init commit

2026-02-15 00:47:12 -03:00
commit 0951f21e8e
21 changed files with 408 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+**/.env
--- a/duplicati/.env.example
+++ b/duplicati/.env.example
@@ -0,0 +1,6 @@
+PUID=1000
+PGID=1001
+TZ=America/Sao_Paulo
+SETTINGS_ENCRYPTION_KEY=changeme
+SOURCE_PATH=./source
+BACKUP_PATH=./backup
--- a/duplicati/README.md
+++ b/duplicati/README.md
@@ -0,0 +1,5 @@
+# Duplicate: backups
+
+change SETTINGS_ENCRYPTION_KEY on .env so it'll correctly encrypt everything.
+Source directory is where what you want to backup is
+Backup directory is where you want your backup copies to go
--- a/duplicati/docker-compose.yml
+++ b/duplicati/docker-compose.yml
@@ -0,0 +1,20 @@
+---
+services:
+    duplicati:
+        image: lscr.io/linuxserver/duplicati:latest
+        container_name: duplicati
+        environment:
+            - PUID=${PUID}
+            - PGID=${PGID}
+            - TZ=${TZ}
+            - SETTINGS_ENCRYPTION_KEY=${SETTINGS_ENCRYPTION_KEY}
+            - CLI_ARGS= --unencrypted-database #optional
+            - DUPLICATI__WEBSERVICE_PASSWORD= #optional
+            - USAGEREPORTER_Duplicati_LEVEL=none # Completely removes all telemetry
+        volumes:
+            - ./config:/config
+            - ${BACKUP_PATH}:/backups
+            - ${SOURCE_PATH}:/source
+        ports:
+            - 8200:8200
+        restart: unless-stopped
--- a/gitea/README.md
+++ b/gitea/README.md
@@ -0,0 +1,3 @@
+# Gitea
+
+A git server, configure app.ini completely, no need to configure anything on docker-compose
--- a/gitea/data/gitea/conf/app.ini
+++ b/gitea/data/gitea/conf/app.ini
@@ -0,0 +1,100 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_MODE = prod
+RUN_USER = git
+WORK_PATH = /data/gitea
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH = /data/gitea
+DOMAIN = yourdomainhere # CHANGE THIS
+SSH_DOMAIN = yourdomainhere # CHANGE THIS
+HTTP_PORT = 3000
+ROOT_URL = yourdomainhere # CHANGE THIS
+DISABLE_SSH = true
+SSH_PORT = 22
+SSH_LISTEN_PORT = 22
+LFS_START_SERVER = true
+LFS_JWT_SECRET = yoursecrethere # CHANGE THIS
+OFFLINE_MODE = false
+HTTP_ADDR = 0.0.0.0
+LANDING_PAGE=explore
+
+[database]
+PATH = /data/gitea/gitea.db
+DB_TYPE = sqlite3
+HOST = localhost:3306
+NAME = gitea
+USER = root
+PASSWD =
+LOG_SQL = false
+SCHEMA =
+SSL_MODE = disable
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER = file
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+MODE = console
+LEVEL = info
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY =
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+INTERNAL_TOKEN = securitytokenhere # CHANGE THIS
+PASSWORD_HASH_ALGO = pbkdf2
+
+[service]
+DISABLE_REGISTRATION = true
+REQUIRE_SIGNIN_VIEW = false
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+DEFAULT_KEEP_EMAIL_PRIVATE = true
+DEFAULT_ALLOW_CREATE_ORGANIZATION = false
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply.localhost
+
+[lfs]
+PATH = /data/git/lfs
+
+[mailer]
+ENABLED = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[cron.update_checker]
+ENABLED = false
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[oauth2]
+JWT_SECRET = jwtsecrethere # CHANGE THIS
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@@ -0,0 +1,23 @@
+version: "3"
+
+services:
+    server:
+        image: docker.gitea.com/gitea:latest
+        container_name: gitea
+        environment:
+            - USER_UID=1000
+            - USER_GID=1000
+        restart: always
+        networks:
+            - gitea
+        volumes:
+            - ./data:/data
+            - /etc/timezone:/etc/timezone:ro
+            - /etc/localtime:/etc/localtime:ro
+        ports:
+            - "3000:3000"
+            - "222:22"
+
+networks:
+    gitea:
+        external: false
--- a/jellyfin/docker-compose.yml
+++ b/jellyfin/docker-compose.yml
@@ -0,0 +1,17 @@
+---
+services:
+    jellyfin:
+        image: lscr.io/linuxserver/jellyfin:latest
+        container_name: jellyfin
+        environment:
+            - PUID=1000
+            - PGID=1000
+            - TZ=Etc/UTC
+        volumes:
+            - ./config:/config
+        ports:
+            - 8096:8096
+            - 8920:8920 #optional
+            - 7359:7359/udp #optional
