inital commit

.gitignore

@@ -0,0 +1 @@
+.env.*

compose.yml

@@ -0,0 +1,195 @@
+# admin token:
+# text input: glEY8%iK!&r44KxUj8Bv1Yj$68mcHElc
+# salt: ^85Du@M&
+
+name: implohq
+
+services:
+  proxy:
+    image: traefik:v2.10
+    container_name: implohq-proxy
+    networks:
+      - proxy
+    restart: always
+    ports:
+      - "80:80"
+      - "8080:8080"
+      - "443:443"
+      - "22:22"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "./certs:/certs"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "./dynamic:/etc/traefik/dynamic"
+    command:
+      - "--log.level=DEBUG"
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.network=implohq_proxy"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.file.directory=/etc/traefik/dynamic"
+      - "--providers.file.watch=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--entrypoints.ssh.address=:22"
+      - "--certificatesresolvers.webresolver.acme.tlschallenge=true"
+      # - "--certificatesresolvers.webresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.webresolver.acme.email=quirin.ecker@bajupa.com"
+      - "--certificatesresolvers.webresolver.acme.storage=/letsencrypt/acme.json"
+      # - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      # - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+
+  smarthome:
+    container_name: implohq-smarthome
+    networks:
+      - proxy
+    image: homeassistant/home-assistant:stable
+    restart: always
+    volumes:
+      - ./storage/home-assistant/config:/config
+    expose:
+      - 8123
+    ports:
+      - "5683:5683/udp"
+      - "8123:8123"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.homeassistant.rule=Host(`smarthome.implohq.de`)"
+      - "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
+      - "traefik.http.routers.homeassistant.entrypoints=websecure"
+      - "traefik.http.routers.homeassistant.tls.certresolver=webresolver"
+
+  cloud:
+    container_name: implohq-cloud
+    networks:
+      - proxy
+      - database
+    image: lscr.io/linuxserver/nextcloud:latest
+    restart: always
+    volumes:
+      - ./storage/nextcloud/data:/data
+      - ./storage/nextcloud/config:/config
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    expose:
+      - 80
+    ports:
+      - "8001:80"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.nextcloud.rule=Host(`cloud.implohq.de`)"
+      - "traefik.http.routers.nextcloud.entrypoints=websecure"
+      - "traefik.http.routers.nextcloud.tls.certresolver=webresolver"
+    env_file:
+      - .env.cloud
+
+  database:
+    container_name: implohq-database
+    restart: always
+    image: postgres
+    networks:
+      - database
+    ports:
+      - "5432:5432"
+    volumes:
+      - ./storage/postgres/:/var/lib/postgresql/data
+    env_file:
+      - .env.database
+
+  broker:
+    container_name: implohq-broker
+    image: eclipse-mosquitto
+    ports:
+      - "1883:1883"
+      - "8883:8883"
+    volumes:
+      - ./storage/mqtt/config:/mosquitto/config/
+      - ./storage/mqtt/certs/:/mosquitto/certs/
+
+  vpn:
+    image: lscr.io/linuxserver/wireguard:latest
+    container_name: implohq-vpn
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE #optional
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - SERVERURL=vpn.implohq.de #optional
+      - SERVERPORT=51820 #optional
+      - PEERS=4 #optional
+      - PEERDNS=auto #optional
+      - INTERNAL_SUBNET=10.13.13.0 #optional
+      - ALLOWEDIPS=0.0.0.0/0 #optional
+      - PERSISTENTKEEPALIVE_PEERS= #optional
+      - LOG_CONFS=true #optional
+    volumes:
+      - ./storage/wireguard/config:/config
+      - ./storage/wireguard/modules:/lib/modules
+    ports:
+      - 51820:51820/udp
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    restart: unless-stopped
+
+  password-manager:
+    image: vaultwarden/server:latest
+    container_name: implohq-password-manager
+    restart: unless-stopped
+    networks:
+      - proxy
+    ports:
+      - 9445:80 #map any custom port to use (replace 9445 not 80)
+    volumes:
+      - ./storage/vaultwarden/:/data:rw
+    environment:
+      - ADMIN_TOKEN=$argon2i$v=19$m=16,t=2,p=1$Xjg1RHVATSY$6EP9M9H3QUOnmlEDPlX/5g
+      - WEBSOCKET_ENABLED=true
+      - SIGNUPS_ALLOWED=true
+      - DOMAIN=https://passwords.implohq.de
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.vaultwarden.rule=Host(`passwords.implohq.de`)"
+      - "traefik.http.routers.vaultwarden.entrypoints=websecure"
+      - "traefik.http.routers.vaultwarden.tls=true"
+      - "traefik.http.routers.vaultwarden.tls.domains[0].main=passwords.implohq.de"
+    env_file:
+      - .env.password-manager
+
+      # Directly reference the certificate files
+  git-server:
+    image: docker.gitea.com/gitea:1.24.6
+    container_name: implohq-git-server
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+    restart: always
+    volumes:
+      - ./storage/gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - proxy
+    ports:
+      - "2222:22"
+    expose:
+      - 3000
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.git.rule=Host(`git.implohq.de`)"
+      - "traefik.http.services.git.loadbalancer.server.port=3000"
+      - "traefik.http.routers.git.entrypoints=websecure"
+      - "traefik.http.routers.git.tls.certresolver=webresolver"
+      # ssh config
+      - "traefik.tcp.routers.git.rule=HostSNI(`*`)"
+      - "traefik.tcp.routers.git.entrypoints=ssh"
+      - "traefik.tcp.services.git.loadbalancer.server.port=22"
+
+networks:
+  proxy:
+    ipam:
+      config:
+        - subnet: "172.19.0.0/16"
+          gateway: "172.19.0.1"
+  database:
+  portainer: