From a18521ae9a6f1e572dcd4a2eb9dc38d3d462a96c Mon Sep 17 00:00:00 2001 From: quirinecker Date: Sun, 5 Oct 2025 14:01:33 +0200 Subject: [PATCH] inital commit --- .gitignore | 1 + compose.yml | 195 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 196 insertions(+) create mode 100644 .gitignore create mode 100644 compose.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3615120 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env.* diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..494dec6 --- /dev/null +++ b/compose.yml @@ -0,0 +1,195 @@ +# admin token: +# text input: glEY8%iK!&r44KxUj8Bv1Yj$68mcHElc +# salt: ^85Du@M& + +name: implohq + +services: + proxy: + image: traefik:v2.10 + container_name: implohq-proxy + networks: + - proxy + restart: always + ports: + - "80:80" + - "8080:8080" + - "443:443" + - "22:22" + volumes: + - "./letsencrypt:/letsencrypt" + - "./certs:/certs" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "./dynamic:/etc/traefik/dynamic" + command: + - "--log.level=DEBUG" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.network=implohq_proxy" + - "--providers.docker.exposedbydefault=false" + - "--providers.file.directory=/etc/traefik/dynamic" + - "--providers.file.watch=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.ssh.address=:22" + - "--certificatesresolvers.webresolver.acme.tlschallenge=true" + # - "--certificatesresolvers.webresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + - "--certificatesresolvers.webresolver.acme.email=quirin.ecker@bajupa.com" + - "--certificatesresolvers.webresolver.acme.storage=/letsencrypt/acme.json" + # - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + # - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + + smarthome: + container_name: implohq-smarthome + networks: + - proxy + image: homeassistant/home-assistant:stable + restart: always + volumes: + - ./storage/home-assistant/config:/config + expose: + - 8123 + ports: + - "5683:5683/udp" + - "8123:8123" + labels: + - "traefik.enable=true" + - "traefik.http.routers.homeassistant.rule=Host(`smarthome.implohq.de`)" + - "traefik.http.services.homeassistant.loadbalancer.server.port=8123" + - "traefik.http.routers.homeassistant.entrypoints=websecure" + - "traefik.http.routers.homeassistant.tls.certresolver=webresolver" + + cloud: + container_name: implohq-cloud + networks: + - proxy + - database + image: lscr.io/linuxserver/nextcloud:latest + restart: always + volumes: + - ./storage/nextcloud/data:/data + - ./storage/nextcloud/config:/config + - /var/run/docker.sock:/var/run/docker.sock:ro + expose: + - 80 + ports: + - "8001:80" + labels: + - "traefik.enable=true" + - "traefik.http.routers.nextcloud.rule=Host(`cloud.implohq.de`)" + - "traefik.http.routers.nextcloud.entrypoints=websecure" + - "traefik.http.routers.nextcloud.tls.certresolver=webresolver" + env_file: + - .env.cloud + + database: + container_name: implohq-database + restart: always + image: postgres + networks: + - database + ports: + - "5432:5432" + volumes: + - ./storage/postgres/:/var/lib/postgresql/data + env_file: + - .env.database + + broker: + container_name: implohq-broker + image: eclipse-mosquitto + ports: + - "1883:1883" + - "8883:8883" + volumes: + - ./storage/mqtt/config:/mosquitto/config/ + - ./storage/mqtt/certs/:/mosquitto/certs/ + + vpn: + image: lscr.io/linuxserver/wireguard:latest + container_name: implohq-vpn + cap_add: + - NET_ADMIN + - SYS_MODULE #optional + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - SERVERURL=vpn.implohq.de #optional + - SERVERPORT=51820 #optional + - PEERS=4 #optional + - PEERDNS=auto #optional + - INTERNAL_SUBNET=10.13.13.0 #optional + - ALLOWEDIPS=0.0.0.0/0 #optional + - PERSISTENTKEEPALIVE_PEERS= #optional + - LOG_CONFS=true #optional + volumes: + - ./storage/wireguard/config:/config + - ./storage/wireguard/modules:/lib/modules + ports: + - 51820:51820/udp + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + restart: unless-stopped + + password-manager: + image: vaultwarden/server:latest + container_name: implohq-password-manager + restart: unless-stopped + networks: + - proxy + ports: + - 9445:80 #map any custom port to use (replace 9445 not 80) + volumes: + - ./storage/vaultwarden/:/data:rw + environment: + - ADMIN_TOKEN=$argon2i$v=19$m=16,t=2,p=1$Xjg1RHVATSY$6EP9M9H3QUOnmlEDPlX/5g + - WEBSOCKET_ENABLED=true + - SIGNUPS_ALLOWED=true + - DOMAIN=https://passwords.implohq.de + labels: + - "traefik.enable=true" + - "traefik.http.routers.vaultwarden.rule=Host(`passwords.implohq.de`)" + - "traefik.http.routers.vaultwarden.entrypoints=websecure" + - "traefik.http.routers.vaultwarden.tls=true" + - "traefik.http.routers.vaultwarden.tls.domains[0].main=passwords.implohq.de" + env_file: + - .env.password-manager + + # Directly reference the certificate files + git-server: + image: docker.gitea.com/gitea:1.24.6 + container_name: implohq-git-server + environment: + - USER_UID=1000 + - USER_GID=1000 + restart: always + volumes: + - ./storage/gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + networks: + - proxy + ports: + - "2222:22" + expose: + - 3000 + labels: + - "traefik.enable=true" + - "traefik.http.routers.git.rule=Host(`git.implohq.de`)" + - "traefik.http.services.git.loadbalancer.server.port=3000" + - "traefik.http.routers.git.entrypoints=websecure" + - "traefik.http.routers.git.tls.certresolver=webresolver" + # ssh config + - "traefik.tcp.routers.git.rule=HostSNI(`*`)" + - "traefik.tcp.routers.git.entrypoints=ssh" + - "traefik.tcp.services.git.loadbalancer.server.port=22" + +networks: + proxy: + ipam: + config: + - subnet: "172.19.0.0/16" + gateway: "172.19.0.1" + database: + portainer: