Update kimai stack.

automation/docker-compose.yaml

@@ -38,9 +38,15 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.semaphore.entrypoints=web"
-      - "traefik.http.routers.semaphore.rule=Host(`semaphore.lan`)"
+      - "traefik.http.routers.semaphore.rule=Host(`ansible.fam-steinle.de`)"
-      - "traefik.http.routers.semaphore.service=semaphore"
+      - "traefik.http.routers.semaphore.middlewares=semaphore"
-      - "traefik.http.services.semaphore.loadbalancer.server.port=3000"
+      - "traefik.http.middlewares.semaphore.redirectscheme.scheme=https"
+      - "traefik.http.routers.semaphore-secure.entrypoints=websecure"
+      - "traefik.http.routers.semaphore-secure.rule=Host(`ansible.fam-steinle.de`)"
+      - "traefik.http.routers.semaphore-secure.service=semaphore-secure"
+      - "traefik.http.routers.semaphore-secure.tls=true"
+      - "traefik.http.routers.semaphore-secure.tls.certresolver=myresolver"
+      - "traefik.http.services.semaphore-secure.loadbalancer.server.port=3000"
       - "com.centurylinklabs.watchtower.monitor-only=true"
 
   semaphore-db:

backup/docker-compose.yaml

@@ -7,31 +7,37 @@ volumes:
     name: duplicati-conf
   nextcloud-data:
     external: true
+  gitea:
+    external: true
 
 services:
   duplicati:
-    image: duplicati/duplicati:beta
+    image: duplicati/duplicati:stable
     restart: unless-stopped
     container_name: duplicati
     hostname: duplicati
-    ports:
-      - "8200:8200"
     volumes:
       - duplicati-conf:/data
       - nextcloud-data:/nextcloud:ro
+      - gitea:/gitea:ro
       - /media/backup:/backup
-    networks:
-      - proxy
     environment:
       DUPLICATI__DISABLE_DB_ENCRYPTION: true
-    deploy:
+      DUPLICATI__WEBSERVICE_ALLOWEDHOSTNAMES: backup.fam-steinle.de
-      resources:
+    networks:
-        limits:
+      - proxy
-          memory: 16g
+    ports:
+      - "8200:8200"
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.duplicati.entrypoints=web"
-      - "traefik.http.routers.duplicati.rule=Host(`duplicati.lan`)"
+      - "traefik.http.routers.duplicati.rule=Host(`backup.fam-steinle.de`)"
-      - "traefik.http.services.duplicati.loadbalancer.server.port=8200"
+      - "traefik.http.routers.duplicati.middlewares=duplicati"
-
+      - "traefik.http.middlewares.duplicati.redirectscheme.scheme=https"
+      - "traefik.http.routers.duplicati-secure.entrypoints=websecure"
+      - "traefik.http.routers.duplicati-secure.rule=Host(`backup.fam-steinle.de`)"
+      - "traefik.http.routers.duplicati-secure.service=duplicati-secure"
+      - "traefik.http.routers.duplicati-secure.tls=true"
+      - "traefik.http.routers.duplicati-secure.tls.certresolver=myresolver"
+      - "traefik.http.services.duplicati-secure.loadbalancer.server.port=8200"
 

common/docker-compose.yaml

@@ -2,6 +2,7 @@ networks:
   proxy:
     external: false
     name: proxy
+    enable_ipv6: true
 
 volumes:
   letsencrypt:
@@ -11,7 +12,7 @@ volumes:
 
 services:
   traefik:
-    image: traefik:v2.11
+    image: traefik:v3
     container_name: traefik
     restart: unless-stopped
     command:
@@ -20,7 +21,6 @@ services:
       - --providers.docker=true
       - --providers.docker.network=proxy
       - --providers.docker.exposedByDefault=false
-      - --providers.docker.swarmMode=false
       - --entryPoints.web.address=:80
       - --entryPoints.websecure.address=:443
       - --entryPoints.ssh.address=:222/tcp

dvb/docker-compose.yaml

@@ -1,8 +1,6 @@
 volumes:
   tv-data:
     name: tv-data
-  tv-recordings:
-    name: tv-recordings
   jellyfin-config:
     name: jellyfin-config
   jellyfin-cache:

gitea/docker-compose.yaml

@@ -4,6 +4,7 @@ networks:
   gitea:
     name: gitea
     external: false
+    enable_ipv6: true
 
 volumes:
   gitea:
@@ -42,15 +43,14 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.git.entrypoints=web"
-      - "traefik.http.routers.git.rule=Host(`cs-git.ddnss.de`)"
+      - "traefik.http.routers.git.rule=Host(`gitea.fam-steinle.de`)"
       - "traefik.http.routers.git.middlewares=git"
       - "traefik.http.middlewares.git.redirectscheme.scheme=https"
       - "traefik.http.routers.git-secure.entrypoints=websecure"
-      - "traefik.http.routers.git-secure.rule=Host(`cs-git.ddnss.de`)"
+      - "traefik.http.routers.git-secure.rule=Host(`gitea.fam-steinle.de`)"
       - "traefik.http.routers.git-secure.service=git-secure"
       - "traefik.http.routers.git-secure.tls=true"
       - "traefik.http.routers.git-secure.tls.certresolver=myresolver"
-      - "traefik.http.routers.git-secure.tls.domains[0].main=cs-git.ddnss.de"
       - "traefik.http.services.git-secure.loadbalancer.server.port=3000"
       - "traefik.tcp.routers.git-ssh.entrypoints=ssh"
       - "traefik.tcp.routers.git-ssh.rule=HostSNI(`*`)"
@@ -76,13 +76,14 @@ services:
   runner:
     image: gitea/act_runner
     restart: always
+    privileged: true
     depends_on:
       - gitea
     volumes:
       - gitea-runner:/data
       - /var/run/docker.sock:/var/run/docker.sock
-    environment:
-      - GITEA_INSTANCE_URL=https://cs-git.ddnss.de
-      - GITEA_RUNNER_REGISTRATION_TOKEN=flpCcwO0Dw6u4jtWT2wMBrBWuFZ8HDdS4qV277tH
     networks:
       - gitea
+    environment:
+      - GITEA_INSTANCE_URL=https://gitea.fam-steinle.de
+      - GITEA_RUNNER_REGISTRATION_TOKEN=FQDt05qG37BLO0OBl6eX94aNNVE9Ni5nFdeVFoKm

kimai/docker-compose.yaml

@@ -6,14 +6,16 @@ networks:
     external: false
 
 volumes:
-  kimai:
-    name: kimai
   kimai-db:
     name: kimai-db
+  kimai-data:
+    name: kimai-data
+  kimai-plugins:
+    name: kimai-plugins
 
