First commit

TODO.md

@@ -0,0 +1,4 @@
+- geeftlist
+- kresus
+- languagetool
+- libretranslate

adguard/install/adguard.compose.yaml

@@ -0,0 +1,76 @@
+version: '3.8'  # Define the version of the Compose file format
+
+services:
+  adguardhome:
+    image: adguard/adguardhome:v0.107.69
+    container_name: adguard
+    hostname: adguard
+    restart: unless-stopped
+    ports:
+      # "Plain" DNS server
+      - "53:53/tcp"
+      - "53:53/udp"
+
+      # Initial AdGuard Home setup wizard
+      - "3000:3000"
+
+      # Administration panel (HTTP)
+      - "8080:80"
+
+      # Administration panel (HTTPS) / DNS-over-HTTPS (DoH) server
+      - "4443:443"
+      - "4443:443/udp"
+
+      # The following ports are exposed internally by the AdGuard Home image
+      # because they are declared as EXPOSE in its Dockerfile (but they will
+      # NOT be accessible from outside the host unless published in this file)
+      # ss -tuln | grep -E '67|68|853|5443|6060'
+
+      # DNS-over-TLS server
+      # - "853:853/tcp"
+
+      # DNS-over-QUIC server
+      # - "784:784/udp"
+      # - "853:853/udp"
+      # - "8853:8853/udp"
+
+      # DNSCrypt server
+      # - "5443:5443/tcp"
+      # - "5443:5443/udp"
+
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /srv/docker/adguard/work:/opt/adguardhome/work
+      - /srv/docker/adguard/conf:/opt/adguardhome/conf
+
+    networks:
+      - dnsnet
+
+  unbound:
+    image: klutchell/unbound:v1.23.1
+    container_name: unbound
+    restart: unless-stopped
+    ports:
+      - "5335:5335/tcp"
+      - "5335:5335/udp"
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /srv/docker/unbound/unbound.conf:/etc/unbound/custom.conf.d/unbound.conf
+
+      # Si vous souhaitez un journal (log) externe, créez ce fichier et définissez-le dans 'unbound.conf'
+      - /srv/docker/unbound/unbound.log:/var/log/unbound.log
+
+      # Le Dockerfile de cette image télécharge le fichier 'root.hints'
+      # et génère le fichier 'root.key'
+      # https://github.com/klutchell/unbound-docker/blob/main/Dockerfile
+      # - ./unbound/root.hints:/var/lib/unbound/root.hints
+      # - ./unbound/root.key:/var/lib/unbound/root.key
+
+      # Répertoire pour le socket 'unbound.ctl' (remote control)
+      - /srv/docker/unbound/run:/run
+    networks:
+      - dnsnet
+
+networks:
+  dnsnet:
+    driver: bridge

adguard/install/docker.compose.yaml

@@ -0,0 +1,76 @@
+version: '3.8'  # Define the version of the Compose file format
+
+services:
+  adguardhome:
+    image: adguard/adguardhome:v0.107.69
+    container_name: adguard
+    hostname: adguard
+    restart: unless-stopped
+    ports:
+      # "Plain" DNS server
+      - "53:53/tcp"
+      - "53:53/udp"
+
+      # Initial AdGuard Home setup wizard
+      - "3000:3000"
+
+      # Administration panel (HTTP)
+      - "8080:80"
+
+      # Administration panel (HTTPS) / DNS-over-HTTPS (DoH) server
+      - "4443:443"
+      - "4443:443/udp"
+
+      # The following ports are exposed internally by the AdGuard Home image
+      # because they are declared as EXPOSE in its Dockerfile (but they will
+      # NOT be accessible from outside the host unless published in this file)
+      # ss -tuln | grep -E '67|68|853|5443|6060'
+
+      # DNS-over-TLS server
+      # - "853:853/tcp"
+
+      # DNS-over-QUIC server
+      # - "784:784/udp"
+      # - "853:853/udp"
+      # - "8853:8853/udp"
+
+      # DNSCrypt server
+      # - "5443:5443/tcp"
+      # - "5443:5443/udp"
+
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /srv/docker/adguard/work:/opt/adguardhome/work
+      - /srv/docker/adguard/conf:/opt/adguardhome/conf
+
+    networks:
+      - dnsnet
+
+  unbound:
+    image: klutchell/unbound:v1.23.1
+    container_name: unbound
+    restart: unless-stopped
+    ports:
+      - "5335:5335/tcp"
+      - "5335:5335/udp"
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /srv/docker/unbound/unbound.conf:/etc/unbound/custom.conf.d/unbound.conf
+
+      # Si vous souhaitez un journal (log) externe, créez ce fichier et définissez-le dans 'unbound.conf'
+      - /srv/docker/unbound/unbound.log:/var/log/unbound.log
+
+      # Le Dockerfile de cette image télécharge le fichier 'root.hints'
+      # et génère le fichier 'root.key'
+      # https://github.com/klutchell/unbound-docker/blob/main/Dockerfile
+      # - ./unbound/root.hints:/var/lib/unbound/root.hints
+      # - ./unbound/root.key:/var/lib/unbound/root.key
+
+      # Répertoire pour le socket 'unbound.ctl' (remote control)
+      - /srv/docker/unbound/run:/run
+    networks:
+      - dnsnet
+
+networks:
+  dnsnet:
+    driver: bridge

adguard/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

adguard/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

ddns/install/ddns.compose.yaml

@@ -0,0 +1,35 @@
+version: "3.7"
+services:
+  ddns-updater:
+    image: qmcgaw/ddns-updater
+    container_name: ddns-updater
+    network_mode: bridge
+    ports:
+      - 9999:8000/tcp
+    volumes:
+      - /srv/docker/ddns-updater/data:/updater/data
+    environment:
+      - CONFIG=
+      - PERIOD=5m
+      - UPDATE_COOLDOWN_PERIOD=5m
+      - PUBLICIP_FETCHERS=all
+      - PUBLICIP_HTTP_PROVIDERS=all
+      - PUBLICIPV4_HTTP_PROVIDERS=all
+      - PUBLICIPV6_HTTP_PROVIDERS=all
+      - PUBLICIP_DNS_PROVIDERS=all
+      - PUBLICIP_DNS_TIMEOUT=3s
+      - HTTP_TIMEOUT=10s
+
+      # Web UI
+      - LISTENING_ADDRESS=:8000
+      - ROOT_URL=/
+
+      # Backup
+      - BACKUP_PERIOD=0 # 0 to disable
+      - BACKUP_DIRECTORY=/updater/data
+
+      # Other
+      - LOG_LEVEL=info
+      - LOG_CALLER=hidden
+      - SHOUTRRR_ADDRESSES=
+    restart: always

ddns/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

ddns/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

drawio/install/drawio.compose.yaml

@@ -0,0 +1,8 @@
+version: "3.3"
+services:
+  drawio:
+    container_name: drawio
+    image: jgraph/drawio
+    ports:
+      - "4410:8443"
+    restart: unless-stopped

