Merge branch 'main' of git.mertens.digital:heri410/Container

Composer/basic/docker-compose.yml

@@ -0,0 +1,40 @@
+version: "3.7"
+services:
+  # Ingress
+  caddy:
+    image: lucaslorentz/caddy-docker-proxy
+    ports:
+      - 80:80
+      - 443:443
+    environment:
+      - CADDY_INGRESS_NETWORKS=caddy
+    networks:
+      - caddy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - caddy_data:/data
+    restart: unless-stopped
+
+  # Automatic Container Updates
+  watchtower:
+    image: containrrr/watchtower
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+  
+  # Cleanup unused Docker Container
+  janitor:
+    image: flaviostutz/docker-janitor
+    environment:
+      - RUN_ON_STARTUP=true
+      - PRUNE_VOLUMES=true
+      - SLEEP_TIME=86400
+      - UNUSED_TIME=24h
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+
+networks:
+  caddy:
+    external: true
+
+volumes:
+  caddy_data: {}

Composer/caddy/docker-compose.yml

@@ -1,29 +0,0 @@
-version: "3.7"
-services:
-  caddy:
-    image: lucaslorentz/caddy-docker-proxy
-    ports:
-      - 80:80
-      - 443:443
-    environment:
-      - CADDY_INGRESS_NETWORKS=caddy
-    networks:
-      - caddy
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - caddy_data:/data
-    restart: unless-stopped
-  whoami:
-    image: containous/whoami
-    networks:
-      - caddy
-    labels:
-      caddy: whoami.localhost
-      caddy.reverse_proxy: "{{upstreams 80}}"
-
-networks:
-  caddy:
-    external: true
-
-volumes:
-  caddy_data: {}

Composer/nextcloud/default-config/preview.config.php

@@ -0,0 +1,12 @@
+<?php
+$CONFIG = array (
+'enabledPreviewProviders' => [
+    'OC\Preview\MP3',
+    'OC\Preview\TXT',
+    'OC\Preview\MarkDown',
+    'OC\Preview\OpenDocument',
+    'OC\Preview\Krita',
+    'OC\Preview\Imaginary',
+],
+'preview_imaginary_url' => 'http://preview:9000',
+);

Composer/nextcloud/docker-compose.yml

@@ -0,0 +1,115 @@
+version: '3'
+
+services:
+  app:
+    image: nextcloud
+    restart: always
+    networks:
+      - caddy
+      - nextcloud
+    labels:
+      caddy: ${HOSTNAME}
+      caddy.reverse_proxy: "{{upstreams http 80}}"
+      caddy.0_redir: "/.well-known/carddav /remote.php/dav 301"
+      caddy.1_redir: "/.well-known/caldav /remote.php/dav 301"
+      caddy.header: "Strict-Transport-Security max-age=15552000"
+      caddy.tls: "internal"
+    volumes:
+      - ./data/nextcloud/www:/var/www/html
+      - ./default-config/preview.config.php:/var/www/html/config/preview.config.php
+    depends_on:
+      - clamav
+      - preview
+      - db
+      - redis
+    environment:
+      - POSTGRES_HOST=db
+      - REDIS_HOST=redis
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - NEXTCLOUD_TRUSTED_DOMAINS=${HOSTNAME}
+      - OVERWRITEPROTOCOL=https
+      - TRUSTED_PROXIES=${NEXTCLOUD_TRUSTED_PROXIES}
+      - APACHE_DISABLE_REWRITE_IP=1
+
+  preview:
+    image: docker.io/nextcloud/aio-imaginary:latest
+    restart: always
+    networks:
+      - nextcloud
+    environment:
+      - PORT=9000
+    command: -concurrency 50 -enable-url-source
+
+  clamav:
+    image: "clamav/clamav:stable_base"
+    container_name: "clamav"
+    networks:
+      - nextcloud
+    volumes:
+      - ./data/clamav/virus_db:/var/lib/clamav/   # Virus database
+    restart: unless-stopped
+  
+  # Does Not Work
+  #notify_push:
+  #  image: icewind1991/notify_push
+  #  restart: always
+  #  networks:
+  #    - nextcloud
+  #    - caddy
+  #  labels:
+  #    caddy: ${HOSTNAME}
+  #    caddy.handle_path: /push/*
+  #    caddy.handle_path.0_reverse_proxy: "{{upstreams http 7867}}"
+  #  depends_on:
+  #    - db
+  #    - redis
+  #    - app
+  #  volumes:
+  #    - ./data/nextcloud/www:/var/www/html:ro
+  #    - /etc/localtime:/etc/localtime:ro
+  #    - /etc/timezone:/etc/timezone:ro
+  #  environment:
+  #    - PORT=7867
+  #    - "NEXTCLOUD_URL=http://app"  # don't go through the proxy to contact the nextcloud server
+  #  entrypoint: ./notify_push --allow-self-signed --dump-config redis://:@redis --log-level debug /var/www/html/config/config.php
+
+  cron:
+    image: nextcloud 
+    restart: always
+    volumes:
+      - ./data/nextcloud/www:/var/www/html
+    entrypoint: /cron.sh
+    depends_on:
+      - db
+      - redis
+    networks:
+      - nextcloud
+
+
+  db:
+    container_name: db
+    image: postgres:alpine
+    restart: always
+    networks:
+      - nextcloud
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    volumes:
+      - ./data/db:/var/lib/postgresql/data
+      - /etc/localtime:/etc/localtime:ro
+
+  redis:
+    image: redis:alpine
+    restart: always
+    networks:
+      - nextcloud
+
+
+networks:
+  nextcloud:
+    internal: true
+  caddy:
+    external: true

