chore: initial commit for Bruchtal Docker + deploy

.gitignore

@@ -0,0 +1,12 @@
+# OS
+.DS_Store
+
+# MkDocs build
+site/
+
+# Secrets
+.env
+.env.*
+secrets/
+*.key
+*.pem

README.md

@@ -0,0 +1,17 @@
+# Homelab Documentation & Infrastructure
+
+Zentrale Dokumentation und Konfigurationsbasis für mein Homelab.
+
+## Inhalt
+- 📚 Technische Dokumentation (Markdown, MkDocs)
+- 🐳 Docker-Compose Stacks
+- 🖧  Netzwerk- & VM-Übersicht
+- 🗂  Versionierte Infrastruktur
+
+## Struktur
+- `/docs`      → Dokumentation
+- `/docker`    → docker-compose Dateien
+- `/diagrams`  → Architektur- & Netzdiagramme
+
+## Grundsatz
+> Git ist die Quelle der Wahrheit.

deploy/deploy-bruchtal.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+echo "===== Bruchtal Deploy $(date) ====="
+
+cd /docker/Bruchtal
+
+echo "Pulling latest changes..."
+git pull
+
+echo "Updating containers..."
+docker restart bruchtal-docs
+
+
+echo "Deploy finished."

deploy/hooks.json

@@ -0,0 +1,17 @@
+[
+  {
+    "id": "bruchtal-deploy",
+    "execute-command": "/docker/deploy/deploy-bruchtal.sh",
+    "command-working-directory": "/docker/Bruchtal",
+    "trigger-rule": {
+      "match": {
+        "type": "payload-hmac-sha256",
+        "secret": "!!Zazen17-Doshin17**",
+        "parameter": {
+          "source": "header",
+          "name": "X-Gitea-Signature"
+        }
+      }
+    }
+  }
+]

docker-compose.yml

@@ -0,0 +1,17 @@
+services:
+  bruchtal-docs:
+    image: squidfunk/mkdocs-material:latest
+    container_name: bruchtal-docs
+    restart: unless-stopped
+
+    ports:
+      - "8005:8000"
+
+    volumes:
+      - /docker/Bruchtal:/docs
+
+    command: serve --dev-addr=0.0.0.0:8000
+
+    environment:
+      - TZ=Europe/Berlin
+      - WATCHDOG_FORCE_POLLING=true

docker/adguardhome/docker-compose.yml

@@ -0,0 +1,13 @@
+version: "3.8"
+
+services:
+  adguardhome:
+    image: adguard/adguardhome:v0.107.69
+    container_name: adguardhome
+    restart: unless-stopped
+    network_mode: host
+    volumes:
+      - /docker/Daten/adguardhome/work:/opt/adguardhome/work
+      - /docker/Daten/adguardhome/conf:/opt/adguardhome/conf
+    environment:
+      TZ: Europe/Berlin

docker/gitea/docker-compose.yml

@@ -0,0 +1,22 @@
+networks:
+    gitea:
+        external: false
+
+services:
+    server:
+        image: gitea/gitea:1.24
+        container_name: gitea
+        environment:
+            - USER_UID=1000
+            - USER_GID=1000
+        restart: unless-stopped
+        networks:
+            - gitea
+        volumes:
+            - /docker/Daten/gitea/data:/data
+            - /etc/timezone:/etc/timezone:ro
+            - /etc/localtime:/etc/localtime:ro
+        ports:
+            - "3002:3000"
+            - "2222:22"
+#rem 

docker/heimdall/docker-compose.yml

@@ -0,0 +1,16 @@
+version: "2.1"
+services:
+  heimdall:
+    image: lscr.io/linuxserver/heimdall:latest
+    container_name: heimdall2
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+    volumes:
+      -  /home/christian/docker/heimdall/data/config:/config
+
+    ports:
+      - 1280:80
+      - 12443:443
+    restart: unless-stopped

docker/wikijs/docker-compose.yml

@@ -0,0 +1,16 @@
+version: "2.1"
+services:
+  wikijs:
+    image: linuxserver/wikijs:2.5.312
+    container_name: wikijs
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+    volumes:
+      - /docker/Daten/wikijs/config:/config
+      - /docker/Daten/wikijs/data:/data
+      - /mnt/wikijsBackupOnQnap:/backup
+    ports:
+      - 3000:3000
+    restart: unless-stopped

