test

compose/caddy/docker-compose.yml

@@ -1,13 +1,15 @@
 ######### AKTUELL DOWN ##########
+version: "3.8"
 
 services:
   caddy:
     image: caddy:latest
     container_name: caddy
     restart: unless-stopped
-    network_mode: host
+    ports:
+      - "80:80"
+      - "443:443"
     volumes:
-      - /docker/caddy/config/Caddyfile:/etc/caddy/Caddyfile:ro
-      - /docker/caddy/data:/data
-      - /docker/caddy/ca/rootCA.crt:/etc/ssl/certs/rootCA.crt
-      - /docker/caddy/ca/rootCA.key:/etc/ssl/private/rootCA.key
+      - /srv/docker/daten/caddy/Caddyfile:/etc/caddy/Caddyfile
+      - /srv/docker/daten/caddy/data:/data
+      - /srv/docker/daten/caddy/config:/config

compose/docker-compose.yml

@@ -0,0 +1,76 @@
+#
+# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
+#
+# Make sure to use the docker-compose.yml of the current release:
+#
+# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
+#
+# The compose file on main may not be compatible with the latest release.
+
+name: immich
+
+services:
+  immich-server:
+    container_name: immich_server
+    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
+    volumes:
+      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
+      - ${UPLOAD_LOCATION}:/data
+      - /etc/localtime:/etc/localtime:ro
+    env_file:
+      - .env
+    ports:
+      - '2283:2283'
+    depends_on:
+      - redis
+      - database
+    restart: always
+    healthcheck:
+      disable: false
+
+  immich-machine-learning:
+    container_name: immich_machine_learning
+    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
+    # Example tag: ${IMMICH_VERSION:-release}-cuda
+    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
+    # extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
+    #   file: hwaccel.ml.yml
+    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
+    volumes:
+      - model-cache:/cache
+    env_file:
+      - .env
+    restart: always
+    healthcheck:
+      disable: false
+
+  redis:
+    container_name: immich_redis
+    image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6
+    healthcheck:
+      test: redis-cli ping || exit 1
+    restart: always
+
+  database:
+    container_name: immich_postgres
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_INITDB_ARGS: '--data-checksums'
+      # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
+      # DB_STORAGE_TYPE: 'HDD'
+    volumes:
+      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
+      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
+    shm_size: 128mb
+    restart: always
+    healthcheck:
+      disable: false
+
+volumes:
+  model-cache:

compose/homepage/docker-compose.yml

@@ -0,0 +1,34 @@
+version: "3.8"
+
+services:
+
+  dockerproxy:
+    image: ghcr.io/tecnativa/docker-socket-proxy:latest
+    container_name: dockerproxy
+    environment:
+      - CONTAINERS=1 # Allow access to viewing containers
+      - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
+      - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
+      - POST=0 # Disallow any POST operations (effectively read-only)
+    ports:
+      - 127.0.0.1:2375:2375
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
+    restart: unless-stopped
+    
+  homepage:
+    image: ghcr.io/gethomepage/homepage:latest
+    container_name: homepage
+#    network_mode: host
+    ports:
+      - "3004:3000"
+    volumes:
+      - /srv/docker/daten/homepage:/app/config
+      - /srv/docker/daten/homepage/icons:/app/public/icons
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+#      - PORT=8080
+      - NODE_TLS_REJECT_UNAUTHORIZED=0
+#      - HOMEPAGE_ALLOWED_HOSTS=192.168.178.204:8080,192.168.178.204,localhost:8080,localhost,127.0.0.1      
+      - HOMEPAGE_ALLOWED_HOSTS=192.168.178.204,192.168.178.204:3004,localhost,127.0.0.1
+    restart: unless-stopped

compose/immich/docker-compose.yml

@@ -0,0 +1,84 @@
+#
+# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
+#
+# Make sure to use the docker-compose.yml of the current release:
+#
+# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
+#
+# The compose file on main may not be compatible with the latest release.
+
+name: immich
+
+services:
+  immich-server:
+    container_name: immich_server
+    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
+    #user: "1001:1001" 
+    volumes:
+      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
+      - ${UPLOAD_LOCATION}:/data
+      - /etc/localtime:/etc/localtime:ro
+    env_file:
+      - .env
+    ports:
+      - '2283:2283'
+    depends_on:
+      - redis
+      - database
+    restart: always
+    healthcheck:
+      disable: false
+
+  immich-machine-learning:
+    container_name: immich_machine_learning
+    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
+    # Example tag: ${IMMICH_VERSION:-release}-cuda
+    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
+    # extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
+    #   file: hwaccel.ml.yml
+    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
+    #user: "1001:1001" 
+    environment:
+      - MPLCONFIGDIR=/cache/.matplotlib
+      - IMMICH_TEMP_DIR=/cache/temp
+    volumes:
+      - /srv/docker/daten/immich/model-cache:/cache   
+      - ${UPLOAD_LOCATION}:/data    # <<< hier hinzufügen
+    env_file:
+      - .env
+    restart: always
+    healthcheck:
+      disable: false
+
+  redis:
+    container_name: immich_redis
+    image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6
+    #user: "1001:1001" 
+    healthcheck:
+      test: redis-cli ping || exit 1
+    restart: always
+
+  database:
+    container_name: immich_postgres
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    #user: "1001:1001" 
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_INITDB_ARGS: '--data-checksums'
+      # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
+      # DB_STORAGE_TYPE: 'HDD'
+    volumes:
+      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
+      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
+    shm_size: 128mb
+    restart: always
+    healthcheck:
+      disable: false
+
+volumes:
+  model-cache:

compose/monitoring/docker-compose.yml

@@ -0,0 +1,62 @@
+services:
+  prometheus:
+    image: prom/prometheus:latest
+    container_name: prometheus
+    restart: unless-stopped
+    user: "root" # Verhindert Permission-Probleme beim Lesen der Config
+    volumes:
+      - /srv/docker/daten/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+      - /srv/docker/daten/prometheus:/prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+    ports:
+      - "9090:9090"
+
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    restart: unless-stopped
+    environment:
+      - GF_SECURITY_ADMIN_PASSWORD=admin
+    volumes:
+      - /srv/docker/daten/grafana:/var/lib/grafana
+    ports:
+      - "3000:3000"
+
+  node-exporter:
+    image: prom/node-exporter:latest
+    container_name: node-exporter
+    restart: unless-stopped
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+    command:
+      - '--path.procfs=/host/proc'
+      - '--path.rootfs=/rootfs'
+      - '--path.sysfs=/host/sys'
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.49.1
+    container_name: cadvisor
+    restart: unless-stopped
+    privileged: true
+    devices:
+      - /dev/kmsg
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /dev/disk/:/dev/disk:ro
+
+  proxmox-exporter:
+    image: ghcr.io/prometheus-pve/prometheus-pve-exporter:latest
+    container_name: proxmox-exporter
+    restart: unless-stopped
+    volumes:
+      # Wir mounten das VERZEICHNIS. Darin liegt die pve.yml
+      - /srv/docker/daten/proxmox-exporter:/etc/prometheus:ro
+    ports:
+      - "9221:9221"

compose/uptime-kuma/docker-compose.yml

@@ -0,0 +1,11 @@
+version: "3.8"
+
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:latest
+    container_name: uptime-kuma
+    ports:
+      - "3006:3001"
+    volumes:
+      - /srv/docker/daten/uptime-kuma:/app/data
+    restart: unless-stopped

