Update kimai stack.

Update well known routes.
Update paperless stack.
2025-11-20 11:26:43 +00:00 · 2025-11-20 11:22:20 +00:00 · 2025-09-08 13:47:50 +00:00 · 2025-09-08 13:16:52 +00:00 · 2025-05-16 12:00:14 +00:00 · 2025-05-16 11:52:09 +00:00
14 changed files with 87 additions and 67 deletions
--- a/automation/docker-compose.yaml
+++ b/automation/docker-compose.yaml
@@ -38,9 +38,15 @@ services:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.semaphore.entrypoints=web"
-      - "traefik.http.routers.semaphore.rule=Host(`semaphore.lan`)"
+      - "traefik.http.routers.semaphore.rule=Host(`ansible.fam-steinle.de`)"
-      - "traefik.http.routers.semaphore.service=semaphore"
+      - "traefik.http.routers.semaphore.middlewares=semaphore"
-      - "traefik.http.services.semaphore.loadbalancer.server.port=3000"
+      - "traefik.http.middlewares.semaphore.redirectscheme.scheme=https"
      - "traefik.http.routers.semaphore-secure.entrypoints=websecure"
      - "traefik.http.routers.semaphore-secure.rule=Host(`ansible.fam-steinle.de`)"
      - "traefik.http.routers.semaphore-secure.service=semaphore-secure"
      - "traefik.http.routers.semaphore-secure.tls=true"
      - "traefik.http.routers.semaphore-secure.tls.certresolver=myresolver"
      - "traefik.http.services.semaphore-secure.loadbalancer.server.port=3000"
      - "com.centurylinklabs.watchtower.monitor-only=true"
  semaphore-db:
--- a/backup/docker-compose.yaml
+++ b/backup/docker-compose.yaml
@@ -7,31 +7,37 @@ volumes:
    name: duplicati-conf
  nextcloud-data:
    external: true
  gitea:
    external: true
 services:
  duplicati:
-    image: duplicati/duplicati:beta
+    image: duplicati/duplicati:stable
    restart: unless-stopped
    container_name: duplicati
    hostname: duplicati
    ports:
      - "8200:8200"
    volumes:
      - duplicati-conf:/data
      - nextcloud-data:/nextcloud:ro
      - gitea:/gitea:ro
      - /media/backup:/backup
    networks:
      - proxy
    environment:
      DUPLICATI__DISABLE_DB_ENCRYPTION: true
-    deploy:
+      DUPLICATI__WEBSERVICE_ALLOWEDHOSTNAMES: backup.fam-steinle.de
-      resources:
+    networks:
-        limits:
+      - proxy
-          memory: 16g
+    ports:
      - "8200:8200"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.duplicati.entrypoints=web"
-      - "traefik.http.routers.duplicati.rule=Host(`duplicati.lan`)"
+      - "traefik.http.routers.duplicati.rule=Host(`backup.fam-steinle.de`)"
-      - "traefik.http.services.duplicati.loadbalancer.server.port=8200"
+      - "traefik.http.routers.duplicati.middlewares=duplicati"
-
+      - "traefik.http.middlewares.duplicati.redirectscheme.scheme=https"
      - "traefik.http.routers.duplicati-secure.entrypoints=websecure"
      - "traefik.http.routers.duplicati-secure.rule=Host(`backup.fam-steinle.de`)"
      - "traefik.http.routers.duplicati-secure.service=duplicati-secure"
      - "traefik.http.routers.duplicati-secure.tls=true"
      - "traefik.http.routers.duplicati-secure.tls.certresolver=myresolver"
      - "traefik.http.services.duplicati-secure.loadbalancer.server.port=8200"
--- a/common/docker-compose.yaml
+++ b/common/docker-compose.yaml
@@ -2,6 +2,7 @@ networks:
  proxy:
    external: false
    name: proxy
    enable_ipv6: true
 volumes:
  letsencrypt:
@@ -11,7 +12,7 @@ volumes:
 services:
  traefik:
-    image: traefik:v2.11
+    image: traefik:v3
    container_name: traefik
    restart: unless-stopped
    command:
@@ -20,7 +21,6 @@ services:
      - --providers.docker=true
      - --providers.docker.network=proxy
      - --providers.docker.exposedByDefault=false
      - --providers.docker.swarmMode=false
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      - --entryPoints.ssh.address=:222/tcp
--- a/gitea/docker-compose.yaml
+++ b/gitea/docker-compose.yaml
@@ -4,6 +4,7 @@ networks:
  gitea:
    name: gitea
    external: false
    enable_ipv6: true
 volumes:
  gitea:
@@ -42,15 +43,14 @@ services:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.git.entrypoints=web"
-      - "traefik.http.routers.git.rule=Host(`cs-git.ddnss.de`)"
+      - "traefik.http.routers.git.rule=Host(`gitea.fam-steinle.de`)"
      - "traefik.http.routers.git.middlewares=git"
      - "traefik.http.middlewares.git.redirectscheme.scheme=https"
      - "traefik.http.routers.git-secure.entrypoints=websecure"
-      - "traefik.http.routers.git-secure.rule=Host(`cs-git.ddnss.de`)"
+      - "traefik.http.routers.git-secure.rule=Host(`gitea.fam-steinle.de`)"
      - "traefik.http.routers.git-secure.service=git-secure"
      - "traefik.http.routers.git-secure.tls=true"
      - "traefik.http.routers.git-secure.tls.certresolver=myresolver"
      - "traefik.http.routers.git-secure.tls.domains[0].main=cs-git.ddnss.de"
      - "traefik.http.services.git-secure.loadbalancer.server.port=3000"
      - "traefik.tcp.routers.git-ssh.entrypoints=ssh"
      - "traefik.tcp.routers.git-ssh.rule=HostSNI(`*`)"
@@ -76,13 +76,14 @@ services:
  runner:
    image: gitea/act_runner
    restart: always
    privileged: true
    depends_on:
      - gitea
    volumes:
      - gitea-runner:/data
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - GITEA_INSTANCE_URL=https://cs-git.ddnss.de
      - GITEA_RUNNER_REGISTRATION_TOKEN=HrObSjviNcpHt8cEnjgxHK5ctLMSYlDPWSCmvVzs
    networks:
      - gitea
    environment:
      - GITEA_INSTANCE_URL=https://gitea.fam-steinle.de
      - GITEA_RUNNER_REGISTRATION_TOKEN=FQDt05qG37BLO0OBl6eX94aNNVE9Ni5nFdeVFoKm
--- a/kimai/docker-compose.yaml
+++ b/kimai/docker-compose.yaml
@@ -23,7 +23,6 @@ services:
      ADMINMAIL: ${ADMIN_USER}
      ADMINPASS: ${ADMIN_PASS}
      DATABASE_URL: mysql://${DB_USER}:${DB_PASS}@kimai-db/${DB_NAME}?charset=utf8&serverVersion=8.1.0
      TRUSTED_HOSTS: kimai.lan,kimai-web,localhost,127.0.0.1
      APP_SECRET: ${APP_SECRET}
    depends_on:
      - kimai-db
--- a/monitoring/docker-compose.yaml
+++ b/monitoring/docker-compose.yaml
@@ -13,7 +13,7 @@ volumes:
 services:
  prometheus:
-    image: cs-git.ddnss.de/home/prometheus
+    image: gitea.fam-steinle.de/home/prometheus
    container_name: prometheus
    hostname: prometheus
    restart: unless-stopped
@@ -28,23 +28,8 @@ services:
      - "traefik.http.routers.prometheus.service=prometheus"
      - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
  speedtest:
    image: cs-git.ddnss.de/home/speedtest-web
    container_name: speedtest-web
    restart: unless-stopped
    volumes:
      - /media/backup/speedtest.csv:/var/www/html/speedtest.csv
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.speedtest.rule=Host(`speedtest.fam-steinle.de`)"