drawio/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

drawio/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

forgejo/install/forgejo.compose.yaml

@@ -0,0 +1,59 @@
+version: '3.8'
+services:
+  db:
+    image: postgres:17
+    container_name: forgejo-db
+    volumes:
+      - /srv/docker/forgejo/pgdata:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: ${DATABASE_USER}
+      POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
+      POSTGRES_DB: ${DATABASE_NAME}
+    restart: unless-stopped
+    networks:
+      - internal
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${DATABASE_USER} -d ${DATABASE_NAME}"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+  forgejo:
+    image: codeberg.org/forgejo/forgejo:11.0.8
+    container_name: forgejo
+    depends_on:
+      db:
+        condition: service_healthy
+    ports:
+      - "8822:22"   # Port pour SSH (optionnel)
+    volumes:
+      - /srv/docker/forgejo/data:/data
+      - /srv/docker/forgejo/data/config/app.ini:/etc/forgejo/app.ini
+    environment:
+      DATABASE_TYPE: ${DATABASE_TYPE}
+      DATABASE_HOST: db
+      DATABASE_PORT: ${DATABASE_PORT}
+      DATABASE_USER: ${DATABASE_USER}
+      DATABASE_PASSWORD: ${DATABASE_PASSWORD}
+      DATABASE_NAME: ${DATABASE_NAME}
+      ROOT_URL: ${ROOT_URL}
+      LFS_ENABLED: ${LFS_ENABLED}
+      OFFLINE_MODE: ${OFFLINE_MODE}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.forgejo.rule=Host(`${VIRTUAL_HOST}`)"
+      - "traefik.http.routers.forgejo.entrypoints=websecure"
+      - "traefik.http.routers.forgejo.tls=true"
+      - "traefik.http.routers.forgejo.tls.certresolver=myresolver"
+      - "traefik.http.services.forgejo.loadbalancer.server.port=3000"
+      - "traefik.docker.network=http-proxy"
+    restart: unless-stopped
+    networks:
+      - http-proxy
+      - internal
+
+networks:
+  http-proxy:
+    external: true
+  internal:
+    driver: bridge

forgejo/install/forgejo.env

@@ -0,0 +1,10 @@
+DATABASE_TYPE=postgres
+DATABASE_HOST=db
+DATABASE_PORT=5432
+DATABASE_USER=forgejo
+DATABASE_PASSWORD=DdjwlRBeO2zL6us84qBIqBLKX5hdsOs1
+DATABASE_NAME=forgejo
+ROOT_URL=https://src.alamaison.me
+LFS_ENABLED=true
+OFFLINE_MODE=false
+VIRTUAL_HOST=src.alamaison.me

forgejo/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

forgejo/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

freshrss/install/freshrss.compose.yaml

@@ -0,0 +1,45 @@
+version: "3"
+
+services:
+  freshrss:
+    image: freshrss/freshrss:latest
+    container_name: freshrss
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.freshrss.rule=Host(`${VIRTUAL_HOST}`)"
+      - "traefik.http.routers.freshrss.entrypoints=websecure"
+      - "traefik.http.routers.freshrss.tls=true"
+      - "traefik.http.routers.freshrss.tls.certresolver=myresolver"
+      - "traefik.http.services.freshrss.loadbalancer.server.port=80"
+      - "traefik.docker.network=http-proxy"
+    networks:
+      - http-proxy
+      - internal
+    depends_on:
+      - db
+    environment:
+      TZ: "${FRESHRSS_TZ}"
+      CRON_MIN: "${FRESHRSS_CRON_MIN}"
+    volumes:
+      - /srv/docker/freshrss/data:/var/www/FreshRSS/data
+      - /srv/docker/freshrss/extensions:/var/www/FreshRSS/extensions
+
+  db:
+    image: postgres:17
+    container_name: freshrss-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: "${POSTGRES_USER}"
+      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
+      POSTGRES_DB: "${POSTGRES_DB}"
+    volumes:
+      - /srv/docker/freshrss/pgdata:/var/lib/postgresql/data
+    networks:
+      - internal
+
+networks:
+  http-proxy:
+    external: true
+  internal:
+    driver: bridge

freshrss/install/freshrss.env

@@ -0,0 +1,7 @@
+FRESHRSS_TZ=Europe/Paris
+FRESHRSS_CRON_MIN=*/30
+POSTGRES_USER=freshrss
+POSTGRES_PASSWORD=8En6KCnYgQ>>p6LXA2)f`6Ax<AvB
+POSTGRES_DB=freshrss
+FRESHRSS_PORT=8080
+VIRTUAL_HOST=rss.alamaison.me