docs/docker/docker.md

@@ -54,8 +54,8 @@ networks:
 Die Mount laufen nicht über die fstab. Grund: die QNAP geht seltsam mit Sonderzeichen in den credentials um.
 Lösung:
 sudo nano /etc/systemd/system/mnt-vaultwardenBackupOnQnap.mount:
+
 ``` ini
-  GNU nano 7.2                                                                                     /etc/systemd/system/mnt-vaultwardenBackupOnQnap.mount                                                                                              
 [Unit]
 After=network-online.target
 

docs/docker/pihole/pihole.md

@@ -0,0 +1 @@
+testtest

docs/homepage/homepage.md

@@ -0,0 +1,67 @@
+# Homepage Stack
+
+## dockerproxy
+um den Status von Dockercontainern direkt auslesen zu können
+
+- Image: `ghcr.io/tecnativa/docker-socket-proxy:latest`
+- Port: `127.0.0.1:2375:2375`
+- Restart Policy: `unless-stopped`
+
+## Homepage
+das eigentlich
+
+
+
+## Volumes
+
+| Host Path | Container Path | Zweck |
+|------------|----------------|--------|
+| /var/run/docker.sock:/var/run/docker.sock:ro  | | |
+
+
+
+
+
+## Deployment
+
+```bash
+cd /docker/Bruchtal/compose/heimdall
+git pull
+docker compose pull
+docker compose up -d
+```
+
+
+## aktuelles Skript
+
+```snippet
+--8<-- "/docs/docker/heimdall/docker-compose.yml"
+```
+
+
+    dockerproxy:
+    image: ghcr.io/tecnativa/docker-socket-proxy:latest
+    container_name: dockerproxy
+    environment:
+      - CONTAINERS=1 # Allow access to viewing containers
+      - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
+      - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
+      - POST=0 # Disallow any POST operations (effectively read-only)
+    ports:
+      - 127.0.0.1:2375:2375
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
+    restart: unless-stopped
+    
+  homepage:
+    image: ghcr.io/gethomepage/homepage:latest
+    container_name: homepage
+    ports:
+      - "3004:3000"
+    volumes:
+      - /srv/docker/daten/homepage:/app/config
+      - /srv/docker/daten/homepage/icons:/app/public/icons
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - HOMEPAGE_ALLOWED_HOSTS=192.168.178.204:3004,localhost
+    restart: unless-stopped 

docs/network/topology.md

@@ -5,12 +5,12 @@
 - Range: 192.168.178.20 - 199
 
 ## feste IPs
-192.168.178.200: Proxmox
-192.168.178.203: vm-homeassistent
-192.168.178.204: vm-docker
-192.168.178.214: vm-jellyfin
-192.168.178.217: vm-docker-restore
-192.168.178.221: VM-paperless2
-192.168.178.254: QNAP
-
+[192.168.178.200: Proxmox](http://192.168.178.200:8006)
+[192.168.178.201: vm-Pihole](http://192.168.178.201)
+[192.168.178.203: vm-homeassistent](http://192.168.178.203:8123)
+[192.168.178.204: vm-docker](http://192.168.178.204:9443)
+[192.168.178.214: vm-jellyfin]()
+[192.168.178.217: vm-docker-restore](http://192.168.178.221:9443)
+[192.168.178.221: vm-paperless2](http://192.168.178.221:8000)
+[192.168.178.254: QNAP](https://192.168.178.254)
 ### Kea-dhcp4 + Adguard # caddy

docs/proxmox/paperless/paperless.md

@@ -15,4 +15,3 @@
 ## Backup
 ==> 
 
--

docs/workflows/docker-workflow.md

@@ -30,35 +30,37 @@ flowchart LR
 ---
 
 ## Verzeichnisstruktur
+compose, scripts, docs sind im Repo. Daher als Unterordner, damit bei einem pull force die Daten nicht mit überschrieben werden
 ```
-/srv/docker
-├─ compose/                  # Docker-Compose Stacks für jeden Container
-│  ├─ nextcloud/
-│  │   └─ docker-compose.yml
-│  ├─ tvheadend/
-│  │   └─ docker-compose.yml
-│  ├─ signal-rest-api/
-│  │   └─ docker-compose.yml
-│  └─ ... (weitere aktive Container)
-│
-├─ scripts/                  # Deploy-Scripts, Webhooks, Utilities
-│  ├─ deploy-changed-containers-final.sh
-│  ├─ webhook-deploy.sh
-│  └─ ... (weitere Scripts)
-│
-├─ docs/                     # MkDocs / Markdown Dokumentation
-│  ├─ backup_restore
-│  |  ├─ docker
-|  |     └─ docker_backup.md
-|  |  ├─ hetzner
-│  ├─ docker
-│  |   ├─ adguardhome
-|  |   |  └─ adguardhome.md
-│  |   ├─ heimdall
-|  |       └─ heimdall.md
-|  |   └─ ... (weitere .md Dateien)
-│
-├─ mkdocs.yml                # MkDocs Konfiguration
+/srv/docker/
+├─ repo
+│  ├─ compose          # Docker-Compose Stacks für jeden Container
+│  │  ├─ nextcloud/
+│  │  │   └─ docker-compose.yml
+│  │  ├─ tvheadend/
+│  │  │   └─ docker-compose.yml
+│  │  ├─ signal-rest-api/
+│  │  │   └─ docker-compose.yml
+│  │  └─ ... (weitere aktive Container)
+│  │
+│  ├─ scripts/                  # Deploy-Scripts, Webhooks, Utilities
+│  │  ├─ deploy-changed-containers-final.sh
+│  │  ├─ webhook-deploy.sh
+│  │  └─ ... (weitere Scripts)
+│  │
+│  ├─ docs/                     # MkDocs / Markdown Dokumentation
+│  │   ├─ backup_restore
+│  │   |  ├─ docker
+|  │   |     └─ docker_backup.md
+|  │   |  ├─ hetzner
+│  │   ├─ docker
+│  │   |   ├─ adguardhome
+|  │   |   |  └─ adguardhome.md
+│  │   |   ├─ heimdall
+|  │   │        └─ heimdall.md
+|  │   └─ ... (weitere .md Dateien)
+│  │
+│  ├─ mkdocs.yml                # MkDocs Konfiguration
 │
 ├─ daten/                    # Docker-Volumes / persistent data
 │  ├─ nextcloud/
@@ -103,18 +105,3 @@ cd /docker/Bruchtal/<Containername>
 docker compose up -d
 ```
 
-## Repository-Struktur
-```
-Bruchtal/
-├── docker/
-│ └── <Containername>/
-│       └── docker-compose.yml
-└── docs/
-│    └── docker/
-│        └── <Containername>/
-│        │    └── <Containername>.md
-│        └── docker-compose.yml
-└── scripts/
-│        └──<.sh>
-
-```

docs/workflows/repo-reparieren.md

@@ -14,7 +14,7 @@ git push origin main --force
 
 auf der VM:
 ``` snippet
-cd /srv/docker
+cd /srv/docker/repo
 
 
 git fetch origin

mkdocs.yml

@@ -26,7 +26,7 @@ nav:
       - Adguardhome: docker/adguardhome/adguardhome.md
       - Heimdall: docker/heimdall/heimdall.md
       - It-Tools: docker/it-tools/it-tools.md
-      - Pihole: docker/pihole/pihole.md
+      - PiholeTests: docker/pihole/pihole.md
       - Portainer: docker/portainer/portainer.md
       - Vaultwarden: docker/vaultwarden/vaultwarden.md
       - Vaultwarden_Backup: docker/vaultwarden_backup/vaultwarden_backup.md