Split up to stacks and add portainer.

.env

@@ -1,2 +1,5 @@
 DB_ROOT_PW=340985asdfklweo20350~
 REDIS_PW=230skdfjl~23409
+
+NEXTCLOUD_ADMIN_USER=chris
+NEXTCLOUD_ADMIN_PW=lmaa,dw.

development/docker-compose.yaml

@@ -0,0 +1,77 @@
+version: "3.9"
+
+volumes:
+  gitea:
+    name: gitea
+  kimai:
+    name: kimai
+  kimai-var:
+    name: kimai-var
+
+networks:
+  proxy:
+    external: true
+  internal:
+    external: true
+
+services:
+  gitea:
+    image: gitea/gitea
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=psql14:5432
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=sadlkf0234lsdf
+    restart: unless-stopped
+    volumes:
+      - gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    depends_on:
+      - psql14
+    networks:
+      - internal
+      - proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea-web.entrypoints=web"
+      - "traefik.http.routers.gitea-web.rule=Host(`gitea.localhost`) || Host(`gitea.local`)"
+      - "traefik.http.services.gitea-web.loadbalancer.server.port=3000"
+
+  nginx-kimai:
+    image: nginx:alpine
+    container_name: nginx-kimai
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.kimai.entrypoints=web"
+      - "traefik.http.routers.kimai.rule=Host(`kimai.localhost`)"
+      - "traefik.http.services.kimai.loadbalancer.server.port=80"
+    depends_on:
+      - kimai
+    networks:
+      - proxy
+      - internal
+    volumes:
+      - kimai:/opt/kimai/public:ro
+      - ${PWD}/kimai.conf:/etc/nginx/conf.d/default.conf
+
+  kimai:
+    image: kimai/kimai2
+    container_name: kimai
+    restart: unless-stopped
+    environment:
+      - ADMINMAIL=christiansteinle@arcor.de
+      - ADMINPASS=ZovJdPamHwSNCGTcOPDb
+      - DATABASE_URL=mysql://kimai:xXW5dnQoMpAmdXrQgUgU@mysql8/kimai
+      - TRUSTED_HOSTS=kimai.localhost
+    networks:
+      - internal
+    volumes:
+      - kimai:/opt/kimai/public
+      - kimai-var:/opt/kimai/var
+

docker-compose.yaml

@@ -2,18 +2,14 @@ version: "3.9"
 
 networks:
   proxy:
-    external: true
+    external: false
+    name: proxy
   internal:
     external: false
     driver: bridge
+    name: internal
 
 volumes:
-  nextcloud:
-    name: nextcloud
-  nextcloud-data:
-    name: nextcloud-data
-  nextcloud-config:
-    name: nextcloud-config
   mysql8-data:
     name: mysql8-data
   mysql8-backup:
@@ -24,20 +20,8 @@ volumes:
     name: psql14-backup
   redis-data:
     name: redis-data
-  gitea:
+  portainer:
-    name: gitea
+    name: portainer
-  vault:
-    name: vault
-  bookstack:
-    name: bookstack
-  kimai:
-    name: kimai
-  kimai-var:
-    name: kimai-var
-  pihole:
-    name: pihole
-  dnsmasq:
-    name: dnsmasq
 
 services:
   traefik:
@@ -53,23 +37,44 @@ services:
       - --providers.docker.swarmMode=false
       - --entryPoints.web.address=:80
       - --entryPoints.websecure.address=:443
+      - --entryPoints.dns.address=:53/tcp
+      - --entryPoints.dns-udp.address=:53/udp
       - --log=true
       - --log.level=DEBUG
       - --accessLog=true
     ports:
       - "80:80"
       - "443:443"
+      - "53:53/tcp" # need to stop systemd-resolved: sudo systemctl stop systemd-resolved
+      - "53:53/udp" # need to stop systemd-resolved: sudo systemctl stop systemd-resolved
+      - "67:67/udp" # need to route dhcp requests to pihole
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - /${PWD}
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.traefik.entrypoints=web"
-      - "traefik.http.routers.traefik.rule=Host(`traefik.localhost`)"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.localhost`) || Host(`traefik.local`)"
       - "traefik.http.services.traefik.loadbalancer.server.port=8080"
     networks:
       - proxy
 
+  portainer:
+    image: portainer/portainer-ce
+    container_name: portainer
+    command: -H unix:///var/run/docker.sock
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer:/data
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.portainer.rule=Host(`portainer.localhost`) || Host(`portainer.local`)"
+      - "traefik.http.routers.portainer.entrypoints=web"
+      - "traefik.http.routers.portainer.service=portainer"
+      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
+
   mysql8:
     image: mysql:8
     container_name: mysql8
@@ -106,172 +111,3 @@ services:
     networks:
       - internal
 