freshrss/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

freshrss/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

homepage/install/homepage.compose.yaml

@@ -0,0 +1,26 @@
+version: '3.8'
+
+services:
+  web:
+    image: nginx:alpine
+    container_name: homepage
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.homepage.rule=Host(`${VIRTUAL_HOST}`)"
+      - "traefik.http.routers.homepage.entrypoints=websecure"
+      - "traefik.http.routers.homepage.tls=true"
+      - "traefik.http.routers.homepage.tls.certresolver=myresolver"
+      - "traefik.http.routers.homepage-http.rule=Host(`${VIRTUAL_HOST}`)"
+      - "traefik.http.routers.homepage-http.entrypoints=web"
+      - "traefik.http.routers.homepage-http.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      - "traefik.docker.network=http-proxy"
+    volumes:
+      - /srv/docker/homepage/www:/usr/share/nginx/html:ro
+    networks:
+      - http-proxy
+
+networks:
+  http-proxy:
+    external: true

homepage/install/homepage.env

@@ -0,0 +1,2 @@
+VIRTUAL_HOST=alamaison.me
+VIRTUAL_LOCAL_HOST=alamaison.local

homepage/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

homepage/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

luanti/install/luanti.compose.yaml

@@ -0,0 +1,24 @@
+version: "3.8"
+
+services:
+  luanti:
+    image: lscr.io/linuxserver/luanti:latest
+    container_name: luanti
+
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Paris
+      # Laisse vide pour le jeu par défaut (minetest_game)
+      - CLI_ARGS=--gameid mineclone --port 30000
+
+    volumes:
+      # Contient mondes, mods, config, etc.
+      - /srv/docker/luanti/config:/config/.minetest
+
+    ports:
+      # Port standard du serveur Minetest/Luanti
+      - 30000:30000/udp
+
+    restart: unless-stopped
+

luanti/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

luanti/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

nextcloud/install/nextcloud.compose.yaml

@@ -0,0 +1,82 @@
+services:
+  db:
+    image: postgres:16-alpine
+    container_name: nextcloud-db
+    restart: always
+    volumes:
+      - /srv/docker/nextcloud/pgdata:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+    networks:
+      - default
+
+  redis:
+    image: redis:alpine
+    container_name: nextcloud-redis
+    restart: always
+    networks:
+      - default
+
+  app:
+    image: nextcloud
+    container_name: nextcloud-app
+    restart: always
+    depends_on:
+      - db
+      - redis
+    volumes:
+      - /srv/docker/nextcloud/app:/var/www/html
+    environment:
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_HOST=db
+    labels:
+      - "traefik.enable=true"
+      
+      # Route HTTPS principale
+      - "traefik.http.routers.nextcloud.rule=Host(`cloud.alamaison.me`)"
+      
+      - "traefik.http.routers.nextcloud.entrypoints=websecure"
+      - "traefik.http.routers.nextcloud.tls=true"
+      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
+      
+      - "traefik.http.routers.http-catch.rule=Host(`cloud.alamaison.me`)"
+      - "traefik.http.routers.http-catch.entrypoints=web"
+      - "traefik.http.routers.http-catch.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+
+      # Cible le bon port interne (Apache dans le conteneur Nextcloud)
+      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
+
+      # Réseau utilisé par Traefik
+      - "traefik.docker.network=http-proxy"
+
+      # Middleware : Headers recommandés pour WebDAV et sécurité
+      - "traefik.http.middlewares.nextcloud-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.nextcloud-headers.headers.customresponseheaders.Strict-Transport-Security=max-age=15552000; includeSubDomains; preload"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsSeconds=15552000"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsPreload=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.browserXssFilter=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.contentTypeNosniff=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.referrerPolicy=no-referrer"
+      - "traefik.http.middlewares.nextcloud-headers.headers.permissionsPolicy=interest-cohort=()"
+
+      # Middleware : Upload illimité (buffering)
+      - "traefik.http.middlewares.nextcloud-upload.buffering.maxRequestBodyBytes=0"
+      - "traefik.http.middlewares.nextcloud-upload.buffering.memRequestBodyBytes=0"
+
+      # Appliquer les middlewares à la route
+      - "traefik.http.routers.nextcloud.middlewares=nextcloud-headers,nextcloud-upload"
+
+    networks:
+      - http-proxy
+      - default
+
+networks:
+  http-proxy:
+    external: true

nextcloud/install/nextcloud.env

@@ -0,0 +1,3 @@
+POSTGRES_DB=nextcloud
+POSTGRES_USER=nextcloud
+POSTGRES_PASSWORD=8PXUQ9zE5Ql7Mg2F4BeF6z85omh76uqo

nextcloud/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

nextcloud/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

portainer/install/portainer.compose.yaml

@@ -0,0 +1,15 @@
+services:
+  portainer_new:
+    image: portainer/portainer-ce:2.33.4
+    container_name: portainer_trixie
+    restart: always
+    ports:
+      - "8888:9000"
+      - "9443:9443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer_trixie:/data
+
+volumes:
+  portainer_trixie:
+    name: portainer_trixie

portainer/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

portainer/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

pyload/install/pyload.compose.yaml

@@ -0,0 +1,17 @@
+version: "3.8"
+
+services:
+  pyload-ng:
+    image: lscr.io/linuxserver/pyload-ng:latest
+    container_name: pyload-ng
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+    volumes:
+      - /srv/docker/pyload/data:/config
+      - /srv/docker/pyload/download:/downloads
+    ports:
+      - 8000:8000
+      - 9666:9666
+    restart: unless-stopped

pyload/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

pyload/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

shaarli/install/shaarli.compose.yaml

@@ -0,0 +1,33 @@
+version: '3.8'
+
+# After apply launch this :
+# docker exec -ti shaarli chown -R nginx:nginx /var/www/shaarli/data
+# docker exec -ti shaarli chown -R nginx:nginx /var/www/shaarli/cache
+
+services:
+  shaarli:
+    image: shaarli/shaarli:v0.15.0
+    container_name: shaarli
+    restart: unless-stopped
+
+    environment:
+      TZ: "${SHAARLI_TZ}"
+      
+    volumes:
+      - /srv/docker/shaarli/data:/var/www/shaarli/data
+      - /srv/docker/shaarli/cache:/var/www/shaarli/cache
+
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.shaarli.rule=Host(`${VIRTUAL_HOST}`)"
+      - "traefik.http.routers.shaarli.entrypoints=websecure"
+      - "traefik.http.routers.shaarli.tls=true"
+      - "traefik.http.routers.shaarli.tls.certresolver=myresolver"
+      - "traefik.http.services.shaarli.loadbalancer.server.port=80"
+
+    networks:
+      - http-proxy
+
+networks:
+  http-proxy:
+    external: true

shaarli/install/shaarli.env

@@ -0,0 +1,2 @@
+VIRTUAL_HOST=liens.alamaison.me
+SHAARLI_TZ=Europe/Paris

shaarli/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

shaarli/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

snappymail/install/snappymail.compose.yaml

@@ -0,0 +1,23 @@
+version: '3'
+services:
+  snappymail:
+    image: 'djmaze/snappymail:v2.38.2'
+    container_name: snappymail
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.snappymail.rule=Host(`${VIRTUAL_HOST}`)"
+      - "traefik.http.routers.snappymail.entrypoints=websecure"
+      - "traefik.http.routers.snappymail.tls=true"
+      - "traefik.http.routers.snappymail.tls.certresolver=myresolver"
+      - "traefik.http.services.snappymail.loadbalancer.server.port=8888"
+    networks:
+      - http-proxy
+    volumes:
+      - /srv/docker/snappymail/data/:/snappymail/data/
+    restart: unless-stopped
+
+
+
+networks:
+  http-proxy:
+    external: true

snappymail/install/snappymail.env

@@ -0,0 +1 @@
+VIRTUAL_HOST=courriel.alamaison.me

snappymail/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

snappymail/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net

traefik/install/traefik.compose.yaml

@@ -0,0 +1,35 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:3.6.1
+    container_name: traefik
+    restart: unless-stopped
+    command:
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.watch=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" 
+    ports:
+      - "80:80"
+      - "8443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik-letsencrypt:/letsencrypt
+    networks:
+      - http-proxy
+
+volumes:
+  traefik-letsencrypt:
+
+networks:
+  http-proxy:
+    external: true

traefik/install/traefik.env

@@ -0,0 +1 @@
+ACME_EMAIL=contact@pinte.net