 services:
   kimai:
-    image: kimai/kimai2:fpm
+    image: kimai/kimai2:apache
     container_name: kimai
     hostname: kimai
     restart: unless-stopped
@@ -21,33 +23,20 @@ services:
       ADMINMAIL: ${ADMIN_USER}
       ADMINPASS: ${ADMIN_PASS}
       DATABASE_URL: mysql://${DB_USER}:${DB_PASS}@kimai-db/${DB_NAME}?charset=utf8&serverVersion=8.1.0
-      TRUSTED_HOSTS: kimai.lan,kimai-web,localhost,127.0.0.1
       APP_SECRET: ${APP_SECRET}
     depends_on:
       - kimai-db
     networks:
+      - proxy
       - kimai
     volumes:
-      - kimai:/opt/kimai/public
+      - kimai-data:/opt/kimai/var/data
-
+      - kimai-plugins:/opt/kimai/var/plugins
-  kimai-web:
-    image: nginx:alpine
-    container_name: kimai-web
-    hostname: kimai-web
-    restart: unless-stopped
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.kimai.entrypoints=web"
       - "traefik.http.routers.kimai.rule=Host(`kimai.lan`)"
-      - "traefik.http.services.kimai.loadbalancer.server.port=80"
+      - "traefik.http.services.kimai.loadbalancer.server.port=8001"
-    depends_on:
-      - kimai
-    networks:
-      - proxy
-      - kimai
-    volumes:
-      - kimai:/opt/kimai/public:ro
-      - ${PWD}/kimai.conf:/etc/nginx/conf.d/default.conf
 
   kimai-db:
     image: mysql:8

kimai/kimai.conf

@@ -1,25 +0,0 @@
-server {
-    listen 80;
-    index index.php;
-    server_name kimai.lan;
-    root /opt/kimai/public;
-
-    # cache static asset files
-    location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ {
-            expires max;
-            log_not_found off;
-    }
-
-    location / {
-        try_files $uri $uri/ /index.php$is_args$args;
-    }
-
-    location ~ ^/index\.php(/|$) {
-        fastcgi_pass kimai:9000;
-        fastcgi_split_path_info ^(.+\.php)(/.*)$;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
-        fastcgi_param DOCUMENT_ROOT $realpath_root;
-        internal;
-    }
-}

monitoring/.gitignore

@@ -1 +0,0 @@
-speedtest.csv

monitoring/docker-compose.yaml

@@ -13,7 +13,7 @@ volumes:
 
 services:
   prometheus:
-    image: cs-git.ddnss.de/home/prometheus
+    image: gitea.fam-steinle.de/home/prometheus
     container_name: prometheus
     hostname: prometheus
     restart: unless-stopped
@@ -28,49 +28,8 @@ services:
       - "traefik.http.routers.prometheus.service=prometheus"
       - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
 
-  glances:
-    image: nicolargo/glances:latest-full
-    container_name: glances
-    restart: unless-stopped
-    pid: host
-      #    network_mode: host
-#    ports:
-#      - "61208:61208"
-#      - "9091:9091"
-    environment:
-      GLANCES_OPT: "--export prometheus -C /glances/conf/glances.conf"
-    networks:
-     - proxy
-        #- monitoring
-        # - host
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /etc/os-release:/etc/os-release:ro
-      - ./glances.conf:/glances/conf/glances.conf
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.glances.rule=Host(`glances.fam-steinle.de`)"
-      - "traefik.http.routers.glances.entrypoints=web"
-      - "traefik.http.routers.glances.service=glances"
-      - "traefik.http.services.glances.loadbalancer.server.port=9091"
-
-  speedtest:
-    image: cs-git.ddnss.de/home/speedtest-web
-    container_name: speedtest-web
-    restart: unless-stopped
-    volumes:
-      - /media/backup/speedtest.csv:/var/www/html/speedtest.csv
-    networks:
-      - proxy
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.speedtest.rule=Host(`speedtest.fam-steinle.de`)"
-      - "traefik.http.routers.speedtest.entrypoints=web"
-      - "traefik.http.routers.speedtest.service=speedtest"
-      - "traefik.http.services.speedtest.loadbalancer.server.port=8080"
-
   cadvisor:
-    image: gcr.io/cadvisor/cadvisor:v0.51.0
+    image: gcr.io/cadvisor/cadvisor:v0.52.1
     container_name: cadvisor
     hostname: cadvisor
     restart: unless-stopped
@@ -139,11 +98,8 @@ services:
     environment:
       WATCHTOWER_INCLUDE_STOPPED: true
       WATCHTOWER_MONITOR_ONLY: false
-      WATCHWOWER_CLEANUP: true
+      WATCHTOWER_CLEANUP: true
       WATCHTOWER_REMOVE_VOLUMES: true
       WATCHTOWER_WARN_ON_HEAD_FAILURE: "never"
       WATCHTOWER_SCHEDULE: "0 20 4 * * *"
-      WATCHTOWER_NOTIFICATIONS: "shoutrrr"
-      WATCHTOWER_NOTIFICATION_URL: "mattermost://watchtower@cs-mm.ddnss.de/og4ckuqet7fafb8kjuaigzuh7c"
-      WATCHTOWER_NOTIFICATION_TEMPLATE: "{{range .}} Homeserver - {{.Time.Format \"2006-01-02 15:04:05\"}} ({{.Level}}): {{.Message}}{{println}}{{end}}"
 

monitoring/glances.conf

@@ -1,882 +0,0 @@
-##############################################################################
-# Globals Glances parameters
-##############################################################################
-
-[global]
-# Stats refresh rate (default is a minimum of 2 seconds)
-# Can be overwrite by the -t <sec> option
-# It is also possible to overwrite it in each plugin sections
-refresh=2
-# Does Glances should check if a newer version is available on PyPI ?
-check_update=False
-# History size (maximum number of values)
-# Default is 1200 values (~1h with the default refresh rate)
-history_size=1200
-# Set the way Glances should display the date (default is %Y-%m-%d %H:%M:%S %Z)
-# strftime_format=%Y-%m-%d %H:%M:%S %Z
-# Define external directory for loading additional plugins
-# The layout follows the glances standard for plugin definitions
-#plugin_dir=/home/user/dev/plugins
-
-##############################################################################
-# User interface
-##############################################################################
-
-[outputs]
-# Options for all UIs
-#--------------------
-# Separator in the Curses and WebUI interface (between top and others plugins)
-#separator=True
-# Set the the Curses and WebUI interface left menu plugin list (comma-separated)
-#left_menu=network,wifi,connections,ports,diskio,fs,irq,folders,raid,smart,sensors,now
-# Limit the number of processes to display (in the WebUI)
-max_processes_display=25
-#
-# Specifics options for TUI
-#--------------------------
-# Disable background color
-#disable_bg=True
-#
-# Specifics options for WebUI
-#----------------------------
-# Set URL prefix for the WebUI and the API
-# Example: url_prefix=/glances/ => http://localhost/glances/
-# Note: The final / is mandatory
-# Default is no prefix (/)
-#url_prefix=/glances/
-# Set root path for WebUI statics files
-# Why ? On Debian system, WebUI statics files are not provided.
-# You can download it in a specific folder
-# thanks to https://github.com/nicolargo/glances/issues/2021
-# then configure this folder with the webui_root_path key
-# Default is folder where glances_restfull_api.py is hosted
-#webui_root_path=
-# CORS options
-# Comma separated list of origins that should be permitted to make cross-origin requests.
-# Default is *
-#cors_origins=*
-# Indicate that cookies should be supported for cross-origin requests.
-# Default is True
-#cors_credentials=True
-# Comma separated list of HTTP methods that should be allowed for cross-origin requests.
-# Default is *
-#cors_methods=*
-# Comma separated list of HTTP request headers that should be supported for cross-origin requests.
-# Default is *
-#cors_headers=*
-
-##############################################################################
-# Plugins
-##############################################################################
-
-[quicklook]
-# Set to true to disable a plugin
-# Note: you can also disable it from the command line (see --disable-plugin <plugin_name>)
-disable=False
-# Stats list (default is cpu,mem,load)
-# Available stats are: cpu,mem,load,swap
-list=cpu,mem,load
-# Graphical bar char used in the terminal user interface (default is |)
-bar_char=|
-# Define CPU, MEM and SWAP thresholds in %
-cpu_careful=50
-cpu_warning=70
-cpu_critical=90
-mem_careful=50
-mem_warning=70
-mem_critical=90
-swap_careful=50
-swap_warning=70
-swap_critical=90
-# Source: http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages
-# With 1 CPU core, the load should be lower than 1.00 ~ 100%
-load_careful=70
-load_warning=100
-load_critical=500
-
-[system]
-# This plugin display the first line in the Glances UI with:
-# Hostname / Operating system name / Architecture information
-# Set to true to disable a plugin
-disable=False
-# Default refresh rate is 60 seconds
-#refresh=60
-# System information to display (a string where {key} will be replaced by the value)
-# Available information are: hostname, os_name, os_version, os_arch, linux_distro, platform
-#system_info_msg= | My {os_name} system |
-
-[cpu]
-disable=False
-# See https://scoutapm.com/blog/slow_server_flow_chart
-#
-# I/O wait percentage should be lower than 1/# (# = Logical CPU cores)
-# Leave commented to just use the default config:
-# Careful=1/#*100-20% / Warning=1/#*100-10% / Critical=1/#*100
-#iowait_careful=30
-#iowait_warning=40
-#iowait_critical=50
-#
-# Total % is 100 - idle
-total_careful=65
-total_warning=75
-total_critical=85
-total_log=True
-#
-# Default values if not defined: 50/70/90 (except for iowait)
-user_careful=50
-user_warning=70
-user_critical=90
-user_log=False
-#user_critical_action=echo {{user}} {{value}} {{max}} > /tmp/cpu.alert
-#
-system_careful=50
-system_warning=70
-system_critical=90
-system_log=False
-#
-steal_careful=50
-steal_warning=70
-steal_critical=90
-#steal_log=True
-#
-# Context switch limit (core / second)
-# Leave commented to just use the default config critical is 50000*(Logical CPU cores)
-#ctx_switches_careful=10000
-#ctx_switches_warning=12000
-#ctx_switches_critical=14000
-
-[percpu]
-disable=False
-# Define the maximum number of CPU displayed at a time
-# If the number of CPU is higher than the one configured in max_cpu_display then:
-# - display top 'max_cpu_display' (sorted by CPU consumption)
-# - a last line will be added with the mean of all other CPUs
-max_cpu_display=4
-# Define CPU thresholds in %
-# Default values if not defined: 50/70/90
-user_careful=50
-user_warning=70
-user_critical=90
-iowait_careful=50
-iowait_warning=70
-iowait_critical=90
-system_careful=50
-system_warning=70
-system_critical=90
-
-[gpu]
-disable=False
-# Default processor values if not defined: 50/70/90
-proc_careful=50
-proc_warning=70
-proc_critical=90
-# Default memory values if not defined: 50/70/90
-mem_careful=50
-mem_warning=70
-mem_critical=90
-# Temperature
-temperature_careful=60
-temperature_warning=70
-temperature_critical=80
-
-[mem]
-disable=False
-# Define RAM thresholds in %
-# Default values if not defined: 50/70/90
-careful=50
-#careful_action_repeat=echo {{percent}} >> /tmp/memory.alert
-warning=70
-critical=90
-
-[memswap]
-disable=False
-# Define SWAP thresholds in %
-# Default values if not defined: 50/70/90
-careful=50
-warning=70
-critical=90
-
-[load]
-disable=False
-# Define LOAD thresholds
-# Value * number of cores
-# Default values if not defined: 0.7/1.0/5.0 per number of cores
-# Source: http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages
-#         http://www.linuxjournal.com/article/9001
-careful=0.7
-warning=1.0
-critical=5.0
-#log=False
-
-[network]
-disable=False
-# Default bitrate thresholds in % of the network interface speed
-# Default values if not defined: 70/80/90
-rx_careful=70
-rx_warning=80
-rx_critical=90
-tx_careful=70
-tx_warning=80
-tx_critical=90
-# Define the list of hidden network interfaces (comma-separated regexp)
-#hide=docker.*,lo
-# Define the list of wireless network interfaces to be show (comma-separated)
