From a64e32ffe022dd55b7b80abd46d7a0ceb479425f Mon Sep 17 00:00:00 2001 From: criz Date: Sun, 31 Aug 2025 08:45:07 +0200 Subject: [PATCH 01/40] readme --- .gitignore | 11 ++++++ Affine/compose.yml | 80 +++++++++++++++++++++++++++++++++++++++++ Beszel/compose.yml | 28 +++++++++++++++ Gitea/compose.yml | 20 +++++++++++ Gotify/compose.yml | 15 ++++++++ Immich/compose.yml | 77 +++++++++++++++++++++++++++++++++++++++ Metube/compose.yml | 12 +++++++ N8N/compose.yml | 16 +++++++++ NextCloud/compose.yml | 32 +++++++++++++++++ OpenWebui/compose.yml | 11 ++++++ StirlingPDF/compose.yml | 11 ++++++ TSDProxy/compose.yml | 19 ++++++++++ start_all.sh | 3 ++ stop_all.sh | 4 +++ 14 files changed, 339 insertions(+) create mode 100644 .gitignore create mode 100644 Affine/compose.yml create mode 100644 Beszel/compose.yml create mode 100644 Gitea/compose.yml create mode 100644 Gotify/compose.yml create mode 100644 Immich/compose.yml create mode 100644 Metube/compose.yml create mode 100644 N8N/compose.yml create mode 100644 NextCloud/compose.yml create mode 100644 OpenWebui/compose.yml create mode 100644 StirlingPDF/compose.yml create mode 100644 TSDProxy/compose.yml create mode 100755 start_all.sh create mode 100755 stop_all.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d50ae49 --- /dev/null +++ b/.gitignore @@ -0,0 +1,11 @@ +# Ignore everything in the root and all subdirectories +/* +!/*/ + +# Ignore everything in immediate subdirectories +/*/* +!/*/compose.yml* + +!.gitignore +!start_all.sh +!stop_all.sh diff --git a/Affine/compose.yml b/Affine/compose.yml new file mode 100644 index 0000000..4a2d443 --- /dev/null +++ b/Affine/compose.yml @@ -0,0 +1,80 @@ +name: affine +services: + affine: + image: ghcr.io/toeverything/affine:${AFFINE_REVISION:-stable} + container_name: affine_server + ports: + - '${PORT:-3010}:3010' + depends_on: + redis: + condition: service_healthy + postgres: + condition: service_healthy + affine_migration: + condition: service_completed_successfully + volumes: + # custom configurations + - ${UPLOAD_LOCATION}:/root/.affine/storage + - ${CONFIG_LOCATION}:/root/.affine/config + env_file: + - .env + environment: + - REDIS_SERVER_HOST=redis + - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine} + - AFFINE_INDEXER_ENABLED=false + restart: unless-stopped + labels: + tsdproxy.enable: "true" + tsdproxy.name: "affine" + + affine_migration: + image: ghcr.io/toeverything/affine:${AFFINE_REVISION:-stable} + container_name: affine_migration_job + volumes: + # custom configurations + - ${UPLOAD_LOCATION}:/root/.affine/storage + - ${CONFIG_LOCATION}:/root/.affine/config + command: ['sh', '-c', 'node ./scripts/self-host-predeploy.js'] + env_file: + - .env + environment: + - REDIS_SERVER_HOST=redis + - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine} + - AFFINE_INDEXER_ENABLED=false + depends_on: + postgres: + condition: service_healthy + redis: + condition: service_healthy + + redis: + image: redis + container_name: affine_redis + healthcheck: + test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping'] + interval: 10s + timeout: 5s + retries: 5 + restart: unless-stopped + + postgres: + image: pgvector/pgvector:pg16 + container_name: affine_postgres + volumes: + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + environment: + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_DB: ${DB_DATABASE:-affine} + POSTGRES_INITDB_ARGS: '--data-checksums' + # you better set a password for you database + # or you may add 'POSTGRES_HOST_AUTH_METHOD=trust' to ignore postgres security policy + POSTGRES_HOST_AUTH_METHOD: trust + healthcheck: + test: + ['CMD', 'pg_isready', '-U', "${DB_USERNAME}", '-d', "${DB_DATABASE:-affine}"] + interval: 10s + timeout: 5s + retries: 5 + restart: unless-stopped + diff --git a/Beszel/compose.yml b/Beszel/compose.yml new file mode 100644 index 0000000..b21f21c --- /dev/null +++ b/Beszel/compose.yml @@ -0,0 +1,28 @@ +services: + beszel: + image: henrygd/beszel + container_name: beszel + restart: unless-stopped + ports: + - 8090:8090 + volumes: + - ./beszel_data:/beszel_data + labels: + tsdproxy.enable: "true" + tsdproxy.name: "dash" + + beszel-agent: + image: henrygd/beszel-agent + container_name: beszel-agent + restart: unless-stopped + network_mode: host + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./beszel_agent_data:/var/lib/beszel-agent + # monitor other disks / partitions by mounting a folder in /extra-filesystems + - /mnt/disk/.beszel:/extra-filesystems/nvme0n1p2:ro + environment: + LISTEN: 45876 + KEY: ${KEY} + TOKEN: ${TOKEN} + HUB_URL: ${HUB_URL} diff --git a/Gitea/compose.yml b/Gitea/compose.yml new file mode 100644 index 0000000..17ba678 --- /dev/null +++ b/Gitea/compose.yml @@ -0,0 +1,20 @@ +services: + gitea: + image: docker.gitea.com/gitea:1.24.5 + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + restart: always + volumes: + - ./gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" + - "2221:22" + labels: + tsdproxy.enable: "true" + tsdproxy.name: "git" + tsdproxy.container_port: 3000 + tsdproxy.funnel: "true" diff --git a/Gotify/compose.yml b/Gotify/compose.yml new file mode 100644 index 0000000..32a90b7 --- /dev/null +++ b/Gotify/compose.yml @@ -0,0 +1,15 @@ +services: + gotify: + image: gotify/server + ports: + - 8084:80 + environment: + GOTIFY_DEFAULTUSER_PASS: 'admin' + volumes: + - './gotify_data:/app/data' + labels: + tsdproxy.enable: "true" + tsdproxy.name: "gotify" + # to run gotify as a dedicated user: + # sudo chown -R 1234:1234 ./gotify_data + # user: "1234:1234" diff --git a/Immich/compose.yml b/Immich/compose.yml new file mode 100644 index 0000000..3b97c8d --- /dev/null +++ b/Immich/compose.yml @@ -0,0 +1,77 @@ +# +# WARNING: To install Immich, follow our guide: https://immich.app/docs/install/docker-compose +# +# Make sure to use the docker-compose.yml of the current release: +# +# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml +# +# The compose file on main may not be compatible with the latest release. + +name: immich + +services: + immich-server: + container_name: immich_server + image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} + # extends: + # file: hwaccel.transcoding.yml + # service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding + volumes: + # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file + - ${UPLOAD_LOCATION}:/data + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + ports: + - '2283:2283' + depends_on: + - redis + - database + restart: always + healthcheck: + disable: false + labels: + tsdproxy.enable: "true" + tsdproxy.name: "photos" + + immich-machine-learning: + container_name: immich_machine_learning + # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag. + # Example tag: ${IMMICH_VERSION:-release}-cuda + image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} + # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration + # file: hwaccel.ml.yml + # service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable + volumes: + - model-cache:/cache + env_file: + - .env + restart: always + healthcheck: + disable: false + + redis: + container_name: immich_redis + image: docker.io/valkey/valkey:8-bookworm@sha256:a137a2b60aca1a75130022d6bb96af423fefae4eb55faf395732db3544803280 + healthcheck: + test: redis-cli ping || exit 1 + restart: always + + database: + container_name: immich_postgres + image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: '--data-checksums' + # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs + # DB_STORAGE_TYPE: 'HDD' + volumes: + # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + shm_size: 128mb + restart: always + +volumes: + model-cache: diff --git a/Metube/compose.yml b/Metube/compose.yml new file mode 100644 index 0000000..d79d522 --- /dev/null +++ b/Metube/compose.yml @@ -0,0 +1,12 @@ +services: + metube: + image: ghcr.io/alexta69/metube + container_name: metube + restart: unless-stopped + ports: + - "8083:8081" + volumes: + - ./metube:/downloads + labels: + tsdproxy.enable: "true" + tsdproxy.name: "ytb-dl" diff --git a/N8N/compose.yml b/N8N/compose.yml new file mode 100644 index 0000000..9afbcbf --- /dev/null +++ b/N8N/compose.yml @@ -0,0 +1,16 @@ +services: + n8n: + image: docker.n8n.io/n8nio/n8n + restart: always + ports: + - 5678:5678 + environment: + # - N8N_PROTOCOL=http + - N8N_PORT=5678 + - NODE_ENV=production + volumes: + - ./n8n:/home/node/.n8n + - ./local-files:/files + labels: + tsdproxy.enable: "true" + tsdproxy.name: "n8n" diff --git a/NextCloud/compose.yml b/NextCloud/compose.yml new file mode 100644 index 0000000..de621fe --- /dev/null +++ b/NextCloud/compose.yml @@ -0,0 +1,32 @@ +services: + + # Nextcloud + nextcloud: + image: nextcloud + container_name: nextcloud + restart: always + ports: + - "8081:80" + networks: + - cloud + volumes: + - ./nextcloud_data:/var/www/html + environment: + - PUID=1000 + - PGID=1000 + - REDIS_HOST=redis + labels: + tsdproxy.enable: "true" + tsdproxy.name: "cloud" + + redis: + image: redis:alpine + container_name: redis + restart: always + volumes: + - ./redis:/data + networks: + - cloud + +networks: + cloud: diff --git a/OpenWebui/compose.yml b/OpenWebui/compose.yml new file mode 100644 index 0000000..3debc86 --- /dev/null +++ b/OpenWebui/compose.yml @@ -0,0 +1,11 @@ +services: + open-webui: + ports: + - 3001:8080 + volumes: + - ./open-webui:/app/backend/data + container_name: open-webui + image: ghcr.io/open-webui/open-webui:main + labels: + tsdproxy.enable: "true" + tsdproxy.name: "chat" diff --git a/StirlingPDF/compose.yml b/StirlingPDF/compose.yml new file mode 100644 index 0000000..6913f38 --- /dev/null +++ b/StirlingPDF/compose.yml @@ -0,0 +1,11 @@ +services: + stirling-pdf: + image: stirlingtools/stirling-pdf:latest + restart: always + environment: + - DOCKER_ENABLE_SECURITY=false + labels: + tsdproxy.enable: "true" + tsdproxy.name: "pdf" + ports: + - 8080:8080 diff --git a/TSDProxy/compose.yml b/TSDProxy/compose.yml new file mode 100644 index 0000000..a36f98a --- /dev/null +++ b/TSDProxy/compose.yml @@ -0,0 +1,19 @@ +services: + + ## tsdproxy + tsdproxy: + image: almeidapaulopt/tsdproxy:latest + container_name: tsdproxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - tsdproxydata:/data + environment: + # Get AuthKey from your Tailscale account + - TSDPROXY_AUTHKEY=${TSD_PROXY_AUTH} + # Address of docker server (access to example.com ports) + - TSDPROXY_HOSTNAME=${TSD_PROXY_HOSTNAME} + - DOCKER_HOST=unix:///var/run/docker.sock + restart: always + +volumes: + tsdproxydata: diff --git a/start_all.sh b/start_all.sh new file mode 100755 index 0000000..a00d7be --- /dev/null +++ b/start_all.sh @@ -0,0 +1,3 @@ +for d in */ ; do + docker compose -f "$d/compose.yml" up -d +done diff --git a/stop_all.sh b/stop_all.sh new file mode 100755 index 0000000..f80c04f --- /dev/null +++ b/stop_all.sh @@ -0,0 +1,4 @@ +for d in */ ; do + docker compose -f "$d/compose.yml" down +done + From 9af19f2bd8c216ba919d3c91f98b725cf680802b Mon Sep 17 00:00:00 2001 From: criz Date: Sun, 31 Aug 2025 08:46:50 +0200 Subject: [PATCH 02/40] Readme --- .gitignore | 1 + README.md | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 README.md diff --git a/.gitignore b/.gitignore index d50ae49..ca4a03b 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ !.gitignore !start_all.sh !stop_all.sh +!README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..2c10c28 --- /dev/null +++ b/README.md @@ -0,0 +1,41 @@ +# Selfhosting personnal repo + +## Hardware & OS + +ideapad 15ADA05 laptop +Ryzen 5 3500u +12gb ddr4 +512gb nvme + +## Stack + +Debian13 +Docker +Tailscale (VPN) +TSDProxy (Tailscale proxy to have easily a domain per service) + +## Services + +Gitea (git repo management) +n8n (automation with graphs, selfhosted zapier) +nextcloud (google drive replacement) +immich (google photos replacement) +affine (notes taking, obsidian replacement) +OpenWebUI (chatgpt UI replacement) +Beszel (Ressources monitoring) +StirlingPDF (ilovepdf.com replacement) +Gotify (Simple notifcation system) +Metube (Youtube downloader) + +## Todo + +- [ ] Publish this repo +- [ ] Add images to README +- [ ] Move github things +- [ ] Add Habitica +- [ ] Configure public VPN for torrents +- [ ] Add Navidrome + music download system +- [ ] Add Audiobookshelf + audiobook download system +- [ ] Add and configure backups on external disk + + From e329059e573764e5bbae5f8f6481d3bdc390e11e Mon Sep 17 00:00:00 2001 From: criz Date: Sun, 31 Aug 2025 15:38:25 +0200 Subject: [PATCH 03/40] Readme --- {Gitea => Forgejo}/compose.yml | 18 ++++++++++------ README.md | 38 +++++++++++++++++----------------- 2 files changed, 31 insertions(+), 25 deletions(-) rename {Gitea => Forgejo}/compose.yml (60%) diff --git a/Gitea/compose.yml b/Forgejo/compose.yml similarity index 60% rename from Gitea/compose.yml rename to Forgejo/compose.yml index 17ba678..5227419 100644 --- a/Gitea/compose.yml +++ b/Forgejo/compose.yml @@ -1,18 +1,24 @@ +networks: + forgejo: + external: false + services: - gitea: - image: docker.gitea.com/gitea:1.24.5 - container_name: gitea + server: + image: codeberg.org/forgejo/forgejo:11 + container_name: forgejo environment: - USER_UID=1000 - USER_GID=1000 restart: always + networks: + - forgejo volumes: - - ./gitea:/data + - ./forgejo:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - - "3000:3000" - - "2221:22" + - '3000:3000' + - '222:22' labels: tsdproxy.enable: "true" tsdproxy.name: "git" diff --git a/README.md b/README.md index 2c10c28..baa54d9 100644 --- a/README.md +++ b/README.md @@ -2,34 +2,34 @@ ## Hardware & OS -ideapad 15ADA05 laptop -Ryzen 5 3500u -12gb ddr4 -512gb nvme +- ideapad 15ADA05 laptop +- Ryzen 5 3500u +- 12gb ddr4 +- 512gb nvme ## Stack -Debian13 -Docker -Tailscale (VPN) -TSDProxy (Tailscale proxy to have easily a domain per service) +- Debian13 +- Docker +- Tailscale (VPN) +- TSDProxy (Tailscale proxy to have easily a domain per service) ## Services -Gitea (git repo management) -n8n (automation with graphs, selfhosted zapier) -nextcloud (google drive replacement) -immich (google photos replacement) -affine (notes taking, obsidian replacement) -OpenWebUI (chatgpt UI replacement) -Beszel (Ressources monitoring) -StirlingPDF (ilovepdf.com replacement) -Gotify (Simple notifcation system) -Metube (Youtube downloader) +- Forgejo (git repo management) +- n8n (automation with graphs, selfhosted zapier) +- nextcloud (google drive replacement) +- immich (google photos replacement) +- affine (notes taking, obsidian replacement) +- OpenWebUI (chatgpt UI replacement) +- Beszel (Ressources monitoring) +- StirlingPDF (ilovepdf.com replacement) +- Gotify (Simple notifcation system) +- Metube (Youtube downloader) ## Todo -- [ ] Publish this repo +- [x] Publish this repo - [ ] Add images to README - [ ] Move github things - [ ] Add Habitica From d4d97b4c28a57d479ca886b4ae1ca59dafda77cf Mon Sep 17 00:00:00 2001 From: criz Date: Tue, 2 Sep 2025 02:16:57 +0200 Subject: [PATCH 04/40] Medias folder --- Metube/compose.yml | 2 +- NextCloud/compose.yml | 1 + README.md | 9 +++++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Metube/compose.yml b/Metube/compose.yml index d79d522..d61bede 100644 --- a/Metube/compose.yml +++ b/Metube/compose.yml @@ -6,7 +6,7 @@ services: ports: - "8083:8081" volumes: - - ./metube:/downloads + - /home/criz/Medias/metube:/downloads labels: tsdproxy.enable: "true" tsdproxy.name: "ytb-dl" diff --git a/NextCloud/compose.yml b/NextCloud/compose.yml index de621fe..a2a8888 100644 --- a/NextCloud/compose.yml +++ b/NextCloud/compose.yml @@ -11,6 +11,7 @@ services: - cloud volumes: - ./nextcloud_data:/var/www/html + - /home/criz/Medias:/mnt/medias environment: - PUID=1000 - PGID=1000 diff --git a/README.md b/README.md index baa54d9..fb04b99 100644 --- a/README.md +++ b/README.md @@ -38,4 +38,13 @@ - [ ] Add Audiobookshelf + audiobook download system - [ ] Add and configure backups on external disk +## Random dump +Medias is mounted on nextcloud, and other things (just me tube for the moment) + +```bash +sudo setfacl -R -m u:33:rwx /home/yourusername/Medias +sudo setfacl -R -m d:u:33:rwx /home/yourusername/Medias +``` + +and metube doesn't like deleting videos externally From e907a77e90b1f0ed3699476986e28ca8ea64dae6 Mon Sep 17 00:00:00 2001 From: criz Date: Tue, 2 Sep 2025 21:57:12 +0200 Subject: [PATCH 05/40] Navidrome --- Navidrome/compose.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 Navidrome/compose.yml diff --git a/Navidrome/compose.yml b/Navidrome/compose.yml new file mode 100644 index 0000000..0ca5ea6 --- /dev/null +++ b/Navidrome/compose.yml @@ -0,0 +1,14 @@ +services: + navidrome: + image: deluan/navidrome:latest + user: 1000:1000 # should be owner of volumes + ports: + - "4533:4533" + restart: unless-stopped + volumes: + - "./data:/data" + - "/home/criz/Medias/Music:/music:ro" + labels: + tsdproxy.enable: "true" + tsdproxy.name: "music" + From 010ee246dd06c0fff461b014ab75a84fb3f9b072 Mon Sep 17 00:00:00 2001 From: criz Date: Wed, 3 Sep 2025 00:55:53 +0200 Subject: [PATCH 06/40] Changement Structure --- .gitignore | 10 ++++++---- {Affine => Containers/Affine}/compose.yml | 0 {Beszel => Containers/Beszel}/compose.yml | 0 {Forgejo => Containers/Forgejo}/compose.yml | 0 {Gotify => Containers/Gotify}/compose.yml | 0 {Immich => Containers/Immich}/compose.yml | 0 {Metube => Containers/Metube}/compose.yml | 0 {N8N => Containers/N8N}/compose.yml | 0 {Navidrome => Containers/Navidrome}/compose.yml | 0 {NextCloud => Containers/NextCloud}/compose.yml | 0 {OpenWebui => Containers/OpenWebui}/compose.yml | 0 {StirlingPDF => Containers/StirlingPDF}/compose.yml | 0 {TSDProxy => Containers/TSDProxy}/compose.yml | 0 Scripts/README.md | 1 + start_all.sh | 2 +- stop_all.sh | 2 +- 16 files changed, 9 insertions(+), 6 deletions(-) rename {Affine => Containers/Affine}/compose.yml (100%) rename {Beszel => Containers/Beszel}/compose.yml (100%) rename {Forgejo => Containers/Forgejo}/compose.yml (100%) rename {Gotify => Containers/Gotify}/compose.yml (100%) rename {Immich => Containers/Immich}/compose.yml (100%) rename {Metube => Containers/Metube}/compose.yml (100%) rename {N8N => Containers/N8N}/compose.yml (100%) rename {Navidrome => Containers/Navidrome}/compose.yml (100%) rename {NextCloud => Containers/NextCloud}/compose.yml (100%) rename {OpenWebui => Containers/OpenWebui}/compose.yml (100%) rename {StirlingPDF => Containers/StirlingPDF}/compose.yml (100%) rename {TSDProxy => Containers/TSDProxy}/compose.yml (100%) create mode 100644 Scripts/README.md diff --git a/.gitignore b/.gitignore index ca4a03b..697cf63 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,12 @@ -# Ignore everything in the root and all subdirectories /* !/*/ -# Ignore everything in immediate subdirectories -/*/* -!/*/compose.yml* +!/Containers/ + +/Containers/*/* +!/Containers/*/compose.yml* + +!/Scripts/* !.gitignore !start_all.sh diff --git a/Affine/compose.yml b/Containers/Affine/compose.yml similarity index 100% rename from Affine/compose.yml rename to Containers/Affine/compose.yml diff --git a/Beszel/compose.yml b/Containers/Beszel/compose.yml similarity index 100% rename from Beszel/compose.yml rename to Containers/Beszel/compose.yml diff --git a/Forgejo/compose.yml b/Containers/Forgejo/compose.yml similarity index 100% rename from Forgejo/compose.yml rename to Containers/Forgejo/compose.yml diff --git a/Gotify/compose.yml b/Containers/Gotify/compose.yml similarity index 100% rename from Gotify/compose.yml rename to Containers/Gotify/compose.yml diff --git a/Immich/compose.yml b/Containers/Immich/compose.yml similarity index 100% rename from Immich/compose.yml rename to Containers/Immich/compose.yml diff --git a/Metube/compose.yml b/Containers/Metube/compose.yml similarity index 100% rename from Metube/compose.yml rename to Containers/Metube/compose.yml diff --git a/N8N/compose.yml b/Containers/N8N/compose.yml similarity index 100% rename from N8N/compose.yml rename to Containers/N8N/compose.yml diff --git a/Navidrome/compose.yml b/Containers/Navidrome/compose.yml similarity index 100% rename from Navidrome/compose.yml rename to Containers/Navidrome/compose.yml diff --git a/NextCloud/compose.yml b/Containers/NextCloud/compose.yml similarity index 100% rename from NextCloud/compose.yml rename to Containers/NextCloud/compose.yml diff --git a/OpenWebui/compose.yml b/Containers/OpenWebui/compose.yml similarity index 100% rename from OpenWebui/compose.yml rename to Containers/OpenWebui/compose.yml diff --git a/StirlingPDF/compose.yml b/Containers/StirlingPDF/compose.yml similarity index 100% rename from StirlingPDF/compose.yml rename to Containers/StirlingPDF/compose.yml diff --git a/TSDProxy/compose.yml b/Containers/TSDProxy/compose.yml similarity index 100% rename from TSDProxy/compose.yml rename to Containers/TSDProxy/compose.yml diff --git a/Scripts/README.md b/Scripts/README.md new file mode 100644 index 0000000..bde072a --- /dev/null +++ b/Scripts/README.md @@ -0,0 +1 @@ +Pas encore utilisé diff --git a/start_all.sh b/start_all.sh index a00d7be..1c006ec 100755 --- a/start_all.sh +++ b/start_all.sh @@ -1,3 +1,3 @@ -for d in */ ; do +for d in Containers/*/ ; do docker compose -f "$d/compose.yml" up -d done diff --git a/stop_all.sh b/stop_all.sh index f80c04f..6e2507b 100755 --- a/stop_all.sh +++ b/stop_all.sh @@ -1,4 +1,4 @@ -for d in */ ; do +for d in Containers/*/ ; do docker compose -f "$d/compose.yml" down done From cdd825916a92e5eeeb7f0b8d1e89b9429f84d837 Mon Sep 17 00:00:00 2001 From: criz Date: Wed, 3 Sep 2025 01:08:54 +0200 Subject: [PATCH 07/40] navidrome.toml --- .gitignore | 11 +++++++++++ Containers/Navidrome/data/navidrome.toml | 2 ++ 2 files changed, 13 insertions(+) create mode 100644 Containers/Navidrome/data/navidrome.toml diff --git a/.gitignore b/.gitignore index 697cf63..db4d37a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,24 @@ +# Ignore everything in the root and all subdirectories /* !/*/ +# Keep the Containers folder !/Containers/ +# Ignore everything inside Containers/* /Containers/*/* !/Containers/*/compose.yml* +# Some (safe) configs files +!/Containers/Navidrome/data/ +/Containers/Navidrome/data/* +!/Containers/Navidrome/data/navidrome.toml + +# Scripts !/Scripts/* + +# Keep utility files in root !.gitignore !start_all.sh !stop_all.sh diff --git a/Containers/Navidrome/data/navidrome.toml b/Containers/Navidrome/data/navidrome.toml new file mode 100644 index 0000000..74eb198 --- /dev/null +++ b/Containers/Navidrome/data/navidrome.toml @@ -0,0 +1,2 @@ +[scanner] +PurgeMissing = "always" From 9d5400e5a9f35bdb72515b48d453adbf1718bb67 Mon Sep 17 00:00:00 2001 From: criz Date: Wed, 3 Sep 2025 01:41:20 +0200 Subject: [PATCH 08/40] Forgot restart for some -_- --- Containers/Gotify/compose.yml | 1 + Containers/OpenWebui/compose.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/Containers/Gotify/compose.yml b/Containers/Gotify/compose.yml index 32a90b7..a23635b 100644 --- a/Containers/Gotify/compose.yml +++ b/Containers/Gotify/compose.yml @@ -1,5 +1,6 @@ services: gotify: + restart: always image: gotify/server ports: - 8084:80 diff --git a/Containers/OpenWebui/compose.yml b/Containers/OpenWebui/compose.yml index 3debc86..4a2580f 100644 --- a/Containers/OpenWebui/compose.yml +++ b/Containers/OpenWebui/compose.yml @@ -1,5 +1,6 @@ services: open-webui: + restart: always ports: - 3001:8080 volumes: From d5e41f788a4bbf52f565880f459a647920ef766d Mon Sep 17 00:00:00 2001 From: criz Date: Sun, 7 Sep 2025 01:29:51 +0200 Subject: [PATCH 09/40] Backups --- Containers/Rsync/compose.yml | 52 ++++++++++++++++++++++++++++++++++++ README.md | 2 +- 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 Containers/Rsync/compose.yml diff --git a/Containers/Rsync/compose.yml b/Containers/Rsync/compose.yml new file mode 100644 index 0000000..e28e436 --- /dev/null +++ b/Containers/Rsync/compose.yml @@ -0,0 +1,52 @@ +version: "3.9" + +services: + backup-sync: + image: eeacms/rsync:latest + container_name: backup_sync + restart: unless-stopped + volumes: + # Medias folder + - type: bind + source: /home/criz/Medias + target: /source/Medias + read_only: true + - type: bind + source: /mnt/backupSD/Medias + target: /dest/Medias + # Immich folder + - type: bind + source: /home/criz/SelfHosting/Containers/Immich/library + target: /source/Immich + - type: bind + source: /mnt/backupSD/Immich + target: /dest/Immich + # Nextcloud + - type: bind + source: /home/criz/SelfHosting/Containers/NextCloud/nextcloud_data/data/Crizomb/files + target: /source/NextCloud + - type: bind + source: /mnt/backupSD/NextCloud + target: /dest/NextCloud + # Forgejo + - type: bind + source: /home/criz/SelfHosting/Containers/Forgejo/forgejo/git + target: /source/Forgejo/git + - type: bind + source: /home/criz/SelfHosting/Containers/Forgejo/forgejo/gitea + target: /source/Forgejo/gitea + + - type: bind + source: /mnt/backupSD/Forgejo/git + target: /dest/Forgejo/git + - type: bind + source: /mnt/backupSD/Forgejo/gitea + target: /dest/Forgejo/gitea + + environment: + - CRON_TASK_1=0 3 * * * rsync -a --delete /source/Medias/ /dest/Medias/ + - CRON_TASK_2=0 3 * * * rsync -a --delete /source/Immich/ /dest/Immich/ + - CRON_TASK_3=0 3 * * * rsync -a --delete /source/NextCloud/ /dest/NextCloud/ + - CRON_TASK_3=0 3 * * * rsync -a --delete /source/Forgejo/git /dest/Forgejo/git + - CRON_TASK_3=0 3 * * * rsync -a --delete /source/Forgejo/gitea /dest/Forgejo/gitea + entrypoint: crond -f -l 8 diff --git a/README.md b/README.md index fb04b99..623dcc9 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ - [ ] Configure public VPN for torrents - [ ] Add Navidrome + music download system - [ ] Add Audiobookshelf + audiobook download system -- [ ] Add and configure backups on external disk +- [x] Add and configure backups on external disk ## Random dump From 251b183c19be1fc12b5b0d5ffe5cbeaf330d4cee Mon Sep 17 00:00:00 2001 From: criz Date: Sun, 7 Sep 2025 01:36:17 +0200 Subject: [PATCH 10/40] oupss add readonly --- Containers/Rsync/compose.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Containers/Rsync/compose.yml b/Containers/Rsync/compose.yml index e28e436..cfffe5f 100644 --- a/Containers/Rsync/compose.yml +++ b/Containers/Rsync/compose.yml @@ -14,34 +14,43 @@ services: - type: bind source: /mnt/backupSD/Medias target: /dest/Medias + read_only: true # Immich folder - type: bind source: /home/criz/SelfHosting/Containers/Immich/library target: /source/Immich + read_only: true - type: bind source: /mnt/backupSD/Immich target: /dest/Immich + read_only: true # Nextcloud - type: bind source: /home/criz/SelfHosting/Containers/NextCloud/nextcloud_data/data/Crizomb/files target: /source/NextCloud + read_only: true - type: bind source: /mnt/backupSD/NextCloud target: /dest/NextCloud + read_only: true # Forgejo - type: bind source: /home/criz/SelfHosting/Containers/Forgejo/forgejo/git target: /source/Forgejo/git + read_only: true - type: bind source: /home/criz/SelfHosting/Containers/Forgejo/forgejo/gitea target: /source/Forgejo/gitea + read_only: true - type: bind source: /mnt/backupSD/Forgejo/git target: /dest/Forgejo/git + read_only: true - type: bind source: /mnt/backupSD/Forgejo/gitea target: /dest/Forgejo/gitea + read_only: true environment: - CRON_TASK_1=0 3 * * * rsync -a --delete /source/Medias/ /dest/Medias/ From 4ed6b145a5bcb86746c093dc689e384e753e71a3 Mon Sep 17 00:00:00 2001 From: criz Date: Sun, 7 Sep 2025 01:38:08 +0200 Subject: [PATCH 11/40] nah i'm stupid --- Containers/Rsync/compose.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/Containers/Rsync/compose.yml b/Containers/Rsync/compose.yml index cfffe5f..f967287 100644 --- a/Containers/Rsync/compose.yml +++ b/Containers/Rsync/compose.yml @@ -10,7 +10,6 @@ services: - type: bind source: /home/criz/Medias target: /source/Medias - read_only: true - type: bind source: /mnt/backupSD/Medias target: /dest/Medias @@ -23,7 +22,6 @@ services: - type: bind source: /mnt/backupSD/Immich target: /dest/Immich - read_only: true # Nextcloud - type: bind source: /home/criz/SelfHosting/Containers/NextCloud/nextcloud_data/data/Crizomb/files @@ -32,7 +30,6 @@ services: - type: bind source: /mnt/backupSD/NextCloud target: /dest/NextCloud - read_only: true # Forgejo - type: bind source: /home/criz/SelfHosting/Containers/Forgejo/forgejo/git @@ -46,11 +43,9 @@ services: - type: bind source: /mnt/backupSD/Forgejo/git target: /dest/Forgejo/git - read_only: true - type: bind source: /mnt/backupSD/Forgejo/gitea target: /dest/Forgejo/gitea - read_only: true environment: - CRON_TASK_1=0 3 * * * rsync -a --delete /source/Medias/ /dest/Medias/ From 46ac0bdf04d15ed06f7d44b2940771ed74ee8db8 Mon Sep 17 00:00:00 2001 From: criz Date: Sun, 7 Sep 2025 03:17:19 +0200 Subject: [PATCH 12/40] Webui search + making rsync work (I hope) --- Containers/OpenWebui/compose.yml | 2 ++ Containers/Rsync/compose.yml | 15 +++++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/Containers/OpenWebui/compose.yml b/Containers/OpenWebui/compose.yml index 4a2580f..f0514a4 100644 --- a/Containers/OpenWebui/compose.yml +++ b/Containers/OpenWebui/compose.yml @@ -10,3 +10,5 @@ services: labels: tsdproxy.enable: "true" tsdproxy.name: "chat" + environment: + - WEBUI_URL=${WEBUI_URL} diff --git a/Containers/Rsync/compose.yml b/Containers/Rsync/compose.yml index f967287..ede2878 100644 --- a/Containers/Rsync/compose.yml +++ b/Containers/Rsync/compose.yml @@ -6,14 +6,16 @@ services: container_name: backup_sync restart: unless-stopped volumes: + # Logs + - ./logs:/var/log # Medias folder - type: bind source: /home/criz/Medias target: /source/Medias + read_only: true - type: bind source: /mnt/backupSD/Medias target: /dest/Medias - read_only: true # Immich folder - type: bind source: /home/criz/SelfHosting/Containers/Immich/library @@ -48,9 +50,10 @@ services: target: /dest/Forgejo/gitea environment: - - CRON_TASK_1=0 3 * * * rsync -a --delete /source/Medias/ /dest/Medias/ - - CRON_TASK_2=0 3 * * * rsync -a --delete /source/Immich/ /dest/Immich/ - - CRON_TASK_3=0 3 * * * rsync -a --delete /source/NextCloud/ /dest/NextCloud/ - - CRON_TASK_3=0 3 * * * rsync -a --delete /source/Forgejo/git /dest/Forgejo/git - - CRON_TASK_3=0 3 * * * rsync -a --delete /source/Forgejo/gitea /dest/Forgejo/gitea + - TZ=Europe/Madrid + - CRON_TASK_1=0 4 * * * rsync -av --delete /source/Medias/ /dest/Medias/ + - CRON_TASK_2=0 4 * * * rsync -av --delete /source/Immich/ /dest/Immich/ + - CRON_TASK_3=0 4 * * * rsync -av --delete /source/NextCloud/ /dest/NextCloud/ + - CRON_TASK_4=0 4 * * * rsync -av --delete /source/Forgejo/git /dest/Forgejo/git/ + - CRON_TASK_5=0 4 * * * rsync -av --delete /source/Forgejo/gitea /dest/Forgejo/gitea/ entrypoint: crond -f -l 8 From 14d44487fa6defd4bad39e879e8b2a7d27f2fda0 Mon Sep 17 00:00:00 2001 From: criz Date: Sun, 7 Sep 2025 12:35:59 +0200 Subject: [PATCH 13/40] forgot command client for rsync --- Containers/Rsync/compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/Rsync/compose.yml b/Containers/Rsync/compose.yml index ede2878..e50d280 100644 --- a/Containers/Rsync/compose.yml +++ b/Containers/Rsync/compose.yml @@ -56,4 +56,4 @@ services: - CRON_TASK_3=0 4 * * * rsync -av --delete /source/NextCloud/ /dest/NextCloud/ - CRON_TASK_4=0 4 * * * rsync -av --delete /source/Forgejo/git /dest/Forgejo/git/ - CRON_TASK_5=0 4 * * * rsync -av --delete /source/Forgejo/gitea /dest/Forgejo/gitea/ - entrypoint: crond -f -l 8 + command: ["client"] From a314690ef2f282b0cd1610dd9beb5e86558765ae Mon Sep 17 00:00:00 2001 From: criz Date: Tue, 9 Sep 2025 02:38:47 +0200 Subject: [PATCH 14/40] container_name --- Containers/Gotify/compose.yml | 1 + Containers/N8N/compose.yml | 1 + Containers/Navidrome/compose.yml | 1 + Containers/StirlingPDF/compose.yml | 1 + 4 files changed, 4 insertions(+) diff --git a/Containers/Gotify/compose.yml b/Containers/Gotify/compose.yml index a23635b..d7a1ec1 100644 --- a/Containers/Gotify/compose.yml +++ b/Containers/Gotify/compose.yml @@ -1,5 +1,6 @@ services: gotify: + container_name: gotify restart: always image: gotify/server ports: diff --git a/Containers/N8N/compose.yml b/Containers/N8N/compose.yml index 9afbcbf..db0aa07 100644 --- a/Containers/N8N/compose.yml +++ b/Containers/N8N/compose.yml @@ -1,5 +1,6 @@ services: n8n: + container_name: n8n image: docker.n8n.io/n8nio/n8n restart: always ports: diff --git a/Containers/Navidrome/compose.yml b/Containers/Navidrome/compose.yml index 0ca5ea6..b6f0a0e 100644 --- a/Containers/Navidrome/compose.yml +++ b/Containers/Navidrome/compose.yml @@ -1,5 +1,6 @@ services: navidrome: + container_name: navidrome image: deluan/navidrome:latest user: 1000:1000 # should be owner of volumes ports: diff --git a/Containers/StirlingPDF/compose.yml b/Containers/StirlingPDF/compose.yml index 6913f38..f080e5e 100644 --- a/Containers/StirlingPDF/compose.yml +++ b/Containers/StirlingPDF/compose.yml @@ -1,5 +1,6 @@ services: stirling-pdf: + container_name: stirling_pdf image: stirlingtools/stirling-pdf:latest restart: always environment: From c663f2e6d2b6be0a07665c8c9fbbae4bb89866b3 Mon Sep 17 00:00:00 2001 From: criz Date: Sat, 13 Sep 2025 20:07:59 +0200 Subject: [PATCH 15/40] Gonic > Navidrome (I like music folders) --- Containers/Gonic/compose.yml | 21 +++++++++++++++++++++ Containers/Navidrome/compose.yml | 15 --------------- Containers/Navidrome/data/navidrome.toml | 2 -- README.md | 8 +++----- 4 files changed, 24 insertions(+), 22 deletions(-) create mode 100644 Containers/Gonic/compose.yml delete mode 100644 Containers/Navidrome/compose.yml delete mode 100644 Containers/Navidrome/data/navidrome.toml diff --git a/Containers/Gonic/compose.yml b/Containers/Gonic/compose.yml new file mode 100644 index 0000000..d0038c6 --- /dev/null +++ b/Containers/Gonic/compose.yml @@ -0,0 +1,21 @@ +# example docker-compose.yml + +version: "2.4" +services: + gonic: + restart: unless-stopped + image: sentriz/gonic:latest + environment: + - TZ + # optionally, see more available env vars in the readme + ports: + - 4747:80 + volumes: + - ./data:/data # gonic db etc + - /home/criz/Medias/Music:/music:ro # your music + - /home/criz/Medias/Podcasts:/podcasts # your podcasts + - /home/criz/Medias/Playlists:/playlists # your playlists + - ./cache:/cache # transcode / covers / etc cache dir + labels: + tsdproxy.enable: "true" + tsdproxy.name: "music" diff --git a/Containers/Navidrome/compose.yml b/Containers/Navidrome/compose.yml deleted file mode 100644 index b6f0a0e..0000000 --- a/Containers/Navidrome/compose.yml +++ /dev/null @@ -1,15 +0,0 @@ -services: - navidrome: - container_name: navidrome - image: deluan/navidrome:latest - user: 1000:1000 # should be owner of volumes - ports: - - "4533:4533" - restart: unless-stopped - volumes: - - "./data:/data" - - "/home/criz/Medias/Music:/music:ro" - labels: - tsdproxy.enable: "true" - tsdproxy.name: "music" - diff --git a/Containers/Navidrome/data/navidrome.toml b/Containers/Navidrome/data/navidrome.toml deleted file mode 100644 index 74eb198..0000000 --- a/Containers/Navidrome/data/navidrome.toml +++ /dev/null @@ -1,2 +0,0 @@ -[scanner] -PurgeMissing = "always" diff --git a/README.md b/README.md index 623dcc9..c59621c 100644 --- a/README.md +++ b/README.md @@ -26,15 +26,13 @@ - StirlingPDF (ilovepdf.com replacement) - Gotify (Simple notifcation system) - Metube (Youtube downloader) +- Gonic (Music) ## Todo - [x] Publish this repo -- [ ] Add images to README -- [ ] Move github things -- [ ] Add Habitica -- [ ] Configure public VPN for torrents -- [ ] Add Navidrome + music download system +- [x] Add images to README +- [x] Move github things - [ ] Add Audiobookshelf + audiobook download system - [x] Add and configure backups on external disk From d8af4eb50cc2ccc6fd53d74b6b9a4e7b9c1258e0 Mon Sep 17 00:00:00 2001 From: criz Date: Sat, 13 Sep 2025 20:44:52 +0200 Subject: [PATCH 16/40] Revert "Gonic > Navidrome (I like music folders)" This reverts commit c663f2e6d2b6be0a07665c8c9fbbae4bb89866b3. --- Containers/Gonic/compose.yml | 21 --------------------- Containers/Navidrome/compose.yml | 15 +++++++++++++++ Containers/Navidrome/data/navidrome.toml | 2 ++ README.md | 8 +++++--- 4 files changed, 22 insertions(+), 24 deletions(-) delete mode 100644 Containers/Gonic/compose.yml create mode 100644 Containers/Navidrome/compose.yml create mode 100644 Containers/Navidrome/data/navidrome.toml diff --git a/Containers/Gonic/compose.yml b/Containers/Gonic/compose.yml deleted file mode 100644 index d0038c6..0000000 --- a/Containers/Gonic/compose.yml +++ /dev/null @@ -1,21 +0,0 @@ -# example docker-compose.yml - -version: "2.4" -services: - gonic: - restart: unless-stopped - image: sentriz/gonic:latest - environment: - - TZ - # optionally, see more available env vars in the readme - ports: - - 4747:80 - volumes: - - ./data:/data # gonic db etc - - /home/criz/Medias/Music:/music:ro # your music - - /home/criz/Medias/Podcasts:/podcasts # your podcasts - - /home/criz/Medias/Playlists:/playlists # your playlists - - ./cache:/cache # transcode / covers / etc cache dir - labels: - tsdproxy.enable: "true" - tsdproxy.name: "music" diff --git a/Containers/Navidrome/compose.yml b/Containers/Navidrome/compose.yml new file mode 100644 index 0000000..b6f0a0e --- /dev/null +++ b/Containers/Navidrome/compose.yml @@ -0,0 +1,15 @@ +services: + navidrome: + container_name: navidrome + image: deluan/navidrome:latest + user: 1000:1000 # should be owner of volumes + ports: + - "4533:4533" + restart: unless-stopped + volumes: + - "./data:/data" + - "/home/criz/Medias/Music:/music:ro" + labels: + tsdproxy.enable: "true" + tsdproxy.name: "music" + diff --git a/Containers/Navidrome/data/navidrome.toml b/Containers/Navidrome/data/navidrome.toml new file mode 100644 index 0000000..74eb198 --- /dev/null +++ b/Containers/Navidrome/data/navidrome.toml @@ -0,0 +1,2 @@ +[scanner] +PurgeMissing = "always" diff --git a/README.md b/README.md index c59621c..623dcc9 100644 --- a/README.md +++ b/README.md @@ -26,13 +26,15 @@ - StirlingPDF (ilovepdf.com replacement) - Gotify (Simple notifcation system) - Metube (Youtube downloader) -- Gonic (Music) ## Todo - [x] Publish this repo -- [x] Add images to README -- [x] Move github things +- [ ] Add images to README +- [ ] Move github things +- [ ] Add Habitica +- [ ] Configure public VPN for torrents +- [ ] Add Navidrome + music download system - [ ] Add Audiobookshelf + audiobook download system - [x] Add and configure backups on external disk From 5b22009960e3d441f506475cdb9cb1c06cbc78bb Mon Sep 17 00:00:00 2001 From: criz Date: Sat, 13 Sep 2025 23:56:39 +0200 Subject: [PATCH 17/40] Big file nextcloud --- Containers/NextCloud/compose.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Containers/NextCloud/compose.yml b/Containers/NextCloud/compose.yml index a2a8888..cb076b0 100644 --- a/Containers/NextCloud/compose.yml +++ b/Containers/NextCloud/compose.yml @@ -16,6 +16,9 @@ services: - PUID=1000 - PGID=1000 - REDIS_HOST=redis + - PHP_MEMORY_LIMIT=4GB + - PHP_UPLOAD_LIMIT=64GB + - APACHE_BODY_LIMIT=0 labels: tsdproxy.enable: "true" tsdproxy.name: "cloud" From af3e8a810454d2016c8b5fb87d1bf13d8c023286 Mon Sep 17 00:00:00 2001 From: criz Date: Mon, 15 Sep 2025 16:20:37 +0200 Subject: [PATCH 18/40] audibookshelf --- Containers/AudiobookShelf/compose.