-  nextcloud:
-    image: nextcloud:22-fpm-alpine
-    container_name: nextcloud
-    restart: unless-stopped
-    volumes:
-      - nextcloud:/var/www/html
-      - nextcloud-data:/var/www/html/data
-      - nextcloud-config:/var/www/html/config
-    networks:
-      - internal
-    environment:
-      - MYSQL_DATABASE:nextcloud
-      - MYSQL_USER:nextcloud
-      - MYSQL_PASSWORD:jX9hKI2POvt1VrjVbBs4
-      - MYSQL_HOST:mysql8
-      - REDIS_HOST:redis
-      - REDIS_HOST_PASSWORD:${REDIS_PW}
-      - NEXTCLOUD_ADMIN_USER:${NEXTCLOUD_ADMIN_USER}
-      - NEXTCLOUD_ADMIN_PASSWORD:${NEXTCLOUD_ADMIN_PW}
-      - NEXTCLOUD_TRUSTED_DOMAINS:cs-nextcloud.ddnss.de nextcloud.localhost
-      - VIRTUAL_HOST:nextcloud
-    depends_on:
-      - psql14
-      - redis
-
-  nginx-nc:
-    image: nginx:alpine
-    container_name: nginx-nc
-    restart: unless-stopped
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.nextcloud.entrypoints=web"
-      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.localhost`)"
-      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
-    depends_on:
-      - nextcloud
-    networks:
-      - proxy
-      - internal
-    volumes:
-      - nextcloud:/var/www/html
-      - ${PWD}/nextcloud.conf:/etc/nginx/conf.d/default.conf
-
-  gitea:
-    image: gitea/gitea
-    container_name: gitea
-    environment:
-      - USER_UID=1000
-      - USER_GID=1000
-      - GITEA__database__DB_TYPE=postgres
-      - GITEA__database__HOST=psql14:5432
-      - GITEA__database__NAME=gitea
-      - GITEA__database__USER=gitea
-      - GITEA__database__PASSWD=sadlkf0234lsdf
-    restart: unless-stopped
-    volumes:
-      - gitea:/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-    depends_on:
-      - psql14
-    networks:
-      - internal
-      - proxy
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.gitea-web.entrypoints=web"
-      - "traefik.http.routers.gitea-web.rule=Host(`cs-gitea.ddnss.de`) || Host(`gitea.localhost`)"
-      - "traefik.http.services.gitea-web.loadbalancer.server.port=3000"
-
-  vaultwarden:
-    image: vaultwarden/server
-    restart: unless-stopped
-    container_name: vaultwarden
-    volumes:
-      - vault:/data
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.vaultwarden.entrypoints=web"
-      - "traefik.http.routers.vaultwarden.rule=Host(`vault.localhost`)"
-      - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
-    networks:
-      - internal
-      - proxy
-
-  bookstack:
-    image: linuxserver/bookstack
-    restart: unless-stopped
-    container_name: bookstack
-    depends_on:
-      - mysql8
-    volumes:
-      - bookstack:/config
-    environment:
-      - PUID=1000
-      - GUID=1000
-      - APP_URL=http://bookstack.localhost
-      - DB_HOST=mysql8
-      - DB_USER=bookstack
-      - DB_PASS=sdfl39302klsdjf
-      - DB_DATABASE=bookstack
-    networks:
-      - internal
-      - proxy
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.bookstack.entrypoints=web"
-      - "traefik.http.routers.bookstack.rule=Host(`bookstack.localhost`)"
-      - "traefik.http.services.bookstack.loadbalancer.server.port=80"
-
-  nginx-kimai:
-    image: nginx:alpine
-    container_name: nginx-kimai
-    restart: unless-stopped
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.kimai.entrypoints=web"
-      - "traefik.http.routers.kimai.rule=Host(`kimai.localhost`)"
-      - "traefik.http.services.kimai.loadbalancer.server.port=80"
-    depends_on:
-      - kimai
-    networks:
-      - proxy
-      - internal
-    volumes:
-      - kimai:/opt/kimai/public:ro
-      - ${PWD}/kimai.conf:/etc/nginx/conf.d/default.conf
-
-  kimai:
-    image: kimai/kimai2
-    container_name: kimai
-    restart: unless-stopped
-    environment:
-      - ADMINMAIL=christiansteinle@arcor.de
-      - ADMINPASS=ZovJdPamHwSNCGTcOPDb
-      - DATABASE_URL=mysql://kimai:xXW5dnQoMpAmdXrQgUgU@mysql8/kimai
-      - TRUSTED_HOSTS=kimai.localhost
-    networks:
-      - internal
-    volumes:
-      - kimai:/opt/kimai/public
-      - kimai-var:/opt/kimai/var
-
-  pihole:
-    image: pihole/pihole
-    container_name: pihole
-    restart: unless-stopped
-    ports:
-      - "53:53/tcp"
-      - "53:53/udp"
-      - "67:67/udp"
-    environment:
-      TZ: 'Europe/Berlin'
-      WEBPASSWORD: 'sicher123'
-    cap_add:
-      - NET_ADMIN
-    volumes:
-      - pihole:/etc/pihole/
-      - dnsmasq:/etc/dnsmasq.d
-    networks:
-      - proxy
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.pihole.entrypoints=web"
-      - "traefik.http.routers.pihole.rule=Host(`pihole.localhost`)"
-      - "traefik.http.services.pihole.loadbalancer.server.port=80"
-
-# https://sensepost.com/blog/2020/building-a-hipster-aware-pi-home-server/
-# https://github.com/chriscrowe/docker-pihole-unbound/blob/master/two-container/docker-compose.yaml