+            - 1900:1900/udp #optional
+        restart: unless-stopped
--- a/mastodon/.env.example
+++ b/mastodon/.env.example
@@ -0,0 +1,26 @@
+PUID=1000
+PGID=1001
+TZ=America/Sao_Paulo
+
+# Domain
+LOCAL_DOMAIN=yourdomainhere
+WEB_DOMAIN=yourdomainhere
+
+# Database
+DB_PASS=changeme
+
+# Secrets (generate these - do not leave empty)
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
+SECRET_KEY_BASE=
+OTP_SECRET=
+VAPID_PRIVATE_KEY=
+VAPID_PUBLIC_KEY=
+
+# SMTP
+SMTP_SERVER=mail.example.com
+SMTP_PORT=25
+SMTP_LOGIN=
+SMTP_PASSWORD=
+SMTP_FROM_ADDRESS=notifications@yourdomainhere
--- a/mastodon/docker-compose.yml
+++ b/mastodon/docker-compose.yml
@@ -0,0 +1,73 @@
+---
+services:
+    mastodon:
+        depends_on:
+            - redis
+            - db
+        image: lscr.io/linuxserver/mastodon:latest
+        container_name: mastodon
+        environment:
+            - PUID=${PUID}
+            - PGID=${PGID}
+            - TZ=${TZ}
+            - LOCAL_DOMAIN=${LOCAL_DOMAIN}
+            - REDIS_HOST=redis
+            - REDIS_PORT=6379
+            - DB_HOST=db
+            - DB_USER=mastodon
+            - DB_NAME=mastodon
+            - DB_PASS=${DB_PASS}
+            - DB_PORT=5432
+            - ES_ENABLED=false
+            - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
+            - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
+            - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
+            - SECRET_KEY_BASE=${SECRET_KEY_BASE}
+            - OTP_SECRET=${OTP_SECRET}
+            - VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
+            - VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
+            - SMTP_SERVER=${SMTP_SERVER}
+            - SMTP_PORT=${SMTP_PORT}
+            - SMTP_LOGIN=${SMTP_LOGIN}
+            - SMTP_PASSWORD=${SMTP_PASSWORD}
+            - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
+            - S3_ENABLED=false
+            - WEB_DOMAIN=${WEB_DOMAIN}
+            - ES_HOST=es #optional
+            - ES_PORT=9200 #optional
+            - ES_USER=elastic #optional
+            - ES_PASS=elastic #optional
+            - S3_BUCKET= #optional
+            - AWS_ACCESS_KEY_ID= #optional
+            - AWS_SECRET_ACCESS_KEY= #optional
+            - S3_ALIAS_HOST= #optional
+            - SIDEKIQ_ONLY=false #optional
+            - SIDEKIQ_QUEUE= #optional
+            - SIDEKIQ_DEFAULT=false #optional
+            - SIDEKIQ_THREADS=5 #optional
+            - DB_POOL=5 #optional
+            - NO_CHOWN= #optional
+            - MASTODON_PROMETHEUS_EXPORTER_ENABLED= #optional
+        volumes:
+            - ./config:/config
+        ports:
+            - 88:80
+            - 448:443
+            - 9394:9394 #optional
+        restart: unless-stopped
+
+    redis:
+        image: redis:7-alpine
+        container_name: mastodon-redis
+        restart: unless-stopped
+
+    db:
+        image: postgres:14-alpine
+        container_name: mastodon-db
+        environment:
+            POSTGRES_DB: mastodon
+            POSTGRES_USER: mastodon
+            POSTGRES_PASSWORD: ${DB_PASS}
+        volumes:
+            - ./db:/var/lib/postgresql/data
+        restart: unless-stopped
--- a/navidrome/README.md
+++ b/navidrome/README.md
@@ -0,0 +1,3 @@
+# Base navidrome with my configurations
+
+You can edit `./data/navidrome` to change setting based on your preference, you can find the full configuration document [here](https://www.navidrome.org/docs/usage/configuration/options/)
--- a/navidrome/data/navidrome.toml
+++ b/navidrome/data/navidrome.toml
@@ -0,0 +1,6 @@
+BaseUrl = 'yourdaminhere'
+AutoImportPlaylists = false
+DefaultTheme = 'AMusic'
+DefaultDownloadableShare = true
+EnableExternalServices = false
+EnableSharing = true
--- a/navidrome/docker-compose.yml
+++ b/navidrome/docker-compose.yml
@@ -0,0 +1,13 @@
+services:
+    navidrome:
+        image: deluan/navidrome:latest
+        user: 1000:1000 # should be owner of volumes
+        ports:
+            - "4533:4533"
+        restart: unless-stopped
+        #environment:
+        # Optional: put your config options customization here. Examples:
+        # ND_LOGLEVEL: debug
+        volumes:
+            - "./data:/data"
+            - "./music:/music:ro"