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 Containers/AudiobookShelf/compose.yml diff --git a/Containers/AudiobookShelf/compose.yml b/Containers/AudiobookShelf/compose.yml new file mode 100644 index 0000000..8dd0cf7 --- /dev/null +++ b/Containers/AudiobookShelf/compose.yml @@ -0,0 +1,16 @@ +services: + audiobookshelf: + restart: unless-stopped + image: ghcr.io/advplyr/audiobookshelf:latest + ports: + - 13378:80 + volumes: + - /home/criz/Medias/Audiobooks:/audiobooks + - /home/criz/Medias/Podcasts:/podcasts + - ./config:/config + - ./metadata:/metadata + environment: + - TZ=Europe/Madrid + labels: + tsdproxy.enable: "true" + tsdproxy.name: "audio" From 726edf435ba3e6288039a56b44a9d12ed5a52958 Mon Sep 17 00:00:00 2001 From: criz Date: Tue, 16 Sep 2025 02:09:18 +0200 Subject: [PATCH 19/40] qbittorent + jellyfin --- Containers/Jellyfin/compose.yml | 18 ++++++++++++++++++ Containers/NextCloud/compose.yml | 5 +++-- Containers/Qbittorrent/compose.yml | 22 ++++++++++++++++++++++ 3 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 Containers/Jellyfin/compose.yml create mode 100644 Containers/Qbittorrent/compose.yml diff --git a/Containers/Jellyfin/compose.yml b/Containers/Jellyfin/compose.yml new file mode 100644 index 0000000..5ead37a --- /dev/null +++ b/Containers/Jellyfin/compose.yml @@ -0,0 +1,18 @@ +services: + jellyfin: + restart: 'unless-stopped' + image: jellyfin/jellyfin + container_name: jellyfin + # user: 1000:1000 + network_mode: 'host' + volumes: + - ./config:/config + - ./cache:/cache + - type: bind + source: /mnt/moviesHDD/JellyfinMedias + target: /media + devices: + - /dev/dri:/dev/dri + labels: + tsdproxy.enable: "true" + tsdproxy.name: "stream" diff --git a/Containers/NextCloud/compose.yml b/Containers/NextCloud/compose.yml index cb076b0..dc221e2 100644 --- a/Containers/NextCloud/compose.yml +++ b/Containers/NextCloud/compose.yml @@ -12,12 +12,13 @@ services: volumes: - ./nextcloud_data:/var/www/html - /home/criz/Medias:/mnt/medias + - /mnt/moviesHDD:/mnt/movieshdd environment: - PUID=1000 - PGID=1000 - REDIS_HOST=redis - - PHP_MEMORY_LIMIT=4GB - - PHP_UPLOAD_LIMIT=64GB + - PHP_MEMORY_LIMIT=4G + - PHP_UPLOAD_LIMIT=64G - APACHE_BODY_LIMIT=0 labels: tsdproxy.enable: "true" diff --git a/Containers/Qbittorrent/compose.yml b/Containers/Qbittorrent/compose.yml new file mode 100644 index 0000000..1c1fec3 --- /dev/null +++ b/Containers/Qbittorrent/compose.yml @@ -0,0 +1,22 @@ +--- +services: + qbittorrent: + image: lscr.io/linuxserver/qbittorrent:latest + container_name: qbittorrent + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - WEBUI_PORT=13461 + - TORRENTING_PORT=6881 + volumes: + - ./config:/config + - /home/criz/Medias/Torrents:/downloads #optional + ports: + - 13461:13461 + - 6881:6881 + - 6881:6881/udp + restart: unless-stopped + labels: + tsdproxy.enable: "true" + tsdproxy.name: "torrent" From 87e1a0d937442d0b8d730dbb11c7a7ba76e27d58 Mon Sep 17 00:00:00 2001 From: criz Date: Wed, 17 Sep 2025 01:20:36 +0200 Subject: [PATCH 20/40] TorrentHDD_vs_SSD --- Containers/Jellyfin/compose.yml | 4 +++- Containers/QbittorentHDD/compose.yml | 22 +++++++++++++++++++ .../compose.yml | 4 ++-- 3 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 Containers/QbittorentHDD/compose.yml rename Containers/{Qbittorrent => QbittorentSSD}/compose.yml (86%) diff --git a/Containers/Jellyfin/compose.yml b/Containers/Jellyfin/compose.yml index 5ead37a..c4c1ec8 100644 --- a/Containers/Jellyfin/compose.yml +++ b/Containers/Jellyfin/compose.yml @@ -3,7 +3,6 @@ services: restart: 'unless-stopped' image: jellyfin/jellyfin container_name: jellyfin - # user: 1000:1000 network_mode: 'host' volumes: - ./config:/config @@ -13,6 +12,9 @@ services: target: /media devices: - /dev/dri:/dev/dri + group_add: + - 44 + - 922 labels: tsdproxy.enable: "true" tsdproxy.name: "stream" diff --git a/Containers/QbittorentHDD/compose.yml b/Containers/QbittorentHDD/compose.yml new file mode 100644 index 0000000..84125fc --- /dev/null +++ b/Containers/QbittorentHDD/compose.yml @@ -0,0 +1,22 @@ +--- +services: + qbittorrent: + image: lscr.io/linuxserver/qbittorrent:latest + container_name: qbittorrentHDD + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - WEBUI_PORT=13462 + - TORRENTING_PORT=6882 + volumes: + - ./config:/config + - /mnt/moviesHDD/torrents:/downloads #optional + ports: + - 13462:13462 + - 6882:6882 + - 6882:6882/udp + restart: unless-stopped + labels: + tsdproxy.enable: "true" + tsdproxy.name: "torrentHDD" diff --git a/Containers/Qbittorrent/compose.yml b/Containers/QbittorentSSD/compose.yml similarity index 86% rename from Containers/Qbittorrent/compose.yml rename to Containers/QbittorentSSD/compose.yml index 1c1fec3..8c1fbd4 100644 --- a/Containers/Qbittorrent/compose.yml +++ b/Containers/QbittorentSSD/compose.yml @@ -2,7 +2,7 @@ services: qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest - container_name: qbittorrent + container_name: qbittorrentSSD environment: - PUID=1000 - PGID=1000 @@ -19,4 +19,4 @@ services: restart: unless-stopped labels: tsdproxy.enable: "true" - tsdproxy.name: "torrent" + tsdproxy.name: "torrentSSD" From 1d9d3d2af258f5c032c30fcba4e71204d6cf4be9 Mon Sep 17 00:00:00 2001 From: criz Date: Thu, 18 Sep 2025 15:59:41 +0200 Subject: [PATCH 21/40] Metube limit up --- Containers/Metube/compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Containers/Metube/compose.yml b/Containers/Metube/compose.yml index d61bede..97f9358 100644 --- a/Containers/Metube/compose.yml +++ b/Containers/Metube/compose.yml @@ -7,6 +7,8 @@ services: - "8083:8081" volumes: - /home/criz/Medias/metube:/downloads + environment: + - MAX_CONCURRENT_DOWNLOADS=6 labels: tsdproxy.enable: "true" tsdproxy.name: "ytb-dl" From a55277e7ab266630ebd96ff90c288af6cf5f91f5 Mon Sep 17 00:00:00 2001 From: criz Date: Thu, 2 Oct 2025 04:47:11 +0200 Subject: [PATCH 22/40] added PaperlessNGX --- Containers/PaperlessNGX/compose.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 Containers/PaperlessNGX/compose.yml diff --git a/Containers/PaperlessNGX/compose.yml b/Containers/PaperlessNGX/compose.yml new file mode 100644 index 0000000..0cd8578 --- /dev/null +++ b/Containers/PaperlessNGX/compose.yml @@ -0,0 +1,28 @@ +services: + broker: + image: docker.io/library/redis:8 + restart: unless-stopped + volumes: + - redisdata:/data + webserver: + image: ghcr.io/paperless-ngx/paperless-ngx:latest + restart: unless-stopped + depends_on: + - broker + ports: + - "8061:8000" + volumes: + - ./data:/usr/src/paperless/data + - /home/criz/Medias/PaperlessNGX:/usr/src/paperless/media + - ./export:/usr/src/paperless/export + - ./consume:/usr/src/paperless/consume + env_file: docker-compose.env + environment: + PAPERLESS_REDIS: redis://broker:6379 + labels: + tsdproxy.enable: "true" + tsdproxy.name: "paper" +volumes: + data: + media: + redisdata: From a751ea551377d855df221203b9c4f4cec18e8431 Mon Sep 17 00:00:00 2001 From: criz Date: Thu, 2 Oct 2025 06:08:24 +0200 Subject: [PATCH 23/40] test --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 623dcc9..556b407 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ ## Todo - [x] Publish this repo -- [ ] Add images to README +- [x] Add images to README - [ ] Move github things - [ ] Add Habitica - [ ] Configure public VPN for torrents From 15ec451d7bf02b38f23a7d7bb1dc81967f048619 Mon Sep 17 00:00:00 2001 From: criz Date: Sun, 5 Oct 2025 08:19:49 +0200 Subject: [PATCH 24/40] Solve nextcloud client not connecting on android --- Containers/NextCloud/compose.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Containers/NextCloud/compose.yml b/Containers/NextCloud/compose.yml index dc221e2..f4e03a6 100644 --- a/Containers/NextCloud/compose.yml +++ b/Containers/NextCloud/compose.yml @@ -20,9 +20,14 @@ services: - PHP_MEMORY_LIMIT=4G - PHP_UPLOAD_LIMIT=64G - APACHE_BODY_LIMIT=0 + - TRUSTED_PROXIES=100.65.19.39 + - OVERWRITEPROTOCOL=https + - OVERWRITEHOST=cloud.rufous-trench.ts.net + labels: tsdproxy.enable: "true" tsdproxy.name: "cloud" + tsdproxy.ephemeral: "false" redis: image: redis:alpine From 44e620ddae270cdc69d3b0bb1a4669b8f73ba796 Mon Sep 17 00:00:00 2001 From: criz Date: Sat, 13 Dec 2025 01:08:15 +0100 Subject: [PATCH 25/40] Make things public + 3am tailscale fix explained on readme --- Containers/Metube/compose.yml | 2 +- Containers/N8N/compose.yml | 3 +++ Containers/NextCloud/compose.yml | 3 ++- README.md | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Containers/Metube/compose.yml b/Containers/Metube/compose.yml index 97f9358..d2c87a0 100644 --- a/Containers/Metube/compose.yml +++ b/Containers/Metube/compose.yml @@ -1,6 +1,6 @@ services: metube: - image: ghcr.io/alexta69/metube + image: ghcr.io/alexta69/metube:latest container_name: metube restart: unless-stopped ports: diff --git a/Containers/N8N/compose.yml b/Containers/N8N/compose.yml index db0aa07..1698639 100644 --- a/Containers/N8N/compose.yml +++ b/Containers/N8N/compose.yml @@ -9,9 +9,12 @@ services: # - N8N_PROTOCOL=http - N8N_PORT=5678 - NODE_ENV=production + - WEBHOOK_URL=n8n.rufous-trench.ts.net volumes: - ./n8n:/home/node/.n8n - ./local-files:/files labels: tsdproxy.enable: "true" tsdproxy.name: "n8n" + tsdproxy.container_port: 3000 + tsdproxy.funnel: "true" diff --git a/Containers/NextCloud/compose.yml b/Containers/NextCloud/compose.yml index f4e03a6..c6c9888 100644 --- a/Containers/NextCloud/compose.yml +++ b/Containers/NextCloud/compose.yml @@ -27,8 +27,9 @@ services: labels: tsdproxy.enable: "true" tsdproxy.name: "cloud" + tsdproxy.funnel: "true" tsdproxy.ephemeral: "false" - + redis: image: redis:alpine container_name: redis diff --git a/README.md b/README.md index 556b407..9bdd72a 100644 --- a/README.md +++ b/README.md @@ -48,3 +48,4 @@ sudo setfacl -R -m d:u:33:rwx /home/yourusername/Medias ``` and metube doesn't like deleting videos externally +Tailscale KEY last 3 month. Do not forget to update it (inside .env of TSDProxy) From e33e131de7d974f051bee337660d9fa6c0d251cc Mon Sep 17 00:00:00 2001 From: criz Date: Thu, 25 Dec 2025 00:29:30 +0100 Subject: [PATCH 26/40] ForgejoRunner --- .gitignore | 2 + Containers/ArchiveBox/compose.yml | 35 ++++ Containers/UptimeKuma/compose.yml | 29 +++ VMs/ForgejoRunner/README.md | 7 + VMs/ForgejoRunner/compose.yml | 22 ++ VMs/ForgejoRunner/config.yml | 194 ++++++++++++++++++ VMs/ForgejoRunner/create_data.sh | 9 + VMs/ForgejoRunner/launch_forgejo_runner_vm.sh | 104 ++++++++++ 8 files changed, 402 insertions(+) create mode 100644 Containers/ArchiveBox/compose.yml create mode 100644 Containers/UptimeKuma/compose.yml create mode 100644 VMs/ForgejoRunner/README.md create mode 100644 VMs/ForgejoRunner/compose.yml create mode 100644 VMs/ForgejoRunner/config.yml create mode 100644 VMs/ForgejoRunner/create_data.sh create mode 100755 VMs/ForgejoRunner/launch_forgejo_runner_vm.sh diff --git a/.gitignore b/.gitignore index db4d37a..f7d0ad5 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,8 @@ # Scripts !/Scripts/* +# VMS +!/VMs/* # Keep utility files in root !.gitignore diff --git a/Containers/ArchiveBox/compose.yml b/Containers/ArchiveBox/compose.yml new file mode 100644 index 0000000..115fc79 --- /dev/null +++ b/Containers/ArchiveBox/compose.yml @@ -0,0 +1,35 @@ +# Usage: +# mkdir -p ~/archivebox/data && cd ~/archivebox +# curl -fsSL 'https://docker-compose.archivebox.io' > docker-compose.yml +# docker compose run archivebox version +# docker compose run archivebox config --set SAVE_ARCHIVE_DOT_ORG=False +# docker compose run archivebox add --depth=1 'https://news.ycombinator.com' +# docker compose run -T archivebox add < bookmarks.txt +# docker compose up -d && open 'https://localhost:8000' +# docker compose run archivebox help +# Documentation: +# https://github.com/ArchiveBox/ArchiveBox/wiki/Docker#docker-compose + +services: + archivebox: + image: archivebox/archivebox:latest + ports: + - 8647:8000 + volumes: + - ./data:/data + # ./data/personas/Default/chrome_profile/Default:/data/personas/Default/chrome_profile/Default + environment: + - ALLOWED_HOSTS=* # set this to the hostname(s) you're going to serve the site from! + - CSRF_TRUSTED_ORIGINS=https://archive.rufous-trench.ts.net # you MUST set this to the server's URL for admin login and the REST API to work + - PUBLIC_INDEX=True # set to False to prevent anonymous users from viewing snapshot list + - PUBLIC_SNAPSHOTS=True # set to False to prevent anonymous users from viewing snapshot content + - PUBLIC_ADD_VIEW=False # set to True to allow anonymous users to submit new URLs to archive + # ... + # For more info, see: https://github.com/ArchiveBox/ArchiveBox/wiki/Docker#configuration + labels: + tsdproxy.enable: "true" + tsdproxy.name: "archive" + + + + diff --git a/Containers/UptimeKuma/compose.yml b/Containers/UptimeKuma/compose.yml new file mode 100644 index 0000000..9cf87fe --- /dev/null +++ b/Containers/UptimeKuma/compose.yml @@ -0,0 +1,29 @@ +version: "3.8" + +services: + uptime-kuma: + image: louislam/uptime-kuma:latest + container_name: uptime-kuma + restart: always + ports: + - "2301:3001" # This maps the container port "3001" to the host port "3001" + volumes: + - /path/to/data:/app/data # Configuring persistent storage + environment: + - TZ=UTC+1 # Set the timezone (change to your preferred local timezone so monitoring times are the same) + - UMASK=0022 # Set your file permissions manually + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3001"] + interval: 30s + retries: 3 + start_period: 10s + timeout: 5s + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" + labels: + tsdproxy.enable: "true" + tsdproxy.name: "uptime" + diff --git a/VMs/ForgejoRunner/README.md b/VMs/ForgejoRunner/README.md new file mode 100644 index 0000000..bf451cb --- /dev/null +++ b/VMs/ForgejoRunner/README.md @@ -0,0 +1,7 @@ +# Forgejo runner setup +Run forgejo runners instance inside a VM to do very dirty things but securely +forgejo runner run as a docker container inside the VM, and have access to docker socket to create +docker containers for CI/CD things + +To setup, you still need to enter VM, and follow forgejo [runner instalation guide] (https://forgejo.org/docs/next/admin/actions/runner-installation/) +And copy paste lof of things diff --git a/VMs/ForgejoRunner/compose.yml b/VMs/ForgejoRunner/compose.yml new file mode 100644 index 0000000..fb55e78 --- /dev/null +++ b/VMs/ForgejoRunner/compose.yml @@ -0,0 +1,22 @@ +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# VERY INSECURE RUN THIS IN THE INCUS VM SEE LAUNCH SH FILE +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +services: + forgejo-runner: + image: data.forgejo.org/forgejo/runner:11 + container_name: forgejo-runner + environment: + # Let the runner use the host Docker daemon via socket + DOCKER_HOST: unix:///var/run/docker.sock + # Run as root so the socket permissions don’t block access + user: 0:0 + # Mount host docker.sock for sibling container access + volumes: + - ./data:/data + - /var/run/docker.sock:/var/run/docker.sock + - ./volume/config.yml:/config.yml + restart: unless-stopped + privileged: true + #command: /bin/sh -c "sleep 5; forgejo-runner daemon" + command: '/bin/sh -c "while : ; do sleep 1 ; done ;"' diff --git a/VMs/ForgejoRunner/config.yml b/VMs/ForgejoRunner/config.yml new file mode 100644 index 0000000..bc3ca30 --- /dev/null +++ b/VMs/ForgejoRunner/config.yml @@ -0,0 +1,194 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `forgejo-runner generate-config > config.yaml` to generate a config file. + +# +# The value of level or job_level can be trace, debug, info, warn, error or fatal +# +log: + # + # What is displayed in the output of the runner process but not sent + # to the Forgejo instance. + # + level: info + # + # What is sent to the Forgejo instance and therefore + # visible in the web UI for a given job. + # + job_level: info + +runner: + # Where to store the registration result. + file: .runner + # Execute how many tasks concurrently at the same time. + capacity: 1 + # Extra environment variables to run jobs. + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + env_file: .env + # The timeout for a job to be finished. + # Please note that the Forgejo instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Forgejo instance if it's timeout is shorter than this. + timeout: 3h + # The timeout for the runner to wait for running jobs to finish when + # shutting down because a TERM or INT signal has been received. Any + # running jobs that haven't finished after this timeout will be + # cancelled. + # If unset or zero the jobs will be cancelled immediately. + shutdown_timeout: 3h + # Whether skip verifying the TLS certificate of the instance. + insecure: false + # The timeout for fetching the job from the Forgejo instance. + fetch_timeout: 5s + # The interval for fetching the job from the Forgejo instance. + fetch_interval: 2s + # The interval for reporting the job status and logs to the Forgejo instance. + report_interval: 1s + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:20-bookworm", "ubuntu-22.04:docker://node:20-bookworm"] + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when executing the `daemon`, it will use labels in the `.runner` file. + labels: [] + +cache: + # + # When enabled, workflows will be given the ACTIONS_CACHE_URL environment variable + # used by the https://code.forgejo.org/actions/cache action. The server at this + # URL must implement a compliant REST API and it must also be reachable from + # the container or host running the workflows. + # + # See also https://forgejo.org/docs/next/user/actions/advanced-features/#cache + # + # When it is not enabled, none of the following options apply. + # + # It works as follows: + # + # - the workflow is given a one time use ACTIONS_CACHE_URL + # - a cache proxy listens to ACTIONS_CACHE_URL + # - the cache proxy securely communicates with the cache server using + # a shared secret + # + enabled: true + # + ####################################################################### + # + # Only used for the internal cache server. + # + # If external_server is not set, the Forgejo runner will spawn a + # cache server that will be used by the cache proxy. + # + ####################################################################### + # + # The port bound by the internal cache server. + # 0 means to use a random available port. + # + port: 0 + # + # The directory to store the cache data. + # + # If empty, the cache data will be stored in $HOME/.cache/actcache. + # + dir: "" + # + ####################################################################### + # + # Only used for the external cache server. + # + # If external_server is set, the internal cache server is not + # spawned. + # + ####################################################################### + # + # The URL of the cache server. The URL should generally end with + # "/". The cache proxy will forward requests to the external + # server. The requests are authenticated with the "secret" that is + # shared with the external server. + # + external_server: "" + # + # The shared cache secret used to secure the communications between + # the cache proxy and the cache server. + # + # If empty, it will be generated to a new secret automatically when + # the server starts and it will stay the same until it restarts. + # + secret: "" + # + ####################################################################### + # + # Common to the internal and external cache server + # + ####################################################################### + # + # The IP or hostname (195.84.20.30 or example.com) to use when constructing + # ACTIONS_CACHE_URL which is the URL of the cache proxy. + # + # If empty it will be detected automatically. + # + # If the containers or host running the workflows reside on a + # different network than the Forgejo runner (for instance when the + # docker server used to create containers is not running on the same + # host as the Forgejo runner), it may be impossible to figure that + # out automatically. In that case you can specify which IP or + # hostname to use to reach the internal cache server created by the + # Forgejo runner. + # + host: "" + # + # The port bound by the internal cache proxy. + # 0 means to use a random available port. + # + proxy_port: 0 + # + # Overrides the ACTIONS_CACHE_URL variable passed to workflow + # containers. The URL should generally not end with "/". This should only + # be used if the runner host is not reachable from the workflow containers, + # and requires further setup. + # + actions_cache_url_override: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, create a network automatically. + network: "" + # Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly. + # Only takes effect if "network" is set to "". + enable_ipv6: false + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --volume /etc/ssl/certs:/etc/ssl/certs:ro). + options: + # The parent directory of a job's working directory. + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /etc/ssl/certs + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # Overrides the docker host set by the DOCKER_HOST environment variable, and mounts on the job container. + # If "-" or "", no docker host will be mounted in the job container + # If "automount", an available docker host will automatically be found and mounted in the job container (e.g. /var/run/docker.sock). + # If it's a url, the specified docker host will be mounted in the job container + # Example urls: unix:///run/docker.socket or ssh://user@host + # The specified socket is mounted within the job container at /var/run/docker.sock + docker_host: "-" + # Pull docker image(s) even if already present + force_pull: true + # Rebuild local docker image(s) even if already present + force_rebuild: false + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: diff --git a/VMs/ForgejoRunner/create_data.sh b/VMs/ForgejoRunner/create_data.sh new file mode 100644 index 0000000..2a02ff9 --- /dev/null +++ b/VMs/ForgejoRunner/create_data.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -e + +mkdir -p data/.cache + +chown -R 1001:1001 data +chmod 775 data/.cache +chmod g+s data/.cache diff --git a/VMs/ForgejoRunner/launch_forgejo_runner_vm.sh b/VMs/ForgejoRunner/launch_forgejo_runner_vm.sh new file mode 100755 index 0000000..99a03fa --- /dev/null +++ b/VMs/ForgejoRunner/launch_forgejo_runner_vm.sh @@ -0,0 +1,104 @@ +#!/usr/bin/env bash +set -euo pipefail + +######################################## +# Configuration +######################################## +VM_NAME="forgejo-runner-vm" +IMAGE="images:debian/trixie" +MEMORY="2GiB" +CPUS="4" + +######################################## +# Helper functions +######################################## +log() { + echo "[+] $*" +} + +vm_exists() { + incus info "$VM_NAME" >/dev/null 2>&1 +} + +######################################## +# Create VM if needed +######################################## +if vm_exists; then + log "VM '$VM_NAME' already exists, skipping creation" +else + log "Creating VM '$VM_NAME'" + incus launch "$IMAGE" "$VM_NAME" \ + --vm \ + -c limits.memory="$MEMORY" \ + -c limits.cpu="$CPUS" +fi + +######################################## +# Wait for VM to be ready +######################################## +log "Waiting for VM to become ready" +incus exec "$VM_NAME" -- cloud-init status --wait >/dev/null 2>&1 || true + +log "Waiting for Incus Agent to start" +# This loop tries a simple command until it succeeds or times out +RETRIES=0 +MAX_RETRIES=30 +until incus exec "$VM_NAME" -- uptime >/dev/null 2>&1; do + RETRIES=$((RETRIES + 1)) + if [ $RETRIES -ge $MAX_RETRIES ]; then + echo "Error: Timeout waiting for VM agent to start." + exit 1 + fi + echo "$RETRIES retries" + sleep 1 +done + +log "Agent is responsive. Proceeding..." +######################################## +# Install Docker inside the VM +######################################## +log "Installing Docker inside VM" + +incus exec "$VM_NAME" -- bash -eux <<'EOF' +export DEBIAN_FRONTEND=noninteractive + +# Base packages +apt-get update +apt-get install -y \ + ca-certificates \ + curl \ + gnupg + +# Docker GPG key +install -m 0755 -d /etc/apt/keyrings +curl -fsSL https://download.docker.com/linux/debian/gpg \ + -o /etc/apt/keyrings/docker.asc +chmod a+r /etc/apt/keyrings/docker.asc + +# Docker repository +echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \ + https://download.docker.com/linux/debian \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \ + > /etc/apt/sources.list.d/docker.list + +# Install Docker +apt-get update +apt-get install -y \ + docker-ce \ + docker-ce-cli \ + containerd.io \ + docker-buildx-plugin \ + docker-compose-plugin + +# Enable Docker +systemctl enable docker +systemctl start docker +EOF + +######################################## +# Done +######################################## +log "Docker successfully installed in VM '$VM_NAME'" +log "You can access it with:" +echo " incus exec $VM_NAME -- bash" From 56a019d0fbb42de9323bd7ff89497aa0cc6d94cb Mon Sep 17 00:00:00 2001 From: Crizomb Date: Thu, 25 Dec 2025 01:26:09 +0100 Subject: [PATCH 27/40] Update VMs/ForgejoRunner/README.md --- VMs/ForgejoRunner/README.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/VMs/ForgejoRunner/README.md b/VMs/ForgejoRunner/README.md index bf451cb..6db7b5b 100644 --- a/VMs/ForgejoRunner/README.md +++ b/VMs/ForgejoRunner/README.md @@ -1,7 +1,13 @@ # Forgejo runner setup -Run forgejo runners instance inside a VM to do very dirty things but securely -forgejo runner run as a docker container inside the VM, and have access to docker socket to create -docker containers for CI/CD things +Run forgejo runners instance inside a VM to do very dirty things but securely
+The "dirty things" is just having forgejo running in priviliged container, with direct access to the host (VM) docker socket
+Runners can easily get full access to host, but the host is a VM so it's ok
+I use [incus](https://linuxcontainers.org/incus/) to create the VM. I love it, very simple, docker like interface
+See launch_forgejo_runner_vm.sh for more information about the VM setup.
-To setup, you still need to enter VM, and follow forgejo [runner instalation guide] (https://forgejo.org/docs/next/admin/actions/runner-installation/) -And copy paste lof of things + + + +To setup, you still need to enter VM, and follow forgejo [runner instalation guide](https://forgejo.org/docs/next/admin/actions/runner-installation/)
+It's still a little bit manual, but it's done in 30s + \ No newline at end of file From 36ef94c83ab2bfb2182ead0a84422f4fb24176fe Mon Sep 17 00:00:00 2001 From: Crizomb Date: Thu, 25 Dec 2025 01:27:22 +0100 Subject: [PATCH 28/40] Update VMs/ForgejoRunner/README.md --- VMs/ForgejoRunner/README.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/VMs/ForgejoRunner/README.md b/VMs/ForgejoRunner/README.md index 6db7b5b..c16c688 100644 --- a/VMs/ForgejoRunner/README.md +++ b/VMs/ForgejoRunner/README.md @@ -1,13 +1,12 @@ # Forgejo runner setup -Run forgejo runners instance inside a VM to do very dirty things but securely
-The "dirty things" is just having forgejo running in priviliged container, with direct access to the host (VM) docker socket
-Runners can easily get full access to host, but the host is a VM so it's ok
-I use [incus](https://linuxcontainers.org/incus/) to create the VM. I love it, very simple, docker like interface
-See launch_forgejo_runner_vm.sh for more information about the VM setup.
+ +Run forgejo runners instance inside a VM to do very dirty things but securely.

+The "dirty things" is just having forgejo running in priviliged container, with direct access to the host (VM) docker socket.

+Runners can easily get full access to host, but the host is a VM so it's ok

+I use [incus](https://linuxcontainers.org/incus/) to create the VM. I love it, very simple, docker like interface

+See launch_forgejo_runner_vm.sh for more information about the VM setup.

- - -To setup, you still need to enter VM, and follow forgejo [runner instalation guide](https://forgejo.org/docs/next/admin/actions/runner-installation/)
+To setup, you still need to enter VM, and follow forgejo [runner instalation guide](https://forgejo.org/docs/next/admin/actions/runner-installation/)

It's still a little bit manual, but it's done in 30s \ No newline at end of file From 1bac7324bad3af8b61397d818ba80b682df6b098 Mon Sep 17 00:00:00 2001 From: Crizomb Date: Thu, 25 Dec 2025 01:54:25 +0100 Subject: [PATCH 29/40] Update README.md --- README.md | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 9bdd72a..9ef5b67 100644 --- a/README.md +++ b/README.md @@ -14,29 +14,32 @@ - Tailscale (VPN) - TSDProxy (Tailscale proxy to have easily a domain per service) -## Services +## Services - Forgejo (git repo management) +- Nextcloud (google drive replacement) +- Navidrome (Music streaming) +- Metube (Video / Music downloader) - n8n (automation with graphs, selfhosted zapier) -- nextcloud (google drive replacement) -- immich (google photos replacement) -- affine (notes taking, obsidian replacement) -- OpenWebUI (chatgpt UI replacement) - Beszel (Ressources monitoring) +- Immich (google photos replacement) +- OpenWebUI (chatgpt UI replacement) - StirlingPDF (ilovepdf.com replacement) +- AudiobookShelf (audibooks & podcasts) +- Affine (notes taking, obsidian replacement) - Gotify (Simple notifcation system) -- Metube (Youtube downloader) +- PaperlessNGNX (OCR things) +- UptimeKuma (Healthchecks) +- ArchiveBox (Local archive.org) -## Todo +## CI -- [x] Publish this repo -- [x] Add images to README -- [ ] Move github things -- [ ] Add Habitica -- [ ] Configure public VPN for torrents -- [ ] Add Navidrome + music download system -- [ ] Add Audiobookshelf + audiobook download system -- [x] Add and configure backups on external disk +Done with a Forgejo runner in a VM. See VMs/ folder for more details. + +## Backup + +RSync backup important things (git, lfs, nextcloud documents) to an SD Card. +Not ideal ## Random dump From 32ad8cc155335702325558236f59c9940667cc84 Mon Sep 17 00:00:00 2001 From: criz Date: Thu, 25 Dec 2025 03:12:20 +0100 Subject: [PATCH 30/40] remove bloat --- Containers/Forgejo/compose.yml | 1 - Containers/N8N/compose.yml | 1 - Containers/OpenWebui/compose.yml | 14 -------------- Containers/StirlingPDF/compose.yml | 12 ------------ Containers/TSDProxy/compose.yml | 6 +----- README.md | 3 +-- 6 files changed, 2 insertions(+), 35 deletions(-) delete mode 100644 Containers/OpenWebui/compose.yml delete mode 100644 Containers/StirlingPDF/compose.yml diff --git a/Containers/Forgejo/compose.yml b/Containers/Forgejo/compose.yml index 5227419..28a4c4c 100644 --- a/Containers/Forgejo/compose.yml +++ b/Containers/Forgejo/compose.yml @@ -18,7 +18,6 @@ services: - /etc/localtime:/etc/localtime:ro ports: - '3000:3000' - - '222:22' labels: tsdproxy.enable: "true" tsdproxy.name: "git" diff --git a/Containers/N8N/compose.yml b/Containers/N8N/compose.yml index 1698639..44a290a 100644 --- a/Containers/N8N/compose.yml +++ b/Containers/N8N/compose.yml @@ -16,5 +16,4 @@ services: labels: tsdproxy.enable: "true" tsdproxy.name: "n8n" - tsdproxy.container_port: 3000 tsdproxy.funnel: "true" diff --git a/Containers/OpenWebui/compose.yml b/Containers/OpenWebui/compose.yml deleted file mode 100644 index f0514a4..0000000 --- a/Containers/OpenWebui/compose.yml +++ /dev/null @@ -1,14 +0,0 @@ -services: - open-webui: - restart: always - ports: - - 3001:8080 - volumes: - - ./open-webui:/app/backend/data - container_name: open-webui - image: ghcr.io/open-webui/open-webui:main - labels: - tsdproxy.enable: "true" - tsdproxy.name: "chat" - environment: - - WEBUI_URL=${WEBUI_URL} diff --git a/Containers/StirlingPDF/compose.yml b/Containers/StirlingPDF/compose.yml deleted file mode 100644 index f080e5e..0000000 --- a/Containers/StirlingPDF/compose.yml +++ /dev/null @@ -1,12 +0,0 @@ -services: - stirling-pdf: - container_name: stirling_pdf - image: stirlingtools/stirling-pdf:latest - restart: always - environment: - - DOCKER_ENABLE_SECURITY=false - labels: - tsdproxy.enable: "true" - tsdproxy.name: "pdf" - ports: - - 8080:8080 diff --git a/Containers/TSDProxy/compose.yml b/Containers/TSDProxy/compose.yml index a36f98a..0dd8d52 100644 --- a/Containers/TSDProxy/compose.yml +++ b/Containers/TSDProxy/compose.yml @@ -6,14 +6,10 @@ services: container_name: tsdproxy volumes: - /var/run/docker.sock:/var/run/docker.sock - - tsdproxydata:/data + - ./data:/data environment: # Get AuthKey from your Tailscale account - TSDPROXY_AUTHKEY=${TSD_PROXY_AUTH} - # Address of docker server (access to example.com ports) - - TSDPROXY_HOSTNAME=${TSD_PROXY_HOSTNAME} - DOCKER_HOST=unix:///var/run/docker.sock restart: always -volumes: - tsdproxydata: diff --git a/README.md b/README.md index 9ef5b67..aee6baf 100644 --- a/README.md +++ b/README.md @@ -23,8 +23,7 @@ - n8n (automation with graphs, selfhosted zapier) - Beszel (Ressources monitoring) - Immich (google photos replacement) -- OpenWebUI (chatgpt UI replacement) -- StirlingPDF (ilovepdf.com replacement) +- Bentopdf (ilovepdf.com replacement) - AudiobookShelf (audibooks & podcasts) - Affine (notes taking, obsidian replacement) - Gotify (Simple notifcation system) From b156859cbcbd3ff9f87c249df2489d3b52375213 Mon Sep 17 00:00:00 2001 From: criz Date: Thu, 25 Dec 2025 14:46:19 +0100 Subject: [PATCH 31/40] BentoPDF --- Containers/BentoPDF/compose.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 Containers/BentoPDF/compose.yml diff --git a/Containers/BentoPDF/compose.yml b/Containers/BentoPDF/compose.yml new file mode 100644 index 0000000..6cb0a86 --- /dev/null +++ b/Containers/BentoPDF/compose.yml @@ -0,0 +1,10 @@ +services: + bentopdf: + image: bentopdf/bentopdf-simple:latest + container_name: bentopdf + restart: unless-stopped + ports: + - '8934:8080' + labels: + tsdproxy.enable: "true" + tsdproxy.name: "pdf" From 5fd446bc2ffd490adec4134b27b7313d0c9aea56 Mon Sep 17 00:00:00 2001 From: criz Date: Tue, 6 Jan 2026 03:23:12 +0100 Subject: [PATCH 32/40] readme + share navidrme with friends --- Containers/Navidrome/compose.yml | 2 +- README.md | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Containers/Navidrome/compose.yml b/Containers/Navidrome/compose.yml index b6f0a0e..ce23e19 100644 --- a/Containers/Navidrome/compose.yml +++ b/Containers/Navidrome/compose.yml @@ -12,4 +12,4 @@ services: labels: tsdproxy.enable: "true" tsdproxy.name: "music" - + tsdproxy.funnel: "true" diff --git a/README.md b/README.md index aee6baf..2869afb 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ # Selfhosting personnal repo +My very simple self-hosting setup. +TSDProxy does heavy lifting to make things simple. + ## Hardware & OS - ideapad 15ADA05 laptop @@ -11,6 +14,7 @@ - Debian13 - Docker +- Incus for VMs management - Tailscale (VPN) - TSDProxy (Tailscale proxy to have easily a domain per service) @@ -51,3 +55,4 @@ sudo setfacl -R -m d:u:33:rwx /home/yourusername/Medias and metube doesn't like deleting videos externally Tailscale KEY last 3 month. Do not forget to update it (inside .env of TSDProxy) +Nextcloud was a pain in the ass, do not use cringe ass AIO container. Works fine now. From 5852ba992568e6b6450aabf9496f86de22010229 Mon Sep 17 00:00:00 2001 From: criz Date: Sat, 10 Jan 2026 00:44:58 +0100 Subject: [PATCH 33/40] debloat + disk size VM --- Containers/Affine/compose.yml | 80 ------------------- Containers/ArchiveBox/compose.yml | 35 -------- Containers/PaperlessNGX/compose.yml | 28 ------- Containers/QbittorentHDD/compose.yml | 22 ----- Containers/QbittorentSSD/compose.yml | 22 ----- VMs/ForgejoRunner/launch_forgejo_runner_vm.sh | 4 +- 6 files changed, 3 insertions(+), 188 deletions(-) delete mode 100644 Containers/Affine/compose.yml delete mode 100644 Containers/ArchiveBox/compose.yml delete mode 100644 Containers/PaperlessNGX/compose.yml delete mode 100644 Containers/QbittorentHDD/compose.yml delete mode 100644 Containers/QbittorentSSD/compose.yml diff --git a/Containers/Affine/compose.yml b/Containers/Affine/compose.yml deleted file mode 100644 index 4a2d443..0000000 --- a/Containers/Affine/compose.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: affine -services: - affine: - image: ghcr.io/toeverything/affine:${AFFINE_REVISION:-stable} - container_name: affine_server - ports: - - '${PORT:-3010}:3010' - depends_on: - redis: - condition: service_healthy - postgres: - condition: service_healthy - affine_migration: - condition: service_completed_successfully - volumes: - # custom configurations - - ${UPLOAD_LOCATION}:/root/.affine/storage - - ${CONFIG_LOCATION}:/root/.affine/config - env_file: - - .env - environment: - - REDIS_SERVER_HOST=redis - - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine} - - AFFINE_INDEXER_ENABLED=false - restart: unless-stopped - labels: - tsdproxy.enable: "true" - tsdproxy.name: "affine" - - affine_migration: - image: ghcr.io/toeverything/affine:${AFFINE_REVISION:-stable} - container_name: affine_migration_job - volumes: - # custom configurations - - ${UPLOAD_LOCATION}:/root/.affine/storage - - ${CONFIG_LOCATION}:/root/.affine/config - command: ['sh', '-c', 'node ./scripts/self-host-predeploy.js'] - env_file: - - .env - environment: - - REDIS_SERVER_HOST=redis - - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${DB_DATABASE:-affine} - - AFFINE_INDEXER_ENABLED=false - depends_on: - postgres: - condition: service_healthy - redis: - condition: service_healthy - - redis: - image: redis - container_name: affine_redis - healthcheck: - test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping'] - interval: 10s - timeout: 5s - retries: 5 - restart: unless-stopped - - postgres: - image: pgvector/pgvector:pg16 - container_name: affine_postgres - volumes: - - ${DB_DATA_LOCATION}:/var/lib/postgresql/data - environment: - POSTGRES_USER: ${DB_USERNAME} - POSTGRES_PASSWORD: ${DB_PASSWORD} - POSTGRES_DB: ${DB_DATABASE:-affine} - POSTGRES_INITDB_ARGS: '--data-checksums' - # you better set a password for you database - # or you may add 'POSTGRES_HOST_AUTH_METHOD=trust' to ignore postgres security policy - POSTGRES_HOST_AUTH_METHOD: trust - healthcheck: - test: - ['CMD', 'pg_isready', '-U', "${DB_USERNAME}", '-d', "${DB_DATABASE:-affine}"] - interval: 10s - timeout: 5s - retries: 5 - restart: unless-stopped - diff --git a/Containers/ArchiveBox/compose.yml b/Containers/ArchiveBox/compose.yml deleted file mode 100644 index 115fc79..0000000 --- a/Containers/ArchiveBox/compose.