commit 89eff52d1b63ba9ffa785ce21942bafde11634b4 Author: Solomon Laing Date: Fri Jan 30 06:50:32 2026 +0000 initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..f0ac8cd --- /dev/null +++ b/README.md @@ -0,0 +1,189 @@ +# The Quad + +This is my current setup for managing a good portion of my cloud infrastructure. +I tried to do this with ansible in the past bug I couldn't be bothered finishing +it all. This, I like better. It's more accessible and straightforward. + +More info on [podman +quadlets](https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html). + +## Basics + +This repo contains all container definitions that I use. More can be added and +then just need to be symlinked to the user `systemd` directory followed by +running `systemctl --user daemon-reload`, at which point the container should be +picked up and started. + +``` +cd .config/containers/systemd/ +ln -s ~/repos/thequad/openhab/openhab.container . +systemctl --user daemon-reload +``` + +## Backups + +I haven't set this up yet but I'm going to use `restic` to back up the data +directories to both my NAS and to Backblaze B2. + +> More to come here... + +## Notes + +I've decided to store all of the container data in `/mnt/data/containers/` in a directory with +the containers name. This seemed most straightforward to me. + +`plucky-pinning.sh` provides a way to automatically pin podman to the version +released in Ubuntu 25.05 (Plucky). The reason this is useful is that the podman +v4 -> v5 transition introduces a lot of nice to haves (such as Pods) because +podman quadlets are still in active development. + +### Root containers + +`./drone-agent.container` is not rootless as it needs access to the +podman/docker socket to run containers for actions/pipelines. + +``` +sudo ln -s ~/repos/thequad/drone/* /etc/containers/systemd/ +``` + +### Rootless containers + +If you need the socket in a rootless container, see +[here](https://github.com/gethomepage/homepage/discussions/4013#discussioncomment-12135538) + +If you have issues binding ports; podman cannot create rootless containers that +bind to ports <= 1024 (see +[here](https://github.com/containers/podman/blob/main/rootless.md)), you can run +the following to update the systems settings to allow down to whaever you want +(80 here): + +``` +sudo sysctl net.ipv4.ip_unprivileged_port_start=80 +``` + +__NOTE__ this is changing your host's settings, not podman's, BE CAREFUL! + +### Homepage + +This requires some additional configuration, namely updating the file in the +containers data directory referenced +[here](https://gethomepage.dev/configs/docker/#using-socket-directly) and +setting up the podman socket for rootless access, see above. + +### ARR Suite + +Currnt thoughts for getting media automations set up are: + +Using: sonarr, radarr, prowlerr, profilerr, qbittorrent, and gluetun (connected +to protonvpn via a wireguard config) + +Things to work out: +- networking, I'll want to connect be able to connect locally, can I do this + with the vpn handling container network traffic? how should I set up the pod, + will it even need a network file, or will the gluetun container be the + network? + +Some references: +- [podman protonvpn and gluetun](https://beerstra.org/2024/07/12/vpn-enabled-podman-containers/) +- [docs](https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/protonvpn.md) + +UPDATES: + +I've set up usenet, I have sabnzbd for downloading and have switched off +qbittorrent, gluetun, and flaresolver. + +### Unifi Network Application + +Although easiest to migrate with a config export and import, I did need to +factory reset the devices, ssh into them with + +`ssh ubnt@` + +and the password of `ubnt` + +and run +``` +set-inform http://192.168.2.61:8080/inform +``` + +To resolve an issue where the devices were stuck in an infinite 'adopting' +state. + +### Photoprism + +UUUUUUUUHHHG, have to use CLI to add users, ffs. + +``` +photoprism users add -p your_password -r guest your_username +``` + +It does look like PP is the best option for self hosted though. + +[Managing users reference +guide/docs](https://docs.photoprism.app/user-guide/users/cli/#managing-user-accounts) + +I'm going to look into immich which also looks quite nice + +### Authelia + +I have set this up to provide auth if an when I need it, it's pretty simple to +integrate into caddy, look at the drone config in caddy for an example. More +complicated services like nextcloud might require more in depth configuration +but we'll cross that bridge when we get to it. + +I'm not going to include any references here as there's extensive documentation +out there and LLMs have a pretty good handle on it. One thing I will say, this +was quite hard to get set up. I'm not convinced my configuration file is 100% +correct and good but it does work. I have lldap running as the identity provider +(I guess) which is where you add users, and postgres as the database for both +lldap and authelia. + +### Defguard + +Mostly working, still need to work out the SSL for the gRPC endpoints. + +Also, the gateway needs to run as root for reasons I can't quite work out but +its got something to do with creating the network devices for the VPN. + +This is the first thing I've set up with proper use of env files which is nice +though. + +Endid up deciding to move this to a vim instead. + +I've completetly fucked this off, I'm keeping the files for posterity but even +the one click instill didn't work and given I have openvpn up and running just +fine I CBF. + +### wg-easy + +I'm trying to get a vpn set up and chose wg-easy, which is turing out not to be +easy. It's running but having trouble with the wg part of the whole thing. + +references: +- [docker-compose.yml](https://github.com/wg-easy/wg-easy/blob/master/docker-compose.yml) +- [wg-easy Caddy + docs](https://wg-easy.github.io/wg-easy/Pre-release/examples/tutorials/caddy/) +- [wireguard in podman blog + post](https://www.procustodibus.com/blog/2022/10/wireguard-in-podman/) + +I find it annoying that I have to make host changes to make this work but it +does sort of make sense given how tied to the network stack VPNs must be. + +I found my solution [here in the wg-easy +faq](https://wg-easy.github.io/wg-easy/v15.1/faq/), it was a kernel modules +issue. Also some good info and content +[here](https://wg-easy.github.io/wg-easy/v15.0/examples/tutorials/podman-nft/). +I'm hoping I can have the container rootless but we'll see, might need tobe +rootful given their docs. + +for reference: +``` +# POST UP +nft add table inet wg_table; nft add chain inet wg_table prerouting { type nat hook prerouting priority 100 \; }; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy accept \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy accept \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept; + +# POST DOWN + +nft delete table inet wg_table +``` + +seems to have done the trick, along with the kernel modules :D diff --git a/authelia/authelia-db.container b/authelia/authelia-db.container new file mode 100644 index 0000000..4c332bc --- /dev/null +++ b/authelia/authelia-db.container @@ -0,0 +1,30 @@ +[Unit] +Description=Authelia - DB + +[Container] +Pod=authelia.pod +ContainerName=authelia-db +Image=docker.io/library/postgres:17.2-bookworm + +# Environment=POSTGRES_PASSWORD= +# Environment=POSTGRES_USER= +# Environment=POSTGRES_DB= +EnvironmentFile=/mnt/data/containers/authelia/.env.db + +Volume=/mnt/data/containers/authelia/postgresql:/var/lib/postgresql/data +Volume=/etc/timezone:/etc/timezone:ro +Volume=/etc/localtime:/etc/localtime:ro + +# health check +HealthCmd=pg_isready -U pguser -d general +HealthInterval=5s +HealthRetries=3 +HealthStartPeriod=15s +HealthTimeout=30s + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/authelia/authelia-server.container b/authelia/authelia-server.container new file mode 100644 index 0000000..028d61f --- /dev/null +++ b/authelia/authelia-server.container @@ -0,0 +1,27 @@ +[Unit] +Description=Authelia - Server +After=network-online.target + +[Container] +Pod=authelia.pod +ContainerName=authelia-server +Image=docker.io/authelia/authelia:latest + +AutoUpdate=registry + +# all secrets and config need to be added to configuration.yml + +Volume=/mnt/data/containers/authelia/config:/config + +Label=homepage.group=Tech +Label=homepage.name=Authelia +Label=homepage.icon=authelia.png +Label=homepage.href=https://auth.inkletblot.com +Label=homepage.description="Auth Provider" + +[Service] +Restart=always +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/authelia/authelia.network b/authelia/authelia.network new file mode 100644 index 0000000..f4811b1 --- /dev/null +++ b/authelia/authelia.network @@ -0,0 +1,12 @@ +[Unit] +Description=Authelia network +After=network-online.target + +[Network] +NetworkName=authelia-network +Subnet=10.8.0.0/24 +Gateway=10.8.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/authelia/authelia.pod b/authelia/authelia.pod new file mode 100644 index 0000000..1cb2e8b --- /dev/null +++ b/authelia/authelia.pod @@ -0,0 +1,10 @@ +[Pod] +Network=authelia.network +PodName=authelia + +# Authelia frontend +PublishPort=9091:9091 + +# LLDAP frontend +PublishPort=17170:17170 + diff --git a/authelia/lldap-server.container b/authelia/lldap-server.container new file mode 100644 index 0000000..6d430db --- /dev/null +++ b/authelia/lldap-server.container @@ -0,0 +1,39 @@ +[Unit] +Description=LLDAP - Server + +[Container] +Pod=authelia.pod +ContainerName=lldap-server +Image=docker.io/lldap/lldap:stable + +# Environment=GID= +# Environment=UID= +# Environment=TZ= +# Environment=LLDAP_LDAP_BASE_DN= +# Environment=LLDAP_DATABASE_URL= +# Environment=LLDAP_LDAP_USER_EMAIL= +# Environment=LLDAP_LDAP_USER_PASS= + +# Environment=LLDAP_JWT_SECRET= +# Environment=LLDAP_KEY_SEED= +EnvironmentFile=/mnt/data/containers/authelia/.env.lldap + +# health check +HealthCmd=/app/lldap healthcheck +HealthInterval=30s +HealthRetries=3 +HealthStartPeriod=15s +HealthTimeout=30s + +Label=homepage.group=Tech +Label=homepage.name=LLDAP +Label=homepage.icon=lldap.png +Label=homepage.href=http://lldap.forest:17170 +Label=homepage.description="Authelia's IDP" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/caddy/caddy.container b/caddy/caddy.container new file mode 100644 index 0000000..372b0a8 --- /dev/null +++ b/caddy/caddy.container @@ -0,0 +1,29 @@ +[Unit] +Description=Caddy +After=network-online.target + +[Container] +Pod=caddy.pod +ContainerName=caddy +Image=docker.io/caddy:2.11 + +AutoUpdate=registry + +Volume=/mnt/data/containers/caddy/config:/config +Volume=/mnt/data/containers/caddy/data:/data +Volume=/mnt/data/containers/caddy/conf:/etc/caddy + +# for static site files +Volume=/mnt/data/containers/caddy/srv:/srv + +Label=homepage.group=Misc. +Label=homepage.name=Caddy +Label=homepage.icon=caddy.png +Label=homepage.description="Web Server" + +[Service] +Restart=always +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/caddy/caddy.network b/caddy/caddy.network new file mode 100644 index 0000000..a06af68 --- /dev/null +++ b/caddy/caddy.network @@ -0,0 +1,12 @@ +[Unit] +Description=Caddy network +After=network-online.target + +[Network] +NetworkName=caddy-network +Subnet=10.36.0.0/24 +Gateway=10.36.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/caddy/caddy.pod b/caddy/caddy.pod new file mode 100644 index 0000000..3974033 --- /dev/null +++ b/caddy/caddy.pod @@ -0,0 +1,9 @@ +[Pod] +PodName=caddy +Network=host + +# Network=caddy.network +# PublishPort=80:80 +# PublishPort=443:443 +# PublishPort=443:443/udp +# PublishPort=2019:2019 diff --git a/calibre/calibre.container b/calibre/calibre.container new file mode 100644 index 0000000..2e151c6 --- /dev/null +++ b/calibre/calibre.container @@ -0,0 +1,28 @@ +[Unit] +Description=Calibre - Server + +[Container] +Pod=calibre.pod +ContainerName=calibre +Image=lscr.io/linuxserver/calibre-web:latest + +# Environment=PUID= +# Environment=PGID= +# Environment=TZ= +EnvironmentFile=/mnt/data/containers/calibre/.env.calibre + +Volume=/mnt/data/containers/calibre/config:/config +Volume=/mnt/data/containers/calibre/library:/books + +Label=homepage.group=Life +Label=homepage.name=Calibre +Label=homepage.icon=calibre.png +Label=homepage.href=https://books.inkletblot.com +Label=homepage.description="Books" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/calibre/calibre.network b/calibre/calibre.network new file mode 100644 index 0000000..661a1fe --- /dev/null +++ b/calibre/calibre.network @@ -0,0 +1,9 @@ +[Unit] +Description=Calibre network +After=network-online.target + +[Network] +NetworkName=calibre-network + +[Install] +WantedBy=default.target diff --git a/calibre/calibre.pod b/calibre/calibre.pod new file mode 100644 index 0000000..c1d2cf7 --- /dev/null +++ b/calibre/calibre.pod @@ -0,0 +1,5 @@ +[Pod] +Network=calibre.network +PodName=calibre +PublishPort=8338:8083 + diff --git a/cryptgeon/cryptgeon-redis.container b/cryptgeon/cryptgeon-redis.container new file mode 100644 index 0000000..69d4bd8 --- /dev/null +++ b/cryptgeon/cryptgeon-redis.container @@ -0,0 +1,14 @@ +[Unit] +Description=Cryptgeon - Redis + +[Container] +Pod=cryptgeon.pod +ContainerName=cryptgeon-redis +Image=docker.io/library/redis:latest +AutoUpdate=registry + +[Service] +Restart=on-failure +RestartSec=5 +StartLimitBurst=5 + diff --git a/cryptgeon/cryptgeon.container b/cryptgeon/cryptgeon.container new file mode 100644 index 0000000..a214b0f --- /dev/null +++ b/cryptgeon/cryptgeon.container @@ -0,0 +1,27 @@ +[Unit] +Description=Cryptgeon - Server +After=cryptgeon-redis.service +Wants=cryptgeon-redis.service + +[Container] +Pod=cryptgeon.pod +ContainerName=cryptgeon +Image=docker.io/cupcakearmy/cryptgeon:latest +AutoUpdate=registry + +# Environment=SIZE_LIMIT= +# Environment=REDIS= +EnvironmentFile=/mnt/data/containers/cryptgeon/.env.cryptgeon + +Label=homepage.group=Tech +Label=homepage.name=Cryptgeon +Label=homepage.href=https://ots.inkletblot.com +Label=homepage.description="Like Privnote" + +[Service] +Restart=always +RestartSec=5 +StartLimitBurst=5 + +[Install] +WantedBy=default.target diff --git a/cryptgeon/cryptgeon.network b/cryptgeon/cryptgeon.network new file mode 100644 index 0000000..c11f024 --- /dev/null +++ b/cryptgeon/cryptgeon.network @@ -0,0 +1,11 @@ +[Unit] +Description=Cryptgeon network +After=network-online.target + +[Network] +NetworkName=cryptgeon-network +Subnet=10.43.0.0/24 +Gateway=10.43.0.1 + +[Install] +WantedBy=default.target diff --git a/cryptgeon/cryptgeon.pod b/cryptgeon/cryptgeon.pod new file mode 100644 index 0000000..08879bb --- /dev/null +++ b/cryptgeon/cryptgeon.pod @@ -0,0 +1,4 @@ +[Pod] +Network=cryptgeon.network +PodName=cryptgeon +PublishPort=3080:8000 diff --git a/defguard/UNUSED b/defguard/UNUSED new file mode 100644 index 0000000..0bf36f6 --- /dev/null +++ b/defguard/UNUSED @@ -0,0 +1 @@ +I had some issues with this that I coludn't overcome. I'm going to move to a vm instead and use the one and done script to set it up. diff --git a/defguard/defguard-core.container b/defguard/defguard-core.container new file mode 100644 index 0000000..3884577 --- /dev/null +++ b/defguard/defguard-core.container @@ -0,0 +1,29 @@ +[Unit] +Description=Defguard - Core +After=network-online.target + +[Container] +Pod=defguard.pod +ContainerName=defguard-core +Image=ghcr.io/defguard/defguard:latest +AutoUpdate=registry + +EnvironmentFile=/mnt/data/containers/defguard/.env + +Volume=/mnt/data/containers/defguard/rsakey.pem:/keys/rsakey.pem +Volume=/mnt/data/containers/defguard/ca.crt:/keys/ca.crt +Volume=/mnt/data/containers/defguard/core.crt:/keys/core.crt +Volume=/mnt/data/containers/defguard/core.key:/keys/core.key + +Label=homepage.group=Tech +Label=homepage.name="Defguard Core" +Label=homepage.icon=defguard.png +Label=homepage.href=https://guard.inkletblot.com +Label=homepage.description="VPN" + +[Service] +Restart=always +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/defguard/defguard-db.container b/defguard/defguard-db.container new file mode 100644 index 0000000..87df30e --- /dev/null +++ b/defguard/defguard-db.container @@ -0,0 +1,27 @@ +[Unit] +Description=Defguard - DB + +[Container] +Pod=defguard.pod +ContainerName=defguard-db +Image=docker.io/postgres:17-alpine + +EnvironmentFile=/mnt/data/containers/defguard/.env + +Volume=/mnt/data/containers/defguard/postgresql:/var/lib/postgresql/data +Volume=/etc/timezone:/etc/timezone:ro +Volume=/etc/localtime:/etc/localtime:ro + +# health check +HealthCmd=pg_isready -U defguarduser -d defguard +HealthInterval=5s +HealthRetries=3 +HealthStartPeriod=15s +HealthTimeout=30s + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/defguard/defguard-gateway.container b/defguard/defguard-gateway.container new file mode 100644 index 0000000..f43484c --- /dev/null +++ b/defguard/defguard-gateway.container @@ -0,0 +1,31 @@ +# THIS IS A ROOT CONTAINER +# Must be configured AFTER core. +[Unit] +Description=Defguard - Gateway +After=network-online.target + +[Container] +ContainerName=defguard-gateway +Image=ghcr.io/defguard/gateway:latest +AutoUpdate=registry + +Network=host +AddCapability=NET_ADMIN + +EnvironmentFile=/mnt/data/containers/defguard/.env + +Environment=DEFGUARD_LOG_LEVEL=debug + +Volume=/mnt/data/containers/defguard/ca.crt:/ca.crt + +Label=homepage.group=Misc. +Label=homepage.name="Defguard Gateway" +Label=homepage.icon=defguard.png +Label=homepage.description="Auth Provider" + +[Service] +Restart=always +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/defguard/defguard-proxy.container b/defguard/defguard-proxy.container new file mode 100644 index 0000000..232704f --- /dev/null +++ b/defguard/defguard-proxy.container @@ -0,0 +1,28 @@ +[Unit] +Description=Defguard - Proxy +After=network-online.target + +[Container] +Pod=defguard.pod +ContainerName=defguard-proxy +Image=ghcr.io/defguard/defguard-proxy:latest +AutoUpdate=registry + +Environment=DEFGUARD_PROXY_GRPC_CERT=/ca/proxy.cert +Environment=DEFGUARD_PROXY_GRPC_KEY=/ca/proxy.key + +Volume=/mnt/data/containers/defguard/proxy.crt:/ca/proxy.crt +Volume=/mnt/data/containers/defguard/proxy.key:/ca/proxy.key + +Label=homepage.group=Tech +Label=homepage.name="Defguard Proxy" +Label=homepage.icon=defguard.png +Label=homepage.href=https://enroll.inkletblot.com +Label=homepage.description="VPN Enrollment" + +[Service] +Restart=always +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/defguard/defguard.network b/defguard/defguard.network new file mode 100644 index 0000000..006f830 --- /dev/null +++ b/defguard/defguard.network @@ -0,0 +1,12 @@ +[Unit] +Description=Defguard network +After=network-online.target + +[Network] +NetworkName=defguard-network +Subnet=10.98.0.0/24 +Gateway=10.98.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/defguard/defguard.pod b/defguard/defguard.pod new file mode 100644 index 0000000..507c839 --- /dev/null +++ b/defguard/defguard.pod @@ -0,0 +1,15 @@ +[Pod] +Network=defguard.network +PodName=defguard + +# core +# frontend (administration interface) +PublishPort=9876:8000 +# gRPC +PublishPort=50055:50055 + +# proxy +# frontend (enrollment service) +PublishPort=8765:8080 +# gRPC +PublishPort=50051:50051 diff --git a/drone/drone-docker-agent.container b/drone/drone-docker-agent.container new file mode 100644 index 0000000..ecc7994 --- /dev/null +++ b/drone/drone-docker-agent.container @@ -0,0 +1,34 @@ +[Unit] +Description=Drone Docker Agent +Requires=drone-server.container +After=drone-server.container + +[Container] +Pod=drone.pod +ContainerName=drone-docker-agent +Image=docker.io/drone/drone-runner-docker:1 + +# Environment=DRONE_RPC_PROTO= +# Environment=DRONE_RPC_HOST= +# Environment=DRONE_RPC_SECRET= +# Environment=DRONE_RUNNER_CAPACITY= +# Environment=DRONE_RUNNER_NAME= +# Environment=DRONE_UI_USERNAME= +# Environment=DRONE_UI_PASSWORD= +# Environment=DRONE_HTTP_BIND= +EnvironmentFile=/mnt/data/containers/drone/.env.drone-docker-agent + +Volume=/run/user/1000/podman/podman.sock:/var/run/docker.sock + +Label=homepage.group=Misc. +Label=homepage.name=Drone Docker Agent +Label=homepage.icon=drone.png +Label=homepage.href=http://192.168.2.61:3010 +Label=homepage.description="CI/CD docker agent" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/drone/drone-server.container b/drone/drone-server.container new file mode 100644 index 0000000..e8a4ad5 --- /dev/null +++ b/drone/drone-server.container @@ -0,0 +1,32 @@ +[Unit] +Description=Drone Server + +[Container] +Pod=drone.pod +ContainerName=drone-server +Image=docker.io/drone/drone:2 + +# Environment=DRONE_SERVER_HOST= +# Environment=DRONE_RPC_SECRET= +# Environment=DRONE_SERVER_PROTO= +# Environment=DRONE_GITEA_SERVER= +# Environment=DRONE_GITEA_CLIENT_ID= +# Environment=DRONE_GITEA_CLIENT_SECRET= +EnvironmentFile=/mnt/data/containers/drone/.env.drone-server + +Volume=/mnt/data/containers/drone/server:/data + +HealthCmd=nc -z 127.0.0.1 80 + +Label=homepage.group=Tech +Label=homepage.name=Drone +Label=homepage.icon=drone.png +Label=homepage.href=https://drone.inkletblot.com +Label=homepage.description="CI/CD" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/drone/drone-ssh-agent.container b/drone/drone-ssh-agent.container new file mode 100644 index 0000000..9f85fe4 --- /dev/null +++ b/drone/drone-ssh-agent.container @@ -0,0 +1,31 @@ +[Unit] +Description=Drone SSH Agent +Requires=drone-server.container +After=drone-server.container + +[Container] +Pod=drone.pod +ContainerName=drone-ssh-agent +Image=docker.io/drone/drone-runner-ssh:1 + +# Environment=DRONE_RPC_PROTO= +# Environment=DRONE_RPC_HOST= +# Environment=DRONE_RPC_SECRET= +# Environment=DRONE_RUNNER_CAPACITY= +# Environment=DRONE_RUNNER_NAME= +# Environment=DRONE_UI_USERNAME= +# Environment=DRONE_UI_PASSWORD= +EnvironmentFile=/mnt/data/containers/drone/.env.drone-ssh-agent + +Label=homepage.group=Misc. +Label=homepage.name=Drone SSH Agent +Label=homepage.icon=drone.png +Label=homepage.href=http://192.168.2.61:3000 +Label=homepage.description="CI/CD SSH agent" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/drone/drone.network b/drone/drone.network new file mode 100644 index 0000000..abaf4d8 --- /dev/null +++ b/drone/drone.network @@ -0,0 +1,12 @@ +[Unit] +Description=Drone network +After=network-online.target + +[Network] +NetworkName=drone-network +Subnet=10.3.0.0/24 +Gateway=10.3.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/drone/drone.pod b/drone/drone.pod new file mode 100644 index 0000000..6a15c7d --- /dev/null +++ b/drone/drone.pod @@ -0,0 +1,7 @@ +[Pod] +Network=drone.network +PodName=drone +PublishPort=8980:80 +PublishPort=3010:3010 +PublishPort=3020:3000 + diff --git a/firefly/firefly-db.container b/firefly/firefly-db.container new file mode 100644 index 0000000..63deb02 --- /dev/null +++ b/firefly/firefly-db.container @@ -0,0 +1,36 @@ +[Unit] +Description=Firefly - DB + +[Container] +Pod=firefly.pod +ContainerName=firefly-db + +Image=docker.io/mariadb:latest +AutoUpdate=registry + +# Persistent volumes +Volume=/mnt/data/containers/firefly/mariadb:/var/lib/mysql + +# Environment variables +# Environment=MARIADB_USER= +# Environment=MARIADB_DATABASE= +# Environment=MARIADB_PASSWORD= +# Environment=MARIADB_ROOT_PASSWORD= +EnvironmentFile=/mnt/data/containers/firefly/.env.firefly-db + +# Health monitoring +HealthCmd=healthcheck.sh --connect +HealthInterval=30s +HealthTimeout=15s +HealthRetries=10 +HealthStartPeriod=15s + +# Other +UserNS=keep-id:uid=999,gid=999 + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/firefly/firefly-server.container b/firefly/firefly-server.container new file mode 100644 index 0000000..f37769a --- /dev/null +++ b/firefly/firefly-server.container @@ -0,0 +1,37 @@ +[Unit] +Description=Firefly - Server +Requires=firefly-db.service +After=firefly-db.service + +[Container] +Pod=firefly.pod +ContainerName=firefly-server +Image=docker.io/fireflyiii/core:latest + +# Environment=APP_KEY= +# Environment=DB_HOST= +# Environment=DB_PORT= +# Environment=DB_CONNECTION= +# Environment=DB_DATABASE= +# Environment=DB_PASSWORD= +# Environment=DB_USERNAME= +# Environment=FORCE_HTTPS= +# Environment=TRUSTED_PROXIES= +# Environment=DEFAULT_LOCALE= +EnvironmentFile=/mnt/data/containers/firefly/.env.firefly-server + +Volume=/mnt/data/containers/firefly/data:/var/www/html/storage/upload +Volume=/usr/lib/locale/locale-archive:/usr/lib/locale/locale-archive:Z + +Label=homepage.group=Life +Label=homepage.name="Firefly" +Label=homepage.icon=firefly.png +Label=homepage.href=http://firefly.forest +Label=homepage.description="Budgeting" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/firefly/firefly.network b/firefly/firefly.network new file mode 100644 index 0000000..235040e --- /dev/null +++ b/firefly/firefly.network @@ -0,0 +1,12 @@ +[Unit] +Description=Firefly network +After=network-online.target + +[Network] +NetworkName=firefly-network +Subnet=10.13.0.0/24 +Gateway=10.13.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/firefly/firefly.pod b/firefly/firefly.pod new file mode 100644 index 0000000..6642345 --- /dev/null +++ b/firefly/firefly.pod @@ -0,0 +1,5 @@ +[Pod] +Network=firefly.network +PodName=firefly +PublishPort=8342:8080 + diff --git a/gitea/gitea-db.container b/gitea/gitea-db.container new file mode 100644 index 0000000..0f937d9 --- /dev/null +++ b/gitea/gitea-db.container @@ -0,0 +1,23 @@ +[Unit] +Description=Gitea DB Server + +[Container] +Pod=gitea.pod +ContainerName=gitea-db +Image=docker.io/library/postgres:17.2-bookworm + +# Environment=POSTGRES_PASSWORD= +# Environment=POSTGRES_USER= +# Environment=POSTGRES_DB= +EnvironmentFile=/mnt/data/containers/gitea/.env.gitea-db + +Volume=/mnt/data/containers/gitea/postgresql:/var/lib/postgresql/data +Volume=/etc/timezone:/etc/timezone:ro +Volume=/etc/localtime:/etc/localtime:ro + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/gitea/gitea-server.container b/gitea/gitea-server.container new file mode 100644 index 0000000..87dc74a --- /dev/null +++ b/gitea/gitea-server.container @@ -0,0 +1,37 @@ +[Unit] +Description=Gitea Server +Requires=gitea-db.service +After=gitea-db.service + +[Container] +Pod=gitea.pod +ContainerName=gitea-server +Image=docker.io/gitea/gitea:1.22.4 + +# Environment=USER_ID= +# Environment=USER_GID= +# Environment=DB_TYPE= +# Environment=DB_HOST= +# Environment=DB_NAME= +# Environment=DB_PASSWD= +# Environment=DB_USER= +EnvironmentFile=/mnt/data/containers/gitea/.env.gitea-server + +Volume=/mnt/data/containers/gitea/data:/data +Volume=/etc/timezone:/etc/timezone:ro +Volume=/etc/localtime:/etc/localtime:ro + +HealthCmd=nc -z 127.0.0.1 5432 + +Label=homepage.group=Tech +Label=homepage.name=Gitea +Label=homepage.icon=gitea.png +Label=homepage.href=https://git.inkletblot.com +Label=homepage.description="Version Control" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/gitea/gitea.network b/gitea/gitea.network new file mode 100644 index 0000000..d840456 --- /dev/null +++ b/gitea/gitea.network @@ -0,0 +1,12 @@ +[Unit] +Description=Gitea network +After=network-online.target + +[Network] +NetworkName=gitea-network +Subnet=10.1.0.0/24 +Gateway=10.1.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/gitea/gitea.pod b/gitea/gitea.pod new file mode 100644 index 0000000..637109b --- /dev/null +++ b/gitea/gitea.pod @@ -0,0 +1,6 @@ +[Pod] +Network=gitea.network +PodName=gitea +PublishPort=3000:4000 +PublishPort=6122:22 + diff --git a/glance/glance.container b/glance/glance.container new file mode 100644 index 0000000..b9ee09e --- /dev/null +++ b/glance/glance.container @@ -0,0 +1,26 @@ +[Unit] +Description=Glance Dashboard + +[Container] +ContainerName=glance +Pod=glance.pod +Image=docker.io/glanceapp/glance:latest +AutoUpdate=registry + +Volume=/mnt/data/containers/glance/config:/app/config:Z +Volume=/mnt/data/containers/glance/assets:/app/assets:Z +Volume=/etc/localtime:/etc/localtime:ro +Volume=/run/user/1000/podman/podman.sock:/run/podman/podman.sock + +Label=homepage.group=Productivity +Label=homepage.name=Glance +Label=homepage.icon=glance.png +Label=homepage.href=https://dashboard.inkletblot.com +Label=homepage.description="Glance Dashboard" + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=default.target diff --git a/glance/glance.network b/glance/glance.network new file mode 100644 index 0000000..a587cc0 --- /dev/null +++ b/glance/glance.network @@ -0,0 +1,9 @@ +[Unit] +Description=Glance network +After=network-online.target + +[Network] +NetworkName=glance-network + +[Install] +WantedBy=default.target diff --git a/glance/glance.pod b/glance/glance.pod new file mode 100644 index 0000000..1bac14f --- /dev/null +++ b/glance/glance.pod @@ -0,0 +1,4 @@ +[Pod] +PodName=glance +Network=glance.network +PublishPort=8195:8080 diff --git a/homepage/homepage.container b/homepage/homepage.container new file mode 100644 index 0000000..1f918e3 --- /dev/null +++ b/homepage/homepage.container @@ -0,0 +1,34 @@ +[Unit] +Description=Homepage Dashboard +Requires=podman.socket +After=podman.socket + +[Container] +ContainerName=homepage +Pod=homepage.pod +Image=ghcr.io/gethomepage/homepage:latest + +AutoUpdate=registry + +# Can't be bothered with env file for this... +Environment=HOMEPAGE_ALLOWED_HOSTS=* + +Volume=/mnt/data/containers/homepage/data:/app/config:Z +Volume=/mnt/data/containers/homepage/data/images:/app/public/images:Z +Volume=/run/user/1000/podman/podman.sock:/run/podman/podman.sock + +# for resource usage +Volume=/mnt/audio:/mnt/audio:ro +Volume=/mnt/video:/mnt/video:ro +Volume=/mnt/photo:/mnt/photo:ro +Volume=/mnt/data:/mnt/data:ro +Volume=/mnt/backup:/mnt/backup:ro + +SecurityLabelDisable=true + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=default.target diff --git a/homepage/homepage.network b/homepage/homepage.network new file mode 100644 index 0000000..d9f4d34 --- /dev/null +++ b/homepage/homepage.network @@ -0,0 +1,12 @@ +[Unit] +Description=Homepage network +After=network-online.target + +[Network] +NetworkName=homepage-network +Subnet=10.26.0.0/24 +Gateway=10.26.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/homepage/homepage.pod b/homepage/homepage.pod new file mode 100644 index 0000000..2198646 --- /dev/null +++ b/homepage/homepage.pod @@ -0,0 +1,4 @@ +[Pod] +PodName=homepage +Network=homepage.network +PublishPort=8030:3000 diff --git a/immich/immich-db.container b/immich/immich-db.container new file mode 100644 index 0000000..5296d4f --- /dev/null +++ b/immich/immich-db.container @@ -0,0 +1,33 @@ +[Unit] +Description=Immich - DB +Wants=network-online.target +After=network-online.target + +[Container] +Pod=immich.pod +ContainerName=immich-db +Image=ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23 + +ShmSize=128mb + +# Environment=POSTGRES_PASSWORD= +# Environment=POSTGRES_USER= +# Environment=POSTGRES_DB= +# Environment=DB_STORAGE_TYPE= +EnvironmentFile=/mnt/data/containers/immich/.env.immich-db + +Volume=/mnt/data/containers/immich/postgresql:/var/lib/postgresql/data +Volume=/etc/timezone:/etc/timezone:ro +Volume=/etc/localtime:/etc/localtime:ro + +HealthCmd=pg_isready -U immichuser -d immich +HealthInterval=5s +HealthRetries=3 +HealthStartPeriod=15s +HealthTimeout=30s + +[Service] +Restart=on-failure +RestartSec=5 +StartLimitBurst=5 + diff --git a/immich/immich-ml.container b/immich/immich-ml.container new file mode 100644 index 0000000..e041185 --- /dev/null +++ b/immich/immich-ml.container @@ -0,0 +1,17 @@ +[Unit] +Description=Immich - Machine Learning + +[Container] +Pod=immich.pod +Image= ghcr.io/immich-app/immich-machine-learning:v2.4.1 +ContainerName=immich-ml + +Volume=/mnt/data/containers/immich/modelcache:/cache + +[Service] +Restart=always +TimeoutStartSec=900 +SuccessExitStatus=0 143 + +[Install] +WantedBy=default.target diff --git a/immich/immich-redis.container b/immich/immich-redis.container new file mode 100644 index 0000000..d97b419 --- /dev/null +++ b/immich/immich-redis.container @@ -0,0 +1,14 @@ +[Unit] +Description=Immich - Redis + +[Container] +Pod=immich.pod +ContainerName=immich-redis +Image=docker.io/valkey/valkey:9@sha256:fb8d272e529ea567b9bf1302245796f21a2672b8368ca3fcb938ac334e613c8f +AutoUpdate=registry + +[Service] +Restart=on-failure +RestartSec=5 +StartLimitBurst=5 + diff --git a/immich/immich-server.container b/immich/immich-server.container new file mode 100644 index 0000000..92d503d --- /dev/null +++ b/immich/immich-server.container @@ -0,0 +1,41 @@ +[Unit] +Description=Immich - Server +Wants=immich-db.service +After=immich-db.service +After=immich-redis.service +After=immich-ml.service + +[Container] +Pod=immich.pod +Image=ghcr.io/immich-app/immich-server:v2.4.1 +ContainerName=immich-server + +# Environment=TZ= + +# Environment=DB_USERNAME= +# Environment=DB_PASSWORD= +# Environment=DB_DATABASE_NAME= +# Environment=DB_HOSTNAME= +# Environment=DB_PORT= + +# Environment=REDIS_HOSTNAME= +# Environment=REDIS_PORT= +EnvironmentFile=/mnt/data/containers/immich/.env.immich-server + +Volume=/mnt/photo/Upload:/data +Volume=/mnt/photo/Library/:/mnt/Library:ro +Volume=/etc/localtime:/etc/localtime:ro + +Label=homepage.group=Documents/Backup +Label=homepage.name=Immich +Label=homepage.icon=immich.png +Label=homepage.href=https://immich.inkletblot.com +Label=homepage.description="Photo Library" + +[Service] +Restart=always +TimeoutStartSec=900 +SuccessExitStatus=0 143 + +[Install] +WantedBy=default.target diff --git a/immich/immich.network b/immich/immich.network new file mode 100644 index 0000000..b13efd7 --- /dev/null +++ b/immich/immich.network @@ -0,0 +1,12 @@ +[Unit] +Description=Immich network +After=network-online.target + +[Network] +NetworkName=immich-network +Subnet=10.16.0.0/24 +Gateway=10.16.