networking/docker-compose.yaml

@@ -0,0 +1,113 @@
+version: "3.9"
+
+volumes:
+  pihole:
+    name: pihole
+  dnsmasq:
+    name: dnsmasq
+
+#  smokeping:
+#    name: smokeping
+#  smokeping-config:
+#    name: smokeping-config
+#  netdataconfig:
+#    name: netdataconfig
+#  netdatalib:
+#    name: netdatalib
+#  netdatacache:
+#    name: netdatacache
+
+networks:
+  proxy:
+    external: true
+  internal:
+    external: true
+
+
+services: # check `nslookup google.de` for example and adjust /etc/resolv.conf nameserver to 127.0.0.1
+  pihole:
+    image: pihole/pihole
+    cap_add:
+      - NET_ADMIN
+    container_name: pihole
+    environment:
+      TZ: "Europe/Berlin"
+      WEBPASSWORD: "lmaa,dw."
+    networks:
+      - proxy
+    restart: unless-stopped
+    volumes:
+      - pihole:/etc/pihole/
+      - dnsmasq:/etc/dnsmasq.d/
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.pihole.entrypoints=web"
+      - "traefik.http.routers.pihole.rule=Host(`pihole.localhost`) || Host(`pihole.local`)"
+      - "traefik.http.services.pihole.loadbalancer.server.port=80"
+
+      # Normal DNS coming in on 53 TCP, no TLS
+      - "traefik.tcp.routers.dns.rule=HostSNI(`pihole.localhost`)"
+      - "traefik.tcp.routers.dns.entrypoints=dns"
+      - "traefik.tcp.routers.dns.service=pihole"
+
+      # recieves traffic from both the TLS and non-TLS traefik routers
+      - "traefik.tcp.services.pihole.loadbalancer.server.port=53"
+
+      # Normal DNS coming in on 53 UDP
+      - "traefik.udp.routers.dns-udp.entrypoints=dns-udp"
+      - "traefik.udp.routers.dns-udp.service=pihole"
+      - "traefik.udp.services.pihole.loadbalancer.server.port=53"
+
+#  unbound:
+#    image: mvance/unbound
+#    container_name: unbound
+#    networks:
+#      - internal
+#      - proxy
+#    ports:
+#      - "5753:53/tcp"
+#      - "5753:53/udp"
+#    restart: always
+
+
+#  smokeping:
+#    image: lscr.io/linuxserver/smokeping
+#    container_name: smokeping
+#    environment:
+#      - PUID=1000
+#      - PGID=1000
+#      - TZ=Europe/Berlin
+#    restart: unless-stopped
+#    networks:
+#      - proxy
+#    volumes:
+#      - smokeping-config:/config
+#      - smokeping:/data
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.smokeping.entrypoints=web"
+#      - "traefik.http.routers.smokeping.rule=Host(`smokeping.localhost`) || Host(`smokeping.local`)"
+#      - "traefik.http.services.smokeping.loadbalancer.server.port=80"
+#
+#  netdata:
+#    image: netdata/netdata
+#    container_name: netdata
+#    restart: unless-stopped
+#    cap_add:
+#      - SYS_PTRACE
+#    networks:
+#      - proxy
+#    volumes:
+#      - netdataconfig:/etc/netdata
+#      - netdatalib:/var/lib/netdata
+#      - netdatacache:/var/cache/netdata
+#      - /etc/passwd:/host/etc/passwd:ro
+#      - /etc/group:/host/etc/group:ro
+#      - /proc:/host/proc:ro
+#      - /sys:/host/sys:ro
+#      - /etc/os-release:/host/etc/os-release:ro
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.netdata.entrypoints=web"
+#      - "traefik.http.routers.netdata.rule=Host(`netdata.localhost`) || Host(`netdata.local`)"
+#      - "traefik.http.services.netdata.loadbalancer.server.port=19999"