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Usage: -# mkdir -p ~/archivebox/data && cd ~/archivebox -# curl -fsSL 'https://docker-compose.archivebox.io' > docker-compose.yml -# docker compose run archivebox version -# docker compose run archivebox config --set SAVE_ARCHIVE_DOT_ORG=False -# docker compose run archivebox add --depth=1 'https://news.ycombinator.com' -# docker compose run -T archivebox add < bookmarks.txt -# docker compose up -d && open 'https://localhost:8000' -# docker compose run archivebox help -# Documentation: -# https://github.com/ArchiveBox/ArchiveBox/wiki/Docker#docker-compose - -services: - archivebox: - image: archivebox/archivebox:latest - ports: - - 8647:8000 - volumes: - - ./data:/data - # ./data/personas/Default/chrome_profile/Default:/data/personas/Default/chrome_profile/Default - environment: - - ALLOWED_HOSTS=* # set this to the hostname(s) you're going to serve the site from! - - CSRF_TRUSTED_ORIGINS=https://archive.rufous-trench.ts.net # you MUST set this to the server's URL for admin login and the REST API to work - - PUBLIC_INDEX=True # set to False to prevent anonymous users from viewing snapshot list - - PUBLIC_SNAPSHOTS=True # set to False to prevent anonymous users from viewing snapshot content - - PUBLIC_ADD_VIEW=False # set to True to allow anonymous users to submit new URLs to archive - # ... - # For more info, see: https://github.com/ArchiveBox/ArchiveBox/wiki/Docker#configuration - labels: - tsdproxy.enable: "true" - tsdproxy.name: "archive" - - - - diff --git a/Containers/PaperlessNGX/compose.yml b/Containers/PaperlessNGX/compose.yml deleted file mode 100644 index 0cd8578..0000000 --- a/Containers/PaperlessNGX/compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -services: - broker: - image: docker.io/library/redis:8 - restart: unless-stopped - volumes: - - redisdata:/data - webserver: - image: ghcr.io/paperless-ngx/paperless-ngx:latest - restart: unless-stopped - depends_on: - - broker - ports: - - "8061:8000" - volumes: - - ./data:/usr/src/paperless/data - - /home/criz/Medias/PaperlessNGX:/usr/src/paperless/media - - ./export:/usr/src/paperless/export - - ./consume:/usr/src/paperless/consume - env_file: docker-compose.env - environment: - PAPERLESS_REDIS: redis://broker:6379 - labels: - tsdproxy.enable: "true" - tsdproxy.name: "paper" -volumes: - data: - media: - redisdata: diff --git a/Containers/QbittorentHDD/compose.yml b/Containers/QbittorentHDD/compose.yml deleted file mode 100644 index 84125fc..0000000 --- a/Containers/QbittorentHDD/compose.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -services: - qbittorrent: - image: lscr.io/linuxserver/qbittorrent:latest - container_name: qbittorrentHDD - environment: - - PUID=1000 - - PGID=1000 - - TZ=Etc/UTC - - WEBUI_PORT=13462 - - TORRENTING_PORT=6882 - volumes: - - ./config:/config - - /mnt/moviesHDD/torrents:/downloads #optional - ports: - - 13462:13462 - - 6882:6882 - - 6882:6882/udp - restart: unless-stopped - labels: - tsdproxy.enable: "true" - tsdproxy.name: "torrentHDD" diff --git a/Containers/QbittorentSSD/compose.yml b/Containers/QbittorentSSD/compose.yml deleted file mode 100644 index 8c1fbd4..0000000 --- a/Containers/QbittorentSSD/compose.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -services: - qbittorrent: - image: lscr.io/linuxserver/qbittorrent:latest - container_name: qbittorrentSSD - environment: - - PUID=1000 - - PGID=1000 - - TZ=Etc/UTC - - WEBUI_PORT=13461 - - TORRENTING_PORT=6881 - volumes: - - ./config:/config - - /home/criz/Medias/Torrents:/downloads #optional - ports: - - 13461:13461 - - 6881:6881 - - 6881:6881/udp - restart: unless-stopped - labels: - tsdproxy.enable: "true" - tsdproxy.name: "torrentSSD" diff --git a/VMs/ForgejoRunner/launch_forgejo_runner_vm.sh b/VMs/ForgejoRunner/launch_forgejo_runner_vm.sh index 99a03fa..18608b6 100755 --- a/VMs/ForgejoRunner/launch_forgejo_runner_vm.sh +++ b/VMs/ForgejoRunner/launch_forgejo_runner_vm.sh @@ -7,6 +7,7 @@ set -euo pipefail VM_NAME="forgejo-runner-vm" IMAGE="images:debian/trixie" MEMORY="2GiB" +DISK="25GiB" CPUS="4" ######################################## @@ -30,7 +31,8 @@ else incus launch "$IMAGE" "$VM_NAME" \ --vm \ -c limits.memory="$MEMORY" \ - -c limits.cpu="$CPUS" + -c limits.cpu="$CPUS" \ + --device root,size="$DISK" fi ######################################## From dec9bc3d150a621c5c4c9de781c3bd8e2b0c0e02 Mon Sep 17 00:00:00 2001 From: criz Date: Sat, 10 Jan 2026 01:40:21 +0100 Subject: [PATCH 34/40] sqlite -> mariadb migration for nextcloud --- Containers/NextCloud/compose.yml | 16 ++++++++++++++++ README.md | 1 - 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/Containers/NextCloud/compose.yml b/Containers/NextCloud/compose.yml index c6c9888..dfaf90a 100644 --- a/Containers/NextCloud/compose.yml +++ b/Containers/NextCloud/compose.yml @@ -39,5 +39,21 @@ services: networks: - cloud + mariadb: + image: mariadb:10.11 + container_name: nextcloud_db + restart: always + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW + networks: + - cloud + volumes: + - ./mariadb:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + + networks: cloud: diff --git a/README.md b/README.md index 2869afb..052de3d 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,6 @@ TSDProxy does heavy lifting to make things simple. - Gotify (Simple notifcation system) - PaperlessNGNX (OCR things) - UptimeKuma (Healthchecks) -- ArchiveBox (Local archive.org) ## CI From a837706adf78879cc07deb9f1c73642a18185837 Mon Sep 17 00:00:00 2001 From: criz Date: Sat, 10 Jan 2026 21:14:37 +0100 Subject: [PATCH 35/40] forgejo migration to postgresql + small nextcloud perfs things --- Containers/Forgejo/compose.yml | 26 ++++++++++++++++++++++++-- Containers/NextCloud/compose.yml | 6 ++++-- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/Containers/Forgejo/compose.yml b/Containers/Forgejo/compose.yml index 28a4c4c..93dc86c 100644 --- a/Containers/Forgejo/compose.yml +++ b/Containers/Forgejo/compose.yml @@ -3,13 +3,21 @@ networks: external: false services: - server: + forgejo: image: codeberg.org/forgejo/forgejo:11 container_name: forgejo environment: - USER_UID=1000 - USER_GID=1000 - restart: always + - FORGEJO__database__DB_TYPE=postgres + - FORGEJO__database__HOST=forgejo_db:5432 + - FORGEJO__database__NAME=forgejo + - FORGEJO__database__USER=forgejo + - FORGEJO__database__SSL_MODE=disable + - FORGEJO__database__PASSWD=${POSTGRES_PASSWORD} + - FORGEJO__database__SCHEMA=public + - FORGEJO__database__CHARSET=utf8 + restart: unless-stopped networks: - forgejo volumes: @@ -23,3 +31,17 @@ services: tsdproxy.name: "git" tsdproxy.container_port: 3000 tsdproxy.funnel: "true" + + forgejo_db: + image: postgres:16 + container_name: forgejo-postgres + restart: always + networks: + - forgejo + environment: + - POSTGRES_DB=forgejo + - POSTGRES_USER=forgejo + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_HOST_AUTH_METHOD=md5 + volumes: + - ./postgres:/var/lib/postgresql/data diff --git a/Containers/NextCloud/compose.yml b/Containers/NextCloud/compose.yml index dfaf90a..edbf1d1 100644 --- a/Containers/NextCloud/compose.yml +++ b/Containers/NextCloud/compose.yml @@ -19,8 +19,10 @@ services: - REDIS_HOST=redis - PHP_MEMORY_LIMIT=4G - PHP_UPLOAD_LIMIT=64G - - APACHE_BODY_LIMIT=0 - - TRUSTED_PROXIES=100.65.19.39 + - PHP_OPCACHE_ENABLE=1 + - PHP_OPCACHE_MEMORY_CONSUMPTION=256 + - PHP_OPCACHE_MAX_ACCELERATED_FILES=100000 + - TRUSTED_PROXIES=100.64.0.0/10 - OVERWRITEPROTOCOL=https - OVERWRITEHOST=cloud.rufous-trench.ts.net From 482bf12953802c6c21c31adcf1a2800ebfb2d86f Mon Sep 17 00:00:00 2001 From: Crizomb Date: Sun, 8 Feb 2026 01:29:17 +0100 Subject: [PATCH 36/40] old --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 052de3d..8dc3377 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Selfhosting personnal repo +(Old setup on ideapad, using TSDProxy) + My very simple self-hosting setup. TSDProxy does heavy lifting to make things simple. From b909f1a10795dcc604f5eb9a64abde3b61641192 Mon Sep 17 00:00:00 2001 From: mini-pc-01 Date: Sun, 8 Feb 2026 14:32:26 +0100 Subject: [PATCH 37/40] new start ! --- .gitignore | 28 ++++++ Containers/Forgejo/compose.yml | 52 +++++++++++ .../Forgejo/serveconfig/serve-config.json | 19 ++++ Containers/Navidrome/compose.yml | 31 +++++++ Containers/Navidrome/data/navidrome.toml | 2 + .../Navidrome/serveconfig/serve-config.json | 19 ++++ .../NextCloud/serveconfig/serve-config.json | 19 ++++ README.md | 90 +++++++++++++++++++ 8 files changed, 260 insertions(+) create mode 100644 .gitignore create mode 100644 Containers/Forgejo/compose.yml create mode 100644 Containers/Forgejo/serveconfig/serve-config.json create mode 100644 Containers/Navidrome/compose.yml create mode 100644 Containers/Navidrome/data/navidrome.toml create mode 100644 Containers/Navidrome/serveconfig/serve-config.json create mode 100644 Containers/NextCloud/serveconfig/serve-config.json create mode 100644 README.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bd33114 --- /dev/null +++ b/.gitignore @@ -0,0 +1,28 @@ +# Ignore everything in the root and all subdirectories +/* +!/*/ + +# Keep the Containers folder +!/Containers/ + +# Ignore everything inside Containers/* +/Containers/*/* + +# Except compose.yml and tailscale serve +!/Containers/*/compose.yml +!/Containers/*/serveconfig/ + +# navidrome toml for auto-clean +!/Containers/Navidrome/data/ +/Containers/Navidrome/data/* +!/Containers/Navidrome/data/navidrome.toml + +# Scripts +!/Scripts/* + +# VMS (not used for the moment) +!/VMs/* + +# Keep utility files in root +!.gitignore +!README.md diff --git a/Containers/Forgejo/compose.yml b/Containers/Forgejo/compose.yml new file mode 100644 index 0000000..4b92105 --- /dev/null +++ b/Containers/Forgejo/compose.yml @@ -0,0 +1,52 @@ +services: + forgejo-ts: + image: tailscale/tailscale + container_name: forgejo-ts + cap_add: + - net_admin + devices: + - /dev/net/tun:/dev/net/tun + volumes: + - ./tailscale/state:/var/lib/tailscale + - ./serveconfig:/config + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_EXTRA_ARGS=--advertise-tags=tag:forgejo --reset + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve-config.json + - TS_USERSPACE=false + hostname: git + restart: unless-stopped + + forgejo: + image: codeberg.org/forgejo/forgejo:11 + container_name: forgejo + network_mode: service:forgejo-ts + environment: + - USER_UID=1000 + - USER_GID=1000 + - FORGEJO__database__DB_TYPE=postgres + - FORGEJO__database__HOST=forgejo_db:5432 + - FORGEJO__database__NAME=forgejo + - FORGEJO__database__USER=forgejo + - FORGEJO__database__PASSWD=${POSTGRES_PASSWORD} + - FORGEJO__database__SSL_MODE=disable + - FORGEJO__database__SCHEMA=public + - FORGEJO__database__CHARSET=utf8 + volumes: + - ./forgejo:/data + # - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + restart: unless-stopped + + forgejo_db: + image: postgres:16 + container_name: forgejo-postgres + environment: + - POSTGRES_DB=forgejo + - POSTGRES_USER=forgejo + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_HOST_AUTH_METHOD=md5 + volumes: + - ./postgres:/var/lib/postgresql/data + restart: always diff --git a/Containers/Forgejo/serveconfig/serve-config.json b/Containers/Forgejo/serveconfig/serve-config.json new file mode 100644 index 0000000..a5c125e --- /dev/null +++ b/Containers/Forgejo/serveconfig/serve-config.json @@ -0,0 +1,19 @@ +{ + "TCP": { + "443": { + "HTTPS": true + } + }, + "Web": { + "${TS_CERT_DOMAIN}:443": { + "Handlers": { + "/": { + "Proxy": "http://127.0.0.1:3000" + } + } + } + }, + "AllowFunnel": { + "${TS_CERT_DOMAIN}:443": true + } +} diff --git a/Containers/Navidrome/compose.yml b/Containers/Navidrome/compose.yml new file mode 100644 