefik.yml
View File

@@ -1,18 +1,5 @@
services:
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
environment:
- PUID=1000
- PGID=1000
- TZ=America/Santiago
- WEBUI_PORT=80
- TORRENTING_PORT=6881
ports:
- "6881:6881"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/qbittorrent:/config:/config
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/downloads:/downloads
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.qbittorrent-web.rule=Host(`torrent.skrd.fun`)"
@@ -20,8 +7,9 @@ services:
- "traefik.http.routers.qbittorrent-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.qbittorrent.rule=Host(`torrent.skrd.fun`)"
- "traefik.http.routers.qbittorrent.entrypoints=websecure"
- "traefik.http.routers.qbittorrent.middlewares=crowdsec@file"
- "traefik.http.routers.qbittorrent.tls.certresolver=cf"
- "traefik.http.services.qbittorrent.loadbalancer.server.port=80"
- "traefik.http.services.qbittorrent.loadbalancer.server.port=${WEBUI_PORT}"
networks:
default:
name: traefik

15
stacks/qbittorrent/compose.yml Normal file
View File

@@ -0,0 +1,15 @@
services:
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- WEBUI_PORT=${WEBUI_PORT}
- TORRENTING_PORT=${TORRENTING_PORT}
ports:
- "${TORRENTING_PORT}:${TORRENTING_PORT}"
volumes:
- ${DATA_DIR}:/config
- ${DOWNLOADS_DIR}:/downloads
restart: unless-stopped

17
stacks/speedtest/compose.traefik.yml Normal file
View File

@@ -0,0 +1,17 @@
services:
speedtest:
labels:
- "traefik.enable=true"
- "traefik.http.routers.speed-web.rule=Host(`speed.skrd.fun`)"
- "traefik.http.routers.speed-web.entrypoints=web"
- "traefik.http.routers.speed-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.speed.rule=Host(`speed.skrd.fun`)"
- "traefik.http.routers.speed.entrypoints=websecure"
- "traefik.http.routers.speed.middlewares=crowdsec@file"
- "traefik.http.routers.speed.tls.certresolver=cf"
- "traefik.http.services.speed.loadbalancer.server.port=3000"
networks:
default:
name: traefik
external: true

4
stacks/speedtest/compose.yml Normal file
View File

@@ -0,0 +1,4 @@
services:
speedtest:
image: openspeedtest/latest
restart: unless-stopped

6
stacks/traefik/.env.example Normal file
View File

@@ -0,0 +1,6 @@
DATA_ROOT="./data"
DYNAMIC_DIR="./dynamic"
CF_API_EMAIL=email@example.com
CF_DNS_API_TOKEN=secret
CROWDSEC_LAPI_KEY="secret"

17
stacks/traefik/trafik.yml → stacks/traefik/compose.yml
View File

@@ -1,20 +1,30 @@
services:
traefik:
image: traefik:v3.5
restart: unless-stopped
command:
- "--log.level=DEBUG"
- "--accesslog=true"
- "--accesslog.filepath=/logs/traefik-access.log"
- "--accesslog.format=json"
- "--accesslog.filters.statusCodes=200-299, 400-599"
- "--accesslog.bufferingSize=0"
- "--accesslog.fields.headers.defaultMode=drop"
- "--accesslog.fields.headers.names.User-Agent=keep"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.file.directory=/dynamic"
- "--providers.file.watch=true"
- "--serversTransport.insecureSkipVerify=true"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.cf.acme.dnschallenge=true"
- "--certificatesresolvers.cf.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.cf.acme.email=tls@skrd.fun"
- "--certificatesresolvers.cf.acme.storage=/letsencrypt/acme.json"
- "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
- "--experimental.plugins.bouncer.version=v1.4.6"
ports:
- "80:80"
- "443:443"
@@ -28,11 +38,12 @@ services:
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=cf"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=local-only@file"
- "traefik.http.routers.dashboard.middlewares=local-only@file, crowdsec@file"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/letsencrypt:/letsencrypt"
- "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/dynamic:/dynamic"
- "${DYNAMIC_DIR}:/dynamic"
- "${DATA_ROOT}/traefik/letsencrypt:/letsencrypt"
- "${DATA_ROOT}/traefik/logs:/logs"
environment:
CF_API_EMAIL: "${CF_API_EMAIL}"
CF_DNS_API_TOKEN: "${CF_DNS_API_TOKEN}"

41
stacks/traefik/dynamic/crafty.yml Normal file
View File

@@ -0,0 +1,41 @@
http:
routers:
crafty-web:
rule: Host(`crafty.skrd.fun`)
entryPoints:
- web
middlewares:
- redirect-to-https
service: noop
crafty:
rule: Host(`crafty.skrd.fun`)
entryPoints:
- websecure
service: crafty-svc
tls:
certResolver: cf
middlewares:
- crafty-headers
services:
crafty-svc:
loadBalancer:
servers:
- url: "https://192.168.3.3:8443"
serversTransport: crafty-transport
noop:
loadBalancer:
servers:
- url: "http://0.0.0.0"
middlewares:
crafty-headers:
headers:
customRequestHeaders:
X-Forwarded-Proto: https
serversTransports:
crafty-transport:
insecureSkipVerify: true

3
stacks/traefik/dynamic/home-assistant.yml
View File

@@ -5,7 +5,6 @@ http:
entryPoints:
- web
middlewares:
- local-only
- redirect-to-https
service: noop
home-assistant:
@@ -15,8 +14,6 @@ http:
service: home-assistant-svc
tls:
certResolver: cf
middlewares:
- local-only
services:
home-assistant-svc:
loadBalancer:

22
stacks/traefik/dynamic/middlewares.yml
View File

@@ -12,3 +12,25 @@ http:
replacePathRegex:
regex: ^/$
replacement: /admin/
crowdsec:
plugin:
bouncer:
enabled: true
defaultDecisionSeconds: 60
crowdsecMode: live
crowdsecAppsecEnabled: true
crowdsecAppsecHost: crowdsec:7422
crowdsecAppsecFailureBlock: true
crowdsecAppsecUnreachableBlock: true
crowdsecLapiKey: mvBM8BzhJ1/P8Lcb72gsIn5JNgQCzwsRSKNuBJqJ/0Q
crowdsecLapiHost: crowdsec:8080
crowdsecLapiScheme: http
crowdsecLapiTLSInsecureVerify: false
forwardedHeadersTrustedIPs:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
clientTrustedIPs:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16

1
stacks/zenithar/zenithar.env.example → stacks/zenithar/.env.example
View File

@@ -1 +1,2 @@
MARIADB_ROOT_PASSWORD=secret
DATA_DIR=./data

11
stacks/zenithar/compose.yml Normal file
View File

@@ -0,0 +1,11 @@
version: "3"
services:
db:
image: mariadb
restart: unless-stopped
ports:
- "3306:3306"
environment:
MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}
volumes:
- ${DATA_DIR}:/var/lib/mysql:Z

11
stacks/zenithar/zenithar.yml
View File

@@ -1,11 +0,0 @@
version: "3"
services:
db:
image: mariadb
restart: unless-stopped
ports:
- "3306:3306"
env_file:
- zenithar.env
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/zenithar:/var/lib/mysql:Z