arbeitsschutz-ulm/homeserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: arbeitsschutz-ulm:d3c5ab62e2c500c6a2b80109b6a6ddaaf5c6f8ab
Branches Tags
arbeitsschutz-ulm:master
..
compare: arbeitsschutz-ulm:master
Branches Tags
arbeitsschutz-ulm:master

12 Commits
d3c5ab62e2 ... master

Author SHA1 Message Date
Christian Steinle
7085b0bf4c Remove mattermost information and use cleanup mechanism. 2025-05-09 06:49:11 +00:00
Christian Steinle
6a637fae12 Use stable channel for duplicati. 2025-05-09 06:48:35 +00:00
Christian Steinle
7604cdeb28 Update traefik. 2025-03-24 09:03:47 +00:00
chris
e3090d6070 Remove deprecated version tags in compose files. 2025-03-24 09:36:56 +01:00
Christian Steinle
93bcfacab2 Use watchtower to update instead of monitor only. 2025-03-24 08:31:25 +00:00
Christian Steinle
b4be828739 Switch nextcloud database from mysql:latest to fixed major version. 2025-01-09 06:55:49 +00:00
Christian Steinle
f3c319e0d6 Use beta tag for duplicati. 2025-01-09 06:43:46 +00:00
Christian Steinle
f04ae146a0 Apply new version configuration. 2024-11-13 09:32:51 +00:00
Christian Steinle
d6a4744da7 Introduction auf vaultwarden. 2023-07-19 06:57:57 +00:00
Christian Steinle
d089ba8b9d Change webserver configuration for nextcloud. 2023-07-19 06:01:06 +00:00
Christian Steinle
6cf8772530 Change entrypoint for sftp. Correct used port for sftp. And change traefik configuration for duplicati. 2023-03-05 17:48:26 +00:00
chris
166d27f82a Update volumes mountpoint for nextcloud database. 2023-02-20 14:04:39 +01:00
7 changed files with 80 additions and 28 deletions
Expand all files Collapse all files

15
duplicati/docker-compose.yaml
View File

@@ -1,5 +1,3 @@
version: "3.9"
networks: networks:
proxy: proxy:
external: true external: true
@@ -12,23 +10,28 @@ volumes:
services: services:
duplicati: duplicati:
image: duplicati/duplicati image: duplicati/duplicati:stable
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- duplicati-conf:/data - duplicati-conf:/data
- nextcloud-data:/nextcloud:ro - nextcloud-data:/nextcloud:ro
- /mnt/raid/nextcloud_data:/backup - /mnt/raid/nextcloud_data:/backup
environment:
DUPLICATI__DISABLE_DB_ENCRYPTION: true
DUPLICATI__WEBSERVICE_ALLOWEDHOSTNAMES: backup-asu.ddnss.de
networks: networks:
- proxy - proxy
ports:
- "8200:8200"
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.duplicati.entrypoints=web" - "traefik.http.routers.duplicati.entrypoints=web"
- "traefik.http.routers.duplicati.rule=Host(`backup-asu.ddnss.de`)" - "traefik.http.routers.duplicati.rule=Host(`backup-asu.ddnss.de`)"
- "traefik.http.routers.duplicati.middlewares=sftp" - "traefik.http.routers.duplicati.middlewares=duplicati"
- "traefik.http.middlewares.duplicati.redirectscheme.scheme=https" - "traefik.http.middlewares.duplicati.redirectscheme.scheme=https"
- "traefik.http.routers.duplicati-secure.entrypoints=websecure" - "traefik.http.routers.duplicati-secure.entrypoints=websecure"
- "traefik.http.routers.duplicati-secure.rule=Host(`backup-asu.ddnss.de`)" - "traefik.http.routers.duplicati-secure.rule=Host(`backup-asu.ddnss.de`)"
- "traefik.http.routers.duplicati-secure.service=sftp-secure" - "traefik.http.routers.duplicati-secure.service=duplicati-secure"
- "traefik.http.routers.duplicati-secure.tls=true" - "traefik.http.routers.duplicati-secure.tls=true"
- "traefik.http.routers.duplicati-secure.tls.certresolver=myresolver" - "traefik.http.routers.duplicati-secure.tls.certresolver=myresolver"
- "traefik.http.services.duplicati-secure.loadbalancer.server.port=8090" - "traefik.http.services.duplicati-secure.loadbalancer.server.port=8200"

6
nextcloud/docker-compose.yaml
View File

@@ -1,5 +1,3 @@
version: "3.9"
volumes: volumes:
nextcloud: nextcloud:
name: nextcloud name: nextcloud
@@ -79,10 +77,10 @@ services:
- ${PWD}/nextcloud.conf:/etc/nginx/conf.d/default.conf - ${PWD}/nextcloud.conf:/etc/nginx/conf.d/default.conf
db: db:
image: mysql:latest image: mysql:9
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- nextcloud-db:/var/lib/postgresql/data - nextcloud-db:/var/lib/mysql
networks: networks:
- nextcloud - nextcloud
environment: environment:

26
nextcloud/nextcloud.conf
View File

@@ -31,7 +31,7 @@ server {
add_header X-Download-Options "noopen" always; add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always; add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak # Remove X-Powered-By, which is an information leak
@@ -76,6 +76,12 @@ server {
location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
location /.well-known/webfinger { return 301 /index.php/.well-known/webfinger/; }
location /.well-known/nodeinfo { return 301 /index.php/.well-known/nodeinfo; }
# Let Nextcloud's API for `/.well-known` URIs handle all other # Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller. # requests by passing them to the front-end controller.
return 301 /index.php$request_uri; return 301 /index.php$request_uri;
@@ -109,10 +115,26 @@ server {
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
} }
location ~ \.(?:css|js|svg|gif|png|jpg|ico)$ { # Javascript mimetype fixes for nginx
# Note: The block below should be removed, and the js|mjs section should be
# added to the block below this one. This is a temporary fix until Nginx
# upstream fixes the js mime-type
location ~* \.(?:js|mjs)$ {
types {
text/javascript js mjs;
}
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, immutable";
access_log off;
}
location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess` expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets access_log off; # Optional: Don't log access to assets
} }

6
sftp/docker-compose.yaml
View File

@@ -1,10 +1,12 @@
version: "3.9" networks:
proxy:
external: true
services: services:
sftp: sftp:
image: drakkan/sftpgo:alpine-slim image: drakkan/sftpgo:alpine-slim
ports: ports:
- "2222:2022" - "2022:2022"
networks: networks:
- proxy - proxy
environment: environment:

5
traefik/docker-compose.yaml
View File

@@ -1,5 +1,3 @@
version: "3.9"
networks: networks:
proxy: proxy:
external: false external: false
@@ -11,7 +9,7 @@ volumes:
services: services:
traefik: traefik:
image: traefik:v2.9 image: traefik:v2.11
restart: unless-stopped restart: unless-stopped
command: command:
- --global.sendAnonymousUsage=false - --global.sendAnonymousUsage=false
@@ -22,7 +20,6 @@ services:
- --providers.docker.swarmMode=false - --providers.docker.swarmMode=false
- --entryPoints.web.address=:80 - --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443 - --entryPoints.websecure.address=:443
- --entryPoints.sftp.address=:2222/tcp
- --certificatesresolvers.myresolver.acme.tlschallenge=true - --certificatesresolvers.myresolver.acme.tlschallenge=true
- --certificatesresolvers.myresolver.acme.email=maier@arbeitsschutz-ulm.de - --certificatesresolvers.myresolver.acme.email=maier@arbeitsschutz-ulm.de
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json

29
vault/docker-compose.yaml Normal file
View File

@@ -0,0 +1,29 @@
networks:
proxy:
external: true
volumes:
vault:
name: vault
services:
vault:
image: vaultwarden/server:alpine
restart: unless-stopped
volumes:
- vault:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.vault.entrypoints=web"
- "traefik.http.routers.vault.rule=Host(`bitwarden-asu.ddnss.de`)"
- "traefik.http.routers.vault.middlewares=vault"
- "traefik.http.middlewares.vault.redirectscheme.scheme=https"
- "traefik.http.routers.vault-secure.entrypoints=websecure"
- "traefik.http.routers.vault-secure.rule=Host(`bitwarden-asu.ddnss.de`)"
- "traefik.http.routers.vault-secure.service=vault-secure"
- "traefik.http.routers.vault-secure.tls=true"
- "traefik.http.routers.vault-secure.tls.certresolver=myresolver"
- "traefik.http.services.vault-secure.loadbalancer.server.port=80"
networks:
- proxy

7
watchtower/docker-compose.yaml
View File

@@ -1,5 +1,3 @@
version: "3.9"
services: services:
watchtower: watchtower:
image: containrrr/watchtower image: containrrr/watchtower
@@ -9,5 +7,8 @@ services:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
environment: environment:
WATCHTOWER_INCLUDE_STOPPED: true WATCHTOWER_INCLUDE_STOPPED: true
WATCHTOWER_MONITOR_ONLY: true WATCHTOWER_MONITOR_ONLY: false
WATCHTOWER_CLEANUP: true
WATCHTOWER_REMOVE_VOLUMES: true
WATCHTOWER_SCHEDULE: "0 0 4 * * *" WATCHTOWER_SCHEDULE: "0 0 4 * * *"
WATCHTOWER_WARN_ON_HEAD_FAILURE: "never"