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/immich/immich.pod b/immich/immich.pod new file mode 100644 index 0000000..184fabc --- /dev/null +++ b/immich/immich.pod @@ -0,0 +1,4 @@ +[Pod] +Network=immich.network +PodName=immich +PublishPort=2283:2283 diff --git a/jellyfin/jellyfin.container b/jellyfin/jellyfin.container new file mode 100644 index 0000000..9f15206 --- /dev/null +++ b/jellyfin/jellyfin.container @@ -0,0 +1,43 @@ +[Unit] +Description=Jellyfin +Wants=network-online.target +After=network-online.target + +[Container] +Image=docker.io/jellyfin/jellyfin:latest +AutoUpdate=registry +ContainerName=jellyfin + +EnvironmentFile=/mnt/data/containers/jellyfin/.env.jellyfin + +# due to migrating an existing installation the following is required +# see https://jellyfin.org/docs/general/administration/migrate/ +Volume=/mnt/data/containers/jellyfin/cache:/var/cache/jellyfin +Volume=/mnt/data/containers/jellyfin/config:/etc/jellyfin +Volume=/mnt/data/containers/jellyfin/data:/var/lib/jellyfin +Volume=/mnt/data/containers/jellyfin/log:/var/log/jellyfin + +# these need to match the source system, from the fstab: +# :/video /mnt/media nfs defaults 0 1 +# :/audio /mnt/music nfs defaults 0 1 +# :/photo /mnt/camera nfs defaults 0 1 + +Volume=/mnt/video:/mnt/media +Volume=/mnt/audio:/mnt/music +Volume=/mnt/photo:/mnt/camera + +PublishPort=8096:8096 + +Label=homepage.group=Media +Label=homepage.name=Jellyfin +Label=homepage.icon=jellyfin.png +Label=homepage.href=https://jellyfin.inkletblot.com +Label=homepage.description="Stream Media" + +[Service] +Restart=always +TimeoutStartSec=900 +SuccessExitStatus=0 143 + +[Install] +WantedBy=default.target diff --git a/koel/UNUSED b/koel/UNUSED new file mode 100644 index 0000000..767d9bf --- /dev/null +++ b/koel/UNUSED @@ -0,0 +1,3 @@ +This looked really good, and is very popular, but also seemingly totally unknown. I can't seem to find any stuff on google about it. + +Also, although the UI is nice, no feedback about syncing etc, is a no go for me. diff --git a/koel/koel-db.container b/koel/koel-db.container new file mode 100644 index 0000000..6886845 --- /dev/null +++ b/koel/koel-db.container @@ -0,0 +1,36 @@ +[Unit] +Description=Koel - DB + +[Container] +Pod=koel.pod +ContainerName=koel-db + +Image=docker.io/mariadb:latest +AutoUpdate=registry + +# Persistent volumes +Volume=/mnt/data/containers/koel/mariadb:/var/lib/mysql + +# Environment variables +# Environment=MARIADB_USER= +# Environment=MARIADB_DATABASE= +# Environment=MARIADB_PASSWORD= +# Environment=MARIADB_ROOT_PASSWORD= +EnvironmentFile=/mnt/data/containers/koel/.env.koel-db + +# Health monitoring +HealthCmd=healthcheck.sh --connect +HealthInterval=30s +HealthTimeout=15s +HealthRetries=10 +HealthStartPeriod=15s + +# Other +UserNS=keep-id:uid=999,gid=999 + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/koel/koel-server.container b/koel/koel-server.container new file mode 100644 index 0000000..77fdfeb --- /dev/null +++ b/koel/koel-server.container @@ -0,0 +1,35 @@ +[Unit] +Description=Koel - Server +Requires=koel-db.service +After=koel-db.service + +[Container] +Pod=koel.pod +ContainerName=koel-server +Image=docker.io/phanan/koel + +# Environment=APP_KEY= +# Environment=DB_HOST= +# Environment=DB_DATABASE= +# Environment=DB_PASSWORD= +# Environment=DB_USERNAME= +# Environment=FORCE_HTTPS= +EnvironmentFile=/mnt/data/containers/koel/.env.koel-server + +Volume=/mnt/data/containers/koel/image_storage:/var/www/html/public/img/storage +Volume=/mnt/data/containers/koel/search_index:/var/www/html/storage/search-indexes + +Volume=/mnt/audio/Sorted:/music + +Label=homepage.group=Media +Label=homepage.name=Koel +Label=homepage.icon=koel.png +Label=homepage.href=https://koel.inkletblot.com +Label=homepage.description="Music Streaming" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/koel/koel.network b/koel/koel.network new file mode 100644 index 0000000..7538f8d --- /dev/null +++ b/koel/koel.network @@ -0,0 +1,12 @@ +[Unit] +Description=Koel network +After=network-online.target + +[Network] +NetworkName=koel-network +Subnet=10.12.0.0/24 +Gateway=10.12.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/koel/koel.pod b/koel/koel.pod new file mode 100644 index 0000000..9c8e6cc --- /dev/null +++ b/koel/koel.pod @@ -0,0 +1,5 @@ +[Pod] +Network=koel.network +PodName=koel +PublishPort=8332:80 + diff --git a/mealie/mealie-db.container b/mealie/mealie-db.container new file mode 100644 index 0000000..21e1af5 --- /dev/null +++ b/mealie/mealie-db.container @@ -0,0 +1,29 @@ +[Unit] +Description=Mealie - DB + +[Container] +Pod=mealie.pod +ContainerName=mealie-db +Image=docker.io/postgres:17 + +# Environment=POSTGRES_PASSWORD= +# Environment=POSTGRES_USER= +# Environment=POSTGRES_DB= +EnvironmentFile=/mnt/data/containers/mealie/.env.mealie-db + +Volume=/mnt/data/containers/mealie/postgresql:/var/lib/postgresql/data +Volume=/etc/timezone:/etc/timezone:ro +Volume=/etc/localtime:/etc/localtime:ro + +HealthCmd=pg_isready -U mealieuser -d mealie +HealthInterval=5s +HealthRetries=3 +HealthStartPeriod=15s +HealthTimeout=30s + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/mealie/mealie-server.container b/mealie/mealie-server.container new file mode 100644 index 0000000..c28d06d --- /dev/null +++ b/mealie/mealie-server.container @@ -0,0 +1,47 @@ +[Unit] +Description=Mealie - Server + +[Container] +Pod=mealie.pod +ContainerName=mealie-server +Image=ghcr.io/mealie-recipes/mealie:v3.9.1 + +# Environment=ALLOW_SIGNUP= +# Environment=PUID= +# Environment=PGID= +# Environment=TZ= +# Environment=BASE_URL= + +# Database +# Environment=DB_ENGINE= +# Environment=POSTGRES_USER= +# Environment=POSTGRES_PASSWORD= +# Environment=POSTGRES_SERVER= +# Environment=POSTGRES_PORT= +# Environment=POSTGRES_DB= + +# SMTP +# Environment=SMTP_HOST= +# Environment=SMTP_PORT= +# Environment=SMTP_FROM_NAME= +# Environment=SMTP_AUTH_STRATEGY= +# Environment=SMTP_FROM_EMAIL= +# Environment=SMTP_USER= +# Environment=SMTP_PASSWORD= + +EnvironmentFile=/mnt/data/containers/mealie/.env.mealie-server + +Volume=/mnt/data/containers/mealie/data:/app/data + +Label=homepage.group=Life +Label=homepage.name=Mealie +Label=homepage.icon=mealie.png +Label=homepage.href=https://mealie.inkletblot.com +Label=homepage.description="Food, Glorious Food!" + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=default.target diff --git a/mealie/mealie.network b/mealie/mealie.network new file mode 100644 index 0000000..6b0e6ba --- /dev/null +++ b/mealie/mealie.network @@ -0,0 +1,12 @@ +[Unit] +Description=Mealie network +After=network-online.target + +[Network] +NetworkName=mealie-network +Subnet=10.15.0.0/24 +Gateway=10.15.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/mealie/mealie.pod b/mealie/mealie.pod new file mode 100644 index 0000000..3a7c616 --- /dev/null +++ b/mealie/mealie.pod @@ -0,0 +1,5 @@ +[Pod] +Network=mealie.network +PodName=mealie +PublishPort=9925:9000 + diff --git a/memos/memos.container b/memos/memos.container new file mode 100644 index 0000000..60d33ec --- /dev/null +++ b/memos/memos.container @@ -0,0 +1,29 @@ +[Unit] +Description=Memos + +[Container] +ContainerName=memos +Image=docker.io/neosmemo/memos:stable + +PublishPort=5230:5230 + +# Environment=MEMOS_MODE= +# Environment=MEMOS_ADDR= +# Environment=MEMOS_PORT= +# Environment=MEMOS_DATA= +EnvironmentFile=/mnt/data/containers/memos/.env.memos + +Volume=/mnt/data/containers/memos/data:/var/opt/memos + +Label=homepage.group=Productivity +Label=homepage.name=Memos +Label=homepage.icon=memos.png +Label=homepage.href=https://memos.inkletblot.com +Label=homepage.description="Note Taking" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/monica/monica-db.container b/monica/monica-db.container new file mode 100644 index 0000000..7009762 --- /dev/null +++ b/monica/monica-db.container @@ -0,0 +1,36 @@ +[Unit] +Description=Monica - DB + +[Container] +Pod=monica.pod +ContainerName=monica-db + +Image=docker.io/mariadb:11.8 +AutoUpdate=registry + +# Persistent volumes +Volume=/mnt/data/containers/monica/mariadb:/var/lib/mysql + +# Environment variables +# Environment=MARIADB_USER= +# Environment=MARIADB_DATABASE= +# Environment=MARIADB_PASSWORD= +# Environment=MARIADB_ROOT_PASSWORD= +EnvironmentFile=/mnt/data/containers/monica/.env.monica-db + +# Health monitoring +HealthCmd=healthcheck.sh --connect +HealthInterval=30s +HealthTimeout=15s +HealthRetries=10 +HealthStartPeriod=15s + +# Other +UserNS=keep-id:uid=999,gid=999 + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/monica/monica-server.container b/monica/monica-server.container new file mode 100644 index 0000000..3ed5693 --- /dev/null +++ b/monica/monica-server.container @@ -0,0 +1,36 @@ +[Unit] +Description=Monica - Server +Requires=monica-db.service +After=monica-db.service + +[Container] +Pod=monica.pod +ContainerName=monica-server +Image=docker.io/monica + +# Environment=APP_ENV= +# Environment=APP_KEY= +# Environment=DB_HOST= +# Environment=DB_DATABASE= +# Environment=DB_PASSWORD= +# Environment=DB_USERNAME= +# Environment=LOG_CHANNEL= +# Environment=CACHE_DRIVER= +# Environment=SESSION_DRIVER= +# Environment=QUEUE_DRIVER= +EnvironmentFile=/mnt/data/containers/monica/.env.monica-server + +Volume=/mnt/data/containers/monica/data:/var/www/html/storage + +Label=homepage.group=Life +Label=homepage.name=Monica +Label=homepage.icon=monica.png +Label=homepage.href=http://monica.forest +Label=homepage.description="CRM your social life" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/monica/monica.network b/monica/monica.network new file mode 100644 index 0000000..b64ef4d --- /dev/null +++ b/monica/monica.network @@ -0,0 +1,12 @@ +[Unit] +Description=Monica network +After=network-online.target + +[Network] +NetworkName=monica-network +Subnet=10.11.0.0/24 +Gateway=10.11.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/monica/monica.pod b/monica/monica.pod new file mode 100644 index 0000000..ac65a82 --- /dev/null +++ b/monica/monica.pod @@ -0,0 +1,5 @@ +[Pod] +Network=monica.network +PodName=monica +PublishPort=8232:80 + diff --git a/navidrome/navidrome.container b/navidrome/navidrome.container new file mode 100644 index 0000000..3c55a03 --- /dev/null +++ b/navidrome/navidrome.container @@ -0,0 +1,34 @@ +[Unit] +Description=Navidrome + +[Container] +ContainerName=navidrome +Image=docker.io/deluan/navidrome:latest +AutoUpdate=registry + +# Environment=ND_LOGLEVEL= +# Environment=ND_ENABLEINSIGHTSCOLLECTOR= +# Environment=ND_RECENTLYADDEDBYMODTIME= +# Environment=ND_LASTFM_ENABLED= +# Environment=ND_AUTOIMPORTPLAYLISTS= +# Environment=ND_ENABLESHARING= +EnvironmentFile=/mnt/data/containers/navidrome/.env.navidrome + +PublishPort=4533:4533 + +Volume=/mnt/data/containers/navidrome/data:/data +Volume=/mnt/audio/Sorted:/music:ro +Volume=/mnt/audio/Playlists:/playlists:ro + +Label=homepage.group=Media +Label=homepage.name=Navidrome +Label=homepage.icon=navidrome.png +Label=homepage.href=https://navidrome.inkletblot.com +Label=homepage.description="Music Streaming" + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=default.target diff --git a/nextcloud/nextcloud-db.container b/nextcloud/nextcloud-db.container new file mode 100644 index 0000000..c429fb2 --- /dev/null +++ b/nextcloud/nextcloud-db.container @@ -0,0 +1,36 @@ +[Unit] +Description=Nextcloud - DB +Wants=network-online.target +After=network-online.target + +[Container] +Pod=nextcloud.pod +ContainerName=nextcloud-db +Image=docker.io/mariadb:11.8 +AutoUpdate=registry + +# Persistent volumes +Volume=/mnt/data/containers/nextcloud/db:/var/lib/mysql + +# Environment variables +# Environment=MARIADB_USER= +# Environment=MARIADB_DATABASE= +# Environment=MARIADB_PASSWORD= +# Environment=MARIADB_ROOT_PASSWORD= +EnvironmentFile=/mnt/data/containers/nextcloud/.env.nextcloud-db + +# Health monitoring +HealthCmd=healthcheck.sh --connect +HealthInterval=30s +HealthTimeout=15s +HealthRetries=10 +HealthStartPeriod=15s + +# Other +UserNS=keep-id:uid=999,gid=999 + +[Service] +Restart=on-failure +RestartSec=5 +StartLimitBurst=5 + diff --git a/nextcloud/nextcloud-redis.container b/nextcloud/nextcloud-redis.container new file mode 100644 index 0000000..28272ce --- /dev/null +++ b/nextcloud/nextcloud-redis.container @@ -0,0 +1,14 @@ +[Unit] +Description=Nextcloud - Redis + +[Container] +Pod=nextcloud.pod +ContainerName=nextcloud-redis +Image=docker.io/library/redis:latest +AutoUpdate=registry + +[Service] +Restart=on-failure +RestartSec=5 +StartLimitBurst=5 + diff --git a/nextcloud/nextcloud-server.container b/nextcloud/nextcloud-server.container new file mode 100644 index 0000000..8dd5d77 --- /dev/null +++ b/nextcloud/nextcloud-server.container @@ -0,0 +1,49 @@ +[Unit] +Description=Nextcloud - Server +Requires=nextcloud-db.service +After=nextcloud-db.service + +[Container] +Pod=nextcloud.pod +ContainerName=nextcloud-server +Image=docker.io/library/nextcloud:latest +AutoUpdate=registry + +# Volumes +Volume=/mnt/data/containers/nextcloud/nextcloud:/var/www/html +Volume=/mnt/data/containers/nextcloud/custom_apps/:/var/www/html/custom_apps +Volume=/mnt/data/containers/nextcloud/config:/var/www/html/config +Volume=/mnt/data/containers/nextcloud/data:/var/www/html/data + +# Environment variables +# Environment=APACHE_DISABLE_REWRITE_IP= +# Environment=TRUSTED_PROXIES= + +# Database variables +# Environment=MYSQL_USER= +# Environment=MYSQL_DATABASE= +# Environment=MYSQL_HOST= +# Environment=MYSQL_PASSWORD= + +# Default admin user and password +# Environment=NEXTCLOUD_ADMIN_USER= +# Environment=NEXTCLOUD_ADMIN_PASSWORD= + +# Redis variables +# Environment=REDIS_HOST= +# Environment=REDIS_PORT= +EnvironmentFile=/mnt/data/containers/nextcloud/.env.nextcloud-server + +Label=homepage.group=Documents/Backup +Label=homepage.name=Nextcloud +Label=homepage.icon=nextcloud.png +Label=homepage.href=https://cloud.inkletblot.com +Label=homepage.description="Files" + +[Service] +Restart=always +RestartSec=5 +StartLimitBurst=5 + +[Install] +WantedBy=default.target diff --git a/nextcloud/nextcloud.network b/nextcloud/nextcloud.network new file mode 100644 index 0000000..a48cfc2 --- /dev/null +++ b/nextcloud/nextcloud.network @@ -0,0 +1,12 @@ +[Unit] +Description=Nextcloud network +After=network-online.target + +[Network] +NetworkName=nextcloud-network +Subnet=10.4.0.0/24 +Gateway=10.4.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/nextcloud/nextcloud.pod b/nextcloud/nextcloud.pod new file mode 100644 index 0000000..cef7a69 --- /dev/null +++ b/nextcloud/nextcloud.pod @@ -0,0 +1,7 @@ +[Pod] +Network=nextcloud.network +PodName=nextcloud +PublishPort=4080:80 + +# for access to database +# PublishPort=13306:3306 diff --git a/onetimesecret/UNUSED b/onetimesecret/UNUSED new file mode 100644 index 0000000..51d8041 --- /dev/null +++ b/onetimesecret/UNUSED @@ -0,0 +1 @@ +It's called one time secret but it doesn't seem to have a way to limit a secret to one view... diff --git a/onetimesecret/onetimesecret-redis.container b/onetimesecret/onetimesecret-redis.container new file mode 100644 index 0000000..4ea49ff --- /dev/null +++ b/onetimesecret/onetimesecret-redis.container @@ -0,0 +1,14 @@ +[Unit] +Description=OneTimeSecret - Redis + +[Container] +Pod=onetimesecret.pod +ContainerName=onetimesecret-redis +Image=docker.io/library/redis:latest +AutoUpdate=registry + +[Service] +Restart=on-failure +RestartSec=5 +StartLimitBurst=5 + diff --git a/onetimesecret/onetimesecret.container b/onetimesecret/onetimesecret.container new file mode 100644 index 0000000..3c1cbd8 --- /dev/null +++ b/onetimesecret/onetimesecret.container @@ -0,0 +1,48 @@ +[Unit] +Description=OneTimeSecret - Server + +[Container] +Pod=onetimesecret.pod +ContainerName=onetimesecret +Image=docker.io/onetimesecret/onetimesecret:latest +AutoUpdate=registry + +# Environment=SSL= +# Environment=SECRET= +# Environment=HOST= +# Environment=REDIS_URL= + +# Auth +# Disabled because you cant persist accounts between container restarts, actually retarded. +# Environment=AUTH_REQUIRED= +# Environment=AUTH_SIGNUP= +# Environment=AUTH_SIGNIN= +# Environment=AUTH_AUTOVERIFY= +# Environment=COLONEL= + +# SMTP +# Environment=SMTP_HOST= +# Environment=SMTP_PORT= +# Environment=FROM_EMAIL= +# Environment=FROMNAME= +# Environment=SMTP_USERNAME= +# Environment=SMTP_PASSWORD= +# Environment=SMTP_TLS= +# Environment=SMTP_AUTH= + +# Environment=VERIFIER_EMAIL= +EnvironmentFile=/mnt/data/containers/onetimesecret/.env.onetimesecret + +Label=homepage.group=Life +Label=homepage.name=OneTimeSecret +Label=homepage.icon=onetimesecret.png +Label=homepage.href=https://ots.inkletblot.com +Label=homepage.description="Like Privnote" + +[Service] +Restart=always +RestartSec=5 +StartLimitBurst=5 + +[Install] +WantedBy=default.target diff --git a/onetimesecret/onetimesecret.network b/onetimesecret/onetimesecret.network new file mode 100644 index 0000000..674f548 --- /dev/null +++ b/onetimesecret/onetimesecret.network @@ -0,0 +1,11 @@ +[Unit] +Description=OneTimeSecret network +After=network-online.target + +[Network] +NetworkName=onetimesecret-network +Subnet=10.41.0.0/24 +Gateway=10.41.0.1 + +[Install] +WantedBy=default.target diff --git a/onetimesecret/onetimesecret.pod b/onetimesecret/onetimesecret.pod new file mode 100644 index 0000000..eb6d445 --- /dev/null +++ b/onetimesecret/onetimesecret.pod @@ -0,0 +1,4 @@ +[Pod] +Network=onetimesecret.network +PodName=onetimesecret +PublishPort=3080:3000 diff --git a/openhab/openhab.container b/openhab/openhab.container new file mode 100644 index 0000000..9c436eb --- /dev/null +++ b/openhab/openhab.container @@ -0,0 +1,37 @@ +[Unit] +Description=OpenHAB +Wants=network-online.target +After=network-online.target + +[Container] +ContainerName=openhab +Image=docker.io/openhab/openhab:5.0.3 +AutoUpdate=registry + +Network=host + +# Environment=CRYPTO_POLICY= +# Environment=EXTRA_JAVA_OPTS= +# Environment=OPENHAB_HTTP_PORT= +# Environment=OPENHAB_HTTPS_PORT= +EnvironmentFile=/mnt/data/containers/openhab/.env.openhab + +Volume=/etc/localtime:/etc/localtime:ro +Volume=/etc/timezone:/etc/timezone:ro +Volume=/mnt/data/containers/openhab/conf:/openhab/conf +Volume=/mnt/data/containers/openhab/userdata:/openhab/userdata +Volume=/mnt/data/containers/openhab/addons:/openhab/addons +Volume=/mnt/data/containers/openhab/.java:/openhab/.java + +Label=homepage.group=Life +Label=homepage.name=OpenHAB +Label=homepage.icon=openhab.png +Label=homepage.href=https://hab.inkletblot.com +Label=homepage.description="Home Automation" + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=default.target diff --git a/photoprism/photoprism-db.container b/photoprism/photoprism-db.container new file mode 100644 index 0000000..1dd94b3 --- /dev/null +++ b/photoprism/photoprism-db.container @@ -0,0 +1,36 @@ +[Unit] +Description=Photoprism - DB +Wants=network-online.target +After=network-online.target + +[Container] +ContainerName=photoprism-db +Pod=photoprism.pod +Image=docker.io/mariadb:11.8 +AutoUpdate=registry + +# Persistent volumes +Volume=/mnt/data/containers/photoprism/db:/var/lib/mysql + +# Environment variables +# Environment=MARIADB_USER= +# Environment=MARIADB_DATABASE= +# Environment=MARIADB_PASSWORD= +# Environment=MARIADB_ROOT_PASSWORD= +EnvironmentFile=/mnt/data/containers/photoprism/.env.photoprism-db + +# Health monitoring +HealthCmd=healthcheck.sh --connect +HealthInterval=30s +HealthTimeout=15s +HealthRetries=10 +HealthStartPeriod=15s + +# Other +UserNS=keep-id:uid=999,gid=999 + +[Service] +Restart=on-failure +RestartSec=5 +StartLimitBurst=5 + diff --git a/photoprism/photoprism-server.container b/photoprism/photoprism-server.container new file mode 100644 index 0000000..e8e50fb --- /dev/null +++ b/photoprism/photoprism-server.container @@ -0,0 +1,40 @@ +[Unit] +Description=Photoprism +Wants=photoprism-db.service +After=photoprism-db.service + +[Container] +ContainerName=photoprism +Pod=photoprism.pod +Image=docker.io/photoprism/photoprism:latest +AutoUpdate=registry + +# Environment=PHOTOPRISM_UID= +# Environment=PHOTOPRISM_GID= +# Environment=PHOTOPRISM_UPLOAD_NSFW= +# Environment=PHOTOPRISM_ADMIN_PASSWORD= + +# Environment=PHOTOPRISM_DATABASE_DRIVER= +# Environment=PHOTOPRISM_DATABASE_USER= +# Environment=PHOTOPRISM_DATABASE_NAME= +# Environment=PHOTOPRISM_DATABASE_SERVER= +# Environment=PHOTOPRISM_DATABASE_PASSWORD= +EnvironmentFile=/mnt/data/containers/photoprism/.env.photoprism-server + +Volume=/mnt/data/containers/photoprism/storage:/photoprism/storage +Volume=/mnt/photo/Library:/photoprism/originals +Volume=/mnt/photo/Import:/photoprism/import + +Label=homepage.group=Media +Label=homepage.name=Photoprism +Label=homepage.icon=photoprism.png +Label=homepage.href=http://photoprism.forest:2342 +Label=homepage.description="Photo Library" + +[Service] +Restart=always +TimeoutStartSec=900 +SuccessExitStatus=0 143 + +[Install] +WantedBy=default.target diff --git a/photoprism/photoprism.network b/photoprism/photoprism.network new file mode 100644 index 0000000..a2cd2c2 --- /dev/null +++ b/photoprism/photoprism.network @@ -0,0 +1,12 @@ +[Unit] +Description=Photoprism network +After=network-online.target + +[Network] +NetworkName=photoprism-network +Subnet=10.6.0.0/24 +Gateway=10.6.