test

compose/adguardhome/docker-compose.yml

@@ -1,5 +1,3 @@
-
-
 services:
   adguardhome:
     image: adguard/adguardhome:v0.107.69
@@ -9,7 +7,7 @@ services:
     ports:
       - 3003:3000
     volumes:
-      - /docker/Daten/adguardhome/work:/opt/adguardhome/work
-      - /docker/Daten/adguardhome/conf:/opt/adguardhome/conf
+      - /srv/docker/daten/adguardhome/work:/opt/adguardhome/work
+      - /srv/docker/daten/adguardhome/conf:/opt/adguardhome/conf
     environment:
       TZ: Europe/Berlin

compose/caddy/docker-compose.yml

@@ -1,11 +1,15 @@
+######### AKTUELL DOWN ##########
+version: "3.8"
+
 services:
   caddy:
     image: caddy:latest
     container_name: caddy
     restart: unless-stopped
-    network_mode: host
+    ports:
+      - "80:80"
+      - "443:443"
     volumes:
-      - /docker/caddy/config/Caddyfile:/etc/caddy/Caddyfile:ro
-      - /docker/caddy/data:/data
-      - /docker/caddy/ca/rootCA.crt:/etc/ssl/certs/rootCA.crt
-      - /docker/caddy/ca/rootCA.key:/etc/ssl/private/rootCA.key
+      - /srv/docker/daten/caddy/Caddyfile:/etc/caddy/Caddyfile
+      - /srv/docker/daten/caddy/data:/data
+      - /srv/docker/daten/caddy/config:/config

compose/docker-compose.yml

@@ -0,0 +1,76 @@
+#
+# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
+#
+# Make sure to use the docker-compose.yml of the current release:
+#
+# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
+#
+# The compose file on main may not be compatible with the latest release.
+
+name: immich
+
+services:
+  immich-server:
+    container_name: immich_server
+    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
+    volumes:
+      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
+      - ${UPLOAD_LOCATION}:/data
+      - /etc/localtime:/etc/localtime:ro
+    env_file:
+      - .env
+    ports:
+      - '2283:2283'
+    depends_on:
+      - redis
+      - database
+    restart: always
+    healthcheck:
+      disable: false
+
+  immich-machine-learning:
+    container_name: immich_machine_learning
+    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
+    # Example tag: ${IMMICH_VERSION:-release}-cuda
+    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
+    # extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
+    #   file: hwaccel.ml.yml
+    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
+    volumes:
+      - model-cache:/cache
+    env_file:
+      - .env
+    restart: always
+    healthcheck:
+      disable: false
+
+  redis:
+    container_name: immich_redis
+    image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6
+    healthcheck:
+      test: redis-cli ping || exit 1
+    restart: always
+
+  database:
+    container_name: immich_postgres
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_INITDB_ARGS: '--data-checksums'
+      # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
+      # DB_STORAGE_TYPE: 'HDD'
+    volumes:
+      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
+      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
+    shm_size: 128mb
+    restart: always
+    healthcheck:
+      disable: false
+
+volumes:
+  model-cache:

compose/gitea/docker-compose.yml

@@ -3,14 +3,14 @@ services:
     image: gitea/gitea:1.24
     container_name: gitea
     environment:
-      - USER_UID=1000
-      - USER_GID=1000
+      - USER_UID=1001
+      - USER_GID=1001
     restart: unless-stopped
     networks:
       - gitea
       - bruchtal-net    # 👈 neu für bruchtal-webhook
     volumes:
-      - /docker/Daten/gitea/data:/data
+      - /srv/docker/daten/gitea/data:/data
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     ports:
@@ -22,4 +22,3 @@ networks:
     external: false
   bruchtal-net:         # 👈 neu für bruchtal-webhook
     external: true
-    ##

compose/heimdall/docker-compose.yml

@@ -1,15 +1,18 @@
+## test
+
 services:
   heimdall:
     image: lscr.io/linuxserver/heimdall:latest
     container_name: heimdall2
     environment:
-      - PUID=1000
-      - PGID=1000
+      - PUID=1001
+      - PGID=1001
       - TZ=Europe/Berlin
     volumes:
-      -  /docker/Daten/heimdall/config:/config
+      - /srv/docker/daten/heimdall/config:/config
 
     ports:
       - 1280:80
       - 12443:443
     restart: unless-stopped
+

compose/homepage/docker-compose.yml

@@ -0,0 +1,34 @@
+version: "3.8"
+
+services:
+
+  dockerproxy:
+    image: ghcr.io/tecnativa/docker-socket-proxy:latest
+    container_name: dockerproxy
+    environment:
+      - CONTAINERS=1 # Allow access to viewing containers
+      - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
+      - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
+      - POST=0 # Disallow any POST operations (effectively read-only)
+    ports:
+      - 127.0.0.1:2375:2375
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
+    restart: unless-stopped
+    
+  homepage:
+    image: ghcr.io/gethomepage/homepage:latest
+    container_name: homepage
+#    network_mode: host
+    ports:
+      - "3004:3000"
+    volumes:
+      - /srv/docker/daten/homepage:/app/config
+      - /srv/docker/daten/homepage/icons:/app/public/icons
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+#      - PORT=8080
+      - NODE_TLS_REJECT_UNAUTHORIZED=0
+#      - HOMEPAGE_ALLOWED_HOSTS=192.168.178.204:8080,192.168.178.204,localhost:8080,localhost,127.0.0.1      
+      - HOMEPAGE_ALLOWED_HOSTS=192.168.178.204,192.168.178.204:3004,localhost,127.0.0.1
+    restart: unless-stopped

compose/immich/docker-compose.yml

@@ -0,0 +1,84 @@
+#
+# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
+#
+# Make sure to use the docker-compose.yml of the current release:
+#
+# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
+#
+# The compose file on main may not be compatible with the latest release.
+
+name: immich
+
+services:
+  immich-server:
+    container_name: immich_server
+    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
+    #user: "1001:1001" 
+    volumes:
+      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
+      - ${UPLOAD_LOCATION}:/data
+      - /etc/localtime:/etc/localtime:ro
+    env_file:
+      - .env
+    ports:
+      - '2283:2283'
+    depends_on:
+      - redis
+      - database
+    restart: always
+    healthcheck:
+      disable: false
+
+  immich-machine-learning:
+    container_name: immich_machine_learning
+    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
+    # Example tag: ${IMMICH_VERSION:-release}-cuda
+    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
+    # extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
+    #   file: hwaccel.ml.yml
+    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
+    #user: "1001:1001" 
+    environment:
+      - MPLCONFIGDIR=/cache/.matplotlib
+      - IMMICH_TEMP_DIR=/cache/temp
+    volumes:
+      - /srv/docker/daten/immich/model-cache:/cache   
+      - ${UPLOAD_LOCATION}:/data    # <<< hier hinzufügen
+    env_file:
+      - .env
+    restart: always
+    healthcheck:
+      disable: false
+
+  redis:
+    container_name: immich_redis
+    image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6
+    #user: "1001:1001" 
+    healthcheck:
+      test: redis-cli ping || exit 1
+    restart: always
+
+  database:
+    container_name: immich_postgres
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    #user: "1001:1001" 
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_INITDB_ARGS: '--data-checksums'
+      # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
+      # DB_STORAGE_TYPE: 'HDD'
+    volumes:
+      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
+      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
+    shm_size: 128mb
+    restart: always
+    healthcheck:
+      disable: false
+
+volumes:
+  model-cache:

compose/kea/docker-compose.yml

@@ -1,5 +1,4 @@
-version: "3.8"
-
+######### AKTUELL DOWN ##########
 services:
   kea-dhcp4:
     image: serhiymakarenko/isc-kea-dhcp4-server:latest

compose/monitoring/docker-compose.yml

@@ -0,0 +1,62 @@
+services:
+  prometheus:
+    image: prom/prometheus:latest
+    container_name: prometheus
+    restart: unless-stopped
+    user: "root" # Verhindert Permission-Probleme beim Lesen der Config
+    volumes:
+      - /srv/docker/daten/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+      - /srv/docker/daten/prometheus:/prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+    ports:
+      - "9090:9090"
+
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    restart: unless-stopped
+    environment:
+      - GF_SECURITY_ADMIN_PASSWORD=admin
+    volumes:
+      - /srv/docker/daten/grafana:/var/lib/grafana
+    ports:
+      - "3000:3000"
+
+  node-exporter:
+    image: prom/node-exporter:latest
+    container_name: node-exporter
+    restart: unless-stopped
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+    command:
+      - '--path.procfs=/host/proc'
+      - '--path.rootfs=/rootfs'
+      - '--path.sysfs=/host/sys'
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.49.1
+    container_name: cadvisor
+    restart: unless-stopped
+    privileged: true
+    devices:
+      - /dev/kmsg
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /dev/disk/:/dev/disk:ro
+
+  proxmox-exporter:
+    image: ghcr.io/prometheus-pve/prometheus-pve-exporter:latest
+    container_name: proxmox-exporter
+    restart: unless-stopped
+    volumes:
+      # Wir mounten das VERZEICHNIS. Darin liegt die pve.yml
+      - /srv/docker/daten/proxmox-exporter:/etc/prometheus:ro
+    ports:
+      - "9221:9221"

compose/newt/docker-compose.yml

@@ -1,9 +1,8 @@
-version: "3"
 services:
   newt:
     command:
       - newt
-    container_name: newt2
+    container_name: newt
     entrypoint:
       - /entrypoint.sh
     environment:

compose/nextcloud/docker-compose.yml

@@ -1,46 +1,28 @@
-version: '3.7'
-
 services:
   db:
     image: mariadb:latest
     container_name: nextcloud-db
     volumes:
-       #- /home/christian/docker/nextcloud/nextcloud-db-data:/var/lib/mysql
-       # - /docker/Daten/nextcloud/db:/var/lib/mysql
-        - ../../../Daten/nextcloud/db:/var/lib/mysql
-       #/docker/Bruchtal/docker/nextcloud
-      
+        - /srv/docker/daten/nextcloud/db:/var/lib/mysql
     networks:
       - default
     restart: always
     environment:
       TZ: europe/berlin
-      #MYSQL_ROOT_PASSWORD: zazen17
-      #MYSQL_DATABASE: db
-      #MYSQL_USER: dbuser
-      #MYSQL_PASSWORD: zazen17
       MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
       MYSQL_DATABASE: ${MYSQL_DATABASE}
       MYSQL_USER: ${MYSQL_USER}
       MYSQL_PASSWORD: ${MYSQL_PASSWORD}
-  
-  
-#  redis:
-#    image: redis:latest
-#    restart: always
-#    networks:
-#      - default
-#    volumes:
-#      - redis:/var/lib/redis
   redis:
     image: redis:latest
     container_name: nextcloud-redis
     restart: always
     volumes:
-      # - /docker/Daten/nextcloud/redis:/data
-      - ../../../Daten/nextcloud/redis:/data
-      
-
+      - /srv/docker/daten/nextcloud/redis:/data
+    networks:
+      - proxy
+      - default 
+    
   nextcloud:
     depends_on:
       - redis
@@ -48,35 +30,29 @@ services:
     image: nextcloud
     container_name: nextcloud
     volumes:
-      # - /home/christian/docker/nextcloud/nextcloud-www:/var/www/html
-      # - /docker/Daten/nextcloud/www:/var/www/html
-      - ../../../Daten/nextcloud/www:/var/www/html
-      
+      - /srv/docker/daten/nextcloud/www:/var/www/html
     networks:
       - proxy
       - default
     ports:
       - 1180:80
       - 1444:443
-      
     restart: always
     environment:
       REDIS_HOST: redis
       MYSQL_HOST: db:3306
-      #MYSQL_DATABASE: db
-      #MYSQL_USER: dbuser
-      #MYSQL_PASSWORD: zazen17
       MYSQL_DATABASE: ${MYSQL_DATABASE}
       MYSQL_USER: ${MYSQL_USER}
       MYSQL_PASSWORD: ${MYSQL_PASSWORD}
-  
+      PUID: "1001"
+      PGID: "1001"
 
 networks:
   proxy:
-    #external: true
 
 volumes:
   nextcloud-db-data:
     name: nextcloud-db-data
   redis:
-    name: nextcloud-redis
+    name: nextcloud-redis
+

compose/portainer/docker-compose.yml

@@ -7,7 +7,6 @@ services:
       - "9000:9000"       # Webinterface
       - "9443:9443"
     volumes:
-      - /docker/Daten/portainer-data:/data:rw      # Portainer-Daten (DB + Key)
+      - /srv/docker/daten/portainer-data:/data:rw      # Portainer-Daten (DB + Key)
       - /etc/localtime:/etc/localtime:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro
-

compose/tvheadend/docker-compose.yml

@@ -5,12 +5,12 @@ services:
     network_mode: host
 
     environment:
-      - PUID=1000
-      - PGID=1000
+      - PUID=1001
+      - PGID=1001
       - TZ=Europe/Berlin
 
     volumes:
-      - /docker/Daten/tvheadend/config:/config
-      - /docker/Daten/tvheadend/recordings:/recordings
+      - /srv/docker/daten/tvheadend/config:/config
+      - /srv/docker/daten/tvheadend/recordings:/recordings
 
-    restart: unless-stopped
+    restart: unless-stopped

compose/uptime-kuma/docker-compose.yml

@@ -0,0 +1,11 @@
+version: "3.8"
+
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:latest
+    container_name: uptime-kuma
+    ports:
+      - "3006:3001"
+    volumes:
+      - /srv/docker/daten/uptime-kuma:/app/data
+    restart: unless-stopped

compose/vaultwarden/docker-compose.yml

@@ -1,16 +1,17 @@
-version: '3.7'
-
 services:
   vaultwarden:
     image: vaultwarden/server:latest
     container_name: vaultwarden4
     restart: always
     volumes:
-      - /docker/Daten/vaultwarden/bw-data:/data
+      - /srv/docker/daten/vaultwarden/bw-data:/data
 
     environment:
       - ADMIN_TOKEN=${VAULTWARDEN_ADMIN_TOKEN}
       - WEBSOCKET_ENABLED=true
     ports:
       - 1380:80
+      - 1443:443
+      
+
 

compose/vaultwarden_backup/docker-compose.yml

@@ -1,4 +1,3 @@
-version: "3.8"
 services:
   vaultwarden_backup:
     image: bruceforce/vaultwarden-backup
@@ -6,7 +5,7 @@ services:
     restart: unless-stopped
     init: true
     volumes:
-    - /docker/Daten/vaultwarden/bw-data:/data/
+    - /srv/docker/daten/vaultwarden/bw-data:/data/
     - /mnt/vaultwardenBackupOnQnap:/backups/
     - /mnt/vaultwardenBackupOnQnap/logs:/logs/
     environment:
@@ -22,4 +21,4 @@ services:
     - BACKUP_ADD_ICON_CACHE=true
     - BACKUP_ADD_RSA_KEY=true
     - LOG_LEVEL=INFO
-    - TZ= Europe/Berlin
+    - TZ= Europe/Berlin

compose/webhook/docker-compose.yml

@@ -6,11 +6,23 @@ services:
     ports:
       - "9001:9001"
     volumes:
-      - /docker/Bruchtal:/workspace
-      - /docker/Bruchtal/scripts/webhook-deploy/hooks.json:/hooks/hooks.json:ro
+      - /srv/docker/repo:/workspace
+      - /srv/docker/scripts/webhook-deploy/hooks.json:/hooks/hooks.json:ro
       - /var/run/docker.sock:/var/run/docker.sock
       - /root/.ssh:/root/.ssh:ro
-    command: ["-hooks", "/hooks/hooks.json", "-verbose", "-port", "9001", "-ip", "0.0.0.0"]
+
+#    environment:
+#      - WEBHOOK_ALLOWED_HOST_LIST=192.168.178.204,0.0.0.0,localhost
+#      - WEBHOOK_VERBOSE=true
+#      - WEBHOOK_PORT=9001
+#      - WEBHOOK_IP=0.0.0.0
+
+    command: [
+        "-hooks", "/hooks/hooks.json", 
+        "-verbose", "-port", "9001", 
+        "-ip", "0.0.0.0",
+#        "-allowed-host-list", "0.0.0.0,192.168.178.204,localhost"
+    ]
     networks:
       - bruchtal-net    
 

compose/wikijs/docker-compose.yml

@@ -1,3 +1,5 @@
+######### AKTUELL DOWN ##########
+
 services:
   wikijs:
     image: linuxserver/wikijs:2.5.312

docker-compose.yml

@@ -8,10 +8,10 @@ services:
       - "8005:8000"
 
     volumes:
-      - /docker/Bruchtal:/docs
+      - /srv/docker/repo:/docs
 
     command: serve --dev-addr=0.0.0.0:8000
 
     environment:
       - TZ=Europe/Berlin
-      - WATCHDOG_FORCE_POLLING=true
+#      - WATCHDOG_FORCE_POLLING=true

docs/backup_restore/docker/docker_backup.md

@@ -1,3 +1,4 @@
 # Docker Backup
 
-Docker läuft als VM unter Proxmox und wird dort täglich vollständig auf der Qnap gesichert [Proxmox_Backup:](/docs/backup_restore/proxmox/proxmox_backup.md)
+Docker läuft als VM unter Proxmox und wird dort täglich vollständig auf der Qnap gesichert
+[=> Proxmox_Backup:](../../backup_restore/proxmox/proxmox_backup.md)

docs/backup_restore/proxmox/homeassistent/homeassistent_backup.md

@@ -1 +1,18 @@
-# Homeassistent
+# Homeassistent
+
+## läuft als VM unter Proxmox und wird dort täglich vollständig auf der Qnap gesichert
+[=> Proxmox_Backup:](../../backup_restore/proxmox/proxmox_backup.md)
+
+## aus HA heraus
+=> Einstellungen => System => Speicher
+- Netzwerkspeicher
+  - Verwendung: Backup
+  - Server: 192.168.178.254 (Qnap)
+  - Protokoll: NFS
+  - Remote Freigabepfad: Backups_homeassistant
+
+=> Einstellungen => System => Backups
+- Täglich und 7 Backups aufbewahren
+- zu sichernde Daten: HA Einstellungen, Verlauf
+- Speicherorte: Backups_homeassistant
+

docs/backup_restore/workstations/christian-linux_backup.md

@@ -29,7 +29,4 @@ Backupsystem läuft auf 2 Ebenen:
 
 ## Restore
 - Gezielt Dateien: Archiv einhängen (Mountpunkt: /home/christina/borgbackupHetzner), Dateien kopierne
-- allgemeines Restore: ausgewähltes Archiv -> exctract
-
-
- 
+- allgemeines Restore: ausgewähltes Archiv -> exctract

docs/backup_restore/workstations/workstation:backup.md

@@ -0,0 +1,13 @@
+# Backup Konfiguration Workstations
+## christian-linux-mint
+=> [christian-linux-mint](../workstations/christian-linux_backup.md)
+
+## Christians Handy
+=> [christian-handy_backup.md](../workstations/christian-handy_backup.md)
+
+## Dorotheas Labtop
+=> [dorothea-laptop_backup.md](../workstations/dorothea-laptop_backup.md)
+
+## Opis PC
+=> [opi-pc_backup.md](../workstations/opi-pc_backup.md)
+

docs/docker/architecture.md

@@ -1,40 +0,0 @@
-# 🏗 Bruchtal Docker-Architektur
-
-## Übersicht
-
-Die Bruchtal-Infrastruktur läuft vollständig containerisiert auf einer VM.  
-Alle Dienste kommunizieren über ein dediziertes Docker-Netzwerk, nutzen Git zur Versionierung und automatisches Deploy über Webhooks.  
-
-**Hauptkomponenten:**
-
-| Service        | Containername        | Funktion |
-|----------------|-------------------|---------|
-| Gitea          | `gitea`           | Git-Server für Infrastruktur & Dokumentation |
-| Wiki.js        | `wikijs`          | Wissensmanagement & Dokumentation |
-| MkDocs         | `bruchtal-docs`   | Statische Markdown-Dokumentation |
-| Webhook        | `bruchtal-webhook`| Automatisches Deploy bei Git Push |
-| Docker Host    | VM                | Plattform für alle Container |
-
----
-
-## 🔗 Netzwerke
-
-Alle Container laufen im **gemeinsamen Docker-Netzwerk** `bruchtal-net`:
-
-- Kommunikation per Service-Namen (`gitea`, `bruchtal-webhook`)  
-- Keine Abhängigkeit von Host-IP  
-- Isoliert von anderen VM-Netzwerken  
-
-Beispiel Docker-Compose-Netzwerkdefinition:
-
-```yaml
-networks:
-  bruchtal-net:
-    external: true
-```
-
-## Mounts
-/etc/fstab:
-```
-
-```

docs/docker/docker.md

@@ -0,0 +1,89 @@
+# 🏗 Bruchtal Docker-Architektur
+
+## Übersicht
+
+Die Bruchtal-Infrastruktur läuft vollständig containerisiert auf einer VM.  
+Alle Dienste kommunizieren über ein dediziertes Docker-Netzwerk, nutzen Git zur Versionierung und automatisches Deploy über Webhooks.  
+
+**Hauptkomponenten:**
+
+| Service        | Containername        | Funktion |
+|----------------|-------------------|---------|
+| Gitea          | `gitea`           | Git-Server für Infrastruktur & Dokumentation |
+| Wiki.js        | `wikijs`          | Wissensmanagement & Dokumentation |
+| MkDocs         | `bruchtal-docs`   | Statische Markdown-Dokumentation |
+| Webhook        | `bruchtal-webhook`| Automatisches Deploy bei Git Push |
+| Docker Host    | VM                | Plattform für alle Container |
+
+---
+
+## IP
+192.168.178.204
+
+## derzeit belegte Ports:
+
+| Port  | Dienst             | Container    | Funktion                          | URL                       |
+|-------|--------------------|--------------|-----------------------------------|--------------------------------|
+| 9443  |Portainer           | portainer    | **reines Dashboard** für Docker   | [portainer.seanluc.de](https://portainer.seanluc.de) |
+| 1380  | Vaultwarden        | vaulttwarden | Passwortmanager                   | [bitwarden.seanluc.de](https://bitwarden.seanluc.de) |
+| 1180  | Nextcloud          | nexcloud     | Cloud                             | [nc.seanluc.de](https://nc.seanluc.de)        |
+| 3002  | Gitea              | gitea        | Repo Verwaltung                   | [gitea.seanluc.de](https://gitea.seanluc.de)     |
+| 9005  | Mkdocs             | bruchtal-docs| Dokumentation                     | [doku.seanluc.de](doku.seanluc.de)      |
+
+---
+
+
+
+## 🔗 Netzwerke
+
+Alle Container laufen im **gemeinsamen Docker-Netzwerk** `bruchtal-net`:
+
+- Kommunikation per Service-Namen (`gitea`, `bruchtal-webhook`)  
+- Keine Abhängigkeit von Host-IP  
+- Isoliert von anderen VM-Netzwerken  
+
+Beispiel Docker-Compose-Netzwerkdefinition:
+
+```yaml
+networks:
+  bruchtal-net:
+    external: true
+```
+
+## Mounts
+Die Mount laufen nicht über die fstab. Grund: die QNAP geht seltsam mit Sonderzeichen in den credentials um.
+Lösung:
+sudo nano /etc/systemd/system/mnt-vaultwardenBackupOnQnap.mount:
+
+``` ini
+[Unit]
+After=network-online.target
+
+[Mount]
+What=//192.168.178.254/Backups/docker_backups/vaultwarden
+Where=/mnt/vaultwardenBackupOnQnap
+Type=cifs
+Options=rw,vers=3.0,username=admin,password=!!Zazen17**,uid=1001,gid=1001
+
+[Install]
+WantedBy=multi-user.target
+```
+dann
+
+```
+sudo systemctl daemon-reload
+sudo systemctl enable mnt-vaultwardenBackupOnQnap.mount
+
+sudo systemctl start mnt-vaultwardenBackupOnQnap.mount #Mount wird auch beim booten gestartet
+sudo systemctl stop mnt-vaultwardenBackupOnQnap.mount #Mount wird gestoppt
+
+
+
+
+
+
+
+
+## Docker Backup
+Docker läuft als VM unter Proxmox und wird dort täglich vollständig auf der Qnap gesichert
+[=> Proxmox_Backup:](../../backup_restore/proxmox/proxmox_backup.md)

docs/docker/mkdocs/mkdocs.md

@@ -0,0 +1,31 @@
+# Mkdocs
+## Zweck:
+Dokumentation des Systems in Markdown
+
+
+##  /ssrv/docker/docker-compose.yml
+-> liegt nicht in gesondertem Container.
+-> erwartet Verzeichnis docs und mkdocs.yml (diese Datei)
+
+``` yaml
+services:
+  bruchtal-docs:
+    image: squidfunk/mkdocs-material:latest
+    container_name: bruchtal-docs
+    restart: unless-stopped
+
+    ports:
+      - "8005:8000"
+
+    volumes:
+      - /docker/Bruchtal:/docs
+
+    command: serve --dev-addr=0.0.0.0:8000
+
+    environment:
+      - TZ=Europe/Berlin
+      - WATCHDOG_FORCE_POLLING=true
+```
+
+## Backup & Restore
+kein spezielles Backup notwendig.

docs/docker/pihole/pihole.md

@@ -0,0 +1 @@
+testtest

docs/homepage/homepage.md

@@ -0,0 +1,67 @@
+# Homepage Stack
+
+## dockerproxy
+um den Status von Dockercontainern direkt auslesen zu können
+
+- Image: `ghcr.io/tecnativa/docker-socket-proxy:latest`
+- Port: `127.0.0.1:2375:2375`
+- Restart Policy: `unless-stopped`
+
+## Homepage
+das eigentlich
+
+
+
+## Volumes
+
+| Host Path | Container Path | Zweck |
+|------------|----------------|--------|
+| /var/run/docker.sock:/var/run/docker.sock:ro  | | |
+
+
+
+
+
+## Deployment
+
+```bash
+cd /docker/Bruchtal/compose/heimdall
+git pull
+docker compose pull
+docker compose up -d
+```
+
+
+## aktuelles Skript
+
+```snippet
+--8<-- "/docs/docker/heimdall/docker-compose.yml"
+```
+
+
+    dockerproxy:
+    image: ghcr.io/tecnativa/docker-socket-proxy:latest
+    container_name: dockerproxy
+    environment:
+      - CONTAINERS=1 # Allow access to viewing containers
+      - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
+      - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
+      - POST=0 # Disallow any POST operations (effectively read-only)
+    ports:
+      - 127.0.0.1:2375:2375
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
+    restart: unless-stopped
+    
+  homepage:
+    image: ghcr.io/gethomepage/homepage:latest
+    container_name: homepage
+    ports:
+      - "3004:3000"
+    volumes:
+      - /srv/docker/daten/homepage:/app/config
+      - /srv/docker/daten/homepage/icons:/app/public/icons
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - HOMEPAGE_ALLOWED_HOSTS=192.168.178.204:3004,localhost
+    restart: unless-stopped 

docs/network/topology.md

@@ -5,12 +5,12 @@
 - Range: 192.168.178.20 - 199
 
 ## feste IPs
-192.168.178.200: Proxmox
-192.168.178.203: vm-homeassistent
-192.168.178.204: vm-docker
-192.168.178.214: vm-jellyfin
-192.168.178.217: vm-docker-restore
-192.168.178.221: VM-paperless2
-192.168.178.254: QNAP
-
+[192.168.178.200: Proxmox](http://192.168.178.200:8006)
+[192.168.178.201: vm-Pihole](http://192.168.178.201)
+[192.168.178.203: vm-homeassistent](http://192.168.178.203:8123)
+[192.168.178.204: vm-docker](http://192.168.178.204:9443)
+[192.168.178.214: vm-jellyfin]()
+[192.168.178.217: vm-docker-restore](http://192.168.178.221:9443)
+[192.168.178.221: vm-paperless2](http://192.168.178.221:8000)
+[192.168.178.254: QNAP](https://192.168.178.254)
 ### Kea-dhcp4 + Adguard # caddy

docs/proxmox/paperless/paperless.md

@@ -15,4 +15,3 @@
 ## Backup
 ==> 
 
--

docs/proxmox/proxmox.md

@@ -9,6 +9,9 @@
   - Docker-VM
 - Backup: tägliche Snapshots
 
+## Root-Zugriff
+derzeit noch möglich: das übliche PW
+
 ## Crontab
 ```snippet
 0 1 * * * /root/backup-pve-configs.sh

docs/workflows/backup_restore-Workstations.md

@@ -0,0 +1,3 @@
+siehe [Backups Workstaions](../backup_restore/workstations/workstation:backup.md)
+
+

docs/workflows/docker-workflow.md

@@ -14,7 +14,6 @@ Ziel:
 **Konfiguration passiert lokal in VS Code.**
 Die VM ist nur noch Laufzeitumgebung.
 
-
 1. Lokal ändern, egal was
 2. Committen & Pushen
 3. der Pull auf der VM wird automatisch über einen Webhook ausgeführt
@@ -28,22 +27,68 @@ flowchart LR
     Workspace -->|Markdown changes| MkDocs
     MkDocs -->|serve| Browser
 ```
-
 ---
 
