admin/Bruchtal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:f8762ed06c1e02b16bce01fe75926ef8fd972e77
Branches Tags
admin:main
...
compare: admin:main
Branches Tags
admin:main

260 Commits
f8762ed06c ... main

Author SHA1 Message Date
admin
fac196aa60 test 2026-04-20 19:51:00 +02:00
admin
93cc0f7bd7 test 2026-04-20 19:49:29 +02:00
admin
d4bf0f044a test 2026-04-20 19:30:10 +02:00
admin
2c00f40150 test 2026-04-20 19:25:57 +02:00
admin
026fd46004 test 2026-04-20 19:24:38 +02:00
admin
f107c1ba5e test 2026-04-20 19:24:26 +02:00
admin
32fccb8683 test 2026-04-20 19:22:44 +02:00
admin
6a2e2eb7dd monitoring 2026-04-20 19:16:59 +02:00
admin
df22fcc717 monitoring 2026-04-20 19:11:34 +02:00
admin
a839a51074 monitoring 2026-04-20 19:07:01 +02:00
admin
8ab6ecfac1 monitoring 2026-04-20 18:00:06 +02:00
admin
72a03d0101 monitoring 2026-04-20 16:50:38 +02:00
admin
86a9de8e6b monitoring 2026-04-20 16:24:53 +02:00
admin
f229a25d5e monitoring 2026-04-20 16:17:19 +02:00
admin
e91097ebc2 monitoring 2026-04-20 16:06:59 +02:00
admin
64320b3677 monitoring 2026-04-20 16:06:14 +02:00
admin
f9efbd8784 logging 2026-04-19 16:48:19 +02:00
admin
e38018afaf logging 2026-04-19 16:35:57 +02:00
admin
47c481d1b4 logging 2026-04-19 16:30:13 +02:00
admin
a376705962 logging 2026-04-19 11:40:10 +02:00
admin
f3a53fd823 logging 2026-04-19 11:28:16 +02:00
admin
a2a80f7c0f logging 2026-04-19 11:24:22 +02:00
admin
14fec7bbe6 logging 2026-04-17 23:06:45 +02:00
admin
c828653341 logging 2026-04-17 10:57:29 +02:00
admin
15d3d4570c logging 2026-04-17 10:52:12 +02:00
admin
9605daed02 loggging 2026-04-17 10:46:06 +02:00
admin
18080290a9 logging 2026-04-17 10:45:00 +02:00
admin
b8576d11d0 logging 2026-04-16 23:06:48 +02:00
admin
0a95868b36 logging 2026-04-16 23:02:12 +02:00
admin
538aad2dd1 loging 2026-04-16 22:57:38 +02:00
admin
ab701a11bd logging 2026-04-16 22:48:26 +02:00
admin
d4d5b2a6b3 logging 2026-04-15 22:34:04 +02:00
admin
844b83a3f2 logging 2026-04-15 22:33:15 +02:00
admin
8dcc755222 logging 2026-04-15 22:30:21 +02:00
admin
65eed74dfb logging 2026-04-15 22:26:07 +02:00
admin
e266a78843 logging 2026-04-15 22:22:38 +02:00
admin
9c6aa40453 logging 2026-04-15 22:05:15 +02:00
admin
ca33fc6d1f logging 2026-04-15 22:01:43 +02:00
admin
ff9f3d3749 homepage 2026-04-13 19:41:31 +02:00
admin
fcd88276c7 homepage 2026-04-13 13:02:10 +02:00
admin
c76e8ce3f1 homepage 2026-04-13 12:58:27 +02:00
admin
635baf2362 feat(uptime-Kuma): docker-compose 2026-04-05 18:23:44 +02:00
admin
a0f63ab43f caddy 2026-04-02 19:41:24 +02:00
admin
5d2a44b419 homepage 2026-04-01 22:31:57 +02:00
admin
0315ae7043 feat(homepage):docker-compose 2026-04-01 22:25:20 +02:00
admin
159373354f feat(logging):docker-compose 2026-03-31 11:49:44 +02:00
admin
221b262562 immich 2026-03-30 20:36:18 +02:00
admin
067e616c70 immich 2026-03-30 19:45:53 +02:00
admin
af5b6eb840 immich 2026-03-30 19:36:58 +02:00
admin
97aa13c6b3 immich 2026-03-30 19:32:31 +02:00
admin
fe292f9a0e immich 2026-03-30 19:28:37 +02:00
admin
fb00e72650 immich 2026-03-30 19:25:48 +02:00
admin
6831ad1f03 immich 2026-03-30 19:16:40 +02:00
admin
d12926dda8 immich 2026-03-30 18:43:59 +02:00
admin
b24fa2e13d immich 2026-03-30 18:40:07 +02:00
admin
9ac1707617 immich 2026-03-29 10:45:24 +02:00
admin
e442576391 immich 2026-03-28 23:23:54 +01:00
admin
38cf7ddd0a immich 2026-03-28 23:14:16 +01:00
admin
564f4938fa immich 2026-03-28 22:58:15 +01:00
admin
db9b42d8b3 immich 2026-03-28 22:50:24 +01:00
admin
084bf8bba8 immich 2026-03-28 22:48:06 +01:00
admin
1f73b62605 immich 2026-03-28 22:44:38 +01:00
admin
2280ef9fef immich 2026-03-28 22:41:21 +01:00
admin
bc99ef25b5 test 2026-03-27 23:22:43 +01:00
admin
1353a8ff29 feat(immich):docker-compose 2026-03-27 23:16:41 +01:00
admin
67bbec9f83 docs(repo): update 2026-03-26 15:31:46 +01:00
admin
721c3e23e7 test 2026-03-23 22:41:55 +01:00
admin
98a029dc37 test 2026-03-23 22:40:28 +01:00
admin
6f070216b7 webhook 2026-03-23 22:36:48 +01:00
admin
438b6d950e docs(pihole):neu 2026-03-23 22:28:07 +01:00
admin
e8b70e7d48 feat(mount): no fstab 2026-03-19 19:42:17 +01:00
admin
a8c81cef12 update 2026-03-12 22:14:14 +01:00
admin
65ca5f4a82 repo 2026-03-12 19:54:13 +01:00
admin
84ee914bea doku(diversese):update 2026-03-12 19:17:41 +01:00
admin
ee8a96f0cf test 2026-03-12 00:04:26 +01:00
admin
221932f90e nc 2026-03-11 23:29:26 +01:00
admin
d7a1e900d9 nc 2026-03-11 23:27:50 +01:00
admin
88ea22caa0 nc 2026-03-11 23:27:11 +01:00
admin
8df7afa511 test 2026-03-11 22:44:51 +01:00
admin
cda41d6055 test 2026-03-11 22:05:57 +01:00
admin
52e8cd2da6 test 2026-03-11 22:01:22 +01:00
admin
e323e4b3b4 test 2026-03-11 21:57:23 +01:00
admin
b8ddf52633 webhook 2026-03-11 21:52:48 +01:00
admin
e7eae03a9d test 2026-03-11 21:43:08 +01:00
admin
5adee23135 tets 2026-03-11 21:39:15 +01:00
admin
9cd773dd63 tets 2026-03-11 21:01:03 +01:00
admin
d78da41a47 feat(vaulwarden):L port 2026-03-11 20:54:19 +01:00
admin
3b862362fe tvh 2026-03-11 16:07:32 +01:00
admin
ee71fccc58 test 2026-03-10 23:05:22 +01:00
admin
22a3c3145f docs(workflows): 2026-03-10 23:00:38 +01:00
admin
3699ec494d test 2026-03-10 22:24:11 +01:00
admin
0572da6853 Make deploy script executable 2026-03-10 22:21:35 +01:00
admin
38de32a680 test 2026-03-10 22:17:40 +01:00
admin
b7a91a8ea8 test 2026-03-10 22:15:54 +01:00
admin
165cc12450 test 2026-03-10 22:15:21 +01:00
admin
99c12fe33a feat(webhook): redeploy 2026-03-10 22:14:21 +01:00
admin
723e2a571a feat(webhook): redeploy 2026-03-10 21:56:24 +01:00
admin
49c86b1c85 test 2026-03-09 16:22:09 +01:00
admin
02e2504ad2 test 2026-03-09 16:14:05 +01:00
admin
9eab24730d test 2026-03-09 16:10:09 +01:00
admin
f4ea66ea31 test 2026-03-09 16:08:12 +01:00
admin
7b7c6af453 update 2026-03-09 16:07:25 +01:00
admin
888ada1263 update 2026-03-09 16:05:50 +01:00
admin
e8b95cacb4 infra(DNS): Pihole, Adgaurd 2026-03-08 18:23:39 +01:00
admin
50b35361a2 test 2026-03-05 22:18:50 +01:00
admin
f2239e668a test 2026-03-05 22:17:10 +01:00
admin
fa06ef0754 webhook 2026-03-05 22:15:44 +01:00
admin
ca5fcaad07 test 2026-03-05 22:12:08 +01:00
admin
18020c3ce9 test 2026-03-05 19:19:51 +01:00
admin
81d8f89552 feat(webhook): scripts 2026-03-05 19:18:26 +01:00
admin
be3601b39d test 2026-03-05 18:40:53 +01:00
admin
18267c3f71 test 2026-03-05 18:39:59 +01:00
admin
4c11ae66e0 infra(comose): ordern umbenannt 2026-03-05 18:39:06 +01:00
admin
6465cd9ddc dockes(netz): DHCP 2026-03-05 17:53:24 +01:00
admin
c8a9ad0438 docks(homeassistent): neu 2026-03-05 17:47:03 +01:00
admin
dd7585f2a0 dockes(netz): DHCP 2026-03-05 17:45:28 +01:00
admin
a1f8a33737 docs(adguard): down 2026-03-05 17:23:24 +01:00
admin
7f308e4ee4 heimdall 2026-03-05 17:10:58 +01:00
admin
e057dc84fc infra(pihole): neu 2026-03-04 23:04:59 +01:00
admin
eb55ef32e6 infra(adguard): neu 2026-03-04 22:58:18 +01:00
admin
8d8ea2a6fb test 2026-03-04 22:41:26 +01:00
admin
bf36d12396 test 2026-03-04 22:23:53 +01:00
admin
1da2665fa8 test 2026-03-04 22:18:27 +01:00
admin
cec0fb7a1a feat(nc):realtive Pfade 2026-03-04 22:17:24 +01:00
admin
0c1da36fbd test 2026-03-04 22:14:50 +01:00
admin
affbeb666b test 2026-03-04 22:06:37 +01:00
admin
c0edb4295f test 2026-03-04 22:05:06 +01:00
admin
3519493688 infra(nextcloud): Umzug 2026-03-04 22:03:26 +01:00
admin
f315c8a371 infra(nextcloud): Umzug 2026-03-04 21:46:11 +01:00
admin
0cc8814188 feat(newt): docker-compose.yml 2026-03-04 19:06:23 +01:00
admin
121955d4b9 test 2026-03-02 21:39:39 +01:00
admin
c22e813d0a test 2026-03-02 21:26:15 +01:00
admin
d48b65f039 test 2026-03-02 21:24:43 +01:00
admin
75409bffec tvheadend 2026-03-02 21:23:29 +01:00
admin
62fc532e14 infra(tvheadend): docker-compose 2026-03-02 20:57:36 +01:00
admin
e2101b6059 infra(tvheadend): docker-compose 2026-03-02 20:56:24 +01:00
admin
6f31d28cc2 test 2026-03-02 19:37:44 +01:00
admin
ceeed62eaa test 2026-03-02 19:33:59 +01:00
admin
33cd40694c test 2026-03-02 19:33:34 +01:00
admin
7accc13053 test 2026-03-02 19:30:31 +01:00
admin
c8b21cb41c test 2026-03-02 19:28:28 +01:00
admin
bebfd4acdb test 2026-03-02 19:27:26 +01:00
admin
1e3f814137 test 2026-03-02 19:25:48 +01:00
admin
b095939837 test 2026-03-02 19:23:33 +01:00
admin
6a2e525441 test 2026-03-02 19:22:17 +01:00
admin
c891697abc test 2026-03-02 19:21:09 +01:00