-#show=docker.*
-# Automatically hide interface not up (default is False)
-hide_no_up=True
-# Automatically hide interface with no IP address (default is False)
-hide_no_ip=True
-# Set hide_zero to True to automatically hide interface with no traffic
-hide_zero=False
-# Set hide_threshold_bytes to an integer value to automatically hide
-# interface with traffic less or equal than this value
-#hide_threshold_bytes=0
-# It is possible to overwrite the bitrate thresholds per interface
-# WLAN 0 Default limits (in bits per second aka bps) for interface bitrate
-#wlan0_rx_careful=4000000
-#wlan0_rx_warning=5000000
-#wlan0_rx_critical=6000000
-#wlan0_rx_log=True
-#wlan0_tx_careful=700000
-#wlan0_tx_warning=900000
-#wlan0_tx_critical=1000000
-#wlan0_tx_log=True
-# Alias for network interface name
-#alias=wlp2s0:WIFI
-
-[ip]
-# Disable display of private IP address
-disable=False
-# Configure the online service where public IP address information will be downloaded
-# - public_disabled: Disable public IP address information (set to True for offline platform)
-# - public_refresh_interval: Refresh interval between to calls to the online service
-# - public_api: URL of the API (the API should return an JSON object)
-# - public_username: Login for the online service (if needed)
-# - public_password: Password for the online service (if needed)
-# - public_field: Field name of the public IP address in onlibe service JSON message
-# - public_template: Template to build the public message
-#
-# Example for IPLeak service:
-# public_api=https://ipv4.ipleak.net/json/
-# public_field=ip
-# public_template={ip} {continent_name}/{country_name}/{city_name}
-#
-public_disabled=False
-public_refresh_interval=300
-public_api=https://ipv4.ipleak.net/json/
-#public_username=<myname>
-#public_password=<mysecret>
-public_field=ip
-public_template={continent_name}/{country_name}/{city_name}
-
-[connections]
-# Display additional information about TCP connections
-# This plugin is disabled by default because it consumes lots of CPU
-disable=True
-# nf_conntrack thresholds in %
-nf_conntrack_percent_careful=70
-nf_conntrack_percent_warning=80
-nf_conntrack_percent_critical=90
-
-[wifi]
-disable=False
-# Define SIGNAL thresholds in dBm (lower is better...)
-# Based on: http://serverfault.com/questions/501025/industry-standard-for-minimum-wifi-signal-strength
-careful=-65
-warning=-75
-critical=-85
-
-[diskio]
-disable=False
-# Define the list of hidden disks (comma-separated regexp)
-#hide=sda2,sda5,loop.*
-hide=loop.*,/dev/loop.*
-# Set hide_zero to True to automatically hide disk with no read/write
-hide_zero=False
-# Set hide_threshold_bytes to an integer value to automatically hide
-# interface with traffic less or equal than this value
-#hide_threshold_bytes=0
-# Define the list of disks to be show (comma-separated)
-#show=sda.*
-# Alias for sda1 and sdb1
-#alias=sda1:SystemDisk,sdb1:DataDisk
-# Set thresholds (in bytes per second) for a given disk name (rx = read / tx = write)
-#dm-0_rx_careful=4000000000
-#dm-0_rx_warning=5000000000
-#dm-0_rx_critical=6000000000
-#dm-0_rx_log=True
-#dm-0_tx_careful=700000000
-#dm-0_tx_warning=900000000
-#dm-0_tx_critical=1000000000
-#dm-0_tx_log=True
-
-[fs]
-disable=False
-# Define the list of file system to hide (comma-separated regexp)
-hide=/boot.*,.*/snap.*
-# Define the list of file system to show (comma-separated regexp)
-#show=/,/srv
-# Define filesystem space thresholds in %
-# Default values if not defined: 50/70/90
-# It is also possible to define per mount point value
-# Example: /_careful=40
-careful=50
-warning=70
-critical=90
-# Allow additional file system types (comma-separated FS type)
-#allow=shm
-# Alias for root file system
-#alias=/:Root,/zsfpool:ZSF
-
-[irq]
-# Documentation: https://glances.readthedocs.io/en/latest/aoa/irq.html
-# This plugin is disabled by default
-disable=True
-
-[folders]
-# Documentation: https://glances.readthedocs.io/en/latest/aoa/folders.html
-disable=False
-# Define a folder list to monitor
-# The list is composed of items (list_#nb <= 10)
-# An item is defined by:
-# * path: absolute path
-# * careful: optional careful threshold (in MB)
-# * warning: optional warning threshold (in MB)
-# * critical: optional critical threshold (in MB)
-# * refresh: interval in second between two refreshes
-#folder_1_path=/tmp
-#folder_1_careful=2500
-#folder_1_warning=3000
-#folder_1_critical=3500
-#folder_1_refresh=60
-#folder_2_path=/home/nicolargo/Videos
-#folder_2_warning=17000
-#folder_2_critical=20000
-#folder_3_path=/nonexisting
-#folder_4_path=/root
-
-[cloud]
-# Documentation: https://glances.readthedocs.io/en/latest/aoa/cloud.html
-# This plugin is disabled by default
-disable=True
-
-[raid]
-# Documentation: https://glances.readthedocs.io/en/latest/aoa/raid.html
-# This plugin is disabled by default
-disable=True
-
-[smart]
-# Documentation: https://glances.readthedocs.io/en/latest/aoa/smart.html
-# This plugin is disabled by default
-disable=True
-# Define the list of sensors to hide (comma-separated regexp)
-#hide=.*Hide_this_driver.*
-# Define the list of sensors to show (comma-separated regexp)
-#show=.*Drive_Temperature.*
-
-[hddtemp]
-disable=False
-# Define hddtemp server IP and port (default is 127.0.0.1 and 7634 (TCP))
-host=127.0.0.1
-port=7634
-
-[sensors]
-# Documentation: https://glances.readthedocs.io/en/latest/aoa/sensors.html
-disable=False
-# Set the refresh multiplicator for the sensors
-# By default refresh every Glances refresh * 3 (increase to reduce CPU consumption)
-#refresh=3
-# Hide some sensors (comma separated list of regexp)
-hide=unknown.*
-# Show only the following sensors (comma separated list of regexp)
-#show=CPU.*
-# Sensors core thresholds (in Celsius...)
-# By default values are grabbed from the system
-# Overwrite thresholds for a specific sensor
-#temperature_core_Ambient_careful=45
-#temperature_core_Ambient_warning=65
-#temperature_core_Ambient_critical=80
-#temperature_core_Ambient_log=False
-# Overwrite thresholds for a specific type of sensor
-#temperature_core_careful=45
-#temperature_core_warning=65
-#temperature_core_critical=80
-# Temperatures threshold in °C for hddtemp
-# Default values if not defined: 45/52/60
-#temperature_hdd_careful=45
-#temperature_hdd_warning=52
-#temperature_hdd_critical=60
-# Battery threshold in %
-# Default values if not defined: 70/80/90
-#battery_careful=70
-#battery_warning=80
-#battery_critical=90
-# Fan speed threshold in RPM
-#fan_speed_careful=100
-# Sensors alias
-#alias=core 0:CPU Core 0,core 1:CPU Core 1
-
-[processcount]
-disable=False
-# If you want to change the refresh rate of the processing list, please uncomment:
-#refresh=10
-
-[processlist]
-disable=False
-# Sort key: if not defined, the sort is automatically done by Glances (recommended)
-# Should be one of the following:
-# cpu_percent, memory_percent, io_counters, name, cpu_times, username
-#sort_key=memory_percent
-# List of stats to disable (not grabed and not display)