nextcloud/docker-compose.yaml

@@ -0,0 +1,59 @@
+version: "3.9"
+
+volumes:
+  nextcloud:
+    name: nextcloud
+  nextcloud-data:
+    name: nextcloud-data
+  nextcloud-config:
+    name: nextcloud-config
+
+networks:
+  proxy:
+    external: true
+  internal:
+    external: true
+
+services:
+  nextcloud:
+    image: nextcloud:22-fpm-alpine
+    container_name: nextcloud
+    restart: unless-stopped
+    volumes:
+      - nextcloud:/var/www/html
+      - nextcloud-data:/var/www/html/data
+      - nextcloud-config:/var/www/html/config
+    networks:
+      - internal
+    environment:
+      - MYSQL_DATABASE:nextcloud
+      - MYSQL_USER:nextcloud
+      - MYSQL_PASSWORD:jX9hKI2POvt1VrjVbBs4
+      - MYSQL_HOST:mysql8
+      - REDIS_HOST:redis
+      - REDIS_HOST_PASSWORD:${REDIS_PW}
+      - NEXTCLOUD_ADMIN_USER:${NEXTCLOUD_ADMIN_USER}
+      - NEXTCLOUD_ADMIN_PASSWORD:${NEXTCLOUD_ADMIN_PW}
+      - NEXTCLOUD_TRUSTED_DOMAINS:cs-nextcloud.ddnss.de nextcloud.localhost
+      - VIRTUAL_HOST:nextcloud
+    depends_on:
+      - psql14
+      - redis
+
+  nginx-nc:
+    image: nginx:alpine
+    container_name: nginx-nc
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.nextcloud.entrypoints=web"
+      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.localhost`)"
+      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
+    depends_on:
+      - nextcloud
+    networks:
+      - proxy
+      - internal
+    volumes:
+      - nextcloud:/var/www/html
+      - ${PWD}/nextcloud.conf:/etc/nginx/conf.d/default.conf

readme.md

@@ -9,7 +9,12 @@ Subdirectories are used to structure and keep components independent. You have t
 
 ### Common
 
+Traefik needs an external network so it can properly work. Create docker network with name **proxy**:
+
+`docker network create --gateway 192.168.2.1 --subnet 192.168.2.0/24 proxy`
+
 - traefik 2
+- portainer
 - mysql 8
 - postgresql 14
 - redis

security/docker-compose.yaml

@@ -0,0 +1,27 @@
+version: "3.9"
+
+networks:
+  proxy:
+    external: true
+  internal:
+    external: true
+
+volumes:
+  vault:
+    name: vault
+
+services:
+  vaultwarden:
+    image: vaultwarden/server
+    restart: unless-stopped
+    container_name: vaultwarden
+    volumes:
+      - vault:/data
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.vaultwarden.entrypoints=web"
+      - "traefik.http.routers.vaultwarden.rule=Host(`vault.localhost`) || Host(`vault.local`)"
+      - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
+    networks:
+      - internal
+      - proxy

wiki/docker-compose.yaml

@@ -0,0 +1,37 @@
+version: "3.9"
+
+networks:
+  proxy:
+    external: true
+  internal:
+    external: true
+
+volumes:
+  bookstack:
+    name: bookstack
+
+services:
+  bookstack:
+    image: linuxserver/bookstack
+    restart: unless-stopped
+    container_name: bookstack
+    depends_on:
+      - mysql8
+    volumes:
+      - bookstack:/config
+    environment:
+      - PUID=1000
+      - GUID=1000
+      - APP_URL=http://bookstack.localhost
+      - DB_HOST=mysql8
+      - DB_USER=bookstack
+      - DB_PASS=sdfl39302klsdjf
+      - DB_DATABASE=bookstack
+    networks:
+      - internal
+      - proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.bookstack.entrypoints=web"
+      - "traefik.http.routers.bookstack.rule=Host(`bookstack.localhost`) || Host(`bookstack.local`)"
+      - "traefik.http.services.bookstack.loadbalancer.server.port=80"