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/photoprism/photoprism.pod b/photoprism/photoprism.pod new file mode 100644 index 0000000..1662945 --- /dev/null +++ b/photoprism/photoprism.pod @@ -0,0 +1,4 @@ +[Pod] +Network=photoprism.network +PodName=photoprism +PublishPort=2342:2342 diff --git a/planka/planka-db.container b/planka/planka-db.container new file mode 100644 index 0000000..949f34c --- /dev/null +++ b/planka/planka-db.container @@ -0,0 +1,23 @@ +[Unit] +Description=Planka - DB + +[Container] +Pod=planka.pod +ContainerName=planka-db +Image=docker.io/postgres:16-alpine + +# Environment=POSTGRES_PASSWORD= +# Environment=POSTGRES_USER= +# Environment=POSTGRES_DB= +EnvironmentFile=/mnt/data/containers/planka/.env.planka-db + +Volume=/mnt/data/containers/planka/postgresql:/var/lib/postgresql/data +Volume=/etc/timezone:/etc/timezone:ro +Volume=/etc/localtime:/etc/localtime:ro + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/planka/planka-server.container b/planka/planka-server.container new file mode 100644 index 0000000..5f066ca --- /dev/null +++ b/planka/planka-server.container @@ -0,0 +1,32 @@ +[Unit] +Description=Planka - Server +Requires=planka-db.service +After=planka-db.service + +[Container] +Pod=planka.pod +ContainerName=planka-server +Image=ghcr.io/plankanban/planka:2.0.0-rc.4 + +# Environment=BASE_URL= +# Environment=DATABASE_URL= +# Environment=SECRET_KEY= +EnvironmentFile=/mnt/data/containers/planka/.env.planka-server + +Volume=/mnt/data/containers/planka/favicons:/app/public/favicons +Volume=/mnt/data/containers/planka/user-avatars:/app/public/user-avatars +Volume=/mnt/data/containers/planka/background-images:/app/public/background-images +Volume=/mnt/data/containers/planka/attachments:/app/private/attachments + +Label=homepage.group=Productivity +Label=homepage.name=Planka +Label=homepage.icon=planka.png +Label=homepage.href=https://planka.inkletblot.com +Label=homepage.description="Kanban Board" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/planka/planka.network b/planka/planka.network new file mode 100644 index 0000000..41bffb7 --- /dev/null +++ b/planka/planka.network @@ -0,0 +1,12 @@ +[Unit] +Description=Planka network +After=network-online.target + +[Network] +NetworkName=planka-network +Subnet=10.14.0.0/24 +Gateway=10.14.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/planka/planka.pod b/planka/planka.pod new file mode 100644 index 0000000..029a696 --- /dev/null +++ b/planka/planka.pod @@ -0,0 +1,5 @@ +[Pod] +Network=planka.network +PodName=planka +PublishPort=1337:1337 + diff --git a/plex/plex.container b/plex/plex.container new file mode 100644 index 0000000..a6d65cc --- /dev/null +++ b/plex/plex.container @@ -0,0 +1,43 @@ +[Unit] +Description=Plex Media Server +Wants=network-online.target +After=network-online.target +After=local-fs.target + +[Container] +Pod=plex.pod +ContainerName=plex +Image=docker.io/plexinc/pms-docker:latest +AutoUpdate=registry + +# Environment=PLEX_CLAIM= +# Environment=PLEX_UID= +# Environment=PLEX_GID= +# Environment=ADVERTISE_IP= +# Environment=ALLOWED_NETWORKS= +EnvironmentFile=/mnt/data/containers/plex/.env.plex + +Volume=/mnt/data/containers/plex/config:/config:Z +Volume=/mnt/data/containers/plex/trans:/transcode +Volume=/mnt/video/movies:/movies +Volume=/mnt/video/tv:/tv +Volume=/mnt/video/anime:/anime +Volume=/mnt/audio/Sorted:/music +Volume=/mnt/audio/Audio Books:/books + +# don't have cpu features accessible here +# for hardware transcoding +# AddDevice=/dev/dri + +Label=homepage.group=Media +Label=homepage.name=Plex +Label=homepage.icon=plex.png +Label=homepage.href=http://plex.forest:32400/web/ +Label=homepage.description="Stream Media" + +[Service] +Restart=always +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/plex/plex.network b/plex/plex.network new file mode 100644 index 0000000..a634468 --- /dev/null +++ b/plex/plex.network @@ -0,0 +1,12 @@ +[Unit] +Description=Plex network +After=network-online.target + +[Network] +NetworkName=plex-network +Subnet=10.38.0.0/24 +Gateway=10.38.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/plex/plex.pod b/plex/plex.pod new file mode 100644 index 0000000..e2d71b7 --- /dev/null +++ b/plex/plex.pod @@ -0,0 +1,15 @@ +[Pod] +PodName=plex +Network=plex.network + +PublishPort=32400:32400/tcp +# theese are all optional and I don't care. +#PublishPort=1900:1900/udp +#PublishPort=3005:3005/tcp +#PublishPort=5353:5353/udp +#PublishPort=8324:8324/tcp +#PublishPort=32410:32410/udp +#PublishPort=32412:32412/udp +#PublishPort=32413:32413/udp +#PublishPort=32414:32414/udp +#PublishPort=32469:32469/tcp diff --git a/plucky-pinning.sh b/plucky-pinning.sh new file mode 100755 index 0000000..1ef3cab --- /dev/null +++ b/plucky-pinning.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +# Must be run as root +if [ "$EUID" -ne 0 ]; then + echo "Please run as root (e.g., sudo $0)" + exit 1 +fi + +# Define file paths +PINNING_FILE="/etc/apt/preferences.d/podman-plucky.pref" +SOURCE_LIST="/etc/apt/sources.list.d/plucky.list" + +# Write Plucky APT source list +echo "Adding Plucky repo to $SOURCE_LIST..." +echo "deb http://archive.ubuntu.com/ubuntu plucky main universe" > "$SOURCE_LIST" + +# Write APT pinning rules +echo "Writing APT pinning rules to $PINNING_FILE..." +cat < "$PINNING_FILE" +Package: podman buildah golang-github-containers-common crun libgpgme11t64 libgpg-error0 golang-github-containers-image catatonit conmon containers-storage +Pin: release n=plucky +Pin-Priority: 991 + +Package: libsubid4 netavark passt aardvark-dns containernetworking-plugins libslirp0 slirp4netns +Pin: release n=plucky +Pin-Priority: 991 + +Package: * +Pin: release n=plucky +Pin-Priority: 400 +EOF + +# Update APT cache +echo "Updating APT package list..." +apt update + +echo "Plucky pinning setup complete." diff --git a/roundcube/roundcube-db.container b/roundcube/roundcube-db.container new file mode 100644 index 0000000..786f143 --- /dev/null +++ b/roundcube/roundcube-db.container @@ -0,0 +1,36 @@ +[Unit] +Description=Roundcube - DB +Wants=network-online.target +After=network-online.target + +[Container] +Pod=roundcube.pod +ContainerName=roundcube-db +Image=docker.io/mariadb:11.8 +AutoUpdate=registry + +# Persistent volumes +Volume=/mnt/data/containers/roundcube/mariadb:/var/lib/mysql + +# Environment variables +# Environment=MARIADB_USER= +# Environment=MARIADB_DATABASE= +# Environment=MARIADB_PASSWORD= +# Environment=MARIADB_ROOT_PASSWORD= +EnvironmentFile=/mnt/data/containers/roundcube/.env.roundcube-db + +# Health monitoring +HealthCmd=healthcheck.sh --connect +HealthInterval=30s +HealthTimeout=15s +HealthRetries=10 +HealthStartPeriod=15s + +# Other +UserNS=keep-id:uid=999,gid=999 + +[Service] +Restart=on-failure +RestartSec=5 +StartLimitBurst=5 + diff --git a/roundcube/roundcube-server.container b/roundcube/roundcube-server.container new file mode 100644 index 0000000..60a4c4a --- /dev/null +++ b/roundcube/roundcube-server.container @@ -0,0 +1,38 @@ +[Unit] +Description=Roundcube - Server +Requires=roundcube-db.service +After=roundcube-db.service + +[Container] +Pod=roundcube.pod +ContainerName=roundcube-server +Image=docker.io/roundcube/roundcubemail:latest + +# Environment=ROUNDCUBEMAIL_DEFAULT_HOST= +# Environment=ROUNDCUBEMAIL_DEFAULT_PORT= +# Environment=ROUNDCUBEMAIL_SMTP_SERVER= +# Environment=ROUNDCUBEMAIL_SMTP_PORT= +# Environment=ROUNDCUBEMAIL_USERNAME_DOMAIN= + +# Environment=ROUNDCUBEMAIL_DB_TYPE= +# Environment=ROUNDCUBEMAIL_DB_HOST= +# Environment=ROUNDCUBEMAIL_DB_PORT= +# Environment=ROUNDCUBEMAIL_DB_USER= +# Environment=ROUNDCUBEMAIL_DB_PASSWORD= +# Environment=ROUNDCUBEMAIL_DB_NAME= +EnvironmentFile=/mnt/data/containers/roundcube/.env.roundcube-server + +Volume=/mnt/data/containers/roundcube/config:/var/roundcube/config + +Label=homepage.group=Productivity +Label=homepage.name=Roundcube +Label=homepage.icon=roundcube.png +Label=homepage.href=https://mail.inkletblot.com +Label=homepage.description="Mail Client" + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/roundcube/roundcube.network b/roundcube/roundcube.network new file mode 100644 index 0000000..3a390ea --- /dev/null +++ b/roundcube/roundcube.network @@ -0,0 +1,12 @@ +[Unit] +Description=Roundcube network +After=network-online.target + +[Network] +NetworkName=roundcube-network +Subnet=10.17.0.0/24 +Gateway=10.17.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/roundcube/roundcube.pod b/roundcube/roundcube.pod new file mode 100644 index 0000000..e7cfb7b --- /dev/null +++ b/roundcube/roundcube.pod @@ -0,0 +1,5 @@ +[Pod] +Network=roundcube.network +PodName=roundcube +PublishPort=8567:80 + diff --git a/servarr/flaresolverr.container b/servarr/flaresolverr.container new file mode 100644 index 0000000..6eb7560 --- /dev/null +++ b/servarr/flaresolverr.container @@ -0,0 +1,28 @@ +[Unit] +Description=Solve Cloudflare Challenges +Wants=network-online.target +# Wants=servarr-gluetun.service +After=network-online.target +After=local-fs.target +# After=servarr-gluetun.service + +[Container] +Pod=servarr.pod +ContainerName=flaresolverr + +Image=ghcr.io/flaresolverr/flaresolverr:latest +AutoUpdate=registry + +# Network=container:servarr-gluetun + +Label=homepage.group=Arr +Label=homepage.name=Flaresolverr +Label=homepage.icon=flaresolverr.png +Label=homepage.description="Solve Cloudflare Challenges" + +[Service] +Restart=on-failure +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/servarr/gluetun.container b/servarr/gluetun.container new file mode 100644 index 0000000..d160220 --- /dev/null +++ b/servarr/gluetun.container @@ -0,0 +1,44 @@ +[Unit] +Description=VPN Network Tunnle +Wants=network-online.target +After=network-online.target +After=local-fs.target + +[Container] +ContainerName=gluetun + +Image=docker.io/qmcgaw/gluetun +AutoUpdate=registry + +AddDevice=/dev/net/tun +AddCapability=NET_ADMIN +AddCapability=NET_RAW + +# qbittorrent +PublishPort=9191:9191 + +# gluetun +PublishPort=8888:8888 + +# Environment=VPN_SERVICE_PROVIDER= +# Environment=VPN_TYPE= +# Environment=WIREGUARD_PRIVATE_KEY= +# Environment=SERVER_COUNTRIES= +# Environment=VPN_PORT_FORWARDING= +# Environment=HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE= +EnvironmentFile=/mnt/data/containers/servarr/gluetun/.env.gluetun + +Volume=/mnt/data/containers/servarr/gluetun/config:/gluetun:Z + +Label=homepage.group=Arr +Label=homepage.name=Gluetun +Label=homepage.href=http://gluetun:8888 +Label=homepage.icon=gluetun.png +Label=homepage.description="VPN Tunnle" + +[Service] +Restart=on-failure +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/servarr/lidarr.container b/servarr/lidarr.container new file mode 100644 index 0000000..f55cc0c --- /dev/null +++ b/servarr/lidarr.container @@ -0,0 +1,38 @@ +[Unit] +Description=Automate Music +Wants=network-online.target +# Wants=servarr-gluetun.service +After=network-online.target +After=local-fs.target +# After=servarr-gluetun.service + +[Container] +Pod=servarr.pod +ContainerName=lidarr + +Image=ghcr.io/hotio/lidarr +AutoUpdate=registry + +# Network=container:servarr-gluetun + +# Environment=PUID= +# Environment=PGID= +# Environment=TZ= +EnvironmentFile=/mnt/data/containers/servarr/lidarr/.env.lidarr + +Volume=/mnt/data/containers/servarr/lidarr/config:/config:Z +Volume=/mnt/audio/Sorted:/data/music +Volume=/mnt/data/downloads:/downloads + +Label=homepage.group=Arr +Label=homepage.name=Lidarr +Label=homepage.icon=lidarr.png +Label=homepage.href=http://192.168.2.61:8686 +Label=homepage.description="Automate Music" + +[Service] +Restart=on-failure +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/servarr/overseerr.container b/servarr/overseerr.container new file mode 100644 index 0000000..d855aa3 --- /dev/null +++ b/servarr/overseerr.container @@ -0,0 +1,36 @@ +[Unit] +Description=Automate Media Management +Wants=network-online.target +# Wants=servarr-gluetun.service +After=network-online.target +After=local-fs.target +# After=servarr-gluetun.service + +[Container] +Pod=servarr.pod +ContainerName=overseerr + +Image=docker.io/sctx/overseerr +AutoUpdate=registry + +# Network=container:servarr-gluetun + +# Environment=LOG_LEVEL= +# Environment=TZ= +# Environment=PORT= +EnvironmentFile=/mnt/data/containers/servarr/overseerr/.env.overseerr + +Volume=/mnt/data/containers/servarr/overseerr/config:/app/config:Z + +Label=homepage.group=Arr +Label=homepage.name=Overseerr +Label=homepage.icon=overseerr.png +Label=homepage.href=https://seer.inkletblot.com +Label=homepage.description="Request Media" + +[Service] +Restart=on-failure +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/servarr/profilarr.container b/servarr/profilarr.container new file mode 100644 index 0000000..8eb7a6b --- /dev/null +++ b/servarr/profilarr.container @@ -0,0 +1,31 @@ +[Unit] +Description=Auto profiles for sonarr/radarr + +[Container] +Pod=servarr.pod +ContainerName=profilarr + +Image=docker.io/santiagosayshey/profilarr:latest +AutoUpdate=registry + +# Network=container:gluetun + +# Environment=PUID= +# Environment=PGID= +# Environment=TZ= +EnvironmentFile=/mnt/data/containers/servarr/profilarr/.env.profilarr + +Volume=/mnt/data/containers/servarr/profilarr/config:/config:Z + +Label=homepage.group=Arr +Label=homepage.name=Profilarr +Label=homepage.icon=profilarr.png +Label=homepage.href=http://profilerr.forest +Label=homepage.description="Media profiles for arrs" + +[Service] +Restart=on-failure +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/servarr/prowlarr.container b/servarr/prowlarr.container new file mode 100644 index 0000000..b916741 --- /dev/null +++ b/servarr/prowlarr.container @@ -0,0 +1,36 @@ +[Unit] +Description=Manage indexers +Wants=network-online.target +# Wants=servarr-gluetun.service +After=network-online.target +After=local-fs.target +# After=servarr-gluetun.service + +[Container] +Pod=servarr.pod +ContainerName=prowlarr + +Image=ghcr.io/hotio/prowlarr:release-2.0.5.5160 +AutoUpdate=registry + +# Network=container:servarr-gluetun + +# Environment=PUID= +# Environment=PGID= +# Environment=TZ= +EnvironmentFile=/mnt/data/containers/servarr/prowlarr/.env.prowlarr + +Volume=/mnt/data/containers/servarr/prowlarr/config:/config:Z + +Label=homepage.group=Arr +Label=homepage.name=Prowlarr +Label=homepage.icon=prowlarr.png +Label=homepage.href=http://prowlarr.forest +Label=homepage.description="Manage indexers" + +[Service] +Restart=on-failure +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/servarr/qbittorrent.container b/servarr/qbittorrent.container new file mode 100644 index 0000000..c8c0f7f --- /dev/null +++ b/servarr/qbittorrent.container @@ -0,0 +1,38 @@ +[Unit] +Description=Torrent Client +Wants=network-online.target +Wants=gluetun.service +After=network-online.target +After=local-fs.target +After=gluetun.service + +[Container] +ContainerName=qbittorrent + +Image=lscr.io/linuxserver/qbittorrent:latest +AutoUpdate=registry + +Network=container:gluetun + +# Environment=PUID= +# Environment=PGID= +# Environment=TZ= +# Environment=WEBUI_PORT= +# Environment=TORRENTING_PORT= +EnvironmentFile=/mnt/data/containers/servarr/qbittorrent/.env.qbittorrent + +Volume=/mnt/data/containers/servarr/qbittorrent/config:/config +Volume=/mnt/data/downloads:/downloads + +Label=homepage.group=Arr +Label=homepage.name=qBittorrent +Label=homepage.icon=qbittorrent.png +Label=homepage.href=http://qbittorrent:9191 +Label=homepage.description="Automate Downloads" + +[Service] +Restart=always +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/servarr/radarr.container b/servarr/radarr.container new file mode 100644 index 0000000..5c9a53a --- /dev/null +++ b/servarr/radarr.container @@ -0,0 +1,38 @@ +[Unit] +Description=Automate Movies +Wants=network-online.target +# Wants=servarr-gluetun.service +After=network-online.target +After=local-fs.target +# After=servarr-gluetun.service + +[Container] +Pod=servarr.pod +ContainerName=radarr + +Image=ghcr.io/hotio/radarr +AutoUpdate=registry + +# Network=container:servarr-gluetun + +# Environment=PUID= +# Environment=PGID= +# Environment=TZ= +EnvironmentFile=/mnt/data/containers/servarr/radarr/.env.radarr + +Volume=/mnt/data/containers/servarr/radarr/config:/config:Z +Volume=/mnt/video/movies:/data/movies +Volume=/mnt/data/downloads:/downloads + +Label=homepage.group=Arr +Label=homepage.name=Radarr +Label=homepage.icon=radarr.png +Label=homepage.href=http://radarr.forest +Label=homepage.description="Automate Movies" + +[Service] +Restart=always +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/servarr/sabnzbd.container b/servarr/sabnzbd.container new file mode 100644 index 0000000..ed6c574 --- /dev/null +++ b/servarr/sabnzbd.container @@ -0,0 +1,36 @@ +[Unit] +Description=NZBD Client +Wants=network-online.target +# Wants=servarr-gluetun.service +After=network-online.target +After=local-fs.target +# After=servarr-gluetun.service + +[Container] +Pod=servarr.pod +ContainerName=sabnzbd + +Image=lscr.io/linuxserver/sabnzbd:latest +AutoUpdate=registry + +# Environment=PUID= +# Environment=PGID= +# Environment=TZ= +EnvironmentFile=/mnt/data/containers/servarr/sabnzbd/.env.sabnzbd + +Volume=/mnt/data/containers/servarr/sabnzbd/config:/config +Volume=/mnt/data/downloads:/downloads +Volume=/mnt/data/incomplete-downloads:/incomplete-downloads + +Label=homepage.group=Arr +Label=homepage.name=SABnzbd +Label=homepage.icon=sabnzbd.png +Label=homepage.href=http://sabnzbd.forest +Label=homepage.description="Automate nzb Downloads" + +[Service] +Restart=always +TimeoutStartSec=90 + +[Install] +Wantedby=default.target diff --git a/servarr/servarr.network b/servarr/servarr.network new file mode 100644 index 0000000..af7c513 --- /dev/null +++ b/servarr/servarr.network @@ -0,0 +1,12 @@ +[Unit] +Description=servarr network +After=network-online.target + +[Network] +NetworkName=servarr-network +Subnet=10.9.0.0/24 +Gateway=10.9.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/servarr/servarr.pod b/servarr/servarr.pod new file mode 100644 index 0000000..caaea50 --- /dev/null +++ b/servarr/servarr.pod @@ -0,0 +1,24 @@ +[Pod] +PodName=servarr +Network=servarr.network + +# sonarr +PublishPort=8989:8989 + +# radarr +PublishPort=7878:7878 + +# profilarr +PublishPort=6868:6868 + +# prowlarr +PublishPort=9696:9696 + +# overseerr +PublishPort=5858:5858 + +# sabnzdb +PublishPort=9797:8080 + +# lidarr +PublishPort=8686:8686 diff --git a/servarr/sonarr.container b/servarr/sonarr.container new file mode 100644 index 0000000..a47920d --- /dev/null +++ b/servarr/sonarr.container @@ -0,0 +1,39 @@ +[Unit] +Description=Automate TV shows +Wants=network-online.target +# Wants=servarr-gluetun.service +After=network-online.target +After=local-fs.target +# After=servarr-gluetun.service + +[Container] +Pod=servarr.pod +ContainerName=sonarr + +Image=ghcr.io/hotio/sonarr +AutoUpdate=registry + +# Network=container:servarr-gluetun + +# Environment=PUID= +# Environment=PGID= +# Environment=TZ= +EnvironmentFile=/mnt/data/containers/servarr/sonarr/.env.sonarr + +Volume=/mnt/data/containers/servarr/sonarr/config:/config:Z +Volume=/mnt/video/tv:/data/tv +Volume=/mnt/video/anime:/data/anime +Volume=/mnt/data/downloads:/downloads + +Label=homepage.group=Arr +Label=homepage.name=Sonarr +Label=homepage.icon=sonarr.png +Label=homepage.href=http://sonarr.forest +Label=homepage.description="Automate TV shows" + +[Service] +Restart=on-failure +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/stirling-pdf/stirling-pdf-db.container b/stirling-pdf/stirling-pdf-db.container new file mode 100644 index 0000000..344a178 --- /dev/null +++ b/stirling-pdf/stirling-pdf-db.container @@ -0,0 +1,23 @@ +[Unit] +Description=Stirling PDF - DB + +[Container] +Pod=stirling-pdf.pod +ContainerName=stirling-pdf-db +Image=docker.io/postgres:16-alpine + +# Environment=POSTGRES_PASSWORD= +# Environment=POSTGRES_USER= +# Environment=POSTGRES_DB= +EnvironmentFile=/mnt/data/containers/stirling-pdf/.env.stirling-pdf-db + +Volume=/mnt/data/containers/stirling-pdf/postgresql:/var/lib/postgresql/data +Volume=/etc/timezone:/etc/timezone:ro +Volume=/etc/localtime:/etc/localtime:ro + +[Service] +Restart=always +TimeoutStartSec=300 + +[Install] +WantedBy=default.target