Composer/photoprism/docker-compose.yml

@@ -0,0 +1,99 @@
+version: '3.5'
+
+services:
+  photoprism:
+    image: photoprism/photoprism:latest
+    depends_on:
+      - mariadb
+    restart: unless-stopped
+    security_opt:
+      - seccomp:unconfined
+      - apparmor:unconfined
+    #ports:
+    #  - "2342:2342" # HTTP port (host:container)
+    labels:
+      caddy: ${SERVER_DOMAIN}
+      caddy.reverse_proxy: "{{upstreams http 2342}}"
+      #caddy.@denied.not.remote_ip: "192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8"
+      #caddy.reverse_proxy: "@denied {{upstreams 2342}}"
+      caddy.tls: "internal"
+    networks:
+      - caddy
+      - photoprism    
+    environment:
+      PHOTOPRISM_ADMIN_USER: "admin"                 # superadmin username
+      PHOTOPRISM_ADMIN_PASSWORD: ${ADMIN_PW}         # initial superadmin password (minimum 8 characters)
+      PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
+      PHOTOPRISM_SITE_URL: ${SERVER_URL}             # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
+      PHOTOPRISM_HTTP_COMPRESSION: "gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
+      PHOTOPRISM_LOG_LEVEL: "info"                   # log level: trace, debug, info, warning, error, fatal, or panic
+      PHOTOPRISM_READONLY: "false"                   # do not modify originals directory (reduced functionality)
+      PHOTOPRISM_EXPERIMENTAL: "false"               # enables experimental features
+      PHOTOPRISM_DISABLE_CHOWN: "false"              # disables updating storage permissions via chmod and chown on startup
+      PHOTOPRISM_DISABLE_WEBDAV: "false"             # disables built-in WebDAV server
+      PHOTOPRISM_DISABLE_SETTINGS: "false"           # disables settings UI and API
+      PHOTOPRISM_DISABLE_TENSORFLOW: "false"         # disables all features depending on TensorFlow
+      PHOTOPRISM_DISABLE_FACES: "false"              # disables face detection and recognition (requires TensorFlow)
+      PHOTOPRISM_DISABLE_CLASSIFICATION: "false"     # disables image classification (requires TensorFlow)
+      PHOTOPRISM_DISABLE_RAW: "false"                # disables indexing and conversion of RAW files
+      PHOTOPRISM_RAW_PRESETS: "false"                # enables applying user presets when converting RAW files (reduces performance)
+      PHOTOPRISM_JPEG_QUALITY: 85                    # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
+      PHOTOPRISM_DETECT_NSFW: "false"                # automatically flags photos as private that MAY be offensive (requires TensorFlow)
+      PHOTOPRISM_UPLOAD_NSFW: "true"                 # allows uploads that MAY be offensive (no effect without TensorFlow)
+      PHOTOPRISM_DATABASE_DRIVER: "mysql"            # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
+      PHOTOPRISM_DATABASE_SERVER: "mariadb:3306"     # MariaDB or MySQL database server (hostname:port)
+      PHOTOPRISM_DATABASE_NAME: "photoprism"         # MariaDB or MySQL database schema name
+      PHOTOPRISM_DATABASE_USER: "photoprism"         # MariaDB or MySQL database user name
+      PHOTOPRISM_DATABASE_PASSWORD: ${MYSQL_PW}      # MariaDB or MySQL database user password
+      PHOTOPRISM_SITE_CAPTION: "Henriks Fotos"
+      PHOTOPRISM_SITE_DESCRIPTION: ""                # meta site description
+      PHOTOPRISM_SITE_AUTHOR: "Henrik Mertens"                     # meta site author
+      ## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean):
+      # PHOTOPRISM_INIT: "tensorflow"
+    working_dir: "/photoprism" # do not change or remove
+    volumes:
+      - /mnt/helmut/homes/henrik/Fotos:/photoprism/originals/Fotos
+      - /mnt/helmut/homes/henrik/photoprism/originals:/photoprism/originals               # Original media files (DO NOT REMOVE)
+      - /mnt/helmut/homes/henrik/photoprism/import:/photoprism/import
+      - "./data/storage:/photoprism/storage"                  # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
+
+  mariadb:
+    restart: unless-stopped
+    image: mariadb:10.10
+    security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
+      - seccomp:unconfined
+      - apparmor:unconfined
+    command: mysqld --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
+    volumes:
+      - "./data/mysql:/var/lib/mysql" # DO NOT REMOVE
+    networks:
+      - photoprism  
+    environment:
+      MARIADB_AUTO_UPGRADE: "1"
+      MARIADB_INITDB_SKIP_TZINFO: "1"
+      MARIADB_DATABASE: "photoprism"
+      MARIADB_USER: "photoprism"
+      MARIADB_PASSWORD: ${MYSQL_PW}  
+      MARIADB_ROOT_PASSWORD: ${MYSQL_PW}  
+
+  ## Watchtower upgrades services automatically (optional)
+  ## see https://docs.photoprism.app/getting-started/updates/#watchtower
+  ## activate via "COMPOSE_PROFILES=update docker compose up -d"
+  #watchtower:
+  #  restart: unless-stopped
+  #  image: containrrr/watchtower
+  #  profiles: ["update"]
+  #  environment:
+  #    WATCHTOWER_CLEANUP: "true"
+  #    WATCHTOWER_POLL_INTERVAL: 7200 # checks for updates every two hours
+  #  volumes:
+  #    - "/var/run/docker.sock:/var/run/docker.sock"
+  #    - "~/.docker/config.json:/config.json" # optional, for authentication if you have a Docker Hub account
+
+
+networks:
+  photoprism:
+    internal: true
+  caddy:
+    external: true

