commit 286a7e9a038395d78a986748f013dd9a62895495 Author: cedric Date: Sun Nov 30 16:29:43 2025 +0100 First commit diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..89d29d9 --- /dev/null +++ b/TODO.md @@ -0,0 +1,4 @@ +- geeftlist +- kresus +- languagetool +- libretranslate \ No newline at end of file diff --git a/adguard/install/adguard.compose.yaml b/adguard/install/adguard.compose.yaml new file mode 100644 index 0000000..bdaeb68 --- /dev/null +++ b/adguard/install/adguard.compose.yaml @@ -0,0 +1,76 @@ +version: '3.8' # Define the version of the Compose file format + +services: + adguardhome: + image: adguard/adguardhome:v0.107.69 + container_name: adguard + hostname: adguard + restart: unless-stopped + ports: + # "Plain" DNS server + - "53:53/tcp" + - "53:53/udp" + + # Initial AdGuard Home setup wizard + - "3000:3000" + + # Administration panel (HTTP) + - "8080:80" + + # Administration panel (HTTPS) / DNS-over-HTTPS (DoH) server + - "4443:443" + - "4443:443/udp" + + # The following ports are exposed internally by the AdGuard Home image + # because they are declared as EXPOSE in its Dockerfile (but they will + # NOT be accessible from outside the host unless published in this file) + # ss -tuln | grep -E '67|68|853|5443|6060' + + # DNS-over-TLS server + # - "853:853/tcp" + + # DNS-over-QUIC server + # - "784:784/udp" + # - "853:853/udp" + # - "8853:8853/udp" + + # DNSCrypt server + # - "5443:5443/tcp" + # - "5443:5443/udp" + + volumes: + - /etc/localtime:/etc/localtime:ro + - /srv/docker/adguard/work:/opt/adguardhome/work + - /srv/docker/adguard/conf:/opt/adguardhome/conf + + networks: + - dnsnet + + unbound: + image: klutchell/unbound:v1.23.1 + container_name: unbound + restart: unless-stopped + ports: + - "5335:5335/tcp" + - "5335:5335/udp" + volumes: + - /etc/localtime:/etc/localtime:ro + - /srv/docker/unbound/unbound.conf:/etc/unbound/custom.conf.d/unbound.conf + + # Si vous souhaitez un journal (log) externe, créez ce fichier et définissez-le dans 'unbound.conf' + - /srv/docker/unbound/unbound.log:/var/log/unbound.log + + # Le Dockerfile de cette image télécharge le fichier 'root.hints' + # et génère le fichier 'root.key' + # https://github.com/klutchell/unbound-docker/blob/main/Dockerfile + # - ./unbound/root.hints:/var/lib/unbound/root.hints + # - ./unbound/root.key:/var/lib/unbound/root.key + + # Répertoire pour le socket 'unbound.ctl' (remote control) + - /srv/docker/unbound/run:/run + networks: + - dnsnet + +networks: + dnsnet: + driver: bridge diff --git a/adguard/install/docker.compose.yaml b/adguard/install/docker.compose.yaml new file mode 100644 index 0000000..bdaeb68 --- /dev/null +++ b/adguard/install/docker.compose.yaml @@ -0,0 +1,76 @@ +version: '3.8' # Define the version of the Compose file format + +services: + adguardhome: + image: adguard/adguardhome:v0.107.69 + container_name: adguard + hostname: adguard + restart: unless-stopped + ports: + # "Plain" DNS server + - "53:53/tcp" + - "53:53/udp" + + # Initial AdGuard Home setup wizard + - "3000:3000" + + # Administration panel (HTTP) + - "8080:80" + + # Administration panel (HTTPS) / DNS-over-HTTPS (DoH) server + - "4443:443" + - "4443:443/udp" + + # The following ports are exposed internally by the AdGuard Home image + # because they are declared as EXPOSE in its Dockerfile (but they will + # NOT be accessible from outside the host unless published in this file) + # ss -tuln | grep -E '67|68|853|5443|6060' + + # DNS-over-TLS server + # - "853:853/tcp" + + # DNS-over-QUIC server + # - "784:784/udp" + # - "853:853/udp" + # - "8853:8853/udp" + + # DNSCrypt server + # - "5443:5443/tcp" + # - "5443:5443/udp" + + volumes: + - /etc/localtime:/etc/localtime:ro + - /srv/docker/adguard/work:/opt/adguardhome/work + - /srv/docker/adguard/conf:/opt/adguardhome/conf + + networks: + - dnsnet + + unbound: + image: klutchell/unbound:v1.23.1 + container_name: unbound + restart: unless-stopped + ports: + - "5335:5335/tcp" + - "5335:5335/udp" + volumes: + - /etc/localtime:/etc/localtime:ro + - /srv/docker/unbound/unbound.conf:/etc/unbound/custom.conf.d/unbound.conf + + # Si vous souhaitez un journal (log) externe, créez ce fichier et définissez-le dans 'unbound.conf' + - /srv/docker/unbound/unbound.log:/var/log/unbound.log + + # Le Dockerfile de cette image télécharge le fichier 'root.hints' + # et génère le fichier 'root.key' + # https://github.com/klutchell/unbound-docker/blob/main/Dockerfile + # - ./unbound/root.hints:/var/lib/unbound/root.hints + # - ./unbound/root.key:/var/lib/unbound/root.key + + # Répertoire pour le socket 'unbound.ctl' (remote control) + - /srv/docker/unbound/run:/run + networks: + - dnsnet + +networks: + dnsnet: + driver: bridge diff --git a/adguard/install/traefik.compose.yaml b/adguard/install/traefik.compose.yaml new file mode 100644 index 0000000..27f0b43 --- /dev/null +++ b/adguard/install/traefik.compose.yaml @@ -0,0 +1,35 @@ +version: '3.9' + +services: + traefik: + image: traefik:3.6.1 + container_name: traefik + restart: unless-stopped + command: + - "--api.dashboard=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.watch=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + ports: + - "80:80" + - "8443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - traefik-letsencrypt:/letsencrypt + networks: + - http-proxy + +volumes: + traefik-letsencrypt: + +networks: + http-proxy: + external: true diff --git a/adguard/install/traefik.env b/adguard/install/traefik.env new file mode 100644 index 0000000..b88c068 --- /dev/null +++ b/adguard/install/traefik.env @@ -0,0 +1 @@ +ACME_EMAIL=contact@pinte.net \ No newline at end of file diff --git a/ddns/install/ddns.compose.yaml b/ddns/install/ddns.compose.yaml new file mode 100644 index 0000000..0cdbb91 --- /dev/null +++ b/ddns/install/ddns.compose.yaml @@ -0,0 +1,35 @@ +version: "3.7" +services: + ddns-updater: + image: qmcgaw/ddns-updater + container_name: ddns-updater + network_mode: bridge + ports: + - 9999:8000/tcp + volumes: + - /srv/docker/ddns-updater/data:/updater/data + environment: + - CONFIG= + - PERIOD=5m + - UPDATE_COOLDOWN_PERIOD=5m + - PUBLICIP_FETCHERS=all + - PUBLICIP_HTTP_PROVIDERS=all + - PUBLICIPV4_HTTP_PROVIDERS=all + - PUBLICIPV6_HTTP_PROVIDERS=all + - PUBLICIP_DNS_PROVIDERS=all + - PUBLICIP_DNS_TIMEOUT=3s + - HTTP_TIMEOUT=10s + + # Web UI + - LISTENING_ADDRESS=:8000 + - ROOT_URL=/ + + # Backup + - BACKUP_PERIOD=0 # 0 to disable + - BACKUP_DIRECTORY=/updater/data + + # Other + - LOG_LEVEL=info + - LOG_CALLER=hidden + - SHOUTRRR_ADDRESSES= + restart: always diff --git a/ddns/install/traefik.compose.yaml b/ddns/install/traefik.compose.yaml new file mode 100644 index 0000000..27f0b43 --- /dev/null +++ b/ddns/install/traefik.compose.yaml @@ -0,0 +1,35 @@ +version: '3.9' + +services: + traefik: + image: traefik:3.6.1 + container_name: traefik + restart: unless-stopped + command: + - "--api.dashboard=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.watch=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + ports: + - "80:80" + - "8443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - traefik-letsencrypt:/letsencrypt + networks: + - http-proxy + +volumes: + traefik-letsencrypt: + +networks: + http-proxy: + external: true diff --git a/ddns/install/traefik.env b/ddns/install/traefik.env new file mode 100644 index 0000000..b88c068 --- /dev/null +++ b/ddns/install/traefik.env @@ -0,0 +1 @@ +ACME_EMAIL=contact@pinte.net \ No newline at end of file diff --git a/drawio/install/drawio.compose.yaml b/drawio/install/drawio.compose.yaml new file mode 100644 index 0000000..44f1728 --- /dev/null +++ b/drawio/install/drawio.compose.yaml @@ -0,0 +1,8 @@ +version: "3.3" +services: + drawio: + container_name: drawio + image: jgraph/drawio + ports: + - "4410:8443" + restart: unless-stopped diff --git a/drawio/install/traefik.compose.yaml b/drawio/install/traefik.compose.yaml new file mode 100644 index 0000000..27f0b43 --- /dev/null +++ b/drawio/install/traefik.compose.yaml @@ -0,0 +1,35 @@ +version: '3.9' + +services: + traefik: + image: traefik:3.6.1 + container_name: traefik + restart: unless-stopped + command: + - "--api.dashboard=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.watch=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + ports: + - "80:80" + - "8443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - traefik-letsencrypt:/letsencrypt + networks: + - http-proxy + +volumes: + traefik-letsencrypt: + +networks: + http-proxy: + external: true diff --git a/drawio/install/traefik.env b/drawio/install/traefik.env new file mode 100644 index 0000000..b88c068 --- /dev/null +++ b/drawio/install/traefik.env @@ -0,0 +1 @@ +ACME_EMAIL=contact@pinte.net \ No newline at end of file diff --git a/forgejo/install/forgejo.compose.yaml b/forgejo/install/forgejo.compose.yaml new file mode 100644 index 0000000..164e50b --- /dev/null +++ b/forgejo/install/forgejo.compose.yaml @@ -0,0 +1,59 @@ +version: '3.8' +services: + db: + image: postgres:17 + container_name: forgejo-db + volumes: + - /srv/docker/forgejo/pgdata:/var/lib/postgresql/data + environment: + POSTGRES_USER: ${DATABASE_USER} + POSTGRES_PASSWORD: ${DATABASE_PASSWORD} + POSTGRES_DB: ${DATABASE_NAME} + restart: unless-stopped + networks: + - internal + healthcheck: + test: ["CMD-SHELL", "pg_isready -U ${DATABASE_USER} -d ${DATABASE_NAME}"] + interval: 5s + timeout: 5s + retries: 5 + start_period: 10s + forgejo: + image: codeberg.org/forgejo/forgejo:11.0.8 + container_name: forgejo + depends_on: + db: + condition: service_healthy + ports: + - "8822:22" # Port pour SSH (optionnel) + volumes: + - /srv/docker/forgejo/data:/data + - /srv/docker/forgejo/data/config/app.ini:/etc/forgejo/app.ini + environment: + DATABASE_TYPE: ${DATABASE_TYPE} + DATABASE_HOST: db + DATABASE_PORT: ${DATABASE_PORT} + DATABASE_USER: ${DATABASE_USER} + DATABASE_PASSWORD: ${DATABASE_PASSWORD} + DATABASE_NAME: ${DATABASE_NAME} + ROOT_URL: ${ROOT_URL} + LFS_ENABLED: ${LFS_ENABLED} + OFFLINE_MODE: ${OFFLINE_MODE} + labels: + - "traefik.enable=true" + - "traefik.http.routers.forgejo.rule=Host(`${VIRTUAL_HOST}`)" + - "traefik.http.routers.forgejo.entrypoints=websecure" + - "traefik.http.routers.forgejo.tls=true" + - "traefik.http.routers.forgejo.tls.certresolver=myresolver" + - "traefik.http.services.forgejo.loadbalancer.server.port=3000" + - "traefik.docker.network=http-proxy" + restart: unless-stopped + networks: + - http-proxy + - internal + +networks: + http-proxy: + external: true + internal: + driver: bridge \ No newline at end of file diff --git a/forgejo/install/forgejo.env b/forgejo/install/forgejo.env new file mode 100644 index 0000000..87610f8 --- /dev/null +++ b/forgejo/install/forgejo.env @@ -0,0 +1,10 @@ +DATABASE_TYPE=postgres +DATABASE_HOST=db +DATABASE_PORT=5432 +DATABASE_USER=forgejo +DATABASE_PASSWORD=DdjwlRBeO2zL6us84qBIqBLKX5hdsOs1 +DATABASE_NAME=forgejo +ROOT_URL=https://src.alamaison.me +LFS_ENABLED=true +OFFLINE_MODE=false +VIRTUAL_HOST=src.alamaison.me \ No newline at end of file diff --git a/forgejo/install/traefik.compose.yaml b/forgejo/install/traefik.compose.yaml new file mode 100644 index 0000000..27f0b43 --- /dev/null +++ b/forgejo/install/traefik.compose.yaml @@ -0,0 +1,35 @@ +version: '3.9' + +services: + traefik: + image: traefik:3.6.1 + container_name: traefik + restart: unless-stopped + command: + - "--api.dashboard=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.watch=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + ports: + - "80:80" + - "8443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - traefik-letsencrypt:/letsencrypt + networks: + - http-proxy + +volumes: + traefik-letsencrypt: + +networks: + http-proxy: + external: true diff --git a/forgejo/install/traefik.env b/forgejo/install/traefik.env new file mode 100644 index 0000000..b88c068 --- /dev/null +++ b/forgejo/install/traefik.env @@ -0,0 +1 @@ +ACME_EMAIL=contact@pinte.net \ No newline at end of file diff --git a/freshrss/install/freshrss.compose.yaml b/freshrss/install/freshrss.compose.yaml new file mode 100644 index 0000000..aed3d46 --- /dev/null +++ b/freshrss/install/freshrss.compose.yaml @@ -0,0 +1,45 @@ +version: "3" + +services: + freshrss: + image: freshrss/freshrss:latest + container_name: freshrss + restart: unless-stopped + labels: + - "traefik.enable=true" + - "traefik.http.routers.freshrss.rule=Host(`${VIRTUAL_HOST}`)" + - "traefik.http.routers.freshrss.entrypoints=websecure" + - "traefik.http.routers.freshrss.tls=true" + - "traefik.http.routers.freshrss.tls.certresolver=myresolver" + - "traefik.http.services.freshrss.loadbalancer.server.port=80" + - "traefik.docker.network=http-proxy" + networks: + - http-proxy + - internal + depends_on: + - db + environment: + TZ: "${FRESHRSS_TZ}" + CRON_MIN: "${FRESHRSS_CRON_MIN}" + volumes: + - /srv/docker/freshrss/data:/var/www/FreshRSS/data + - /srv/docker/freshrss/extensions:/var/www/FreshRSS/extensions + + db: + image: postgres:17 + container_name: freshrss-db + restart: unless-stopped + environment: + POSTGRES_USER: "${POSTGRES_USER}" + POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}" + POSTGRES_DB: "${POSTGRES_DB}" + volumes: + - /srv/docker/freshrss/pgdata:/var/lib/postgresql/data + networks: + - internal + +networks: + http-proxy: + external: true + internal: + driver: bridge \ No newline at end of file diff --git a/freshrss/install/freshrss.env b/freshrss/install/freshrss.env new file mode 100644 index 0000000..ac77ea4 --- /dev/null +++ b/freshrss/install/freshrss.env @@ -0,0 +1,7 @@ +FRESHRSS_TZ=Europe/Paris +FRESHRSS_CRON_MIN=*/30 +POSTGRES_USER=freshrss +POSTGRES_PASSWORD=8En6KCnYgQ>>p6LXA2)f`6Ax