docs/docker/adguardhome/adguardhome.md

@@ -0,0 +1,22 @@
+# Adguardhome
+
+## Allgemein
+
+- Image:  `adguard/adguardhome:v0.107.69`
+- Port: `3000`
+- Restart Policy: `unless-stopped`
+
+
+## Volumes
+     
+| Host Path | Container Path | Zweck |
+|------------|----------------|--------|
+| /docker/Daten/adguardhome/conf| /opt/adguardhome/conf  | Konfiguration |
+| /docker/Daten/adguardhome/work| /opt/adguardhome/work | Datenbank & Inhalte |
+
+## Deployment
+```bash
+cd /docker/Bruchtal/docker/adguardhome
+git pull
+docker compose pull
+docker compose up -d

docs/docker/heimdall/heimdall.md

@@ -0,0 +1,23 @@
+# Heimdall
+
+## Allgemein
+
+- Image: `lscr.io/linuxserver/heimdall:2.7.6`
+- Port: `1280:80`, `12443:443`
+- Restart Policy: `unless-stopped`
+
+## Volumes
+
+| Host Path | Container Path | Zweck |
+|------------|----------------|--------|
+| /docker/Bruchtal/docker/heimdall/data/config:/config  | /config | Konfiguration |
+
+
+## Deployment
+
+```bash
+cd /docker/Bruchtal/docker/heimdall
+git pull
+docker compose pull
+docker compose up -d
+``

docs/docker/wikijs/wikijs.md

@@ -0,0 +1,24 @@
+# Wikijs
+
+## Allgemein
+
+- Image: `linuxserver/wikijs:2.5.312`
+- Port: `3000`
+- Restart Policy: `unless-stopped`
+
+## Volumes
+
+| Host Path | Container Path | Zweck |
+|------------|----------------|--------|
+| /docker/Daten/wikijs/config | /config | Konfiguration |
+| /docker/Daten/wikijs/data | /data | Datenbank & Inhalte |
+| /docker/Daten/wikijs/backup | /backup | Backups |
+
+## Deployment
+
+```bash
+cd /docker/Bruchtal/docker/wikijs
+git pull
+docker compose pull
+docker compose up -d
+``

docs/index.md

@@ -0,0 +1,18 @@
+# Bruchtal
+
+Willkommen in der Infrastruktur-Dokumentation von **Bruchtal**.
+
+## Ziel
+
+Diese Dokumentation beschreibt:
+
+- ⚙️ Workflows
+- 🖧 Netzwerk
+- 🧱 Proxmox & VMs
+- 🐳 Docker-Services
+- 💾 Backup & Storage
+- 🔐 Sicherheit
+
+---
+
+> Git ist die Quelle der Wahrheit.

docs/network/tunnel.md

@@ -0,0 +1,74 @@
+# Pangolin-Tunnel: Zugriff über Hetzner42
+
+## Sicherheits-Setup
+
+```   					
+                        +------------------+
+                        |     Internet     |
+                        +--------+---------+
+                                 |
+                                 | TCP 80 / 443
+                                 v
++------------------------------------------------------------------+
+|                        Hetzner Server                            |
+|                        seanluc1                                  |
+|                                                                  |
+|   +------------+     shared docker network     +---------------+ |
+|   |  Traefik   | <-------------------------->  |   CrowdSec    | |
+|   |  v3.4.1    |                               |   LAPI        | |
+|   |            |                               |               | |
+|   | :80 :443   |                               | Decisions     | |
+|   | :8080      |                               | (CAPI)        | |
+|   +------+-----+                               +---------------+ |
+|          |                                                       |
+|          | dynamic config (file provider)                        |
+|          v                                                       |
+|   +-----------------------------------------------------------+  |
+|   |                         Pangolin                          |  |
+|   |                         v1.14.1                           |  |
+|   |                                                           |  |
+|   | Web UI        :3002                                       |  |
+|   | API           :3000                                       |  |
+|   | Internal API  :3001                                       |  |
+|   |                                                           |  |
+|   | - generates Traefik routers                               |  |
+|   | - manages resources                                       |  |
+|   | - controls Gerbil / Newt                                  |  |
+|   +-----------+-----------------------------------------------+  |
+|               |                                                  |
+|               | WireGuard control                                |
+|               v                                                  |
+|   +-----------------------------------------------------------+  |
+|   |                          Gerbil                           |  |
+|   |                                                           |  |
+|   | WireGuard Exit Node                                       |  |
+|   | wg0: 100.89.128.1/24                                      |  |
+|   | Control API :3003                                         |  |
+|   |                                                           |  |
+|   | - terminates tunnel                                       |  |
+|   | - forwards TCP ports                                      |  |
+|   +-----------+-----------------------------------------------+  |
+|               |                                                  |
++---------------|--------------------------------------------------+
+                |
+                | WireGuard tunnel (encrypted)
+                v
++------------------------------------------------------------------+
+|                     Local Network (LAN)                          |
+|                                                                  |
+|   +-------------+        +------------------------------------+  |
+|   |   Newt      |        |           Target Services          |  |
+|   |             |        |                                    |  |
+|   | wg IP       |        | Home Assistant                     |  |
+|   | 100.89.128.4|        | 192.168.178.203:8123               |  |
+|   |             |        |                                    |  |
+|   | TCP Proxy   |        | Wiki / Bitwarden                   |  |
+|   +-------------+        +------------------------------------+  |
+|                                                                  |
++------------------------------------------------------------------+
+```
+
+
+
+
+