index 0000000..e91d23b --- /dev/null +++ b/Containers/Navidrome/compose.yml @@ -0,0 +1,31 @@ +services: + navidrome-ts: + image: tailscale/tailscale + container_name: navidrome-ts + cap_add: + - net_admin + devices: + - /dev/net/tun:/dev/net/tun + volumes: + - ./tailscale/state:/var/lib/tailscale + - ./serveconfig:/config + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_EXTRA_ARGS=--advertise-tags=tag:navidrome --reset + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve-config.json + - TS_USERSPACE=false + hostname: music + restart: unless-stopped + + navidrome: + network_mode: service:navidrome-ts + container_name: navidrome + image: deluan/navidrome:latest + user: 1000:1000 # should be owner of volumes + # ports: + # - "4533:4533" + restart: unless-stopped + volumes: + - "./data:/data" + - "/mnt/usb-ssd-01/music:/music:ro" diff --git a/Containers/Navidrome/data/navidrome.toml b/Containers/Navidrome/data/navidrome.toml new file mode 100644 index 0000000..74eb198 --- /dev/null +++ b/Containers/Navidrome/data/navidrome.toml @@ -0,0 +1,2 @@ +[scanner] +PurgeMissing = "always" diff --git a/Containers/Navidrome/serveconfig/serve-config.json b/Containers/Navidrome/serveconfig/serve-config.json new file mode 100644 index 0000000..7c2f38e --- /dev/null +++ b/Containers/Navidrome/serveconfig/serve-config.json @@ -0,0 +1,19 @@ +{ + "TCP": { + "443": { + "HTTPS": true + } + }, + "Web": { + "${TS_CERT_DOMAIN}:443": { + "Handlers": { + "/": { + "Proxy": "http://127.0.0.1:4533" + } + } + } + }, + "AllowFunnel": { + "${TS_CERT_DOMAIN}:443": true + } +} diff --git a/Containers/NextCloud/serveconfig/serve-config.json b/Containers/NextCloud/serveconfig/serve-config.json new file mode 100644 index 0000000..99da2b9 --- /dev/null +++ b/Containers/NextCloud/serveconfig/serve-config.json @@ -0,0 +1,19 @@ +{ + "TCP": { + "443": { + "HTTPS": true + } + }, + "Web": { + "${TS_CERT_DOMAIN}:443": { + "Handlers": { + "/": { + "Proxy": "http://127.0.0.1:80" + } + } + } + }, + "AllowFunnel": { + "${TS_CERT_DOMAIN}:443": true + } +} diff --git a/README.md b/README.md new file mode 100644 index 0000000..602e4fa --- /dev/null +++ b/README.md @@ -0,0 +1,90 @@ +# Selfhosting personnal repo + +My very simple self-hosting setup. +On my new mini-pc. +Gettings things simpler & simpler overtime. +Check Old_TSDPROXT for old setup. + +Not 100% reproductible (Maybe one day NixOs?), some light debugging & manual adjust when migrating. See random dump at the end + +## Hardware & OS + +- Origimagic C2 Neo Mini PC +- N95 Alder Lake +- 12gb ddr5 +- 512gb internal nvme +- 1 To external USB SSD (For nextcloud files) + +## Stack + +- Debian13 +- Tailscale (VPN) +- Docker (with compose) + +## Networking + +Heavy use of Tailscale sidecar (see network_mode: "service:myapp-ts") : +- Https without much efforts +- Easy domain name with MagicDNS (ending in rufous-trench.ts.net). +- Both VPN access for best-perf, and funnel for public access without opening ports. + +Inconvenients : +- Vendor lock-in for networking. Even if tailscale seems cooler than cloudflare, it's still a vendor lock-in +- Not so wide adoption, need often manual thinkering + +## Services + +- Forgejo (git repo management) +- Nextcloud (google drive replacement) +- Navidrome (Music streaming) + +## CI + +- Forgejo runners on my school computers for the moment lol. With podman for easy rootless containers. + +## Backup + +#TODO rsync thingy to family NAS + +# Random dump / doc + +### Nextcloud +group & user : 33, chown nextcloud folders + + +Music folder owned by 1000 (for navidrome access) +But I want nextcloud to also be able to move those files (easy access & add) + + +Solution : + +```bash +sudo apt install acl +sudo setfacl -R -m u:33:rwx /.../.../Music +``` + +Also Nextcloud crontab thingy + + +```bash +sudo crontab -e +*/5 * * * * docker exec -u www-data nextcloud php /var/www/html/cron.php +``` + +### Forgejo +postgres complaining when networking change : Check pg_hba.conf, change it if needed + +### Navidrome +Because external mess, Nextcloud can modify files etc... +```toml +[scanner] +PurgeMissing = "always" +``` + +## TODO / Random vaguely related projects + +- Home assistant +- Old laptop as test server (probably on new branch) +- Wake on Wan for computer desktop via rasberry pi +- Old phones used for dashboard +- Maybe graphana things one day From ccba2fd427af39c62216351dba6a9e75b41275f5 Mon Sep 17 00:00:00 2001 From: mini-pc-01 Date: Sun, 8 Feb 2026 14:39:07 +0100 Subject: [PATCH 38/40] rename yml to yaml --- .gitignore | 2 +- .../Forgejo/{compose.yml => compose.yaml} | 0 .../Navidrome/{compose.yml => compose.yaml} | 0 Containers/NextCloud/compose.yaml | 67 +++++++++++++++++++ 4 files changed, 68 insertions(+), 1 deletion(-) rename Containers/Forgejo/{compose.yml => compose.yaml} (100%) rename Containers/Navidrome/{compose.yml => compose.yaml} (100%) create mode 100644 Containers/NextCloud/compose.yaml diff --git a/.gitignore b/.gitignore index bd33114..87e61b2 100644 --- a/.gitignore +++ b/.gitignore @@ -9,7 +9,7 @@ /Containers/*/* # Except compose.yml and tailscale serve -!/Containers/*/compose.yml +!/Containers/*/compose.yaml !/Containers/*/serveconfig/ # navidrome toml for auto-clean diff --git a/Containers/Forgejo/compose.yml b/Containers/Forgejo/compose.yaml similarity index 100% rename from Containers/Forgejo/compose.yml rename to Containers/Forgejo/compose.yaml diff --git a/Containers/Navidrome/compose.yml b/Containers/Navidrome/compose.yaml similarity index 100% rename from Containers/Navidrome/compose.yml rename to Containers/Navidrome/compose.yaml diff --git a/Containers/NextCloud/compose.yaml b/Containers/NextCloud/compose.yaml new file mode 100644 index 0000000..bf360c9 --- /dev/null +++ b/Containers/NextCloud/compose.yaml @@ -0,0 +1,67 @@ +services: + nextcloud-ts: + image: tailscale/tailscale + container_name: nextcloud-ts + cap_add: + - net_admin + volumes: + - ./tailscale/state:/var/lib/tailscale + - ./serveconfig:/config + devices: + - /dev/net/tun:/dev/net/tun + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_EXTRA_ARGS=--advertise-tags=tag:nextcloud --reset + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve-config.json + - TS_USERSPACE=false + hostname: cloud + restart: unless-stopped + + # Nextcloud + nextcloud: + image: nextcloud + container_name: nextcloud + restart: always + network_mode: "service:nextcloud-ts" + volumes: + - ./nextcloud:/var/www/html + - /mnt/usb-ssd-01/nextcloud/nextcloud-data:/var/www/html/data + + - /mnt/usb-ssd-01/metube:/mnt/metube + - /mnt/usb-ssd-01/music:/mnt/music + + - /mnt/usb-ssd-01/nextcloud/ext1:/mnt/blender + environment: + - REDIS_HOST=redis + - PHP_MEMORY_LIMIT=4G + - PHP_UPLOAD_LIMIT=64G + - PHP_OPCACHE_ENABLE=1 + - PHP_OPCACHE_MEMORY_CONSUMPTION=256 + - PHP_OPCACHE_MAX_ACCELERATED_FILES=100000 + - TRUSTED_PROXIES=100.64.0.0/10 127.0.0.1 + - OVERWRITEPROTOCOL=https + - OVERWRITEHOST=cloud.rufous-trench.ts.net + + redis: + image: redis:alpine + container_name: redis + restart: always + volumes: + - ./redis:/data + + mariadb: + image: mariadb:10.11 + container_name: nextcloud_db + restart: always + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW + volumes: + - ./mariadb:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + + + From 75594805e53b70ec206db7419638566578b9be69 Mon Sep 17 00:00:00 2001 From: mini-pc-01 Date: Sun, 8 Feb 2026 21:09:34 +0100 Subject: [PATCH 39/40] home assistant --- .gitignore | 4 +++ Containers/HomeAssistant/compose.yaml | 34 +++++++++++++++++++ .../HomeAssistant/config/configuration.yaml | 18 ++++++++++ .../serveconfig/serve-config.json | 19 +++++++++++ 4 files changed, 75 insertions(+) create mode 100644 Containers/HomeAssistant/compose.yaml create mode 100644 Containers/HomeAssistant/config/configuration.yaml create mode 100644 Containers/HomeAssistant/serveconfig/serve-config.json diff --git a/.gitignore b/.gitignore index 87e61b2..022e77e 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,10 @@ /Containers/Navidrome/data/* !/Containers/Navidrome/data/navidrome.toml +!/Containers/HomeAssistant/config/ +/Containers/HomeAssistant/config/* +!/Containers/HomeAssistant/config/configuration.yaml + # Scripts !/Scripts/* diff --git a/Containers/HomeAssistant/compose.yaml b/Containers/HomeAssistant/compose.yaml new file mode 100644 index 0000000..e629a7d --- /dev/null +++ b/Containers/HomeAssistant/compose.yaml @@ -0,0 +1,34 @@ +services: + home-assistant-ts: + image: tailscale/tailscale + container_name: home-assistant-ts + cap_add: + - net_admin + devices: + - /dev/net/tun:/dev/net/tun + volumes: + - ./tailscale/state:/var/lib/tailscale + - ./serveconfig:/config + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_EXTRA_ARGS=--advertise-tags=tag:home-assistant --reset + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve-config.json + - TS_USERSPACE=false + hostname: home + restart: unless-stopped + + home-assistant: + container_name: home-assistant + image: "ghcr.io/home-assistant/home-assistant:stable" + volumes: + - ./config:/config + - /etc/localtime:/etc/localtime:ro + - /run/dbus:/run/dbus:ro + devices: + - /dev/ttyUSB0:/dev/ttyUSB0 + restart: unless-stopped + network_mode: service:home-assistant-ts + environment: + TZ: Europe/France + diff --git a/Containers/HomeAssistant/config/configuration.yaml b/Containers/HomeAssistant/config/configuration.yaml new file mode 100644 index 0000000..2615661 --- /dev/null +++ b/Containers/HomeAssistant/config/configuration.yaml @@ -0,0 +1,18 @@ + +# Loads default set of integrations. Do not remove. +default_config: + +# Load frontend themes from the themes folder +frontend: + themes: !include_dir_merge_named themes + +automation: !include automations.yaml +script: !include scripts.yaml +scene: !include scenes.yaml + +http: + use_x_forwarded_for: true + trusted_proxies: + - 127.0.0.1 + - 100.64.0.0/10 + diff --git a/Containers/HomeAssistant/serveconfig/serve-config.json b/Containers/HomeAssistant/serveconfig/serve-config.json new file mode 100644 index 0000000..8661448 --- /dev/null +++ b/Containers/HomeAssistant/serveconfig/serve-config.json @@ -0,0 +1,19 @@ +{ + "TCP": { + "443": { + "HTTPS": true + } + }, + "Web": { + "${TS_CERT_DOMAIN}:443": { + "Handlers": { + "/": { + "Proxy": "http://127.0.0.1:8123" + } + } + } + }, + "AllowFunnel": { + "${TS_CERT_DOMAIN}:443": false + } +} From b5cfe77d34f825dc8adc0785a8195253e7dbc364 Mon Sep 17 00:00:00 2001 From: mini-pc-01 Date: Sun, 8 Feb 2026 22:54:08 +0100 Subject: [PATCH 40/40] added scripts + readme typo --- .gitignore | 3 +++ README.md | 2 +- start_all.sh | 3 +++ stop_all.sh | 3 +++ stop_very_all.sh | 1 + 5 files changed, 11 insertions(+), 1 deletion(-) create mode 100755 start_all.sh create mode 100755 stop_all.sh create mode 100755 stop_very_all.sh diff --git a/.gitignore b/.gitignore index 022e77e..83bd76f 100644 --- a/.gitignore +++ b/.gitignore @@ -29,4 +29,7 @@ # Keep utility files in root !.gitignore +!start_all.sh +!stop_all.sh +!stop_very_all.sh !README.md diff --git a/README.md b/README.md index 602e4fa..7b058d0 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ My very simple self-hosting setup. On my new mini-pc. Gettings things simpler & simpler overtime. -Check Old_TSDPROXT for old setup. +Check branch : archive_01 for old setup. Not 100% reproductible (Maybe one day NixOs?), some light debugging & manual adjust when migrating. See random dump at the end diff --git a/start_all.sh b/start_all.sh new file mode 100755 index 0000000..1aae618 --- /dev/null +++ b/start_all.sh @@ -0,0 +1,3 @@ +for d in Containers/*/ ; do + docker compose -f "$d/compose.yaml" up -d +done diff --git a/stop_all.sh b/stop_all.sh new file mode 100755 index 0000000..e3d0f11 --- /dev/null +++ b/stop_all.sh @@ -0,0 +1,3 @@ +for d in Containers/*/ ; do + docker compose -f "$d/compose.yaml" down +done diff --git a/stop_very_all.sh b/stop_very_all.sh new file mode 100755 index 0000000..183578c --- /dev/null +++ b/stop_very_all.sh @@ -0,0 +1 @@ +docker stop $(docker ps -a -q)