Composer/portainer/docker-compose.yml

@@ -0,0 +1,99 @@
+version: '3.5'
+
+services:
+  photoprism:
+    image: photoprism/photoprism:latest
+    depends_on:
+      - mariadb
+    restart: unless-stopped
+    security_opt:
+      - seccomp:unconfined
+      - apparmor:unconfined
+    #ports:
+    #  - "2342:2342" # HTTP port (host:container)
+    labels:
+      caddy: ${SERVER_DOMAIN}
+      caddy.reverse_proxy: "{{upstreams http 2342}}"
+      #caddy.@denied.not.remote_ip: "192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8"
+      #caddy.reverse_proxy: "@denied {{upstreams 2342}}"
+      caddy.tls: "internal"
+    networks:
+      - caddy
+      - photoprism    
+    environment:
+      PHOTOPRISM_ADMIN_USER: "admin"                 # superadmin username
+      PHOTOPRISM_ADMIN_PASSWORD: ${ADMIN_PW}         # initial superadmin password (minimum 8 characters)
+      PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
+      PHOTOPRISM_SITE_URL: ${SERVER_URL}             # server URL in the format "http(s)://domain.name(:port)/(path)"
+      PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
+      PHOTOPRISM_HTTP_COMPRESSION: "gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
+      PHOTOPRISM_LOG_LEVEL: "info"                   # log level: trace, debug, info, warning, error, fatal, or panic
+      PHOTOPRISM_READONLY: "false"                   # do not modify originals directory (reduced functionality)
+      PHOTOPRISM_EXPERIMENTAL: "false"               # enables experimental features
+      PHOTOPRISM_DISABLE_CHOWN: "false"              # disables updating storage permissions via chmod and chown on startup
+      PHOTOPRISM_DISABLE_WEBDAV: "false"             # disables built-in WebDAV server
+      PHOTOPRISM_DISABLE_SETTINGS: "false"           # disables settings UI and API
+      PHOTOPRISM_DISABLE_TENSORFLOW: "false"         # disables all features depending on TensorFlow
+      PHOTOPRISM_DISABLE_FACES: "false"              # disables face detection and recognition (requires TensorFlow)
+      PHOTOPRISM_DISABLE_CLASSIFICATION: "false"     # disables image classification (requires TensorFlow)
+      PHOTOPRISM_DISABLE_RAW: "false"                # disables indexing and conversion of RAW files
+      PHOTOPRISM_RAW_PRESETS: "false"                # enables applying user presets when converting RAW files (reduces performance)
+      PHOTOPRISM_JPEG_QUALITY: 85                    # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
+      PHOTOPRISM_DETECT_NSFW: "false"                # automatically flags photos as private that MAY be offensive (requires TensorFlow)
+      PHOTOPRISM_UPLOAD_NSFW: "true"                 # allows uploads that MAY be offensive (no effect without TensorFlow)
+      PHOTOPRISM_DATABASE_DRIVER: "mysql"            # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
+      PHOTOPRISM_DATABASE_SERVER: "mariadb:3306"     # MariaDB or MySQL database server (hostname:port)
+      PHOTOPRISM_DATABASE_NAME: "photoprism"         # MariaDB or MySQL database schema name
+      PHOTOPRISM_DATABASE_USER: "photoprism"         # MariaDB or MySQL database user name