+## Verzeichnisstruktur
+compose, scripts, docs sind im Repo. Daher als Unterordner, damit bei einem pull force die Daten nicht mit überschrieben werden
+```
+/srv/docker/
+├─ repo
+│  ├─ compose          # Docker-Compose Stacks für jeden Container
+│  │  ├─ nextcloud/
+│  │  │   └─ docker-compose.yml
+│  │  ├─ tvheadend/
+│  │  │   └─ docker-compose.yml
+│  │  ├─ signal-rest-api/
+│  │  │   └─ docker-compose.yml
+│  │  └─ ... (weitere aktive Container)
+│  │
+│  ├─ scripts/                  # Deploy-Scripts, Webhooks, Utilities
+│  │  ├─ deploy-changed-containers-final.sh
+│  │  ├─ webhook-deploy.sh
+│  │  └─ ... (weitere Scripts)
+│  │
+│  ├─ docs/                     # MkDocs / Markdown Dokumentation
+│  │   ├─ backup_restore
+│  │   |  ├─ docker
+|  │   |     └─ docker_backup.md
+|  │   |  ├─ hetzner
+│  │   ├─ docker
+│  │   |   ├─ adguardhome
+|  │   |   |  └─ adguardhome.md
+│  │   |   ├─ heimdall
+|  │   │        └─ heimdall.md
+|  │   └─ ... (weitere .md Dateien)
+│  │
+│  ├─ mkdocs.yml                # MkDocs Konfiguration
+│
+├─ daten/                    # Docker-Volumes / persistent data
+│  ├─ nextcloud/
+│  │   ├─ www/               # Nextcloud Webdaten
+│  │   ├─ db/                # MariaDB Daten
+│  │   └─ redis/             # Redis Daten
+│  ├─ tvheadend/
+│  │   └─ config/            # TVHeadend config / recordings
+│  ├─ signal-rest-api/
+│  │   └─ data/
+│  └─ ... (weitere Container-Daten)
+│
+└─ .gitignore                # ignoriert daten/ und ggf. temp files
+```
+
+
 ## Workflow "neuer Container"
 - VSCode starten in ~Bruchtal mit code . => VS startet sauber mit der Giteinstellung
 **ALLE ÄNDERUNGEN NUR IN VS**
 
-### neuen Containeranlegen
-- `Bruchtal/<Containername>` anlegen
-- `Bruchtal/<Containername>/docker-compose.yml` anlegen
+- `compose/<Containername>` anlegen
+- `compose/<Containername>/docker-compose.yml` anlegen
 - docker-compose.yml editieren, 
 - commit mit Message `"infra(<Containername>): docker-compose.yml neu angelegt"`
 - push
 
 ### neuen Container dokumentieren
-- `Bruchtal/docs/<Containername>` anlegen
+- `docker/docs/<Containername>` anlegen
 - `Bruchtal/docs/<Containername>/<Containername>.md` anlegen
 - `<Containername>.md` editieren, Blaupause z.B: wikijs.md
 - commit message `docs(<Containername>): Dokumentation angelegt`
@@ -60,14 +105,3 @@ cd /docker/Bruchtal/<Containername>
 docker compose up -d
 ```
 
-## Repository-Struktur
-```
-Bruchtal/
-├── docker/
-│ └── <Containername>/
-│       └── docker-compose.yml
-└── docs/
-    └── docker/
-        └── <Containername>/
-            └── <Containername>.md
-```

docs/workflows/repo-reparieren.md

@@ -1,6 +1,7 @@
 # Reparieren des Gitea-Repos
 ## Ausgangslage: aus Versehen Datei auf Vm editier anstatt in VS Code
 Problem: das Repo ist auseiander gelaufen.
+
 ## Voraussetzung:
 docker/gitea muss laufen
 
@@ -13,7 +14,8 @@ git push origin main --force
 
 auf der VM:
 ``` snippet
-cd /docker/Bruchtal
+cd /srv/docker/repo
+
 
 git fetch origin
 git reset --hard origin/main

mkdocs.yml

@@ -11,7 +11,7 @@ nav:
   - Workflows:
       - Docker-workflow: workflows/docker-workflow.md
       - Adguardhome-Kea-Caddy: workflows/adguard-kea-caddy.md
-   
+         
   - Netzwerk:
       - Topologie: network/topology.md
       - Tunnel: network/tunnel.md
@@ -19,26 +19,26 @@ nav:
   - Proxmox:
       - System: proxmox/proxmox.md
       - Paperless: proxmox/paperless/paperless.md
-      - Homeassistant: proxmox/homeassistant/homeassistant.md
+      - Homeassistant: proxmox/homeassistent/homeassistent.md
 
   - Docker: 
-      - Architektur: docker/architecture.md
+      - Architektur: docker/docker.md
       - Adguardhome: docker/adguardhome/adguardhome.md
-      - Wikijs: docker/wikijs/wikijs.md      
       - Heimdall: docker/heimdall/heimdall.md
       - It-Tools: docker/it-tools/it-tools.md
+      - PiholeTests: docker/pihole/pihole.md
       - Portainer: docker/portainer/portainer.md
       - Vaultwarden: docker/vaultwarden/vaultwarden.md
-      - Vaultwarden_Backup: docker/vaultwarden-backup/vaultwarden-backup.md
+      - Vaultwarden_Backup: docker/vaultwarden_backup/vaultwarden_backup.md
       - Wikijs: docker/wikijs/wikijs.md
       
   - Backup:
-      - Docker: backup_restore/docker/docker_backup.md
-      - christian-linux: backup_restore/workstations/christian-linux_backup.md
+      - Docker: /docker/docker_backup.md
       - Hetzner: backup_restore/hetzner/hetzner_backup.md
       - Homeassistant: backup_restore/proxmox/homeassistant/homeassistant_backup.md
       - Paperless: backup_restore/proxmox/paperless/paperless_backup.md
       - Proxmox: backup_restore/proxmox/proxmox_backup.md
+      - Workstation: backup_restore/workstation/workstation_backup.md
 
 
 markdown_extensions:

scripts/redeploy-all.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-
-cd /docker/Bruchtal/compose
-
-for d in */; do
-  echo "Deploying $d"
-  (cd "$d" && docker compose up -d)
-done

scripts/redeploy-containers.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+# Auto-Restart Script für geänderte Docker-Compose Stacks
+# Nur laufende, aktive Container werden neu gestartet
+# Inaktive Container bleiben unberührt
+# Logs im Repo-Verzeichnis
+#test
+
+REPO_DIR="/srv/docker"
+LOGFILE="$REPO_DIR/scripts/docker-update.log"
+
+# Liste der inaktiven Container
+INACTIVE_CONTAINERS=("adguard" "kea" "caddy" "wikijs")
+
+log() {
+    echo "$(date '+%Y-%m-%d %H:%M:%S') | $*" | tee -a "$LOGFILE"
+}
+
+log "===== Starting Auto-Restart (final) ====="
+
+cd "$REPO_DIR" || { log "ERROR: Cannot enter $REPO_DIR"; exit 1; }
+
+# 1️⃣ Git Pull + Hard Reset (VM exakt auf Remote-Stand bringen)
+git fetch --all &>/dev/null
+git reset --hard origin/main &>/dev/null
+log "Pulled latest changes and reset VM to remote state."
+
+# 2️⃣ Geänderte Compose-Dateien ermitteln
+CHANGED=$(git diff --name-only HEAD~1 HEAD | grep -E '^compose/.+/docker-compose\.yml$' || true)
+
+if [ -z "$CHANGED" ]; then
+    log "No Compose files changed. Nothing to restart."
+    exit 0
+fi
+
+# 3️⃣ Nur laufende, geänderte Container neu starten
+for FILE in $CHANGED; do
+    CONTAINER_NAME=$(echo "$FILE" | cut -d'/' -f2)
+
+    # Inaktive Container überspringen
+    if [[ " ${INACTIVE_CONTAINERS[@]} " =~ " ${CONTAINER_NAME} " ]]; then
+        log "Skipping inactive container: $CONTAINER_NAME"
+        continue
+    fi
+
+    COMPOSE_DIR="$REPO_DIR/compose/$CONTAINER_NAME"
+    if [ ! -d "$COMPOSE_DIR" ]; then
+        log "Warning: $COMPOSE_DIR does not exist, skipping..."
+        continue
+    fi
+
+    # Prüfen, ob Container läuft
+    RUNNING=$(docker compose -f "$COMPOSE_DIR/docker-compose.yml" ps -q)
+    if [ -z "$RUNNING" ]; then
+        log "Container $CONTAINER_NAME is stopped. Skipping restart."
+        continue
+    fi
+
+    log "Restarting running container: $CONTAINER_NAME"
+    cd "$COMPOSE_DIR" || continue
+
+    docker compose up -d &>/dev/null
+    if [ $? -eq 0 ]; then
+        log "✅ $CONTAINER_NAME restarted successfully"
+    else
+        log "❌ Failed to restart $CONTAINER_NAME"
+    fi
+done
+
+log "===== Auto-Restart Completed ====="

scripts/update-containers.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-
-cd /docker/Bruchtal/compose
-
-for d in */; do
-  echo "Updating $d"
-  (cd "$d" && docker compose pull && docker compose up -d)
-done

scripts/webhook-deploy/deploy-bruchtal.sh

@@ -2,7 +2,7 @@
 set -e
 # test XDG_RUNTIME_DIR
 
-LOGFILE="/var/log/bruchtal-deploy.log"
+LOGFILE="/srv/docker/repo/scripts/bruchtal-deploy.log"
 cd /workspace
 
 log() {
@@ -25,11 +25,20 @@ fi
 # -----------------------------
 # 2️⃣ Pull latest changes
 # -----------------------------
+# safe directory for git in CI environment
+git config --global --add safe.directory /workspace
+
 log "Pulling latest changes from Gitea"
 git pull
 
 # -----------------------------
-# 3️⃣ Check for Markdown changes
+# 3️⃣ Redeploy changed containers
+# -----------------------------
+#/srv/docker/scripts/redeploy-containers.sh
+
+
+# -----------------------------
+#  4️⃣ Check for Markdown changes
 # -----------------------------
 log "Checking for new or modified Markdown files..."
 changed=$(git diff --name-status HEAD~1 HEAD | grep -E '^[AM]\s.*(\.md$|mkdocs\.yml$)' | awk '{print $2}' || true)

scripts/webhook-deploy/hooks.json

@@ -2,6 +2,7 @@
   {
     "id": "bruchtal-deploy",
     "execute-command": "/workspace/scripts/webhook-deploy/deploy-bruchtal.sh",
+    
     "command-working-directory": "/workspace"
   }
 ]