-# Stats that can be disabled: cpu_percent,memory_info,memory_percent,username,cpu_times,num_threads,nice,status,io_counters,cmdline
-# Stats that can not be disable: pid,name
-#disable_stats=cpu_percent,memory_info,memory_percent,username,cpu_times,num_threads,nice,status,io_counters,cmdline
-# Define CPU/MEM (per process) thresholds in %
-# Default values if not defined: 50/70/90
-cpu_careful=50
-cpu_warning=70
-cpu_critical=90
-mem_careful=50
-mem_warning=70
-mem_critical=90
-#
-# Nice priorities range from -20 to 19.
-# Configure nice levels using a comma-separated list.
-#
-# Nice: Example 1, non-zero is warning (default behavior)
-nice_warning=-20,-19,-18,-17,-16,-15,-14,-13,-12,-11,-10,-9,-8,-7,-6,-5,-4,-3,-2,-1,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
-#
-# Nice: Example 2, low priority processes escalate from careful to critical
-#nice_careful=1,2,3,4,5,6,7,8,9
-#nice_warning=10,11,12,13,14
-#nice_critical=15,16,17,18,19
-#
-# Define the list of processes to export using:
-# a comma-separated list of Glances filter
-#export=.*firefox.*,pid:1234
-
-[ports]
-disable=False
-# Interval in second between two scans
-# Ports scanner plugin configuration
-refresh=30
-# Set the default timeout (in second) for a scan (can be overwritten in the scan list)
-timeout=3
-# If port_default_gateway is True, add the default gateway on top of the scan list
-port_default_gateway=False
-#
-# Define the scan list (1 < x < 255)
-# port_x_host (name or IP) is mandatory
-# port_x_port (TCP port number) is optional (if not set, use ICMP)
-# port_x_description is optional (if not set, define to host:port)
-# port_x_timeout is optional and overwrite the default timeout value
-# port_x_rtt_warning is optional and defines the warning threshold in ms
-#
-#port_1_host=192.168.0.1
-#port_1_port=80
-#port_1_description=Home Box
-#port_1_timeout=1
-#port_2_host=www.free.fr
-#port_2_description=My ISP
-#port_3_host=www.google.com
-#port_3_description=Internet ICMP
-#port_3_rtt_warning=1000
-#port_4_description=Internet Web
-#port_4_host=www.google.com
-#port_4_port=80
-#port_4_rtt_warning=1000
-#
-# Define Web (URL) monitoring list (1 < x < 255)
-# web_x_url is the URL to monitor (example: http://my.site.com/folder)
-# web_x_description is optional (if not set, define to URL)
-# web_x_timeout is optional and overwrite the default timeout value
-# web_x_rtt_warning is optional and defines the warning respond time in ms (approximately)
-#
-#web_1_url=https://blog.nicolargo.com
-#web_1_description=My Blog
-#web_1_rtt_warning=3000
-#web_2_url=https://github.com
-#web_3_url=http://www.google.fr
-#web_3_description=Google Fr
-#web_4_url=https://blog.nicolargo.com/nonexist
-#web_4_description=Intranet
-
-[vms]
-disable=True
-# Define the maximum VMs size name (default is 20 chars)
-max_name_size=20
-# By default, Glances only display running VMs with states: 'Running', 'Starting' or 'Restarting'
-# Set the following key to True to display all VMs regarding their states
-all=False
-
-[containers]
-disable=False
-# Only show specific containers (comma-separated list of container name or regular expression)
-# Comment this line to display all containers (default configuration)
-; show=telegraf
-# Hide some containers (comma-separated list of container name or regular expression)
-# Comment this line to display all containers (default configuration)
-; hide=telegraf
-# Define the maximum docker size name (default is 20 chars)
-max_name_size=20
-# List of stats to disable (not display)
-# Following stats can be disabled: name,status,uptime,cpu,mem,diskio,networkio,command
-; disable_stats=diskio,networkio
-# Thresholds for CPU and MEM (in %)
-; cpu_careful=50
-; cpu_warning=70
-; cpu_critical=90
-; mem_careful=20
-; mem_warning=50
-; mem_critical=70
-#
-# Per container thresholds
-; containername_cpu_careful=10
-; containername_cpu_warning=20
-; containername_cpu_critical=30
-#
-# By default, Glances only display running containers
-# Set the following key to True to display all containers
-all=False
-# Define Podman sock
-; podman_sock=unix:///run/user/1000/podman/podman.sock
-
-[amps]
-# AMPs configuration are defined in the bottom of this file
-disable=False
-
-[alert]
-disable=False
-# Maximum number of events to display (default is 10 events)
-;max_events=10
-# Minimum duration for an event to be taken into account (default is 6 seconds)
-;min_duration=6
-# Minimum time between two events of the same type (default is 6 seconds)
-# This is used to avoid too many alerts for the same event
-# Events will be merged
-;min_interval=6
-
-##############################################################################
-# Browser mode - Static servers definition
-##############################################################################
-
-[serverlist]
-# Define columns (comma separated list of <plugin>:<field>:(<key>)) to grab/display
-# Default is: system:hr_name,load:min5,cpu:total,mem:percent
-# You can also add stats with key, like sensors:value:Ambient (key is case sensitive)
-#columns=system:hr_name,load:min5,cpu:total,mem:percent,memswap:percent,sensors:value:Ambient,sensors:value:Composite
-# Define the static servers list
-# _protocol can be: rpc (default if not defined) or rest
-# List is limited to 256 servers max (1 to 256)
-#server_1_name=localhost
-#server_1_alias=Local WebUI
-#server_1_port=61266
-#server_1_protocol=rest
-#server_2_name=localhost
-#server_2_alias=My local PC
-#server_2_port=61209
-#server_2_protocol=rpc
-#server_3_name=192.168.0.17
-#server_3_alias=Another PC on my network
-#server_3_port=61209
-#server_1_protocol=rpc
-#server_4_name=notagooddefinition
-#server_4_port=61237
-
-[passwords]
-# Define the passwords list related to the [serverlist] section
-# Syntax: host=password
-# Where: host is the hostname
-#        password is the clear password
-# Additionally (and optionally) a default password could be defined
-localhost=lmaa,dw.
-default=lmaa,dw.
-#
-# Define the path of the local '.pwd' file (default is system one)
-#local_password_path=~/.config/glances
-
-##############################################################################
-# Exports
-##############################################################################
-
-[graph]
-# Configuration for the --export graph option
-# Set the path where the graph (.svg files) will be created
-# Can be overwrite by the --graph-path command line option
-path=/tmp/glances
-# It is possible to generate the graphs automatically by setting the
-# generate_every to a non zero value corresponding to the seconds between
-# two generation. Set it to 0 to disable graph auto generation.
-generate_every=0
-# See following configuration keys definitions in the Pygal lib documentation
-# http://pygal.org/en/stable/documentation/index.html
-width=800
-height=600
-style=DarkStyle
-
-[influxdb]
-# !!!
-# Will be DEPRECATED in future release.
-# Please have a look on the new influxdb2 export module (compatible with InfluxDB 1.8.x and 2.x)
-# !!!
-# Configuration for the --export influxdb option
