new start !

.gitignore

@@ -0,0 +1,28 @@
+# Ignore everything in the root and all subdirectories
+/*
+!/*/
+
+# Keep the Containers folder
+!/Containers/
+
+# Ignore everything inside Containers/*
+/Containers/*/*
+
+# Except compose.yml and tailscale serve 
+!/Containers/*/compose.yml
+!/Containers/*/serveconfig/
+
+# navidrome toml for auto-clean
+!/Containers/Navidrome/data/
+/Containers/Navidrome/data/*
+!/Containers/Navidrome/data/navidrome.toml
+
+# Scripts
+!/Scripts/*
+
+# VMS (not used for the moment)
+!/VMs/*
+
+# Keep utility files in root
+!.gitignore
+!README.md

Containers/Forgejo/compose.yml

@@ -0,0 +1,52 @@
+services:
+  forgejo-ts:
+    image: tailscale/tailscale
+    container_name: forgejo-ts
+    cap_add:
+      - net_admin
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    volumes:
+      - ./tailscale/state:/var/lib/tailscale
+      - ./serveconfig:/config
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_EXTRA_ARGS=--advertise-tags=tag:forgejo --reset
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_SERVE_CONFIG=/config/serve-config.json
+      - TS_USERSPACE=false
+    hostname: git
+    restart: unless-stopped
+
+  forgejo:
+    image: codeberg.org/forgejo/forgejo:11
+    container_name: forgejo
+    network_mode: service:forgejo-ts
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - FORGEJO__database__DB_TYPE=postgres
+      - FORGEJO__database__HOST=forgejo_db:5432
+      - FORGEJO__database__NAME=forgejo
+      - FORGEJO__database__USER=forgejo
+      - FORGEJO__database__PASSWD=${POSTGRES_PASSWORD}
+      - FORGEJO__database__SSL_MODE=disable
+      - FORGEJO__database__SCHEMA=public
+      - FORGEJO__database__CHARSET=utf8
+    volumes:
+      - ./forgejo:/data
+      # - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    restart: unless-stopped
+
+  forgejo_db:
+    image: postgres:16
+    container_name: forgejo-postgres
+    environment:
+      - POSTGRES_DB=forgejo
+      - POSTGRES_USER=forgejo
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_HOST_AUTH_METHOD=md5
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    restart: always

Containers/Forgejo/serveconfig/serve-config.json

@@ -0,0 +1,19 @@
+{
+  "TCP": {
+    "443": {
+      "HTTPS": true
+    }
+  },
+  "Web": {
+    "${TS_CERT_DOMAIN}:443": {
+      "Handlers": {
+        "/": {
+          "Proxy": "http://127.0.0.1:3000"
+        }
+      }
+    }
+  },
+  "AllowFunnel": {
+    "${TS_CERT_DOMAIN}:443": true
+  }
+}

Containers/Navidrome/compose.yml

@@ -0,0 +1,31 @@
+services:
+  navidrome-ts:
+    image: tailscale/tailscale
+    container_name: navidrome-ts
+    cap_add:
+      - net_admin
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    volumes:
+      - ./tailscale/state:/var/lib/tailscale
+      - ./serveconfig:/config
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_EXTRA_ARGS=--advertise-tags=tag:navidrome --reset
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_SERVE_CONFIG=/config/serve-config.json
+      - TS_USERSPACE=false
+    hostname: music
+    restart: unless-stopped
+    
+  navidrome:
+    network_mode: service:navidrome-ts
+    container_name: navidrome
+    image: deluan/navidrome:latest
+    user: 1000:1000 # should be owner of volumes
+    # ports:
+    #   - "4533:4533"
+    restart: unless-stopped
+    volumes:
+      - "./data:/data"
+      - "/mnt/usb-ssd-01/music:/music:ro"

Containers/Navidrome/data/navidrome.toml

@@ -0,0 +1,2 @@
+[scanner]
+PurgeMissing = "always"

Containers/Navidrome/serveconfig/serve-config.json

@@ -0,0 +1,19 @@
+{
+  "TCP": {
+    "443": {
+      "HTTPS": true
+    }
+  },
+  "Web": {
+    "${TS_CERT_DOMAIN}:443": {
+      "Handlers": {
+        "/": {
+          "Proxy": "http://127.0.0.1:4533"
+        }
+      }
+    }
+  },
+  "AllowFunnel": {
+    "${TS_CERT_DOMAIN}:443": true
+  }
+}

Containers/NextCloud/serveconfig/serve-config.json

@@ -0,0 +1,19 @@
+{
+    "TCP": {
+      "443": {
+        "HTTPS": true
+      }
+    },
+    "Web": {
+      "${TS_CERT_DOMAIN}:443": {
+        "Handlers": {
+          "/": {
+            "Proxy": "http://127.0.0.1:80"
+          }
+        }
+      }
+    },
+    "AllowFunnel": {
+      "${TS_CERT_DOMAIN}:443": true
+    }
+}

README.md

@@ -0,0 +1,90 @@
+# Selfhosting personnal repo 
+
+My very simple self-hosting setup.
+On my new mini-pc.
+Gettings things simpler & simpler overtime.
+Check Old_TSDPROXT for old setup.
+
+Not 100% reproductible (Maybe one day NixOs?), some light debugging & manual adjust when migrating. See random dump at the end
+
+## Hardware & OS
+
+- Origimagic C2 Neo Mini PC
+- N95 Alder Lake
+- 12gb ddr5
+- 512gb internal nvme
+- 1 To external USB SSD (For nextcloud files)
+
+## Stack
+
+- Debian13
+- Tailscale (VPN)
+- Docker (with compose)
+
+## Networking
+
+Heavy use of Tailscale sidecar (see network_mode: "service:myapp-ts") :
+- Https without much efforts
+- Easy domain name with MagicDNS (ending in rufous-trench.ts.net).
+- Both VPN access for best-perf, and funnel for public access without opening ports.
+
+Inconvenients :
+- Vendor lock-in for networking. Even if tailscale seems cooler than cloudflare, it's still a vendor lock-in
+- Not so wide adoption, need often manual thinkering
+
+## Services 
+
+- Forgejo (git repo management)
+- Nextcloud (google drive replacement)
+- Navidrome (Music streaming)
+
+## CI
+
+- Forgejo runners on my school computers for the moment lol. With podman for easy rootless containers.
+
+## Backup
+
+#TODO rsync thingy to family NAS
+
+# Random dump / doc
+
+### Nextcloud
+group & user : 33, chown nextcloud folders
+
+
+Music folder owned by 1000 (for navidrome access)
+But I want nextcloud to also be able to move those files (easy access & add)
+
+
+Solution :
+
+```bash
+sudo apt install acl
+sudo setfacl -R -m u:33:rwx /.../.../Music
+```
+
+Also Nextcloud crontab thingy 
+
+
+```bash
+sudo crontab -e
+*/5 * * * * docker exec -u www-data nextcloud php /var/www/html/cron.php
+```
+
+### Forgejo
+postgres complaining when networking change : Check pg_hba.conf, change it if needed
+
+### Navidrome
+Because external mess, Nextcloud can modify files etc...
+```toml
+[scanner]
+PurgeMissing = "always"
+```
+  
+## TODO / Random vaguely related projects
+
+- Home assistant
+- Old laptop as test server (probably on new branch)
+- Wake on Wan for computer desktop via rasberry pi
+- Old phones used for dashboard
+- Maybe graphana things one day