diff --git a/stirling-pdf/stirling-pdf.container b/stirling-pdf/stirling-pdf.container new file mode 100644 index 0000000..ca6a930 --- /dev/null +++ b/stirling-pdf/stirling-pdf.container @@ -0,0 +1,28 @@ +[Unit] +Description=Stirling PDF +Wants=network-online.target +After=network-online.target + +[Container] +Pod=stirling-pdf.pod +ContainerName=stirling-pdf +Image=docker.io/stirlingtools/stirling-pdf:latest +AutoUpdate=registry + +# DB and other things that would usually be enviroment files +# are set up in the live application. + +Volume=/mnt/data/containers/stirling-pdf/data:/configs + +Label=homepage.group=Misc. +Label=homepage.name="Stirling PDF" +Label=homepage.icon=stirling-pdf.png +Label=homepage.href=https://pdf.inkletblot.com +Label=homepage.description="PDF Tooling" + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=default.target diff --git a/stirling-pdf/stirling-pdf.network b/stirling-pdf/stirling-pdf.network new file mode 100644 index 0000000..3021df8 --- /dev/null +++ b/stirling-pdf/stirling-pdf.network @@ -0,0 +1,9 @@ +[Unit] +Description=Stirling PDF network +After=network-online.target + +[Network] +NetworkName=stirling-pdf-network + +[Install] +WantedBy=default.target diff --git a/stirling-pdf/stirling-pdf.pod b/stirling-pdf/stirling-pdf.pod new file mode 100644 index 0000000..93116f0 --- /dev/null +++ b/stirling-pdf/stirling-pdf.pod @@ -0,0 +1,6 @@ +[Pod] +PodName=stirling-pdf +Network=stirling-pdf.network + +PublishPort=8301:8080 + diff --git a/tautulli/tautulli.container b/tautulli/tautulli.container new file mode 100644 index 0000000..ab69dce --- /dev/null +++ b/tautulli/tautulli.container @@ -0,0 +1,31 @@ +[Unit] +Description=Tautulli +Wants=plex.service +After=plex.service +After=local-fs.target + +[Container] +Pod=tautulli.pod +Image=ghcr.io/tautulli/tautulli:latest +AutoUpdate=registry +ContainerName=tautulli + +# Environment=PUID= +# Environment=PGID= +# Environment=TZ= +EnvironmentFile=/mnt/data/containers/tautulli/.env.tautulli + +Volume=/mnt/data/containers/tautulli/config:/config:Z + +Label=homepage.group=Misc. +Label=homepage.name=Tautulli +Label=homepage.icon=tautulli.png +Label=homepage.href=http://tautulli.forest:8181 +Label=homepage.description="Plex Stats" + +[Service] +Restart=always +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/tautulli/tautulli.network b/tautulli/tautulli.network new file mode 100644 index 0000000..40ebe1c --- /dev/null +++ b/tautulli/tautulli.network @@ -0,0 +1,12 @@ +[Unit] +Description=Tautulli network +After=network-online.target + +[Network] +NetworkName=tautulli-network +Subnet=10.37.0.0/24 +Gateway=10.37.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/tautulli/tautulli.pod b/tautulli/tautulli.pod new file mode 100644 index 0000000..432bdd4 --- /dev/null +++ b/tautulli/tautulli.pod @@ -0,0 +1,5 @@ +[Pod] +PodName=tautulli +Network=tautulli.network + +PublishPort=8181:8181 diff --git a/trilium/trilium.container b/trilium/trilium.container new file mode 100644 index 0000000..0b26e85 --- /dev/null +++ b/trilium/trilium.container @@ -0,0 +1,30 @@ +[Unit] +Description=Trilium +Wants=network-online.target +After=network-online.target + +[Container] +ContainerName=trilium +Image=docker.io/triliumnext/trilium:latest +AutoUpdate=registry +PublishPort=8580:8080 + +# Environment=USER_UID= +# Environment=USER_GID= +EnvironmentFile=/mnt/data/containers/trilium/.env.trilium + +Volume=/mnt/data/containers/trilium/data:/home/node/trilium-data + +Label=homepage.group=Productivity +Label=homepage.name=Trilium +Label=homepage.icon=trilium.png +Label=homepage.href=https://notes.inkletblot.com +Label=homepage.description="Manage Knowledge" + +[Service] +Restart=always +TimeoutStartSec=900 +SuccessExitStatus=0 143 + +[Install] +WantedBy=default.target diff --git a/unifi/unifi-db.container b/unifi/unifi-db.container new file mode 100644 index 0000000..ce1169d --- /dev/null +++ b/unifi/unifi-db.container @@ -0,0 +1,27 @@ +[Unit] +Description=Unifi - MongoDB +Wants=network-online.target +After=network-online.target + +[Container] +Pod=unifi.pod +ContainerName=unifi-db +Image=docker.io/mongo:4.4 + +# Environment=MONGO_INITDB_ROOT_USERNAME= +# Environment=MONGO_INITDB_ROOT_PASSWORD= +# Environment=MONGO_USER= +# Environment=MONGO_PASS= +# Environment=MONGO_DBNAME= +# Environment=MONGO_AUTHSOURCE= +EnvironmentFile=/mnt/data/containers/unifi/.env.unifi-db + +Volume=/mnt/data/containers/unifi/db/data:/data/db +Volume=/mnt/data/containers/unifi/db/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh:ro + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=default.target diff --git a/unifi/unifi-server.container b/unifi/unifi-server.container new file mode 100644 index 0000000..159ef0c --- /dev/null +++ b/unifi/unifi-server.container @@ -0,0 +1,40 @@ +[Unit] +Description=Unifi - Server +Wants=unifi-db.service +After=unifi-db.service + +[Container] +Pod=unifi.pod +ContainerName=unifi-server +Image=docker.io/linuxserver/unifi-network-application:latest +AutoUpdate=registry + +# Environment=PUID= +# Environment=PGID= +# Environment=MEM_LIMIT= +# Environment=MEM_STARTUP= +# Environment=TZ= + +# MongoDB extras +# Environment=MONGO_USER= +# Environment=MONGO_PASS= +# Environment=MONGO_HOST= +# Environment=MONGO_PORT= +# Environment=MONGO_DBNAME= +# Environment=MONGO_AUTHSOURCE= +EnvironmentFile=/mnt/data/containers/unifi/.env.unifi-server + +Volume=/mnt/data/containers/unifi/server:/config + +Label=homepage.group=Misc. +Label=homepage.name=Unifi +Label=homepage.icon=unifi.png +Label=homepage.href=http://unifi.forest:8080 +Label=homepage.description="Network Administration" + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=default.target diff --git a/unifi/unifi.network b/unifi/unifi.network new file mode 100644 index 0000000..33bae16 --- /dev/null +++ b/unifi/unifi.network @@ -0,0 +1,12 @@ +[Unit] +Description=Unifi network +After=network-online.target + +[Network] +NetworkName=unifi-network +Subnet=10.5.0.0/24 +Gateway=10.5.0.1 +DNS= + +[Install] +WantedBy=default.target diff --git a/unifi/unifi.pod b/unifi/unifi.pod new file mode 100644 index 0000000..f8eb5f3 --- /dev/null +++ b/unifi/unifi.pod @@ -0,0 +1,11 @@ +[Pod] +PodName=unifi +Network=unifi.network +PublishPort=8543:8443 +PublishPort=3478:3478/udp +PublishPort=10001:10001/udp +PublishPort=8080:8080 +PublishPort=8843:8843 +PublishPort=8880:8880 +PublishPort=6789:6789 + diff --git a/vaultwarden/vaultwarden.container b/vaultwarden/vaultwarden.container new file mode 100644 index 0000000..5cd40dc --- /dev/null +++ b/vaultwarden/vaultwarden.container @@ -0,0 +1,31 @@ +[Unit] +Description=Vaultwarden +Wants=network-online.target +After=network-online.target + +[Container] +ContainerName=vaultwarden +Image=docker.io/vaultwarden/server:latest +AutoUpdate=registry + +PublishPort=8093:80 +PublishPort=3012:3012 + +# Environment=SIGNUPS_ALLOWED= +# Environment=DOMAIN= +EnvironmentFile=/mnt/data/containers/vaultwarden/.env.vaultwarden + +Volume=/mnt/data/containers/vaultwarden/data:/data:rw + +Label=homepage.group=Life +Label=homepage.name=Vaultwarden +Label=homepage.icon=bitwarden.png +Label=homepage.href=https://bw.inkletblot.com +Label=homepage.description="Password Manager" + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=default.target diff --git a/vert/vert.container b/vert/vert.container new file mode 100644 index 0000000..024bed1 --- /dev/null +++ b/vert/vert.container @@ -0,0 +1,22 @@ +[Unit] +Description=Vert +Wants=network-online.target +After=network-online.target + +[Container] +Pod=vert.pod +Image=ghcr.io/vert-sh/vert:latest +AutoUpdate=registry +ContainerName=vert + +Label=homepage.group=Documents/Backup +Label=homepage.name=Vert +Label=homepage.href=https://vert.inkletblot.com +Label=homepage.description="File Converter" + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=default.target diff --git a/vert/vert.network b/vert/vert.network new file mode 100644 index 0000000..20db05f --- /dev/null +++ b/vert/vert.network @@ -0,0 +1,9 @@ +[Unit] +Description=Vert network +After=network-online.target + +[Network] +NetworkName=vert-network + +[Install] +WantedBy=default.target diff --git a/vert/vert.pod b/vert/vert.pod new file mode 100644 index 0000000..0b90f9b --- /dev/null +++ b/vert/vert.pod @@ -0,0 +1,7 @@ +[Pod] +PodName=vert +Network=vert.network + +PublishPort=24153:24153 +PublishPort=8300:80 + diff --git a/vert/vertd.container b/vert/vertd.container new file mode 100644 index 0000000..fafabde --- /dev/null +++ b/vert/vertd.container @@ -0,0 +1,24 @@ +[Unit] +Description=vertd server +Wants=network-online.target +After=network-online.target + +[Container] +Pod=vert.pod +Image=ghcr.io/vert-sh/vertd:latest +AutoUpdate=registry +ContainerName=vertd + +# Environment=VERTD_FORCE_GPU= +EnvironmentFile=/mnt/data/containers/vert/.env.vertd + +Label=homepage.group=Documents/Backup +Label=homepage.name=vertd +Label=homepage.description="Video conversion daemon" + +[Service] +Restart=always +TimeoutStartSec=900 + +[Install] +WantedBy=default.target diff --git a/wg-easy/wgeasy.container b/wg-easy/wgeasy.container new file mode 100644 index 0000000..c5fe2c2 --- /dev/null +++ b/wg-easy/wgeasy.container @@ -0,0 +1,39 @@ +[Unit] +Description=WG Easy +Wants=network-online.target +After=network-online.target + +[Container] +Pod=wgeasy.pod +ContainerName=wgeasy +Image=ghcr.io/wg-easy/wg-easy:15.2 +AutoUpdate=registry + +AddCapability=NET_ADMIN +AddCapability=SYS_MODULE +AddCapability=NET_RAW + +Sysctl=net.ipv4.ip_forward=1 +Sysctl=net.ipv4.conf.all.src_valid_mark=1 +Sysctl=net.ipv6.conf.all.disable_ipv6=0 +Sysctl=net.ipv6.conf.all.forwarding=1 +Sysctl=net.ipv6.conf.default.forwarding=1 + +# Environment=INSECURE= +EnvironmentFile=/mnt/data/containers/wg-easy/.env.wgeasy + +Volume=/mnt/data/containers/wg-easy/wireguard:/etc/wireguard:Z +Volume=/lib/modules:/lib/modules:ro + +Label=homepage.group=Misc. +Label=homepage.name=wg-easy +Label=homepage.icon=wireguard.png +Label=homepage.href=https://wgeasy.forest +Label=homepage.description="Wireguard VPN" + +[Service] +Restart=always +TimeoutStartSec=90 + +[Install] +WantedBy=default.target diff --git a/wg-easy/wgeasy.network b/wg-easy/wgeasy.network new file mode 100644 index 0000000..41c39af --- /dev/null +++ b/wg-easy/wgeasy.network @@ -0,0 +1,10 @@ +[Unit] +Description=WG Easy network +After=network-online.target + +[Network] +NetworkName=wgeasy-network +IPv6=true + +[Install] +WantedBy=default.target diff --git a/wg-easy/wgeasy.pod b/wg-easy/wgeasy.pod new file mode 100644 index 0000000..ccdb739 --- /dev/null +++ b/wg-easy/wgeasy.pod @@ -0,0 +1,6 @@ +[Pod] +PodName=wgeasy +Network=wgeasy.network + +PublishPort=51820:51820/udp +PublishPort=5180:51821/tcp