+      PHOTOPRISM_DATABASE_PASSWORD: ${MYSQL_PW}      # MariaDB or MySQL database user password
+      PHOTOPRISM_SITE_CAPTION: "Henriks Fotos"
+      PHOTOPRISM_SITE_DESCRIPTION: ""                # meta site description
+      PHOTOPRISM_SITE_AUTHOR: "Henrik Mertens"                     # meta site author
+      ## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean):
+      # PHOTOPRISM_INIT: "tensorflow"
+    working_dir: "/photoprism" # do not change or remove
+    volumes:
+      - /mnt/helmut/homes/henrik/Fotos:/photoprism/originals/Fotos
+      - /mnt/helmut/homes/henrik/photoprism/originals:/photoprism/originals               # Original media files (DO NOT REMOVE)
+      - /mnt/helmut/homes/henrik/photoprism/import:/photoprism/import
+      - "./data/storage:/photoprism/storage"                  # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
+
+  mariadb:
+    restart: unless-stopped
+    image: mariadb:10.10
+    security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
+      - seccomp:unconfined
+      - apparmor:unconfined
+    command: mysqld --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
+    volumes:
+      - "./data/mysql:/var/lib/mysql" # DO NOT REMOVE
+    networks:
+      - photoprism  
+    environment:
+      MARIADB_AUTO_UPGRADE: "1"
+      MARIADB_INITDB_SKIP_TZINFO: "1"
+      MARIADB_DATABASE: "photoprism"
+      MARIADB_USER: "photoprism"
+      MARIADB_PASSWORD: ${MYSQL_PW}  
+      MARIADB_ROOT_PASSWORD: ${MYSQL_PW}  
+
+  ## Watchtower upgrades services automatically (optional)
+  ## see https://docs.photoprism.app/getting-started/updates/#watchtower
+  ## activate via "COMPOSE_PROFILES=update docker compose up -d"
+  #watchtower:
+  #  restart: unless-stopped
+  #  image: containrrr/watchtower
+  #  profiles: ["update"]
+  #  environment:
+  #    WATCHTOWER_CLEANUP: "true"
+  #    WATCHTOWER_POLL_INTERVAL: 7200 # checks for updates every two hours
+  #  volumes:
+  #    - "/var/run/docker.sock:/var/run/docker.sock"
+  #    - "~/.docker/config.json:/config.json" # optional, for authentication if you have a Docker Hub account
+
+
+networks:
+  photoprism:
+    internal: true
+  caddy:
+    external: true

Composer/woodpecker/docker-compose.yml

@@ -3,10 +3,11 @@ version: '3'
 services:
   woodpecker-server:
     image: woodpeckerci/woodpecker-server:next
+    restart: always
     #ports:
     #  - 8000:8000
     volumes:
-      - woodpecker-server-data:/var/lib/woodpecker/
+      - ./data/woodpecker:/var/lib/woodpecker/
     environment:
       - WOODPECKER_LOG_LEVEL=info
       - WOODPECKER_OPEN=true
@@ -20,7 +21,7 @@ services:
       - caddy
       - woodpecker
     labels:
-      caddy: woodpecker.localhost
+      caddy: woodpecker.mertens.digital
       caddy.reverse_proxy: "{{upstreams 8000}}"
   woodpecker-agent:
     image: woodpeckerci/woodpecker-agent:next
@@ -37,12 +38,8 @@ services:
       - WOODPECKER_SERVER=woodpecker-server:9000
       - WOODPECKER_SECRET=${WOODPECKER_AGENT_SECRET}
 
-volumes:
-  woodpecker-server-data:
-
-
 networks:
   woodpecker:
     internal: true
   caddy:
-    external: true
+    external: true