      - "traefik.http.routers.speedtest.entrypoints=web"
      - "traefik.http.routers.speedtest.service=speedtest"
      - "traefik.http.services.speedtest.loadbalancer.server.port=8080"
  cadvisor:
-    image: gcr.io/cadvisor/cadvisor:v0.51.0
+    image: gcr.io/cadvisor/cadvisor:v0.52.1
    container_name: cadvisor
    hostname: cadvisor
    restart: unless-stopped
@@ -113,11 +98,8 @@ services:
    environment:
      WATCHTOWER_INCLUDE_STOPPED: true
      WATCHTOWER_MONITOR_ONLY: false
-      WATCHWOWER_CLEANUP: true
+      WATCHTOWER_CLEANUP: true
      WATCHTOWER_REMOVE_VOLUMES: true
      WATCHTOWER_WARN_ON_HEAD_FAILURE: "never"
      WATCHTOWER_SCHEDULE: "0 20 4 * * *"
      WATCHTOWER_NOTIFICATIONS: "shoutrrr"
      WATCHTOWER_NOTIFICATION_URL: "mattermost://watchtower@cs-mm.ddnss.de/og4ckuqet7fafb8kjuaigzuh7c"
      WATCHTOWER_NOTIFICATION_TEMPLATE: "{{range .}} Minisforum - {{.Time.Format \"2006-01-02 15:04:05\"}} ({{.Level}}): {{.Message}}{{println}}{{end}}"
--- a/monitoring/watchtower-config.json
+++ b/monitoring/watchtower-config.json
@@ -3,7 +3,7 @@
 		"https://index.docker.io/v1/": {
 			"auth": "Y3MyMjExOkU2U2Njc3ViRFJrYUppMlNMVSUh"
 		},
-		"cs-git.ddnss.de": {
+		"gitea.fam-steinle.de": {
 			"auth": "Y2hyaXM6cScsXEgoT2Q6RzMpLlh2PCMhNVA="
 		}
 	}
--- a/networking/docker-compose.yaml
+++ b/networking/docker-compose.yaml
@@ -14,7 +14,7 @@ networks:
          gateway: 192.168.178.1
          ip_range: 192.168.178.0/29
        - subnet: fd00::/64
-          gateway: fd00::de15:c8ff:feec:9960
+          gateway: fd00::4a5d:35ff:fed9:b94f
          ip_range: fd00::0/80
    name: home
  proxy:
@@ -48,6 +48,7 @@ services:
      home:
        ipv4_address: 192.168.178.2
        ipv6_address: fd00::2
      proxy:
    ports:
      - "80:80"
      - "443:443"
@@ -68,6 +69,8 @@ services:
      - "traefik.http.routers.pihole-secure.middlewares=pihole-secure"
      - "traefik.http.middlewares.pihole-secure.headers.addvaryheader=true"
      - "traefik.http.middlewares.pihole-secure.headers.accesscontrolalloworiginlist=https://homer.fam-steinle.de"
      - "traefik.http.middlewares.pihole-secure.headers.accesscontrolallowheaders=*"
      - "traefik.http.middlewares.pihole-secure.headers.accesscontrolallowmethods=GET,POST,OPTIONS"
      - "traefik.http.routers.pihole-secure.service=pihole-secure"
      - "traefik.http.routers.pihole-secure.tls=true"
      - "traefik.http.routers.pihole-secure.tls.certresolver=myresolver"
@@ -102,11 +105,36 @@ services:
    environment:
      NFS_DIR: /nfs-share
      NFS_DOMAIN: 192.168.178.0/24
-      NFS_OPTION: rw,sync,no_subtree_check,nohide,no_root_squash
+      NFS_OPTION: rw,sync,no_subtree_check,nohide,no_root_squash,fsid=0
    volumes:
      - /media/backup:/nfs-share
    restart: unless-stopped
  # Exec into container at first start
  # and create the user and the samba password:
  #   adduser USER
  #   smbpasswd -a USER
  samba:
    image: gists/samba-server
    container_name: samba
    hostname: samba
    networks:
      - networking
    ports:
      - "137:137/udp"
      - "138:138/udp"
      - "139:139/tcp"
      - "445:445/tcp"
    environment:
      PUID: 1000
      GUID: 1000
      TZ: Europe/Berlin
      PASSWORD: lmaa,dw.
    restart: unless-stopped
    volumes:
      - ./smb.conf:/etc/samba/smb.conf:ro
      - /media/backup:/mnt
  sftp:
    image: drakkan/sftpgo:alpine-slim
    container_name: sftp
--- a/networking/smb.conf
+++ b/networking/smb.conf
@@ -5,6 +5,7 @@
    security = user
    guest account = nobody
    map to guest = Bad User
    host msdfs = no
    name resolve order = bcast host lmhosts wins
    load printers = no
--- a/nextcloud/docker-compose.yaml
+++ b/nextcloud/docker-compose.yaml
@@ -60,12 +60,15 @@ services:
      - "traefik.http.routers.nextcloud-secure.tls=true"
      - "traefik.http.routers.nextcloud-secure.tls.certresolver=myresolver"
      - "traefik.http.services.nextcloud-secure.loadbalancer.server.port=80"
-      - "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-secure,nextcloud-redirect"
+      - "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-secure,nextcloud-redirect-1,nextcloud-redirect-2"
      - "traefik.http.middlewares.nextcloud-secure.headers.stsSeconds=15552000"
      - "traefik.http.middlewares.nextcloud-secure.headers.stsPreload=true"
-      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.permanent=true"
+      - "traefik.http.middlewares.nextcloud-redirect-1.redirectregex.permanent=true"
-      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav"
+      - "traefik.http.middlewares.nextcloud-redirect-1.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav"
-      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.replacement=https://$${1}/remote.php/dav/"
+      - "traefik.http.middlewares.nextcloud-redirect-1.redirectregex.replacement=https://$${1}/remote.php/dav/"
      - "traefik.http.middlewares.nextcloud-redirect-2.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-redirect-2.redirectregex.regex=^https://(.*)(/.well-known[^#]*)"
      - "traefik.http.middlewares.nextcloud-redirect-2.redirectregex.replacement=https://$${1}/index.php$${2}"
    depends_on:
      - nextcloud
    networks:
--- a/paperless/docker-compose.yml
+++ b/paperless/docker-compose.yml
@@ -11,11 +11,10 @@ volumes:
  paperless-data:
  paperless-media:
  paperless-export:
  paperless-consume:
 services:
  broker:
-    image: docker.io/library/redis:7
+    image: redis:8
    restart: unless-stopped
    volumes:
      - paperless-redis:/data
@@ -23,7 +22,7 @@ services:
      - paperless
  db:
-    image: docker.io/library/postgres:17
+    image: postgres:17
    restart: unless-stopped
    volumes:
      - paperless-db:/var/lib/postgresql/data
@@ -42,11 +41,6 @@ services:
      - broker
      - gotenberg
      - tika
    healthcheck:
      test: [ "CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000" ]
      interval: 30s
      timeout: 10s
      retries: 5
    volumes:
      - paperless-data:/usr/src/paperless/data
      - paperless-media:/usr/src/paperless/media
@@ -81,7 +75,7 @@ services:
  gotenberg:
-    image: docker.io/gotenberg/gotenberg:8.7
+    image: gotenberg/gotenberg:8.22
    restart: unless-stopped
    command:
      - "gotenberg"
@@ -91,7 +85,7 @@ services:
      - paperless
  tika:
-    image: ghcr.io/paperless-ngx/tika:latest
+    image: apache/tika:latest
    restart: unless-stopped
    networks:
      - paperless
--- a/power-consumption/docker-compose.yaml
+++ b/power-consumption/docker-compose.yaml
@@ -11,7 +11,7 @@ volumes:
 services:
  power-consumption:
-    image: cs-git.ddnss.de/home/power-consumption:latest
+    image: gitea.fam-steinle.de/home/power-consumption:latest
    container_name: power-consumption
    depends_on:
      - power-consumption-db
--- a/vault/docker-compose.yaml
+++ b/vault/docker-compose.yaml
@@ -18,11 +18,11 @@ services:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.vault.entrypoints=web"
-      - "traefik.http.routers.vault.rule=Host(`cs-vault.ddnss.de`)"
+      - "traefik.http.routers.vault.rule=Host(`vault.fam-steinle.de`)"
      - "traefik.http.routers.vault.middlewares=vault"
      - "traefik.http.middlewares.vault.redirectscheme.scheme=https"
      - "traefik.http.routers.vault-secure.entrypoints=websecure"
-      - "traefik.http.routers.vault-secure.rule=Host(`cs-vault.ddnss.de`)"
+      - "traefik.http.routers.vault-secure.rule=Host(`vault.fam-steinle.de`)"
      - "traefik.http.routers.vault-secure.service=vault-secure"
      - "traefik.http.routers.vault-secure.tls=true"
      - "traefik.http.routers.vault-secure.tls.certresolver=myresolver"
--- a/vz/docker-compose.yaml
+++ b/vz/docker-compose.yaml
@@ -14,7 +14,7 @@ volumes:
 services:
  consumption:
-    image: cs-git.ddnss.de/home/power-consumption
+    image: gitea.fam-steinle.de/home/power-consumption
    container_name: consumption
    depends_on: 
      - consumption-db
@@ -48,7 +48,7 @@ services:
      test: [ "CMD-SHELL", "mysqladmin ping -u$${DB_USER} -p$$(DB_PASS)" ]
  vz-logger:
-    image: cs-git.ddnss.de/home/vzlogger
+    image: gitea.fam-steinle.de/home/vzlogger
    container_name: vz-logger
    networks:
      - vz
Author	SHA1	Message	Date
Christian Steinle	e9abcf80e6	Update kimai stack.	2025-11-20 11:26:43 +00:00
Christian Steinle	a693bca887	Update well known routes.	2025-11-20 11:22:20 +00:00
Christian Steinle	4d0adf3a00	Update paperless stack.	2025-09-08 13:47:50 +00:00
Christian Steinle	3768ff4c44	Add new configuration to work with new samba release.	2025-09-08 13:16:52 +00:00
Christian Steinle	03173938ad	Use external domain for semaphore.	2025-05-16 12:00:14 +00:00
Christian Steinle	84a4fff86f	Add pihole header rules to access from homer.	2025-05-16 11:52:09 +00:00
Christian Steinle	918a70a708	Fix typo in watchtower environment.	2025-05-09 10:14:44 +00:00
Christian Steinle	707172471c	Update cadvisor.	2025-05-09 10:10:25 +00:00
Christian Steinle	1bbe8228c2	Move duplicati to stable channel use public domain.	2025-05-08 10:29:32 +00:00
Christian Steinle	cf36d49339	Fine tune samba and document user creation.	2025-05-07 12:45:47 +00:00
Christian Steinle	734d15407e	Reactivate samba in docker.	2025-05-07 14:09:21 +02:00
Christian Steinle	2d4393a451	Change images for paperless.	2025-05-07 06:42:54 +00:00
Christian Steinle	e7b6f7245d	Change gateway for ipv6.	2025-05-07 06:41:24 +00:00
Christian Steinle	d7b433609e	Reenable ipv6 netzwork and change runner configuration.	2025-05-07 06:40:34 +00:00
Christian Steinle	020c423707	Remove named volume for consume.	2025-05-07 06:39:25 +00:00
Christian Steinle	23ff2b80fe	Update paperless stack.	2025-05-07 06:37:50 +00:00
Christian Steinle	8ed1bc894d	Adjust watchtower config to new registry url.	2025-05-05 07:52:39 +00:00
Christian Steinle	b4e20ec389	Change gitea web address.	2025-05-03 14:24:15 +00:00
Christian Steinle	edc9321abd	Use new web address for vaultwarden.	2025-05-03 10:28:48 +00:00
Christian Steinle	ea5b945211	Remove speedtest from monitoring stack. Remove watchtower notifications.	2025-05-03 10:28:15 +00:00
Christian Steinle	b2babba054	Change giteas web address.	2025-05-03 10:26:34 +00:00
Christian Steinle	202c2adfca	Use new traefik version.	2025-05-03 10:25:53 +00:00
Christian Steinle	3b3e5bddd1	Change semaphores web address.	2025-05-03 10:22:23 +00:00