-# https://influxdb.com/
-host=localhost
-port=8086
-protocol=http
-user=root
-password=root
-db=glances
-# Prefix will be added for all measurement name
-# Ex: prefix=foo
-#     => foo.cpu
-#     => foo.mem
-# You can also use dynamic values
-#prefix=foo
-# Following tags will be added for all measurements
-# You can also use dynamic values.
-# Note: hostname and name (for process) are always added as a tag
-#tags=foo:bar,spam:eggs,domain:`domainname`
-
-[influxdb2]
-# Configuration for the --export influxdb2 option
-# https://influxdb.com/
-host=localhost
-port=8086
-protocol=http
-org=nicolargo
-bucket=glances
-token=EjFUTWe8U-MIseEAkaVIgVnej_TrnbdvEcRkaB1imstW7gapSqy6_6-8XD-yd51V0zUUpDy-kAdVD1purDLuxA==
-# Set the interval between two exports (in seconds)
-# If the interval is set to 0, the Glances refresh time is used (default behavor)
-#interval=0
-# Prefix will be added for all measurement name
-# Ex: prefix=foo
-#     => foo.cpu
-#     => foo.mem
-# You can also use dynamic values
-#prefix=foo
-# Following tags will be added for all measurements
-# You can also use dynamic values.
-# Note: hostname and name (for process) are always added as a tag
-#tags=foo:bar,spam:eggs,domain:`domainname`
-
-[cassandra]
-# Configuration for the --export cassandra option
-# Also works for the ScyllaDB
-# https://influxdb.com/ or http://www.scylladb.com/
-host=localhost
-port=9042
-protocol_version=3
-keyspace=glances
-replication_factor=2
-# If not define, table name is set to host key
-table=localhost
-# If not define, username and password will not be used
-#username=cassandra
-#password=password
-
-[opentsdb]
-# Configuration for the --export opentsdb option
-# http://opentsdb.net/
-host=localhost
-port=4242
-#prefix=glances
-#tags=foo:bar,spam:eggs
-
-[statsd]
-# Configuration for the --export statsd option
-# https://github.com/etsy/statsd
-host=localhost
-port=8125
-#prefix=glances
-
-[elasticsearch]
-# Configuration for the --export elasticsearch option
-# Data are available via the ES RESTful API. ex: URL/<index>/cpu
-# https://www.elastic.co
-scheme=http
-host=localhost
-port=9200
-index=glances
-
-[riemann]
-# Configuration for the --export riemann option
-# http://riemann.io
-host=localhost
-port=5555
-
-[rabbitmq]
-# Configuration for the --export rabbitmq option
-host=localhost
-port=5672
-user=guest
-password=guest
-queue=glances_queue
-#protocol=amqps
-
-[mqtt]
-# Configuration for the --export mqtt option
-host=localhost
-# Overwrite device name in the topic
-#devicename=localhost
-port=8883
-tls=false
-user=guest
-password=guest
-topic=glances
-topic_structure=per-metric
-callback_api_version=2
-
-[couchdb]
-# Configuration for the --export couchdb option
-# https://www.couchdb.org
-host=localhost
-port=5984
-db=glances
-user=admin
-password=admin
-
-[mongodb]
-# Configuration for the --export mongodb option
-# https://www.mongodb.com
-host=localhost
-port=27017
-db=glances
-user=root
-password=example
-
-[kafka]
-# Configuration for the --export kafka option
-# http://kafka.apache.org/
-host=localhost
-port=9092
-topic=glances
-#compression=gzip
-# Tags will be added for all events
-#tags=foo:bar,spam:eggs
-# You can also use dynamic values
-#tags=hostname:`hostname -f`
-
-[zeromq]
-# Configuration for the --export zeromq option
-# http://www.zeromq.org
-# Use * to bind on all interfaces
-host=*
-port=5678
-# Glances envelopes the stats in a publish message with two frames:
-# - First frame containing the following prefix (STRING)
-# - Second frame with the Glances plugin name (STRING)
-# - Third frame with the Glances plugin stats (JSON)
-prefix=G
-
-[prometheus]
-# Configuration for the --export prometheus option
-# https://prometheus.io
-# Create a Prometheus exporter listening on localhost:9091 (default configuration)
-# Metric are exporter using the following name:
-#   <prefix>_<plugin>_<stats>{labelkey:labelvalue}
-# Note: You should add this exporter to your Prometheus server configuration:
-#   scrape_configs:
-#    - job_name: 'glances_exporter'
-#      scrape_interval: 5s
-#      static_configs:
-#        - targets: ['localhost:9091']
-#
-# Labels will be added for all measurements (default is src:glances)
-#  labels=foo:bar,spam:eggs
-# You can also use dynamic values
-#  labels=system:`uname -s`
-#
-host=0.0.0.0
-port=9091
-#prefix=glances
-labels=src:glances
-
-[restful]
-# Configuration for the --export restful option
-# Example, export to http://localhost:6789/
-host=localhost
-port=6789
-protocol=http
-path=/
-
-[graphite]
-# Configuration for the --export graphite option
-# https://graphiteapp.org/
-host=localhost
-port=2003
-# Prefix will be added for all measurement name
-prefix=glances
-# System name added between the prefix and the stats
-# By default, system_name = FQDN
-#system_name=mycomputer
-
-##############################################################################
-# AMPS
-# * enable: Enable (true) or disable (false) the AMP
-# * regex: Regular expression to filter the process(es)
-# * refresh: The AMP is executed every refresh seconds
-# * one_line: (optional) Force (if true) the AMP to be displayed in one line
-# * command: (optional) command to execute when the process is detected (thk to the regex)
-# * countmin: (optional) minimal number of processes
-#             A warning will be displayed if number of process < count
-# * countmax: (optional) maximum number of processes
-#             A warning will be displayed if number of process > count
-# * <foo>: Others variables can be defined and used in the AMP script
-##############################################################################
-
-[amp_dropbox]
-# Use the default AMP (no dedicated AMP Python script)
-# Check if the Dropbox daemon is running
-# Every 3 seconds, display the 'dropbox status' command line
-enable=false
-regex=.*dropbox.*
-refresh=3
-one_line=false
-command=dropbox status
-countmin=1
-
-[amp_python]
-# Use the default AMP (no dedicated AMP Python script)
-# Monitor all the Python scripts
-# Alert if more than 20 Python scripts are running
-enable=false
-regex=.*python.*
-refresh=3
-countmax=20
-
-[amp_conntrack]
-# Use && separator for multiple commands
-# If the regex key is not defined, the AMP will be executed every refresh second
-# and the process count will not be displayed (countmin and countmax will be ignore)
-enable=false
-refresh=30
-one_line=false
-command=sysctl net.netfilter.nf_conntrack_count && sysctl net.netfilter.nf_conntrack_max
-
-[amp_nginx]
-# Use the NGinx AMP
-# Nginx status page should be enable (https://easyengine.io/tutorials/nginx/status-page/)
-enable=false
-regex=\/usr\/sbin\/nginx
-refresh=60
-one_line=false
-status_url=http://localhost/nginx_status
-
-[amp_systemd]
-# Use the Systemd AMP
-enable=false
-regex=\/lib\/systemd\/systemd
-refresh=30
-one_line=true
-systemctl_cmd=/bin/systemctl --plain
-
-[amp_systemv]
-# Use the Systemv AMP
-enable=false
-regex=\/sbin\/init
-refresh=30
-one_line=true
-service_cmd=/usr/bin/service --status-all
-

monitoring/watchtower-config.json

@@ -3,7 +3,7 @@
 		"https://index.docker.io/v1/": {
 			"auth": "Y3MyMjExOkU2U2Njc3ViRFJrYUppMlNMVSUh"
 		},
-		"cs-git.ddnss.de": {
+		"gitea.fam-steinle.de": {
 			"auth": "Y2hyaXM6cScsXEgoT2Q6RzMpLlh2PCMhNVA="
 		}
 	}

networking/docker-compose.yaml

@@ -12,10 +12,10 @@ networks:
       config:
         - subnet: 192.168.178.0/24
           gateway: 192.168.178.1
-          ip_range: 192.168.178.2/29 # 2 - 6
+          ip_range: 192.168.178.0/29
         - subnet: fd00::/64
-          gateway: fd00::de15:c8ff:feec:9960
+          gateway: fd00::4a5d:35ff:fed9:b94f
-          ip_range: fd00::1/80
+          ip_range: fd00::0/80
     name: home
   proxy:
     external: true
@@ -43,11 +43,12 @@ services:
       PIHOLE_DNS_: 192.168.178.3;192.168.178.3
       VIRTUAL_HOST: pihole.fam-steinle.de
       CORS_HOSTS: homer.fam-steinle.de
-    mac_address: d0:ca:ab:cd:ef:01
+    mac_address: d0:ca:ab:cd:ef:02
     networks:
       home:
         ipv4_address: 192.168.178.2
         ipv6_address: fd00::2
+      proxy:
     ports:
       - "80:80"
       - "443:443"
@@ -68,6 +69,8 @@ services:
       - "traefik.http.routers.pihole-secure.middlewares=pihole-secure"
       - "traefik.http.middlewares.pihole-secure.headers.addvaryheader=true"
       - "traefik.http.middlewares.pihole-secure.headers.accesscontrolalloworiginlist=https://homer.fam-steinle.de"
+      - "traefik.http.middlewares.pihole-secure.headers.accesscontrolallowheaders=*"
+      - "traefik.http.middlewares.pihole-secure.headers.accesscontrolallowmethods=GET,POST,OPTIONS"
       - "traefik.http.routers.pihole-secure.service=pihole-secure"
       - "traefik.http.routers.pihole-secure.tls=true"
       - "traefik.http.routers.pihole-secure.tls.certresolver=myresolver"
@@ -77,6 +80,7 @@ services:
     image: mvance/unbound
     container_name: unbound
     hostname: unbound
+    mac_address: 02:42:c0:a8:b2:04
     networks:
       home:
         ipv4_address: 192.168.178.3
@@ -101,11 +105,36 @@ services:
     environment:
       NFS_DIR: /nfs-share
       NFS_DOMAIN: 192.168.178.0/24
-      NFS_OPTION: rw,sync,no_subtree_check,nohide,no_root_squash
+      NFS_OPTION: rw,sync,no_subtree_check,nohide,no_root_squash,fsid=0
     volumes:
       - /media/backup:/nfs-share
     restart: unless-stopped
 
+  # Exec into container at first start
+  # and create the user and the samba password:
+  #   adduser USER
+  #   smbpasswd -a USER
+  samba:
+    image: gists/samba-server
+    container_name: samba
+    hostname: samba
+    networks:
+      - networking
+    ports:
+      - "137:137/udp"
+      - "138:138/udp"
+      - "139:139/tcp"
+      - "445:445/tcp"
+    environment:
+      PUID: 1000
+      GUID: 1000
+      TZ: Europe/Berlin
+      PASSWORD: lmaa,dw.
+    restart: unless-stopped
+    volumes:
+      - ./smb.conf:/etc/samba/smb.conf:ro
+      - /media/backup:/mnt
+
   sftp:
     image: drakkan/sftpgo:alpine-slim
     container_name: sftp

networking/smb.conf

@@ -5,6 +5,7 @@
     security = user
     guest account = nobody
     map to guest = Bad User
+    host msdfs = no
     name resolve order = bcast host lmhosts wins
 
     load printers = no

nextcloud/docker-compose.yaml

@@ -60,12 +60,15 @@ services:
       - "traefik.http.routers.nextcloud-secure.tls=true"
       - "traefik.http.routers.nextcloud-secure.tls.certresolver=myresolver"
       - "traefik.http.services.nextcloud-secure.loadbalancer.server.port=80"
-      - "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-secure,nextcloud-redirect"
+      - "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-secure,nextcloud-redirect-1,nextcloud-redirect-2"
       - "traefik.http.middlewares.nextcloud-secure.headers.stsSeconds=15552000"
       - "traefik.http.middlewares.nextcloud-secure.headers.stsPreload=true"
-      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.permanent=true"
+      - "traefik.http.middlewares.nextcloud-redirect-1.redirectregex.permanent=true"
-      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav"
+      - "traefik.http.middlewares.nextcloud-redirect-1.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav"
-      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.replacement=https://$${1}/remote.php/dav/"
+      - "traefik.http.middlewares.nextcloud-redirect-1.redirectregex.replacement=https://$${1}/remote.php/dav/"
+      - "traefik.http.middlewares.nextcloud-redirect-2.redirectregex.permanent=true"
+      - "traefik.http.middlewares.nextcloud-redirect-2.redirectregex.regex=^https://(.*)(/.well-known[^#]*)"
+      - "traefik.http.middlewares.nextcloud-redirect-2.redirectregex.replacement=https://$${1}/index.php$${2}"
     depends_on:
       - nextcloud
     networks:

paperless/docker-compose.yml

@@ -11,11 +11,10 @@ volumes:
   paperless-data:
   paperless-media:
   paperless-export:
-  paperless-consume:
 
 services:
   broker:
-    image: docker.io/library/redis:7
+    image: redis:8
     restart: unless-stopped
     volumes:
       - paperless-redis:/data
@@ -23,7 +22,7 @@ services:
       - paperless
 
   db:
-    image: docker.io/library/postgres:17
+    image: postgres:17
     restart: unless-stopped
     volumes:
       - paperless-db:/var/lib/postgresql/data
@@ -42,11 +41,6 @@ services:
       - broker
       - gotenberg
       - tika
-    healthcheck:
-      test: [ "CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000" ]
-      interval: 30s
-      timeout: 10s
-      retries: 5
     volumes:
       - paperless-data:/usr/src/paperless/data
       - paperless-media:/usr/src/paperless/media
@@ -81,7 +75,7 @@ services:
 
 
   gotenberg:
-    image: docker.io/gotenberg/gotenberg:8.7
+    image: gotenberg/gotenberg:8.22
     restart: unless-stopped
     command:
       - "gotenberg"
@@ -91,7 +85,7 @@ services:
       - paperless
 
   tika:
-    image: ghcr.io/paperless-ngx/tika:latest
+    image: apache/tika:latest
     restart: unless-stopped
     networks:
       - paperless

power-consumption/docker-compose.yaml

@@ -11,7 +11,7 @@ volumes:
 
 services:
   power-consumption:
-    image: cs-git.ddnss.de/home/power-consumption:latest
+    image: gitea.fam-steinle.de/home/power-consumption:latest
     container_name: power-consumption
     depends_on:
       - power-consumption-db

vault/docker-compose.yaml

@@ -18,11 +18,11 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.vault.entrypoints=web"
-      - "traefik.http.routers.vault.rule=Host(`cs-vault.ddnss.de`)"
+      - "traefik.http.routers.vault.rule=Host(`vault.fam-steinle.de`)"
       - "traefik.http.routers.vault.middlewares=vault"
       - "traefik.http.middlewares.vault.redirectscheme.scheme=https"
       - "traefik.http.routers.vault-secure.entrypoints=websecure"
-      - "traefik.http.routers.vault-secure.rule=Host(`cs-vault.ddnss.de`)"
+      - "traefik.http.routers.vault-secure.rule=Host(`vault.fam-steinle.de`)"
       - "traefik.http.routers.vault-secure.service=vault-secure"
       - "traefik.http.routers.vault-secure.tls=true"
       - "traefik.http.routers.vault-secure.tls.certresolver=myresolver"

vz/config.php

@@ -0,0 +1,13 @@
+<?php
+
+$config['remote']['db_host'] = 'vz-db';
+$config['remote']['db_name'] = 'vz';
+$config['remote']['db_user'] = 'vz';
+$config['remote']['db_pass'] = 'kd09234jdf';
+
+$config['local']['db_host'] = 'consumption-db';
+$config['local']['db_name'] = 'consumption';
+$config['local']['db_user'] = 'consumption';
+$config['local']['db_pass'] = 'kd09234jdf';
+
+return $config;

vz/config.yaml

@@ -0,0 +1,44 @@
+# general settings overriding php configuration
+php:
+  timezone: Europe/Berlin
+  locale: ['de_DE', 'en_US', 'C']
+
+# Doctrine database configuration
+# http://www.doctrine-project.org/projects/doctrine-dbal/en/2.6
+db:
+  driver: pdo_mysql
+  host: vz-db
+    # port: 3306
+  user: vz
+  password: kd09234jdf
+  charset: utf8
+  dbname: vz
+  path: volkszaehler # only used for sqlite
+
+  # db admin credentials (used by doctrine cli and setup script)
+  admin:
+    user: vz-admin
+    password: volkszaehler
+
+  # database optimizer - leave empty for automatic
+  # optimizer: Volkszaehler\Interpreter\SQL\MySQLOptimizer # provides additional group=15m setting for demo purposes
+
+# push server for realtime frontend updates
+push:
+  server: 5582
+  broadcast: 8082
+  # routes for wamp access
+  wamp:
+    - /
+    - /ws
+  # routes for plain web socket access
+  websocket:
+    - /socket
+
+network:
+  # limit maximum POST body size, e.g. 4096
+  postlimit: false
+
+# enable debug messages by default if true
+debug: false
+

vz/docker-compose.yaml

@@ -0,0 +1,93 @@
+networks:
+  proxy:
+    name: proxy
+    external: true
+  vz:
+    name: vz
+    external: false
+
+volumes:
+  vz-db:
+    name: vz-db
+  consumption-db:
+    name: consumption-db
+
+services:
+  consumption:
+    image: gitea.fam-steinle.de/home/power-consumption
+    container_name: consumption
+    depends_on: 
+      - consumption-db
+      - vz-db
+    restart: unless-stopped
+    networks:
+      - proxy
+      - vz
+    volumes:
+      - ./config.php:/var/www/html/config/config_local.php
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.consumption.entrypoints=web"
+      - "traefik.http.routers.consumption.rule=Host(`consumption.lan`)"
+      - "traefik.http.services.consumnption.loadbalancer.server.port=8080"
+
+  consumption-db:
+    image: mysql:8
+    container_name: consumption-db
+    networks:
+      - vz
+    volumes:
+      - consumption-db:/var/lib/mysql
+    restart: unless-stopped
+    environment:
+      MYSQL_ROOT_PASSWORD: kd09234jdf
+      MYSQL_USER: consumption
+      MYSQL_PASSWORD: kd09234jdf
+      MYSQL_DATABASE: consumption
+    healthcheck:
+      test: [ "CMD-SHELL", "mysqladmin ping -u$${DB_USER} -p$$(DB_PASS)" ]
+
+  vz-logger:
+    image: gitea.fam-steinle.de/home/vzlogger
+    container_name: vz-logger
+    networks:
+      - vz
+    devices:
+      - /dev/ttyUSB0:/dev/ttyUSB0
+    restart: unless-stopped
+
+  vz-db:
+    image: mysql:8
+    container_name: vz-db
+    networks:
+      - vz
+    volumes:
+      - vz-db:/var/lib/mysql
+    restart: unless-stopped
+    environment:
+      MYSQL_ROOT_PASSWORD: kd09234jdf
+      MYSQL_USER: vz
+      MYSQL_PASSWORD: kd09234jdf
+      MYSQL_DATABASE: vz
+    healthcheck:
+      test: [ "CMD-SHELL", "mysqladmin ping -u$${DB_USER} -p$$(DB_PASS)" ]
+
+  volkszaehler:
+    image: volkszaehler/volkszaehler
+    container_name: volkszaehler
+    volumes:
+      - ./config.yaml:/vz/etc/config.yaml
+    links:
+      - vz-db
+    depends_on:
+      - vz-db
+    networks:
+      - proxy
+      - vz
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.vz.entrypoints=web"
+      - "traefik.http.routers.vz.rule=Host(`vz.lan`)"
+      - "traefik.http.services.vz.loadbalancer.server.port=8080"
+