admin
15a346e47b test 2026-03-02 19:20:08 +01:00
admin
d8bffaacfc test 2026-03-02 19:18:50 +01:00
admin
55f18c66b9 test 2026-03-02 19:17:44 +01:00
admin
7be10bda0c docs(proxmox Backup): update 2026-03-02 18:00:53 +01:00
admin
cd908faf09 test 2026-03-02 17:57:47 +01:00
admin
f5fc8c3146 test 2026-03-02 17:56:30 +01:00
admin
ca91eaf3bc test 2026-03-02 17:53:44 +01:00
admin
a680791adf test 2026-03-02 17:46:38 +01:00
admin
56cc6199ed test 2026-03-02 17:44:37 +01:00
admin
73c45e8923 docs(mkdocs): update 2026-03-02 17:43:19 +01:00
admin
cfaef4207e docs(paperless): Doku + backup 2026-03-02 17:40:17 +01:00
admin
963a57fca2 docs(Proxmox): Backupstrategie 2026-03-01 23:17:44 +01:00
admin
d0d6640131 test 2026-03-01 22:21:02 +01:00
admin
2db2d5e068 test 2026-03-01 19:16:55 +01:00
admin
fb96362ea7 test 2026-03-01 19:15:48 +01:00
admin
34f8f4f8c1 test 2026-03-01 19:13:56 +01:00
admin
5d29e5ef2e docs(Proxmox): Backupstrategie 2026-03-01 19:06:23 +01:00
admin
c90af8f58f docs(Proxmox): Backupstrategie 2026-03-01 19:05:38 +01:00
admin
3cf102b037 docs(Proxmox): Backupstrategie 2026-03-01 18:49:17 +01:00
admin
50c2c15c02 test 2026-02-28 23:22:46 +01:00
admin
f3965fc807 test 2026-02-28 23:20:07 +01:00
admin
0efd364260 docs(Backup): Struktur; christian-linux 2026-02-28 23:19:02 +01:00
admin
f1d32c0ba4 docs(vaultwarden, vaultwarden_backup): neu erstellt 2026-02-26 22:28:25 +01:00
admin
1867a71993 infra(vaultwarden_backup):docker-compose.yml neu 2026-02-26 19:37:47 +01:00
admin
773092b1ba infra(Vaultwarden):doker-compose.myl, stack.env 2026-02-26 19:21:19 +01:00
admin
1f10003776 infra(Vaultwarden):doker-compose.myl, stack.env 2026-02-26 19:12:40 +01:00
admin
e07a953360 test 2026-02-25 21:09:43 +01:00
admin
a7fdd8be9f feat(deploy): Vm clean, edit auf VM gelöscht 2026-02-25 21:07:55 +01:00
admin
9f2e517d35 docs(portainer) portainer.md neu 2026-02-25 20:47:25 +01:00
admin
cc08b429d6 docs(portainer) portainer.md neu 2026-02-25 20:45:51 +01:00
admin
1a2e2cf580 docs(portainer) portainer.md neu 2026-02-25 20:43:37 +01:00
admin
13da68bf64 docs(portainer) portainer.md neu 2026-02-25 20:41:46 +01:00
admin
de9ab79d1c docs(portainer) portainer.md neu 2026-02-25 20:38:13 +01:00
admin
085973885c docs(portainer) portainer.md neu 2026-02-25 20:20:17 +01:00
admin
7ec3ae41ed infra(portainer): docker-compose neu erstellt 2026-02-25 17:59:56 +01:00
admin
b4ec3b127d infra(portainer): docker-compose neu erstellt 2026-02-24 22:23:46 +01:00
admin
d99e4f7fb7 infra(portainer): docker-compose neu erstellt 2026-02-23 21:42:38 +01:00
admin
6a09b56a1d infra(portainer): docker-compose neu erstellt 2026-02-23 21:40:46 +01:00
admin
46325dc97d test 2026-02-23 21:03:13 +01:00
admin
73ff6292cf kea 2026-02-23 20:52:22 +01:00
admin
4f7abe45c3 infra(portainer): docker-compose neu erstellt 2026-02-23 18:45:27 +01:00
admin
d6ae6a03ac infra(portainer): docker-compose neu erstellt 2026-02-23 18:42:36 +01:00
admin
1c7fc9fbda infra(portainer): docker-compose neu erstellt 2026-02-23 18:38:18 +01:00
admin
ab178c9b5a infra(portainer): docker-compose neu erstellt 2026-02-23 18:32:24 +01:00
admin
4aab974d50 infra(portainer): docker-compose neu erstellt 2026-02-23 18:20:21 +01:00
admin
a331fa1519 infra(portainer): docker-compose neu erstellt 2026-02-23 17:29:50 +01:00
admin
f06bd59a7c infra(portainer): docker-compose neu erstellt 2026-02-23 17:25:45 +01:00
admin
f62d773556 infra(portainer): docker-compose neu erstellt 2026-02-23 17:23:14 +01:00
admin
f8c80670df docs(adg-kea-caddy): Snippets inlude 2026-02-23 17:17:12 +01:00
admin
2d3a376ff7 infra(all): versionsangabe entfernt 2026-02-23 17:10:39 +01:00
admin
be38484a23 infra(caddy): docker-compose neu erstellt 2026-02-23 17:05:19 +01:00
admin
5de624ae12 infra(kea-dhcp4): docker-compose neu estellt 2026-02-23 16:59:09 +01:00
admin
0f3a12a87d infra(kea-dhcp4): docker-compose neu estellt 2026-02-23 16:57:24 +01:00
admin
644939779e docs(mkdocs): Update include docker-compose 2026-02-23 16:51:31 +01:00
admin
302f5fd32d docs(mkdocs): Update include docker-compose 2026-02-23 16:48:54 +01:00
admin
adef02452e docs(mkdocs): Update include docker-compose 2026-02-23 16:43:28 +01:00
admin
2a2bf3d8ae docs(mkdocs): Update include docker-compose 2026-02-23 16:43:18 +01:00
admin
cd985561af docs(mkdocs): Update include docker-compose 2026-02-23 16:38:56 +01:00
admin
5b117b9057 docs(mkdocs): Update include docker-compose 2026-02-23 16:34:04 +01:00
admin
ab5e8d8fe6 docs(mkdocs): Update include docker-compose 2026-02-23 16:33:37 +01:00
admin
3ab84b2037 docs(mkdocs): Update include docker-compose 2026-02-23 16:23:58 +01:00
admin
22cc3c1392 docs(mkdocs): Update include docker-compose 2026-02-23 16:21:01 +01:00
admin
c886dc64f6 docs(mkdocs): Update include docker-compose 2026-02-23 16:20:01 +01:00
admin
d6e4224bac docs(mkdocs): Update include docker-compose 2026-02-23 16:17:47 +01:00
admin
44ea5c657d docs(mkdocs): Update include docker-compose 2026-02-23 16:11:07 +01:00
admin
6c40c0b228 docs(mkdocs): Update include docker-compose 2026-02-23 16:09:48 +01:00
admin
63871a2d45 docs(mkdocs): Update include docker-compose 2026-02-23 16:07:18 +01:00
admin
1711733072 docs(mkdocs): Update include docker-compose 2026-02-23 16:00:23 +01:00
admin
6992c8f07b docs(mkdocs): Update include docker-compose 2026-02-23 15:56:33 +01:00
admin
4cae82c200 docs(mkdocs): Update include docker-compose 2026-02-23 15:55:15 +01:00
admin
3937b36892 docs(adguard): script inlcude 2026-02-23 15:46:43 +01:00
admin
57b68d747e docs(adguard): script inlcude 2026-02-23 15:43:01 +01:00
admin
962e96ee07 docs(adguard): script inlcude 2026-02-23 15:41:25 +01:00
admin
77365cb512 test 2026-02-23 12:55:46 +01:00
admin
f1e9936bf9 deploy 2026-02-23 12:55:22 +01:00
admin
d0a6d2e0a9 test 2026-02-23 12:54:21 +01:00
admin
1772d4da54 deploy 2026-02-23 12:53:48 +01:00
admin
dd10ef93a0 test 2026-02-23 12:49:10 +01:00
admin
842be469b5 deploy 2026-02-23 12:48:14 +01:00
admin
df8d1e0e43 test 2026-02-23 12:44:53 +01:00
admin
132c6c5288 deploy 2026-02-23 12:43:08 +01:00
admin
a835dfba04 test 2026-02-23 12:41:42 +01:00
admin
62f5de810e feat(deploy): RUN docker-compose 2026-02-23 12:39:58 +01:00
admin
108e10a545 test 2026-02-23 12:33:24 +01:00
admin
16c606af39 feat(mkdocs): Container neustart bei Änderung in mkdocs.yml 2026-02-23 12:32:53 +01:00
admin
7b444e62d9 test 2026-02-23 12:30:09 +01:00
admin
9381244bd0 feat(deploy): Test auf neue und veränderte md 2026-02-23 12:28:50 +01:00
admin
d4890e6c13 docs(mkdocs): Update include docker-compose 2026-02-23 12:19:00 +01:00
admin
560056d503 docs(mkdocs): Update include docker-compose 2026-02-23 12:14:59 +01:00
admin
37b7013655 docs(deploy): Update Dokumetation Workflow 2026-02-23 12:05:06 +01:00
admin
05506a75ad docs(deploy): Update Dokumetation Workflow 2026-02-23 10:44:21 +01:00
admin
1b4032acc3 docs(deploy): Update Dokumetation Workflow 2026-02-23 10:42:54 +01:00
admin
011ef949fe docs(deploy): Update Dokumetation Workflow 2026-02-23 10:38:34 +01:00
admin
80f014b5ff tets 2026-02-23 09:06:15 +01:00
admin
f1f194c184 Add SSH volume to bruchtal-webhook service 2026-02-23 09:04:16 +01:00
admin
55a5d94300 deploy 2026-02-23 09:01:34 +01:00
admin
f8c4f60a2d deploy 2026-02-23 09:00:11 +01:00
admin
5401e6a6e7 test 2026-02-23 08:53:37 +01:00
admin
a5c5d1cc2f test 2026-02-23 08:51:59 +01:00
admin
32d3b66115 test 2026-02-23 08:50:50 +01:00
admin
884f55e784 deploy 2026-02-23 08:48:47 +01:00
admin
f0a5d00b7c deploy 2026-02-23 08:47:10 +01:00
admin
3a382278d4 deploy 2026-02-23 08:46:00 +01:00
admin
4d1c5fb7c5 deploy 2026-02-23 08:44:49 +01:00
admin
f643161c0d test 2026-02-23 08:41:37 +01:00
admin
7560d525c3 deploy 2026-02-23 08:40:31 +01:00
admin
1ad05d7a83 test 2026-02-23 08:37:26 +01:00
admin
38a95848eb deploy 2026-02-23 08:36:30 +01:00
admin
122ce374ff test 2026-02-23 08:33:34 +01:00
admin
550effdd16 deploy 2026-02-23 08:30:58 +01:00
admin
2b5962c4b8 deploy 2026-02-23 08:29:09 +01:00
admin
c4f27d6626 deploy 2026-02-23 08:27:36 +01:00
admin
fdf5e79a2d test 2026-02-23 08:22:28 +01:00
admin
fa60ea5b65 deploy 2026-02-23 08:19:08 +01:00
66 changed files with 1906 additions and 106 deletions
Expand all files Collapse all files

8
docker/adguardhome/docker-compose.yml → compose/adguardhome/docker-compose.yml
View File

@@ -1,13 +1,13 @@
version: "3.8"
services: services:
adguardhome: adguardhome:
image: adguard/adguardhome:v0.107.69 image: adguard/adguardhome:v0.107.69
container_name: adguardhome container_name: adguardhome
restart: unless-stopped restart: unless-stopped
network_mode: host network_mode: host
ports:
- 3003:3000
volumes: volumes:
- /docker/Daten/adguardhome/work:/opt/adguardhome/work - /srv/docker/daten/adguardhome/work:/opt/adguardhome/work
- /docker/Daten/adguardhome/conf:/opt/adguardhome/conf - /srv/docker/daten/adguardhome/conf:/opt/adguardhome/conf
environment: environment:
TZ: Europe/Berlin TZ: Europe/Berlin

15
compose/caddy/docker-compose.yml Normal file
View File

@@ -0,0 +1,15 @@
######### AKTUELL DOWN ##########
version: "3.8"
services:
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /srv/docker/daten/caddy/Caddyfile:/etc/caddy/Caddyfile
- /srv/docker/daten/caddy/data:/data
- /srv/docker/daten/caddy/config:/config

76
compose/docker-compose.yml Normal file
View File

@@ -0,0 +1,76 @@
#
# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
#
# Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends:
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- ${UPLOAD_LOCATION}:/data
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
ports:
- '2283:2283'
depends_on:
- redis
- database
restart: always
healthcheck:
disable: false
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- model-cache:/cache
env_file:
- .env
restart: always
healthcheck:
disable: false
redis:
container_name: immich_redis
image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6
healthcheck:
test: redis-cli ping || exit 1
restart: always
database:
container_name: immich_postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: '--data-checksums'
# Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
# DB_STORAGE_TYPE: 'HDD'
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
shm_size: 128mb
restart: always
healthcheck:
disable: false
volumes:
model-cache:

8
docker/gitea/docker-compose.yml → compose/gitea/docker-compose.yml
View File

@@ -1,18 +1,16 @@
version: "3.8"
services: services:
server: server:
image: gitea/gitea:1.24 image: gitea/gitea:1.24
container_name: gitea container_name: gitea
environment: environment:
- USER_UID=1000 - USER_UID=1001
- USER_GID=1000 - USER_GID=1001
restart: unless-stopped restart: unless-stopped
networks: networks:
- gitea - gitea
- bruchtal-net # 👈 neu für bruchtal-webhook - bruchtal-net # 👈 neu für bruchtal-webhook
volumes: volumes:
- /docker/Daten/gitea/data:/data - /srv/docker/daten/gitea/data:/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
ports: ports:

10
docker/heimdall/docker-compose.yml → compose/heimdall/docker-compose.yml
View File

@@ -1,16 +1,18 @@
version: "2.1" ## test
services: services:
heimdall: heimdall:
image: lscr.io/linuxserver/heimdall:latest image: lscr.io/linuxserver/heimdall:latest
container_name: heimdall2 container_name: heimdall2
environment: environment:
- PUID=1000 - PUID=1001
- PGID=1000 - PGID=1001
- TZ=Europe/Berlin - TZ=Europe/Berlin
volumes: volumes:
- /home/christian/docker/heimdall/data/config:/config - /srv/docker/daten/heimdall/config:/config
ports: ports:
- 1280:80 - 1280:80
- 12443:443 - 12443:443
restart: unless-stopped restart: unless-stopped

34
compose/homepage/docker-compose.yml Normal file
View File

@@ -0,0 +1,34 @@
version: "3.8"
services:
dockerproxy:
image: ghcr.io/tecnativa/docker-socket-proxy:latest
container_name: dockerproxy
environment:
- CONTAINERS=1 # Allow access to viewing containers
- SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
- TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
- POST=0 # Disallow any POST operations (effectively read-only)
ports:
- 127.0.0.1:2375:2375
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
restart: unless-stopped
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
# network_mode: host
ports:
- "3004:3000"
volumes:
- /srv/docker/daten/homepage:/app/config
- /srv/docker/daten/homepage/icons:/app/public/icons
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
# - PORT=8080
- NODE_TLS_REJECT_UNAUTHORIZED=0
# - HOMEPAGE_ALLOWED_HOSTS=192.168.178.204:8080,192.168.178.204,localhost:8080,localhost,127.0.0.1
- HOMEPAGE_ALLOWED_HOSTS=192.168.178.204,192.168.178.204:3004,localhost,127.0.0.1
restart: unless-stopped

84
compose/immich/docker-compose.yml Normal file
View File

@@ -0,0 +1,84 @@
#
# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
#
# Make sure to use the docker-compose.yml of the current release:
#
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
#
# The compose file on main may not be compatible with the latest release.
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends:
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
#user: "1001:1001"
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- ${UPLOAD_LOCATION}:/data
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
ports:
- '2283:2283'
depends_on:
- redis
- database
restart: always
healthcheck:
disable: false
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
#user: "1001:1001"
environment:
- MPLCONFIGDIR=/cache/.matplotlib
- IMMICH_TEMP_DIR=/cache/temp
volumes:
- /srv/docker/daten/immich/model-cache:/cache
- ${UPLOAD_LOCATION}:/data # <<< hier hinzufügen
env_file:
- .env
restart: always
healthcheck:
disable: false
redis:
container_name: immich_redis
image: docker.io/valkey/valkey:9@sha256:3eeb09785cd61ec8e3be35f8804c8892080f3ca21934d628abc24ee4ed1698f6
#user: "1001:1001"
healthcheck:
test: redis-cli ping || exit 1
restart: always
database:
container_name: immich_postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
#user: "1001:1001"
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: '--data-checksums'
# Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
# DB_STORAGE_TYPE: 'HDD'
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
shm_size: 128mb
restart: always
healthcheck:
disable: false
volumes:
model-cache:

0
docker/it-tools/docker-compose.yml → compose/it-tools/docker-compose.yml
View File

10
compose/kea/docker-compose.yml Normal file
View File

@@ -0,0 +1,10 @@
######### AKTUELL DOWN ##########
services:
kea-dhcp4:
image: serhiymakarenko/isc-kea-dhcp4-server:latest
container_name: kea-dhcp4
restart: unless-stopped
network_mode: host
volumes:
- /home/christian/docker/kea/config:/etc/kea:ro
- /home/christian/docker/kea/leases:/var/lib/kea

62
compose/monitoring/docker-compose.yml Normal file
View File

@@ -0,0 +1,62 @@
services:
prometheus:
image: prom/prometheus:latest
container_name: prometheus
restart: unless-stopped
user: "root" # Verhindert Permission-Probleme beim Lesen der Config
volumes:
- /srv/docker/daten/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
- /srv/docker/daten/prometheus:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
ports:
- "9090:9090"
grafana:
image: grafana/grafana:latest
container_name: grafana
restart: unless-stopped
environment:
- GF_SECURITY_ADMIN_PASSWORD=admin
volumes:
- /srv/docker/daten/grafana:/var/lib/grafana
ports:
- "3000:3000"
node-exporter:
image: prom/node-exporter:latest
container_name: node-exporter
restart: unless-stopped
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
command:
- '--path.procfs=/host/proc'
- '--path.rootfs=/rootfs'
- '--path.sysfs=/host/sys'
cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.49.1
container_name: cadvisor
restart: unless-stopped
privileged: true
devices:
- /dev/kmsg
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
proxmox-exporter:
image: ghcr.io/prometheus-pve/prometheus-pve-exporter:latest
container_name: proxmox-exporter
restart: unless-stopped
volumes:
# Wir mounten das VERZEICHNIS. Darin liegt die pve.yml
- /srv/docker/daten/proxmox-exporter:/etc/prometheus:ro
ports:
- "9221:9221"

37
compose/newt/docker-compose.yml Normal file
View File

@@ -0,0 +1,37 @@
services:
newt:
command:
- newt
container_name: newt
entrypoint:
- /entrypoint.sh
environment:
- PANGOLIN_ENDPOINT=https://tunnel.seanluc.de
- NEWT_ID=q8ddcxxoutrrhnc
- NEWT_SECRET=4vl316fhjkht127zxwndxryz13zu4w5w2jh7vm38eq7zja56
- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
hostname: 60a60dd2e962
image: fosrl/newt
ipc: private
labels:
com.docker.compose.config-hash: 66bc96213313b76f1a9874ff172919dad568b0964c744d55534da6566a2a0a2a
com.docker.compose.container-number: 1
com.docker.compose.depends_on: ""
com.docker.compose.image: sha256:b6f17a3a018ea6803f386a3ee028765e001c862d521397fdfe6053531462f212
com.docker.compose.oneoff: False
com.docker.compose.project: pangolintunnel
com.docker.compose.project.config_files: ""
com.docker.compose.project.working_dir: /data/compose/1/v4
com.docker.compose.replace: 490f03e84817d49e3242fa6ddd529de25d937744991fee24d50224d3fbf9ab0e
com.docker.compose.service: newt
com.docker.compose.version: ""
logging:
driver: json-file
options: {}
networks:
- pangolintunnel_default
restart: unless-stopped
working_dir: /
networks:
pangolintunnel_default:
external: true

58
compose/nextcloud/docker-compose.yml Normal file
View File

@@ -0,0 +1,58 @@
services:
db:
image: mariadb:latest
container_name: nextcloud-db
volumes:
- /srv/docker/daten/nextcloud/db:/var/lib/mysql
networks:
- default
restart: always
environment:
TZ: europe/berlin
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
redis:
image: redis:latest
container_name: nextcloud-redis
restart: always
volumes:
- /srv/docker/daten/nextcloud/redis:/data
networks:
- proxy
- default
nextcloud:
depends_on:
- redis
- db
image: nextcloud
container_name: nextcloud
volumes:
- /srv/docker/daten/nextcloud/www:/var/www/html
networks:
- proxy
- default
ports:
- 1180:80
- 1444:443
restart: always
environment:
REDIS_HOST: redis
MYSQL_HOST: db:3306
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
PUID: "1001"
PGID: "1001"
networks:
proxy:
volumes:
nextcloud-db-data:
name: nextcloud-db-data
redis:
name: nextcloud-redis

40
compose/pihole/docker-compose.yml Normal file
View File

@@ -0,0 +1,40 @@
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
# DNS Ports
- "53:53/tcp"
- "53:53/udp"
# Default HTTP Port
- "3080:80/tcp"
# Default HTTPs Port. FTL will generate a self-signed certificate
- "8443:443/tcp"
# Uncomment the below if using Pi-hole as your DHCP Server
#- "67:67/udp"
# Uncomment the line below if you are using Pi-hole as your NTP server
#- "123:123/udp"
environment:
# Set the appropriate timezone for your location from
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g:
TZ: 'Europe/Berlin'
# Set a password to access the web interface. Not setting one will result in a random password being assigned
FTLCONF_webserver_api_password: '!!Zazen17**'
# If using Docker's default `bridge` network setting the dns listening mode should be set to 'ALL'
FTLCONF_dns_listeningMode: 'ALL'
# Volumes store your data between container upgrades
volumes:
# For persisting Pi-hole's databases and common configuration file
- '/docker/Daten/pihole:/etc/pihole'
# Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
#- './etc-dnsmasq.d:/etc/dnsmasq.d'
cap_add:
# See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# Required if you are using Pi-hole as your DHCP server, else not needed
- NET_ADMIN
# Required if you are using Pi-hole as your NTP client to be able to set the host's system time
- SYS_TIME
# Optional, if Pi-hole should get some more processing time
- SYS_NICE
restart: unless-stopped

12
compose/portainer/docker-compose.yml Normal file
View File

@@ -0,0 +1,12 @@
services:
portainer:
image: portainer/portainer-ee:2.27.3
container_name: portainer
restart: unless-stopped
ports:
- "9000:9000" # Webinterface
- "9443:9443"
volumes:
- /srv/docker/daten/portainer-data:/data:rw # Portainer-Daten (DB + Key)
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro

16
compose/tvheadend/docker-compose.yml Normal file
View File

@@ -0,0 +1,16 @@
services:
tvheadend:
image: lscr.io/linuxserver/tvheadend:latest
container_name: tvheadend
network_mode: host
environment:
- PUID=1001
- PGID=1001
- TZ=Europe/Berlin
volumes:
- /srv/docker/daten/tvheadend/config:/config
- /srv/docker/daten/tvheadend/recordings:/recordings
restart: unless-stopped

11
compose/uptime-kuma/docker-compose.yml Normal file
View File

@@ -0,0 +1,11 @@
version: "3.8"
services:
uptime-kuma:
image: louislam/uptime-kuma:latest
container_name: uptime-kuma
ports:
- "3006:3001"
volumes:
- /srv/docker/daten/uptime-kuma:/app/data
restart: unless-stopped

17
compose/vaultwarden/docker-compose.yml Normal file
View File

@@ -0,0 +1,17 @@
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden4
restart: always
volumes:
- /srv/docker/daten/vaultwarden/bw-data:/data
environment:
- ADMIN_TOKEN=${VAULTWARDEN_ADMIN_TOKEN}
- WEBSOCKET_ENABLED=true
ports:
- 1380:80
- 1443:443

1
compose/vaultwarden/stack.env Normal file
View File

@@ -0,0 +1 @@
VAULTWARDEN_ADMIN_TOKEN='$argon2i$v=19$m=16,t=2,p=1$QWlraWRvMTc$5+whtbbk9O625JUlcDikMQ'

24
compose/vaultwarden_backup/docker-compose.yml Normal file
View File

@@ -0,0 +1,24 @@
services:
vaultwarden_backup:
image: bruceforce/vaultwarden-backup
container_name: vaultwarden_backup
restart: unless-stopped
init: true
volumes:
- /srv/docker/daten/vaultwarden/bw-data:/data/
- /mnt/vaultwardenBackupOnQnap:/backups/
- /mnt/vaultwardenBackupOnQnap/logs:/logs/
environment:
- BACKUP_DIR=/backups/
- LOG_DIR=/logs/
- CRON_TIME=0 5 * * *
- DELETE_AFTER=30
- TIMESTAMP=true
- BACKUP_ON_STARTUP=true
- BACKUP_ADD_DATABASE=true
- BACKUP_ADD_ATTACHMENTS=true
- BACKUP_ADD_CONFIG_JSON=true
- BACKUP_ADD_ICON_CACHE=true
- BACKUP_ADD_RSA_KEY=true
- LOG_LEVEL=INFO
- TZ= Europe/Berlin

8
compose/webhook/deploy/Dockerfile Normal file
View File

@@ -0,0 +1,8 @@
FROM thecatlady/webhook:2.8.0
USER root
RUN apk add --no-cache git docker-cli bash openssh-client docker-compose
RUN mkdir -p /root/.ssh && \
ssh-keyscan 192.168.178.204 >> /root/.ssh/known_hosts

31
compose/webhook/docker-compose.yml Normal file
View File

@@ -0,0 +1,31 @@
services:
bruchtal-webhook:
build: ./deploy
container_name: webhook
restart: unless-stopped
ports:
- "9001:9001"
volumes:
- /srv/docker/repo:/workspace
- /srv/docker/scripts/webhook-deploy/hooks.json:/hooks/hooks.json:ro
- /var/run/docker.sock:/var/run/docker.sock
- /root/.ssh:/root/.ssh:ro
# environment:
# - WEBHOOK_ALLOWED_HOST_LIST=192.168.178.204,0.0.0.0,localhost
# - WEBHOOK_VERBOSE=true
# - WEBHOOK_PORT=9001
# - WEBHOOK_IP=0.0.0.0
command: [
"-hooks", "/hooks/hooks.json",
"-verbose", "-port", "9001",
"-ip", "0.0.0.0",
# "-allowed-host-list", "0.0.0.0,192.168.178.204,localhost"
]
networks:
- bruchtal-net
networks:
bruchtal-net:
external: true

3
docker/wikijs/docker-compose.yml → compose/wikijs/docker-compose.yml
View File

@@ -1,4 +1,5 @@
version: "2.1" ######### AKTUELL DOWN ##########
services: services:
wikijs: wikijs:
image: linuxserver/wikijs:2.5.312 image: linuxserver/wikijs:2.5.312

3
deploy/Dockerfile
View File

@@ -1,3 +0,0 @@
FROM thecatlady/webhook:2.8.0
USER root
RUN apk add --no-cache git docker-cli bash

25
deploy/deploy-bruchtal.sh
View File

@@ -1,25 +0,0 @@
#!/bin/sh
set -e
# test test
cd /docker/Bruchtal
echo "==> Pulling latest changes"
git pull
echo "==> Checking for changed markdown files"
# Liste der Dateien im letzten Commit
CHANGED_FILES=$(git diff --name-only HEAD@{1} HEAD)
echo "$CHANGED_FILES"
# Prüfen ob .md Datei enthalten ist
if echo "$CHANGED_FILES" | grep -qE '\.md$'; then
echo "==> Markdown changes detected. Restarting container..."
docker restart bruchtal-docs
else
echo "==> No markdown changes detected. Skipping restart."
fi
echo "==> Deploy finished"

4
docker-compose.yml
View File

@@ -8,10 +8,10 @@ services:
- "8005:8000" - "8005:8000"
volumes: volumes:
- /docker/Bruchtal:/docs - /srv/docker/repo:/docs
command: serve --dev-addr=0.0.0.0:8000 command: serve --dev-addr=0.0.0.0:8000
environment: environment:
- TZ=Europe/Berlin - TZ=Europe/Berlin
- WATCHDOG_FORCE_POLLING=true # - WATCHDOG_FORCE_POLLING=true

12
docker/bruchtal-webhook/docker-compose.yml
View File

@@ -1,12 +0,0 @@
services:
bruchtal-webhook:
build: ./deploy
container_name: bruchtal-webhook
restart: unless-stopped
ports:
- "9001:9001"
volumes:
- /docker/Bruchtal:/workspace
- /docker/Bruchtal/deploy/hooks.json:/hooks/hooks.json:ro
- /var/run/docker.sock:/var/run/docker.sock
command: ["-hooks", "/hooks/hooks.json", "-verbose", "-port", "9001", "-ip", "0.0.0.0"]

4
docs/backup_restore/docker/docker_backup.md Normal file
View File

@@ -0,0 +1,4 @@
# Docker Backup
Docker läuft als VM unter Proxmox und wird dort täglich vollständig auf der Qnap gesichert
[=> Proxmox_Backup:](../../backup_restore/proxmox/proxmox_backup.md)

5
docs/backup_restore/hetzner/seanluc1_backup.md Normal file
View File

@@ -0,0 +1,5 @@
# Server Seanluc1
- Location: Hetzner
- Schedule: täglich
- Skript: Hetzner Voreinstellung

18
docs/backup_restore/proxmox/homeassistent/homeassistent_backup.md Normal file
View File

@@ -0,0 +1,18 @@
# Homeassistent
## läuft als VM unter Proxmox und wird dort täglich vollständig auf der Qnap gesichert
[=> Proxmox_Backup:](../../backup_restore/proxmox/proxmox_backup.md)
## aus HA heraus
=> Einstellungen => System => Speicher
- Netzwerkspeicher
- Verwendung: Backup
- Server: 192.168.178.254 (Qnap)
- Protokoll: NFS
- Remote Freigabepfad: Backups_homeassistant
=> Einstellungen => System => Backups
- Täglich und 7 Backups aufbewahren
- zu sichernde Daten: HA Einstellungen, Verlauf
- Speicherorte: Backups_homeassistant

177
docs/backup_restore/proxmox/paperless/paperless_backup.md Normal file
View File

@@ -0,0 +1,177 @@
# Paperless Backup
- tägliches backup der VM unter Proxmox auf der QNAP [=> Proxmox_Backup](/docs/backup_restore/proxmox/proxmox_backup.md)
- Sicherung der Nutzdaten: erfolgt per Skript und cron auf hetzner.storage
<details>
<summary>Location /paperless/backup_storage:</summary>
```
#!/usr/bin/env bash
#####!/bin/bash
########### Initialisierung ##############
#### https://docs.hetzner.com/de/robot/storage-box/backup-space-ssh-keys/
## Führe auf dem Clienten die folgenden Befehle aus:
# ssh-keygen
# cat ~/.ssh/id_rsa.pub | ssh -p23 u338XXX@u338XXX.your-storagebox.de install-ssh-key
###### Hier deine Daten einfügen #########
export BORG_PASSPHRASE="%ci5pKqWvXj!iBm9khAR@Z2ohJ2inMMht8ZNsU*"
BACKUP_USER="u358899"
REPOSITORY_DIR="paperless"
##########################################
LOG_DIR="/paperless/backuplogs"
LOG="$LOG_DIR/backup_storage.log"
echo "MOIN!" >> /paperless/test.log
if [ ! -d "$LOG_DIR" ]; then
mkdir -p "$LOG_DIR"
fi
full_path=$(realpath $0)
dir_path=$(dirname $full_path)
echo $dir_path
## Hinweis: Für die Verwendung mit einem Backup-Account muss
## 'your-storagebox.de' in 'your-backup.de' geändert werden.
REPOSITORY="ssh://${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de:23/./backups/${REPOSITORY_DIR}"
## Zeitstempel-Variable setzen
TIMESTAMP=$(date +'%Y-%m-%d_%H:%M')
##
## Ausgabe in Logdatei schreiben
##
exec > >(tee -i ${LOG})
exec 2>&1
start_time=$(date +'%Y-%m-%d %H:%M:%S')
echo "###### Backup gestartet: $start_time ######"
## Überprüfen, ob eine spezielle Aktion durchgeführt werden soll
BACKUP_SUFFIX=""
case "$1" in
NEW_INIT)
echo "Überprüfe, ob das Verzeichnis backups/${REPOSITORY_DIR} existiert..."
ssh -p23 ${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de "[ -d backups/${REPOSITORY_DIR} ] || mkdir -p backups/${REPOSITORY_DIR}"
echo "Das Repository wird komplett gelöscht und neu angelegt..."
borg delete --force --stats $REPOSITORY
borg init --encryption=repokey $REPOSITORY
BACKUP_SUFFIX="_NEW_INIT"
;;
INIT)
echo "Überprüfe, ob das Verzeichnis backups/${REPOSITORY_DIR} existiert..."
ssh -p23 ${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de "[ -d backups/${REPOSITORY_DIR} ] || mkdir -p backups/${REPOSITORY_DIR}"
echo "Überprüfe, ob das Repository existiert..."
if borg info $REPOSITORY > /dev/null 2>&1; then
echo "Das Repository existiert bereits. Vorgang wird abgebrochen."
exit 1
else
echo "Das Repository wird neu angelegt..."
borg init --encryption=repokey $REPOSITORY
fi
BACKUP_SUFFIX="_INIT"
;;
?)
echo -e "\n######################################"
echo -e "Verwendung des Backup-Skripts:"
echo -e "######################################"
echo -e "Ohne Parameter:"
echo -e " Führt ein reguläres Backup durch und hängt an den Backup-Namen das aktuelle Datum und die Uhrzeit."
echo -e "\nParameter:"
echo -e " NEW_INIT - Löscht das Repository komplett und legt es neu an."
echo -e " INIT - Legt das Repository neu an, wenn es nicht bereits existiert."
echo -e " ? - Zeigt diese Hilfemeldung an und bricht das Skript ab."
echo -e "\nBeispiele:"
echo -e " ./backup_script.sh"
echo -e " ./backup_script.sh NEW_INIT"
echo -e " ./backup_script.sh INIT"
echo -e " ./backup_script.sh ?"
echo -e "\nBackups auflisten mit:"
echo -e " borg list ssh://${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de:23/./backups/${REPOSITORY_DIR}\n"
echo -e "Rücksichern einzelner Verzeichnisse mit:"
echo -e " cd /mytmp # Wechseln Sie in ein Testverzeichnis, um das Backup zu testen."
echo -e " borg extract ssh://${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de:23/./backups/${REPOSITORY_DIR}::${TIMESTAMP}${BACKUP_SUFFIX} etc var lib lib64 sbin usr bin"
echo -e "######################################\n"
echo -e "Komplette Rücksicherung mit:"
echo -e "cd / # Wechseln Sie in das Root-Verzeichnis, um das gesamte System wiederherzustellen."
echo -e "borg extract ssh://${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de:23/./backups/${REPOSITORY_DIR}::${TIMESTAMP}${BACKUP_SUFFIX}"
echo -e "######################################\n"
echo -e "Auf den Backup-Server verbinden:"
echo -e "ssh -p23 ${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de"
echo -e "Verzeichnisinhalt anzeigen:"
echo -e "ls backups/${REPOSITORY_DIR}"
echo -e "Verzeichnis der aktuellen Backups löschen:"
echo -e "rm -rf backups/${REPOSITORY_DIR}"
echo -e "######################################\n"
exit 0
;;
esac
## Überprüfen, ob ein zusätzlicher Parameter übergeben wurde
if [ -n "$1" ] && [ "$1" != "INIT" ] && [ "$1" != "NEW_INIT" ]; then
BACKUP_SUFFIX="_$1"
fi
##
## Zu sichernde Verzeichnisse
##
# Hier werden alle Verzeichnisse im Root-Verzeichnis gesichert, außer den ausgeschlossenen Verzeichnissen
DIRS_TO_BACKUP=(
"/paperless/paperless-ngx/export"
)
##
## Dateien ins Repository übertragen
##
echo "Übertrage Dateien ..."
borg create -v --stats \
$REPOSITORY::"${TIMESTAMP}${BACKUP_SUFFIX}" \
"${DIRS_TO_BACKUP[@]}" # \
end_time=$(date +'%Y-%m-%d %H:%M:%S')
duration=$(date -u -d @$(( $(date -d "$end_time" +%s) - $(date -d "$start_time" +%s) )) +%H:%M:%S)
echo "###### Backup beendet: $end_time ######"
echo "Time (start): $start_time"
echo "Time (end): $end_time"
echo "Duration: $duration"
echo -e "\n######################################"
echo -e "Backups auflisten mit:"
echo -e "borg list ssh://${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de:23/./backups/${REPOSITORY_DIR}\n"
echo -e "Rücksichern einzelner Verzeichnisse mit:"
echo -e "cd /mytmp # Wechseln Sie in ein Testverzeichnis, um das Backup zu testen."
echo -e "borg extract ssh://${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de:23/./backups/${REPOSITORY_DIR}::${TIMESTAMP}${BACKUP_SUFFIX} etc var lib lib64 sbin usr bin"
echo -e "######################################\n"
echo -e "Komplette Rücksicherung mit:"
echo -e "borg extract ssh://${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de:23/./backups/${REPOSITORY_DIR}::${TIMESTAMP}${BACKUP_SUFFIX}"
echo -e "######################################\n"
echo -e "Auf den Backup-Server verbinden:"
echo -e "ssh -p23 ${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de"
echo -e "Verzeichnisinhalt anzeigen:"
echo -e "ls backups/${REPOSITORY_DIR}"
echo -e "Verzeichnis der aktuellen Backups löschen:"
echo
echo -e "rm -rf backups/${REPOSITORY_DIR}"
echo -e "######################################\n"
borg list ssh://${BACKUP_USER}@${BACKUP_USER}.your-storagebox.de:23/./backups/${REPOSITORY_DIR} >> ${LOG}
```
</details>

123
docs/backup_restore/proxmox/proxmox_backup.md Normal file
View File

@@ -0,0 +1,123 @@
# Backup Proxmox
## 1. PVE
- Location: verschlüsselt auf hetznerstoragebox gemäß Anleitung https://ralf-peter-kleinert.de/linux-server/proxmox-verschluesselt-backup.html. (Die liegt auch als Anhang im bitwarden)
- Scedule: täglich im cron und wird 14 Tage aufgehoben
- ÄNDERUNGEN siehe
<details>
<summary>Location: /etc/fstab</summary>
```
#QNAP
//192.168.178.254/qnapmultimedia /mnt/qnapmount_mm cifs user,credentials=/root/.credentials/qnapcreds,iocharset=utf8,noperm 0 0
//192.168.178.254/Backups /mnt/qnapmount_backups cifs user,credentials=/root/.credentials/qnapcreds,iocharset=utf8,noperm 0 0
#Hetznerbox
//u358899.your-storagebox.de/backup /mnt/hetznerbox cifs user,credentials=/root/.credentials/hetznercreds,iocharset=utf8,noperm 0 0
#//u358899.your-storagebox.de/backups /mnt/hetznerbox cifs username=u358899,password=vgceBjPMxwq2eT7k,rw
#Storagebox Crypted
//u358899.your-storagebox.de/backup/backups/proxmox /mnt/storagebox-crypted cifs credentials=/root/.credentials/hetznercreds,iocharset=utf8,rw,_netdev,uid=0,gid=0,file_mode=0660,dir_mode=0770 0 0
#Storagebox Uncrypted - wird automatisch mit Crypted verbunden
/mnt/storagebox-crypted /mnt/storagebox-nocrypt fuse./usr/bin/gocryptfs rw,nofail,auto,x-systemd.idle-timeout=10,x-systemd.automount,allow_other,quiet,passfile=/root/.gocryptfspw 0 0
```
</details>
- Log: /root/pve-backup.log
- Skript:
<details>
<summary>Location: /root/backup-pve-configs.sh :</summary>
```
#!/bin/bash
BACKUP_DIR="/mnt/storagebox-nocrypt/pve-configs-backup"
TODAY=$(date +%T_%F)-pve-configs-backup
LOGFILE="pve-backup.log"
mkdir -p "$BACKUP_DIR/$TODAY"
FILES=(
"/root/"
"/etc/pve/"
"/etc/network/interfaces"
"/etc/hosts"
"/etc/resolv.conf"
"/etc/hostname"
"/etc/timezone"
"/etc/passwd"
"/etc/group"
"/etc/shadow"
"/root/.ssh/"
"/etc/vzdump.conf"
"/etc/ssh/sshd_config"
"/var/lib/pve-cluster/"
"/etc/ssh/"
"/etc/cron.d/"
"/etc/cron.daily/"
"/etc/cron.hourly/"
"/etc/cron.weekly/"
"/etc/cron.monthly/"
"/var/spool/cron/"
"/etc/fstab"
"/etc/default/"
"/etc/apt/sources.list"
"/etc/apt/sources.list.d/"
"/var/log/"
"/etc/systemd/"
"/etc/sysctl.conf"
"/etc/security/"
"/var/backups/"
"/etc/fail2ban/"
"/root/backup-pve-configs.sh"
)
EXCLUDE_DIRS=(
"/mnt/storagebox-crypt"
"/mnt/storagebox-nocrypt"
"/var/lib/vz/images/"
"/var/lib/lxc/"
"/var/lib/vz/private/"
"/var/lib/lxcfs/"
)
# rsync-Ausschlussparameter erstellen
EXCLUDE_PARAMS=()
for EXCLUDE in "${EXCLUDE_DIRS[@]}"; do
EXCLUDE_PARAMS+=(--exclude="$EXCLUDE")
done
for FILE in "${FILES[@]}"; do
if [ -e "$FILE" ]; then
echo "Kopiere $FILE..."
rsync -aL --relative --ignore-missing-args --safe-links "${EXCLUDE_PARAMS[@]}" "$FILE" "$BACKUP_DIR/$TODAY/" 2>/dev/null
else
echo "Warnung: $FILE existiert nicht und wird uebersprungen." >> ${LOGFILE}
fi
done
find "$BACKUP_DIR" -mindepth 1 -maxdepth 1 -type d -mtime +14 -exec rm -rf {} \;
echo "Backup fuer $TODAY abgeschlossen." >> ${LOGFILE}
```
</details>
## 2. Komplette lxc und VMs #
- Skript: GUI
- Log: GUI
- Location: /QNAP_Bckups/Backups/proxmox
- Scedule: 0:30, keep-dayily, keep-mpnthly=12, keep-weekly=4, keep-yearly=2
- **TODO: Borgbackup für Container**
## weitere Datenbackups
[=> Paperless Backup](paperless/paperless_backup.md)
[=> Homeassistent Backup](paperless/homeassistent_backup.md)
[=> TV-Headend](paperless/tv-headend_backup.md)

3
docs/backup_restore/proxmox/tv-headend/tv-headend_backup.md Normal file
View File

@@ -0,0 +1,3 @@
## TV-Headend Backup
nur Containersicherung über [Proxmox backup](../proxmox_backup.md)

0
docs/docker/architecture.md → docs/backup_restore/workstations/christian-handy_backup.md
View File

32
docs/backup_restore/workstations/christian-linux_backup.md Normal file
View File

@@ -0,0 +1,32 @@
# Backup Konfiguration christian-linux PC
Backupsystem läuft auf 2 Ebenen:
- Systembackup: Timeshift
- Datenbckup: Borgbackup mit Frontend Vortabackup
## Systembackup: TimeshiftS
- Benutzerdaten sind AUSgeschlossen
- Schnappschusstyp: rsync
- lokas auf SSD
- Zeitplan: monatlich 6 , wöchentlich 4, täglich 5 aufheben
## Datenbackup: Vortabackup als Frontend für Borgbackup
### Quellen:
- /home/christian/
- .ssh
- thunderbird
- Bilder
- Dokumente
- Inkrementelle Sicherung
### Repository:
- ssh://u358899@u358899.your-storagebox.de:23/./backups/christianLinux
- SSH-Schlüssel automatisch auswählen
- Kompression: LZ4
- Rhythmus: täglich 21:40 Uhr
- Repo wird all 3 Wochen validiert
## Restore
- Gezielt Dateien: Archiv einhängen (Mountpunkt: /home/christina/borgbackupHetzner), Dateien kopierne
- allgemeines Restore: ausgewähltes Archiv -> exctract

0
docs/backup_restore/workstations/dorothea-laptop_backup.md Normal file
View File

0
docs/backup_restore/workstations/opi-pc_backup.md Normal file
View File

13
docs/backup_restore/workstations/workstation:backup.md Normal file
View File

@@ -0,0 +1,13 @@
# Backup Konfiguration Workstations
## christian-linux-mint
=> [christian-linux-mint](../workstations/christian-linux_backup.md)
## Christians Handy
=> [christian-handy_backup.md](../workstations/christian-handy_backup.md)
## Dorotheas Labtop
=> [dorothea-laptop_backup.md](../workstations/dorothea-laptop_backup.md)
## Opis PC
=> [opi-pc_backup.md](../workstations/opi-pc_backup.md)

12
docs/docker/adguardhome/adguardhome.md
View File

@@ -1,5 +1,4 @@
# Adguardhome # Adguardhome - ist DOWN, ZUR ZEIT LÄUFT PIHOLE
## Allgemein ## Allgemein
- Image: `adguard/adguardhome:v0.107.69` - Image: `adguard/adguardhome:v0.107.69`
@@ -16,7 +15,14 @@
## Deployment ## Deployment
```bash ```bash
cd /docker/Bruchtal/docker/adguardhome cd /docker/Bruchtal/compose/adguardhome
git pull git pull
docker compose pull docker compose pull
docker compose up -d docker compose up -d
```
## aktuelles Skript
```snippet
--8<-- "/docs/docker/adguardhome/docker-compose.yml"
```

89
docs/docker/docker.md Normal file
View File

@@ -0,0 +1,89 @@
# 🏗 Bruchtal Docker-Architektur
## Übersicht
Die Bruchtal-Infrastruktur läuft vollständig containerisiert auf einer VM.
Alle Dienste kommunizieren über ein dediziertes Docker-Netzwerk, nutzen Git zur Versionierung und automatisches Deploy über Webhooks.
**Hauptkomponenten:**
| Service | Containername | Funktion |
|----------------|-------------------|---------|
| Gitea | `gitea` | Git-Server für Infrastruktur & Dokumentation |
| Wiki.js | `wikijs` | Wissensmanagement & Dokumentation |
| MkDocs | `bruchtal-docs` | Statische Markdown-Dokumentation |
| Webhook | `bruchtal-webhook`| Automatisches Deploy bei Git Push |
| Docker Host | VM | Plattform für alle Container |
---
## IP
192.168.178.204
## derzeit belegte Ports:
| Port | Dienst | Container | Funktion | URL |
|-------|--------------------|--------------|-----------------------------------|--------------------------------|
| 9443 |Portainer | portainer | **reines Dashboard** für Docker | [portainer.seanluc.de](https://portainer.seanluc.de) |
| 1380 | Vaultwarden | vaulttwarden | Passwortmanager | [bitwarden.seanluc.de](https://bitwarden.seanluc.de) |
| 1180 | Nextcloud | nexcloud | Cloud | [nc.seanluc.de](https://nc.seanluc.de) |
| 3002 | Gitea | gitea | Repo Verwaltung | [gitea.seanluc.de](https://gitea.seanluc.de) |
| 9005 | Mkdocs | bruchtal-docs| Dokumentation | [doku.seanluc.de](doku.seanluc.de) |
---
## 🔗 Netzwerke
Alle Container laufen im **gemeinsamen Docker-Netzwerk** `bruchtal-net`:
- Kommunikation per Service-Namen (`gitea`, `bruchtal-webhook`)
- Keine Abhängigkeit von Host-IP
- Isoliert von anderen VM-Netzwerken
Beispiel Docker-Compose-Netzwerkdefinition:
```yaml
networks:
bruchtal-net:
external: true
```
## Mounts
Die Mount laufen nicht über die fstab. Grund: die QNAP geht seltsam mit Sonderzeichen in den credentials um.
Lösung:
sudo nano /etc/systemd/system/mnt-vaultwardenBackupOnQnap.mount:
``` ini
[Unit]
After=network-online.target
[Mount]
What=//192.168.178.254/Backups/docker_backups/vaultwarden
Where=/mnt/vaultwardenBackupOnQnap
Type=cifs
Options=rw,vers=3.0,username=admin,password=!!Zazen17**,uid=1001,gid=1001
[Install]
WantedBy=multi-user.target
```
dann
```
sudo systemctl daemon-reload
sudo systemctl enable mnt-vaultwardenBackupOnQnap.mount
sudo systemctl start mnt-vaultwardenBackupOnQnap.mount #Mount wird auch beim booten gestartet
sudo systemctl stop mnt-vaultwardenBackupOnQnap.mount #Mount wird gestoppt
## Docker Backup
Docker läuft als VM unter Proxmox und wird dort täglich vollständig auf der Qnap gesichert
[=> Proxmox_Backup:](../../backup_restore/proxmox/proxmox_backup.md)

13
docs/docker/heimdall/heimdall.md
View File

@@ -10,14 +10,21 @@
| Host Path | Container Path | Zweck | | Host Path | Container Path | Zweck |
|------------|----------------|--------| |------------|----------------|--------|
| /docker/Bruchtal/docker/heimdall/data/config:/config | /config | Konfiguration | | /docker/Bruchtal/compose/heimdall/data/config:/config | /config | Konfiguration |
## Deployment ## Deployment
```bash ```bash
cd /docker/Bruchtal/docker/heimdall cd /docker/Bruchtal/compose/heimdall
git pull git pull
docker compose pull docker compose pull
docker compose up -d docker compose up -d
`` ```
## aktuelles Skript
```snippet
--8<-- "/docs/docker/heimdall/docker-compose.yml"
```

10
docs/docker/it-tools/it-tools.md
View File

@@ -12,8 +12,14 @@
## Deployment ## Deployment
```bash ```bash
cd /docker/Bruchtal/docker/it-tools cd /docker/Bruchtal/compose/it-tools
git pull git pull
docker compose pull docker compose pull
docker compose up -d docker compose up -d
`` ```
## aktuelles Skript
```snippet
--8<-- "/docs/docker/it-tools/docker-compose.yml"
```

31
docs/docker/mkdocs/mkdocs.md Normal file
View File

@@ -0,0 +1,31 @@
# Mkdocs
## Zweck:
Dokumentation des Systems in Markdown
## /ssrv/docker/docker-compose.yml
-> liegt nicht in gesondertem Container.
-> erwartet Verzeichnis docs und mkdocs.yml (diese Datei)
``` yaml
services:
bruchtal-docs:
image: squidfunk/mkdocs-material:latest
container_name: bruchtal-docs
restart: unless-stopped
ports:
- "8005:8000"
volumes:
- /docker/Bruchtal:/docs
command: serve --dev-addr=0.0.0.0:8000
environment:
- TZ=Europe/Berlin
- WATCHDOG_FORCE_POLLING=true
```
## Backup & Restore
kein spezielles Backup notwendig.

1
docs/docker/pihole/pihole.md Normal file
View File

@@ -0,0 +1 @@
testtest

181
docs/docker/portainer/portainer.md Normal file
View File

@@ -0,0 +1,181 @@
# Portainer EE mit Remote-Agent (Hetzner) über SSH-Tunnel
## Ziel
Lokaler Portainer EE verwaltet zusätzlich einen entfernten Docker-Host (Hetzner),
ohne dass der Agent-Port (9001) öffentlich erreichbar ist. Der Key für die EE ist in Bitwarden hinterlegt.
Die Verbindung erfolgt ausschließlich über einen SSH-Tunnel.
---
## Architektur
### Übersicht
- Heimserver: Portainer EE
- Hetzner-Server: Portainer Agent
- Verbindung: SSH-Tunnel (autossh + systemd)
- Kein öffentlicher Port 9001
---
### Netzwerkarchitektur mit Namespace- und Layer-Trennung
```
┌────────────────────────────┐
│ Internet │
└──────────────┬─────────────┘
│ SSH (TCP 22)
┌──────────────────────────┴──────────────────────────┐
│ Hetzner VPS (Host OS) │
│-----------------------------------------------------│
│ │
│ Docker Engine │
│ ┌──────────────────────────────────────────────┐ │
│ │ portainer_agent Container │ │
│ │----------------------------------------------│ │
│ │ Agent lauscht auf: 0.0.0.0:9001 │ │
│ └──────────────────────────────────────────────┘ │
│ │
│ Host-Port-Mapping: 9001 -> Container 9001 │
└──────────────────────────┬──────────────────────────┘
│ localhost:9001
============================================== SSH Tunnel =======================
ssh -L 0.0.0.0:9002:localhost:9001 root@hetzner-ip
=================================================================================
│ 0.0.0.0:9002 (Heimserver Host)
┌──────────────────────────┴──────────────────────────┐
│ Heimserver (Host OS) │
│-----------------------------------------------------│
│ │
│ autossh Service │
│ lauscht auf: 0.0.0.0:9002 │
│ │
│ Docker Bridge Netzwerk │
│ IP: 172.17.0.1 │
│ │
│ Docker Engine │
│ ┌──────────────────────────────────────────────┐ │
│ │ portainer-ee Container │ │
│ │----------------------------------------------│ │
│ │ Verbindet zu: 172.17.0.1:9002 │ │
│ │ (Host-Bridge-IP) │ │
│ └──────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────┘
```
## Funktionsweise
1. Der Portainer-Agent läuft auf Hetzner und lauscht auf Port 9001.
2. Dieser Port ist **nicht öffentlich relevant**, da keine direkte Nutzung erfolgt.
3. Der Heimserver baut per SSH einen Tunnel auf:
- Lokaler Port 9002 → Hetzner localhost:9001
4. Portainer EE verbindet sich intern über: 172.17.0.1:9002 (docker bridge)
5. Der gesamte Traffic läuft verschlüsselt über SSH.
## 1. Portainer-Agent auf Hetzner
### docker-compose.yml
``` yaml
version: "3.8"
services:
portainer_agent:
image: portainer/agent:2.27.3
container_name: portainer_agent
restart: unless-stopped
ports:
- "9001:9001"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
```
Starten: docker compose up -d
Prüfen: ss -tlnp | grep 9001
Erwartet: 0.0.0.0:9001
## 2. SSH-Tunnel automatisieren (VM Docker)
### autossh installieren
apt update
apt install autossh -y
### systemd Service anlegen
Datei:
/etc/systemd/system/portainer-hetzner-tunnel.service
Inhalt:
``` ini
[Unit]
Description=SSH Tunnel to Hetzner Portainer Agent
After=network.target
[Service]
User=root
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh \
-M 0 \
-N \
-o "ServerAliveInterval=30" \
-o "ServerAliveCountMax=3" \
-o "ExitOnForwardFailure=yes" \
-o "StrictHostKeyChecking=no" \
-i /root/.ssh/portainer_tunnel \
-L 0.0.0.0:9002:localhost:9001 \
root@65.
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
```
### Service aktivieren
```snippet
systemctl daemon-reload
systemctl enable portainer-hetzner-tunnel
systemctl start portainer-hetzner-tunnel
```
Status prüfen:
```
systemctl status portainer-hetzner-tunnel
```
Port prüfen:
```
ss -tlnp | grep 9002
```
Erwartet:
```
0.0.0.0:9002
```
## 3. Portainer EE konfigurieren
In der WebUI:
Environments → Add Environment → Agent
Adresse: 172.17.0.1:9002
Hinweis: 172.17.0.1 ist die Docker-Bridge-IP des Hosts
Portainer läuft im Container
Der Tunnel läuft auf dem Host
## Sicherheitsmodell
- Port 9001 nicht öffentlich erreichbar
- Kommunikation ausschließlich über SSH
- SSH-Key-basierte Authentifizierung
- Automatischer Reconnect via autossh
- Kein zusätzlicher VPN erforderlich
## Troubleshooting
```
|Problem |Ursache | Prüfen
|connection refused |Agent nicht auf 9001 gemappt | - ports9001:9001 in der docker-compose
|SSH channel open failed |Agent lauscht nicht |keys vorhanden?
|Endpoint unreachable |Tunnel nicht aktiv
|curl localhost:9001 schlägt fehl |Agent läuft nicht korrekt
```

74
docs/docker/vaultwarden/vaultwarden.md Normal file
View File

@@ -0,0 +1,74 @@
# VAULTWARDEN
## Produktiv-Vault (Self-Hosted):
- Software: Vaultwarden
- Zugriff:
- LAN: HTTPS über lokalen Reverse Proxy (Caddy)
- Internet: HTTPS über Pangolin-Tunnel
- Enthält:
- alle regulären Zugänge
- Organisationen / Secrets
- Risiko:
- abhängig von Tunnel / Internet / Heimnetz
## Kritischer Eintrag:
Name:
"Hetzner Login (NOTFALL manuell pflegen!)"
Zweck:
- Sichtbarer Hinweis bei JEDEM Login
- Erzwingt bewusste manuelle Pflege
des Notfall-Zugangs
## NOTFALL-STRATEGIE
### Notfall-Passwortsafe:
- Software: KeePassXC
- Dateiformat: notfall.kdbx
- Plattformen:
- Linux
- Windows
- Speicherort:
- verschlüsselter Cloud-Speicher => auf Schulcampus/Dokumente/Notfall/Notfall.kdbx
- im U-Netz: Dokumente/Kram/Notfall
- unabhängig vom Heimnetz / Tunnel
### Schutz:
- Starkes Master-Passwort (wie immer)
### Inhalt (bewusst minimal):
- Hetzner Login
- ggf. Hetzner Recovery Codes
------------
## Pflegeregel:
Wenn Hetzner-Passwort oder 2FA geändert wird:
-> Eintrag in notfall.kdbx **MANUELL** auf **BEIDEN** Speichern aktualisieren
Keine Automatisierung! (Bewusste Entscheidung).
## DESIGN-ENTSCHEIDUNG
- Keine Admin-API-Exports aus Vaultwarden
- Keine Cronjobs mit sensiblen Tokens
- Keine Abhängigkeit von kostenpflichtigen Cloud-Abos
- Notfallzugang bewusst getrennt gehalten
----------
Fokus auf:
- Robustheit
- Transparenz
- Plattform-Kompatibilität
- Langfristige Wartbarkeit
## aktuelles Skript
```snippet
--8<-- "/docs/docker/vaultwarden/docker-compose.yml"
```
## Backup
=> [Vaultwarden_backup](../vaultwarden_backup/vaultwarden_backup.md).

6
docs/docker/vaultwarden_backup/vaultwarden_backup.md Normal file
View File

@@ -0,0 +1,6 @@
# Vaultwarden_Backup
Container vaultwarden_backup sichert die komplette DB täglich 5:00 auf QNAP/Backups/docker_backups_vaultwarden
```snippet
--8<-- "/docs/docker/vaultwarden_backup/docker-compose.yml"
```

10
docs/docker/wikijs/wikijs.md
View File

@@ -17,8 +17,14 @@
## Deployment ## Deployment
```bash ```bash
cd /docker/Bruchtal/docker/wikijs cd /docker/Bruchtal/compose/wikijs
git pull git pull
docker compose pull docker compose pull
docker compose up -d docker compose up -d
`` ```
## aktuelles Skript
```snippet
--8<-- "/docs/docker/wikijs/docker-compose.yml"
```

67
docs/homepage/homepage.md Normal file
View File

@@ -0,0 +1,67 @@
# Homepage Stack
## dockerproxy
um den Status von Dockercontainern direkt auslesen zu können
- Image: `ghcr.io/tecnativa/docker-socket-proxy:latest`
- Port: `127.0.0.1:2375:2375`
- Restart Policy: `unless-stopped`
## Homepage
das eigentlich
## Volumes
| Host Path | Container Path | Zweck |
|------------|----------------|--------|
| /var/run/docker.sock:/var/run/docker.sock:ro | | |
## Deployment
```bash
cd /docker/Bruchtal/compose/heimdall
git pull
docker compose pull
docker compose up -d
```
## aktuelles Skript
```snippet
--8<-- "/docs/docker/heimdall/docker-compose.yml"
```
dockerproxy:
image: ghcr.io/tecnativa/docker-socket-proxy:latest
container_name: dockerproxy
environment:
- CONTAINERS=1 # Allow access to viewing containers
- SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
- TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
- POST=0 # Disallow any POST operations (effectively read-only)
ports:
- 127.0.0.1:2375:2375
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
restart: unless-stopped
homepage:
image: ghcr.io/gethomepage/homepage:latest
container_name: homepage
ports:
- "3004:3000"
volumes:
- /srv/docker/daten/homepage:/app/config
- /srv/docker/daten/homepage/icons:/app/public/icons
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- HOMEPAGE_ALLOWED_HOSTS=192.168.178.204:3004,localhost
restart: unless-stopped

3
docs/index.md
View File

@@ -2,8 +2,7 @@
Willkommen in der Infrastruktur-Dokumentation von **Bruchtal**. Willkommen in der Infrastruktur-Dokumentation von **Bruchtal**.
## Ziel ## Inhalt ##
Diese Dokumentation beschreibt: Diese Dokumentation beschreibt:
- ⚙️ Workflows - ⚙️ Workflows

16
docs/network/topology.md
View File

@@ -0,0 +1,16 @@
# Allgemeine Einstellungen
## DHCP
### Fritzbox (derzeit aktuell)
- Range: 192.168.178.20 - 199
## feste IPs
[192.168.178.200: Proxmox](http://192.168.178.200:8006)
[192.168.178.201: vm-Pihole](http://192.168.178.201)
[192.168.178.203: vm-homeassistent](http://192.168.178.203:8123)
[192.168.178.204: vm-docker](http://192.168.178.204:9443)
[192.168.178.214: vm-jellyfin]()
[192.168.178.217: vm-docker-restore](http://192.168.178.221:9443)
[192.168.178.221: vm-paperless2](http://192.168.178.221:8000)
[192.168.178.254: QNAP](https://192.168.178.254)
### Kea-dhcp4 + Adguard # caddy

4
docs/proxmox/homeassistent/homeassistent.md Normal file
View File

@@ -0,0 +1,4 @@
# Homeasistent
## Plattform
- VM im Docker

52
docs/proxmox/paperless/docker-compose.yml Normal file
View File

@@ -0,0 +1,52 @@
services:
broker:
image: docker.io/library/redis:8
restart: unless-stopped
volumes:
- redisdata:/data
db:
image: docker.io/library/postgres:17
restart: unless-stopped
volumes:
- /paperless/database:/var/lib/postgresql/data
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperless
POSTGRES_PASSWORD: paperless
webserver:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
restart: unless-stopped
depends_on:
- db
- broker
- gotenberg
- tika
ports:
- "8000:8000"
volumes:
- /paperless/data:/usr/src/paperless/data
- /paperless/media:/usr/src/paperless/media
- ./export:/usr/src/paperless/export
- /paperless/paperless-ngx/consume:/usr/src/paperless/consume
env_file: docker-compose.env
environment:
PAPERLESS_REDIS: redis://broker:6379
PAPERLESS_DBHOST: db
PAPERLESS_TIKA_ENABLED: 1
PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
PAPERLESS_TIKA_ENDPOINT: http://tika:9998
gotenberg:
image: docker.io/gotenberg/gotenberg:8.20
restart: unless-stopped
# The gotenberg chromium route is used to convert .eml files. We do not
# want to allow external content like tracking pixels or even javascript.
command:
- "gotenberg"
- "--chromium-disable-javascript=true"
- "--chromium-allow-list=file:///tmp/.*"
tika:
image: docker.io/apache/tika:latest
restart: unless-stopped
volumes:
redisdata:

17
docs/proxmox/paperless/paperless.md Normal file
View File

@@ -0,0 +1,17 @@
# Paperless VM
## Architektur
- läuft als VM direkt auf Proxmox
- Plattform: Ubuntu Server 24
- Paperless läuft unter Docker
## docker-compose.yml
``` snippet
--8<-- "/docs/proxmox/paperless/docker-compose.yml"
```
** docker-compose.env Datei mit Key in Bitwarden **
## Backup
==>

55
docs/proxmox/proxmox.md Normal file
View File

@@ -0,0 +1,55 @@
# Proxmox Host
## System
- Hostname: vm-proxmox
- OS: Debian 12
- VMs:
- paperless-ngx
- home-assistant
- Docker-VM
- Backup: tägliche Snapshots
## Root-Zugriff
derzeit noch möglich: das übliche PW
## Crontab
```snippet
0 1 * * * /root/backup-pve-configs.sh
```
## Mounts
/etc/fstab
``` snippet
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/pve/root / ext4 errors=remount-ro 0 1
/dev/pve/swap none swap sw 0 0
proc /proc proc defaults 0 0
#SSD
UUID=fe878af4-c44e-4ab8-8d81-1efb0391aaf7 /mnt/DockerDaten ext4 defaults 0 0
#QNAP
//192.168.178.254/qnapmultimedia /mnt/qnapmount_mm cifs user,credentials=/root/.credentials/qnapcreds,iocharset=utf8,noperm 0 0
//192.168.178.254/Backups /mnt/qnapmount_backups cifs user,credentials=/root/.credentials/qnapcreds,iocharset=utf8,noperm 0 0
#Hetznerbox
//u358899.your-storagebox.de/backup /mnt/hetznerbox cifs user,credentials=/root/.credentials/hetznercreds,iocharset=utf8,noperm 0 0
#Storagebox Crypted
//u358899.your-storagebox.de/backup/backups/proxmox /mnt/storagebox-crypted cifs credentials=/root/.credentials/hetznercreds,iocharset=utf8,rw,_netdev,uid=0,gid=0,file_mode=0660,dir_mode=07>
#Storagebox Uncrypted - wird automatisch mit Crypted verbunden
/mnt/storagebox-crypted /mnt/storagebox-nocrypt fuse./usr/bin/gocryptfs rw,nofail,auto,x-systemd.idle-timeout=10,x-systemd.automount,allow_other,quiet,passfile=/root/.gocryptfspw 0 0
```
## Backup
## aktuelles Skript
``` snippet
--8<-- "/docs/backup_restore/proxmox/backup_pve_configs.sh"
```
=> [Proxmox Backup](../backup_restore/proxmox/proxmox_backup.md).
=> [Skript:](../backup_restore/proxmox/backup_pve_configs.sh)

2
docs/proxmox/tv-headend/tv-headend.md Normal file
View File

@@ -0,0 +1,2 @@
# TV-Headend

9
docs/proxmox/vms.md
View File

@@ -1,9 +0,0 @@
# Proxmox Host
- Hostname: vm-proxmox
- OS: Debian 12
- VMs:
- paperless-ngx
- home-assistant
- Docker-VM
- Backup: tägliche Snapshots

48
docs/workflows/adguard-kea-caddy.md Normal file
View File

@@ -0,0 +1,48 @@
# DNS - DHCP Konfiguration
** AKTUELL PIHOLE ALS DNS!**
## Pihole
- derzeit aktuell im Einsatz, Adguard & Co abgeschaltet.
-
### aktuelles Skript
```snippet
--8<-- "/docs/docker/pihole/docker-compose.yml"
```
## AdGuardHome
- die Konfiguration findet in der adguard/config/AdGuardHome.yaml statt.
**Problem**: dummerweise überschreibt die GUI diese bei jedem Start gnadenlos.
- Blaupause liegt in /docker/AdguardHome.yaml bzw. s.u.
- Entscheidend: dhcp_enabled: false
- bevor Adguard neu gestartet wird die Blaupause in den config-Ordner kopieren
- neue Einträge:
-- WebUI aufrufen (http://192.168.178.204:3001)
-- Filters => DNS-Rewrites
-- dort name und IP eintragen
-- Container **NICHT** neu starten!
### aktuelles Skript
```snippet
--8<-- "/docs/docker/adguardhome/docker-compose.yml"
```
## Anmerkungen zu Kea:
- DHCP-Server, bewusst in der IPv4-Version. IPv6 ist komplett abgestellt, ausser auf der FB für DSlite.
### aktuelles Skript
```snippet
--8<-- "/docs/docker/kea-dhcp4/docker-compose.yml"
```
## Anmerkungen zu caddy
- Reverse-Proxy für internes HTTPS
- Problem: rootCA.crt muss auf dem Client vorhanden sein damit der Browserzugriff funktioniert. Ist ein Browserproblme, eins von DNS verursachtes
### aktuelles Skript
```snippet
--8<-- "/docs/docker/caddy/docker-compose.yml"
```

3
docs/workflows/backup_restore-Workstations.md Normal file
View File

@@ -0,0 +1,3 @@
siehe [Backups Workstaions](../backup_restore/workstations/workstation:backup.md)

79
docs/workflows/docker-workflow.md
View File

@@ -7,7 +7,6 @@ Ziel:
- Alles versioniert in Git - Alles versioniert in Git
- Reproduzierbare Deployments - Reproduzierbare Deployments
- Dokumentation immer synchron zur Infrastruktur - Dokumentation immer synchron zur Infrastruktur
--- ---
## Grundprinzip ## Grundprinzip
@@ -15,28 +14,81 @@ Ziel:
**Konfiguration passiert lokal in VS Code.** **Konfiguration passiert lokal in VS Code.**
Die VM ist nur noch Laufzeitumgebung. Die VM ist nur noch Laufzeitumgebung.
1. Lokal ändern, egal was 1. Lokal ändern, egal was
2. Committen & Pushen 2. Committen & Pushen
3. Auf VM pullen 3. der Pull auf der VM wird automatisch über einen Webhook ausgeführt
4. Container neu starten 4. Container neu starten
```mermaid
flowchart LR
Dev -->|git push| Gitea
Gitea -->|POST Hook| Webhook
Webhook -->|git pull| Workspace
Workspace -->|Markdown changes| MkDocs
MkDocs -->|serve| Browser
```
--- ---
## Verzeichnisstruktur
compose, scripts, docs sind im Repo. Daher als Unterordner, damit bei einem pull force die Daten nicht mit überschrieben werden
```
/srv/docker/
├─ repo
│ ├─ compose # Docker-Compose Stacks für jeden Container
│ │ ├─ nextcloud/
│ │ │ └─ docker-compose.yml
│ │ ├─ tvheadend/
│ │ │ └─ docker-compose.yml
│ │ ├─ signal-rest-api/
│ │ │ └─ docker-compose.yml
│ │ └─ ... (weitere aktive Container)
│ │
│ ├─ scripts/ # Deploy-Scripts, Webhooks, Utilities
│ │ ├─ deploy-changed-containers-final.sh
│ │ ├─ webhook-deploy.sh
│ │ └─ ... (weitere Scripts)
│ │
│ ├─ docs/ # MkDocs / Markdown Dokumentation
│ │ ├─ backup_restore
│ │ | ├─ docker
| │ | └─ docker_backup.md
| │ | ├─ hetzner
│ │ ├─ docker
│ │ | ├─ adguardhome
| │ | | └─ adguardhome.md
│ │ | ├─ heimdall
| │ │ └─ heimdall.md
| │ └─ ... (weitere .md Dateien)
│ │
│ ├─ mkdocs.yml # MkDocs Konfiguration
├─ daten/ # Docker-Volumes / persistent data
│ ├─ nextcloud/
│ │ ├─ www/ # Nextcloud Webdaten
│ │ ├─ db/ # MariaDB Daten
│ │ └─ redis/ # Redis Daten
│ ├─ tvheadend/
│ │ └─ config/ # TVHeadend config / recordings
│ ├─ signal-rest-api/
│ │ └─ data/
│ └─ ... (weitere Container-Daten)
└─ .gitignore # ignoriert daten/ und ggf. temp files
```
## Workflow "neuer Container" ## Workflow "neuer Container"
- VSCode starten in ~Bruchtal mit code . => VS startet sauber mit der Giteinstellung - VSCode starten in ~Bruchtal mit code . => VS startet sauber mit der Giteinstellung
**ALLE ÄNDERUNGEN NUR IN VS** **ALLE ÄNDERUNGEN NUR IN VS**
### neuen Containeranlegen - `compose/<Containername>` anlegen
- `Bruchtal/<Containername>` anlegen - `compose/<Containername>/docker-compose.yml` anlegen
- `Bruchtal/<Containername>/docker-compose.yml` anlegen
- docker-compose.yml editieren, - docker-compose.yml editieren,
- commit mit Message `"infra(<Containername>): docker-compose.yml neu angelegt"` - commit mit Message `"infra(<Containername>): docker-compose.yml neu angelegt"`
- push - push
### neuen Container dokumentieren ### neuen Container dokumentieren
- `Bruchtal/docs/<Containername>` anlegen - `docker/docs/<Containername>` anlegen
- `Bruchtal/docs/<Containername>/<Containername>.md` anlegen - `Bruchtal/docs/<Containername>/<Containername>.md` anlegen
- `<Containername>.md` editieren, Blaupause z.B: wikijs.md - `<Containername>.md` editieren, Blaupause z.B: wikijs.md
- commit message `docs(<Containername>): Dokumentation angelegt` - commit message `docs(<Containername>): Dokumentation angelegt`
@@ -53,14 +105,3 @@ cd /docker/Bruchtal/<Containername>
docker compose up -d docker compose up -d
``` ```
## Repository-Struktur
```
Bruchtal/
├── docker/
│ └── <Containername>/
│ └── docker-compose.yml
└── docs/
└── docker/
└── <Containername>/
└── <Containername>.md
```

27
docs/workflows/repo-reparieren.md Normal file
View File

@@ -0,0 +1,27 @@
# Reparieren des Gitea-Repos
## Ausgangslage: aus Versehen Datei auf Vm editier anstatt in VS Code
Problem: das Repo ist auseiander gelaufen.
## Voraussetzung:
docker/gitea muss laufen
## Lösungsansatz:
- **Wichtig:** dafür sorgen, dass die "korrekten" Dateien auf dem PC liegen wo VS läuft
- auf der lokalen Maschine in Bruchtal:
``` snippet
git push origin main --force
```
auf der VM:
``` snippet
cd /srv/docker/repo
git fetch origin
git reset --hard origin/main
```
Optional noch alte Dateien entfernen:
```
git clean -fd
```

56
mkdocs.yml
View File

@@ -1,6 +1,6 @@
site_name: Bruchtal site_name: Bruchtal
site_description: Infrastruktur- und Betriebsdokumentation von Bruchtal site_description: Infrastruktur- und Betriebsdokumentation von Bruchtal
site_author: Bruchtal site_author: Christian
theme: theme:
name: material name: material
@@ -10,16 +10,58 @@ nav:
- Übersicht: index.md - Übersicht: index.md
- Workflows: - Workflows:
- Docker-workflow: workflows/docker-workflow.md - Docker-workflow: workflows/docker-workflow.md
- Adguardhome-Kea-Caddy: workflows/adguard-kea-caddy.md
- Netzwerk: - Netzwerk:
- Topologie: network/topology.md - Topologie: network/topology.md
- Tunnel: network/tunnel.md - Tunnel: network/tunnel.md
- Proxmox: - Proxmox:
- VMs: proxmox/vms.md - System: proxmox/proxmox.md
- Paperless: proxmox/paperless/paperless.md
- Homeassistant: proxmox/homeassistent/homeassistent.md
- Docker: - Docker:
- Architektur: docker/docker.md
- Adguardhome: docker/adguardhome/adguardhome.md - Adguardhome: docker/adguardhome/adguardhome.md
- Wikijs: docker/wikijs/wikijs.md - Heimdall: docker/heimdall/heimdall.md
- Architektur: docker/architecture.md
- It-Tools: docker/it-tools/it-tools.md - It-Tools: docker/it-tools/it-tools.md
- Backup_Storage: - PiholeTests: docker/pihole/pihole.md
- Backup: backup/backup.md - Portainer: docker/portainer/portainer.md
- Storage: backup/storage.md - Vaultwarden: docker/vaultwarden/vaultwarden.md
- Vaultwarden_Backup: docker/vaultwarden_backup/vaultwarden_backup.md
- Wikijs: docker/wikijs/wikijs.md
- Backup:
- Docker: /docker/docker_backup.md
- Hetzner: backup_restore/hetzner/hetzner_backup.md
- Homeassistant: backup_restore/proxmox/homeassistant/homeassistant_backup.md
- Paperless: backup_restore/proxmox/paperless/paperless_backup.md
- Proxmox: backup_restore/proxmox/proxmox_backup.md
- Workstation: backup_restore/workstation/workstation_backup.md
markdown_extensions:
- admonition
- pymdownx.highlight
- pymdownx.snippets:
check_paths: false
- pymdownx.tasklist
- pymdownx.tabbed
- pymdownx.mark
- pymdownx.tilde
- pymdownx.critic
- pymdownx.inlinehilite
- pymdownx.details
- pymdownx.keys
- pymdownx.emoji
- pymdownx.betterem
- pymdownx.caret
- pymdownx.mark
- pymdownx.smartsymbols
- pymdownx.magiclink
- pymdownx.superfences:
custom_fences:
- name: mermaid
class: mermaid
format: !!python/name:pymdownx.superfences.fence_code_format

69
scripts/redeploy-containers.sh Normal file
View File

@@ -0,0 +1,69 @@
#!/bin/bash
# Auto-Restart Script für geänderte Docker-Compose Stacks
# Nur laufende, aktive Container werden neu gestartet
# Inaktive Container bleiben unberührt
# Logs im Repo-Verzeichnis
#test
REPO_DIR="/srv/docker"
LOGFILE="$REPO_DIR/scripts/docker-update.log"
# Liste der inaktiven Container
INACTIVE_CONTAINERS=("adguard" "kea" "caddy" "wikijs")
log() {
echo "$(date '+%Y-%m-%d %H:%M:%S') | $*" | tee -a "$LOGFILE"
}
log "===== Starting Auto-Restart (final) ====="
cd "$REPO_DIR" || { log "ERROR: Cannot enter $REPO_DIR"; exit 1; }
# 1⃣ Git Pull + Hard Reset (VM exakt auf Remote-Stand bringen)
git fetch --all &>/dev/null
git reset --hard origin/main &>/dev/null
log "Pulled latest changes and reset VM to remote state."
# 2⃣ Geänderte Compose-Dateien ermitteln
CHANGED=$(git diff --name-only HEAD~1 HEAD | grep -E '^compose/.+/docker-compose\.yml$' || true)
if [ -z "$CHANGED" ]; then
log "No Compose files changed. Nothing to restart."
exit 0
fi
# 3⃣ Nur laufende, geänderte Container neu starten
for FILE in $CHANGED; do
CONTAINER_NAME=$(echo "$FILE" | cut -d'/' -f2)
# Inaktive Container überspringen
if [[ " ${INACTIVE_CONTAINERS[@]} " =~ " ${CONTAINER_NAME} " ]]; then
log "Skipping inactive container: $CONTAINER_NAME"
continue
fi
COMPOSE_DIR="$REPO_DIR/compose/$CONTAINER_NAME"
if [ ! -d "$COMPOSE_DIR" ]; then
log "Warning: $COMPOSE_DIR does not exist, skipping..."
continue
fi
# Prüfen, ob Container läuft
RUNNING=$(docker compose -f "$COMPOSE_DIR/docker-compose.yml" ps -q)
if [ -z "$RUNNING" ]; then
log "Container $CONTAINER_NAME is stopped. Skipping restart."
continue
fi
log "Restarting running container: $CONTAINER_NAME"
cd "$COMPOSE_DIR" || continue
docker compose up -d &>/dev/null
if [ $? -eq 0 ]; then
log "$CONTAINER_NAME restarted successfully"
else
log "❌ Failed to restart $CONTAINER_NAME"
fi
done
log "===== Auto-Restart Completed ====="

5
scripts/stop-all.sh Normal file
View File

@@ -0,0 +1,5 @@
cd /docker/Bruchtal/docker
for d in */; do
(cd "$d" && docker compose down)
done

57
scripts/webhook-deploy/deploy-bruchtal.sh Executable file
View File

@@ -0,0 +1,57 @@
#!/bin/sh
set -e
# test XDG_RUNTIME_DIR
LOGFILE="/srv/docker/repo/scripts/bruchtal-deploy.log"
cd /workspace
log() {
echo "$(date '+%Y-%m-%d %H:%M:%S') | $*" | tee -a "$LOGFILE"
}
# -----------------------------
# 1⃣ VM-Repo sauber halten
# -----------------------------
log "Checking for local changes on VM..."
if [ -n "$(git status --porcelain)" ]; then
log "⚠️ Warning: Local changes on VM will be lost!"
git reset --hard
git clean -fd
log "Local changes discarded."
else
log "VM repo is clean, no local changes to discard."
fi
# -----------------------------
# 2⃣ Pull latest changes
# -----------------------------
# safe directory for git in CI environment
git config --global --add safe.directory /workspace
log "Pulling latest changes from Gitea"
git pull
# -----------------------------
# 3⃣ Redeploy changed containers
# -----------------------------
#/srv/docker/scripts/redeploy-containers.sh
# -----------------------------
# 4⃣ Check for Markdown changes
# -----------------------------
log "Checking for new or modified Markdown files..."
changed=$(git diff --name-status HEAD~1 HEAD | grep -E '^[AM]\s.*(\.md$|mkdocs\.yml$)' | awk '{print $2}' || true)
if [ -n "$changed" ]; then
log "Markdown changes detected:"
for f in $changed; do
log " - $f"
done
log "Restarting bruchtal-docs container..."
docker restart bruchtal-docs
else
log "No Markdown changes detected. Skipping restart."
fi
log "Deploy finished."

25
scripts/webhook-deploy/deploy-bruchtal.sh-sik Executable file
View File

@@ -0,0 +1,25 @@
#!/bin/sh
set -e
# test XDG_RUNTIME_DIR
#HALLO
cd /workspace
echo "==> Pulling latest changes"
git pull
echo "==> Checking for new or modified Markdown files"
# A = Added, M = Modified
changed=$(git diff --name-status HEAD~1 HEAD | grep -E '^[AM]\s.*(\.md$|mkdocs\.yml$)' | awk '{print $2}' || true)
if [ -n "$changed" ]; then
echo "Markdown changes detected:"
echo "$changed"
echo "==> Restarting bruchtal-docs container"
cd /workspace
docker restart bruchtal-docs
else
echo "No Markdown changes detected. Skipping restart."
fi
echo "==> Deploy finished"

3
deploy/hooks.json → scripts/webhook-deploy/hooks.json
View File

@@ -1,7 +1,8 @@
[ [
{ {
"id": "bruchtal-deploy", "id": "bruchtal-deploy",
"execute-command": "/workspace/deploy/deploy-bruchtal.sh", "execute-command": "/workspace/scripts/webhook-deploy/deploy-bruchtal.sh",
"command-working-directory": "/workspace" "command-working-directory": "/workspace"
} }
] ]