docs/proxmox/vms.md

@@ -0,0 +1,9 @@
+# Proxmox Host
+
+- Hostname: vm-proxmox
+- OS: Debian 12
+- VMs:
+  - paperless-ngx
+  - home-assistant
+  - Docker-VM
+- Backup: tägliche Snapshots

docs/workflows/docker-workflow.md

@@ -0,0 +1,66 @@
+# Docker-Workflow (Bruchtal Standard)
+
+Dieser Workflow ist verbindlich für alle Änderungen an Docker-Stacks in Bruchtal.
+
+Ziel:
+- Keine Konfiguration direkt auf der VM
+- Alles versioniert in Git
+- Reproduzierbare Deployments
+- Dokumentation immer synchron zur Infrastruktur
+
+---
+
+## Grundprinzip
+
+**Konfiguration passiert lokal in VS Code.**
+Die VM ist nur noch Laufzeitumgebung.
+
+
+1. Lokal ändern, egal was
+2. Committen & Pushen
+3. Auf VM pullen
+4. Container neu starten
+
+---
+
+## Workflow "neuer Container"
+- VSCode starten in ~Bruchtal mit code . => VS startet sauber mit der Giteinstellung
+**ALLE ÄNDERUNGEN NUR IN VS**
+
+### neuen Containeranlegen
+- `Bruchtal/<Containername>` anlegen
+- `Bruchtal/<Containername>/docker-compose.yml` anlegen
+- docker-compose.yml editieren, 
+- commit mit Message `"infra(<Containername>): docker-compose.yml neu angelegt"`
+- push
+
+
+### neuen Container dokumentieren
+- `Bruchtal/docs/<Containername>` anlegen
+- `Bruchtal/docs/<Containername>/<Containername>.md` anlegen
+- `<Containername>.md` editieren, Blaupause z.B: wikijs.md
+- commit message `docs(<Containername>): Dokumentation angelegt`
+- `Bruchtal/mkdocs.md`: nav sinnvoll ergänzen
+- commit message `docs(mkdocs): <Containername>` ergänzt
+- push
+
+### Übernehmen auf VM Docker
+```bash
+ssh docker
+cd /docker/Bruchtal
+git pull
+cd /docker/Bruchtal/<Containername>
+docker compose up -d
+```
+
+## Repository-Struktur
+```
+Bruchtal/
+├── docker/
+│ └── <Containername>/
+│       └── docker-compose.yml
+└── docs/
+    └── docker/
+        └── <Containername>/
+            └── <Containername>.md
+```

mkdocs.yml

@@ -0,0 +1,24 @@
+site_name: Bruchtal
+site_description: Infrastruktur- und Betriebsdokumentation von Bruchtal
+site_author: Bruchtal
+
+theme:
+  name: material
+  language: de
+
+nav:
+  - Übersicht: index.md
+  - Workflows:
+      - Docker-workflow: workflows/docker-workflow.md
+  - Netzwerk:
+      - Topologie: network/topology.md
+      - Tunnel: network/tunnel.md
+  - Proxmox:
+      - VMs: proxmox/vms.md
+  - Docker:
+      - Adguardhome: docker/adguardhome/adguardhome.md
+      - Wikijs: docker/wikijs/wikijs.md      
+      - Architektur: docker/architecture.md
+  - Backup_Storage:
+        - Backup: backup/backup.md
+        - Storage: backup/storage.md