--- a/nextcloud/.env.example
+++ b/nextcloud/.env.example
@@ -0,0 +1,6 @@
+PUID=1000
+PGID=1001
+TZ=America/Sao_Paulo
+PORT=8443
+MYSQL_ROOT_PASSWORD=changeme
+DATABASE_PASSWORD=changeme
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@@ -0,0 +1,32 @@
+---
+version: "2"
+services:
+    nextcloud:
+        image: linuxserver/nextcloud
+        container_name: nextcloud
+        environment:
+            - PUID=${PUID}
+            - PGID=${PGID}
+            - TZ=${TZ}
+        volumes:
+            - ./config:/config
+            - ./data:/data
+        ports:
+            - ${PORT}:443
+        restart: unless-stopped
+        depends_on:
+            - nextcloud_db
+    nextcloud_db:
+        image: linuxserver/mariadb
+        container_name: nextcloud_db
+        environment:
+            - PUID=${PUID}
+            - PGID=${PGID}
+            - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+            - TZ=${TZ}
+            - MYSQL_DATABASE=nextcloud_db
+            - MYSQL_USER=nextcloud
+            - MYSQL_PASSWORD=${DATABASE_PASSWORD}
+        volumes:
+            - ./db:/config
+        restart: unless-stopped
--- a/streaming/.env.example
+++ b/streaming/.env.example
@@ -0,0 +1,3 @@
+RS_USERNAME=admin
+RS_PASSWORD=changeme
+TZ=America/Sao_Paulo
--- a/streaming/README.md
+++ b/streaming/README.md
@@ -0,0 +1,10 @@
+No config files, all is done via websites for these.
+Due to them both using RTPM servers, datarhei restreamer's has been moved to external port 1936
+
+# Owncast
+
+Self hosted livestreaming, all configuration done by https://<OWNCAST>/admin
+
+# Datarhei restreamer
+
+Multi-streaming server, configure OBS to point to it and from there you can re-stream to however many websites you wish.
--- a/streaming/docker-compose.yml
+++ b/streaming/docker-compose.yml
@@ -0,0 +1,41 @@
+version: "3"
+services:
+    restreamer:
+        image: datarhei/restreamer
+        container_name: restreamer
+        ports:
+            - 1936:1935
+            - 8080:8080
+        networks:
+            - frontend
+        volumes:
+            - "./Datarhei-restreamer/db:/restreamer/db"
+        environment:
+            - RS_USERNAME=${RS_USERNAME}
+            - RS_PASSWORD=${RS_PASSWORD}
+            - RS_LOGLEVEL=4
+            - RS_TIMEZONE=${TZ}
+            - RS_SNAPSHOT_INTERVAL=1m
+        deploy:
+            replicas: 1
+            restart_policy:
+                condition: any
+                delay: 5s
+                window: 10s
+
+    owncast:
+        image: elestio/owncast:latest
+        container_name: owncast
+        user: 0:0
+        restart: always
+        volumes:
+            - "./Owncast/:/app/"
+        devices:
+            - /dev/dri:/dev/dri
+        shm_size: 256m
+        ports:
+            - "5050:8080"
+            - "1935:1935"
+
+networks:
+    frontend:
--- a/vaultwarden/.env.example
+++ b/vaultwarden/.env.example
@@ -0,0 +1,2 @@
+SIGNUPS_ALLOWED=false
+INVITATIONS_ALLOWED=true
--- a/vaultwarden/README.md
+++ b/vaultwarden/README.md
@@ -0,0 +1,5 @@
+# Bitwarden but vaultwarden
+
+This is bitwarden, it's compatible with any bitwarden extension or software, it's just made in rust, generally takes less resources and doesn't scale as well, good for ~50 people(guess)
+
+Configurations by default disable registration and enable them by invitations, change to enable to create the first one and change back to only allow by invitation
--- a/vaultwarden/docker-compose.yml
+++ b/vaultwarden/docker-compose.yml
@@ -0,0 +1,13 @@
+services:
+    vaultwarden:
+        image: vaultwarden/server:latest
+        container_name: vaultwarden
+        restart: always
+        environment:
+            # DOMAIN: "https://vaultwarden.example.com"  # required when using a reverse proxy; your domain; vaultwarden needs to know it's https to work properly with attachments
+            SIGNUPS_ALLOWED: ${SIGNUPS_ALLOWED} # Deactivate this with "false" after you have created your account so that no strangers can register
+            INVITATIONS_ALLOWED: ${INVITATIONS_ALLOWED}
+        volumes:
+            - ./data:/data # the path before the : can be changed
+        ports:
+            - 8081:80 # you can replace the 11001 with your preferred port