adrien/Selfhosted-config
1
0
Fork 0
Code Actions

Plenty changes

Browse Source
This commit is contained in:
Adrien Bouvais 2026-05-15 21:42:50 +00:00
parent cbc9cd0b20
commit 7bd2fea25c
7 changed files with 133 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -6,3 +6,6 @@ letsencrypt
website-pro
config/gitea/conf
config/affine/private.key
kopia-gcp-key.json
config/garage
DragnCards

68
apps.yml
View File

@ -38,28 +38,16 @@ services:
- traefik.http.routers.filebrowser.tls.certresolver=myresolver
- traefik.http.services.filebrowser.loadbalancer.server.port=80
actualbudget:
image: actualbudget/actual-server:latest
container_name: actualbudget
restart: unless-stopped
volumes:
- ./hdd0/actualbudget:/data
environment:
- TZ=Europe/Luxembourg
labels:
- traefik.enable=true
- traefik.http.routers.actualbudget.rule=Host(`budget.bouvais.lu`)
- traefik.http.routers.actualbudget.entrypoints=websecure
- traefik.http.routers.actualbudget.tls.certresolver=myresolver
- traefik.http.services.actualbudget.loadbalancer.server.port=5006
vaultwarden:
image: vaultwarden/server:1.33.2
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
environment:
DOMAIN: https://vault.bouvais.lu
SIGNUPS_ALLOWED: false
SIGNUPS_ALLOWED: true
ADMIN_TOKEN: ${ADMIN_PASSWORD}
ports:
- "80:80"
volumes:
- ./hdd0/vaultwarden:/data/
labels:
@ -75,24 +63,6 @@ services:
- traefik.http.routers.vaultwarden-admin.middlewares=auth@docker
- traefik.http.routers.vaultwarden-admin.service=my-vaultwarden-service@docker
siyuan:
image: b3log/siyuan:latest
container_name: siyuan
command: ['--workspace=/siyuan/workspace/']
volumes:
- /siyuan/workspace:/siyuan/workspace
- ./hdd0/siyuan/workspace:/siyuan/workspace
restart: unless-stopped
environment:
- TZ=Europe/Luxembourg
- SIYUAN_ACCESS_AUTH_CODE=${SIYUAN_ACCESS_AUTH_CODE}
labels:
- traefik.enable=true
- traefik.http.routers.siyuan.rule=Host(`notes.bouvais.lu`)
- traefik.http.routers.siyuan.entrypoints=websecure
- traefik.http.routers.siyuan.tls.certresolver=myresolver
- traefik.http.services.siyuan.loadbalancer.server.port=6806
libreoffice:
image: lscr.io/linuxserver/libreoffice:latest
container_name: libreoffice
@ -115,3 +85,31 @@ services:
- traefik.http.routers.libreoffice.entrypoints=websecure
- traefik.http.routers.libreoffice.tls.certresolver=myresolver
- traefik.http.services.libreoffice.loadbalancer.server.port=3000
home:
image: registry.bouvais.lu/home:v0.1.4
container_name: home
restart: unless-stopped
depends_on:
- registry
labels:
- "traefik.enable=true"
- "traefik.http.routers.myapp.rule=Host(`home.bouvais.lu`)"
- "traefik.http.routers.myapp.entrypoints=websecure"
- "traefik.http.routers.myapp.tls.certresolver=myresolver"
- "traefik.http.services.myapp.loadbalancer.server.port=8080"
drawio:
image: jgraph/drawio:latest
container_name: drawio
restart: unless-stopped
environment:
- TZ=Europe/Luxembourg
labels:
- "traefik.enable=true"
- "traefik.http.routers.drawio.rule=Host(`draw.bouvais.lu`)"
- "traefik.http.routers.drawio.entrypoints=websecure"
- "traefik.http.routers.drawio.tls.certresolver=myresolver"
- "traefik.http.services.drawio.loadbalancer.server.port=8080"

68
developer.yml
View File

@ -2,7 +2,7 @@ services:
gitea:
image: docker.gitea.com/gitea:1.23.8
container_name: gitea
restart: unless-stopped
restart: always
environment:
- GITEA_CUSTOM=/etc/gitea
volumes:
@ -21,6 +21,14 @@ services:
- traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)
- traefik.tcp.routers.gitea-ssh.entrypoints=ssh
- traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22
deploy:
resources:
limits:
memory: 4G
cpus: 2
reservations:
memory: 512M
cpus: 1
gitea-runner:
image: docker.io/gitea/act_runner:latest
@ -36,20 +44,6 @@ services:
- /var/run/docker.sock:/var/run/docker.sock
- ./hdd0/mkdocs-sites:/sites
mkdocs-zippondb:
image: squidfunk/mkdocs-material
container_name: mkdocs-zippondb
restart: unless-stopped
volumes:
- ./hdd0/mkdocs-sites/zippondb:/docs
labels:
- traefik.enable=true
- traefik.http.routers.gitea_runner.rule=Host(`docs.bouvais.lu`)
- traefik.http.routers.gitea_runner.entrypoints=websecure
- traefik.http.routers.gitea_runner.tls.certresolver=myresolver
- traefik.http.routers.gitea_runner.middlewares=auth@docker
- traefik.http.services.gitea_runner.loadbalancer.server.port=3000
registry:
image: registry:2
container_name: registry
@ -86,3 +80,47 @@ services:
- traefik.http.routers.registry_ui.entrypoints=websecure
- traefik.http.routers.registry_ui.tls.certresolver=myresolver
- traefik.http.services.registry_ui.loadbalancer.server.port=80
garage:
image: dxflrs/garage:v2.1.0
container_name: garage
restart: unless-stopped
volumes:
- ./config/garage/garage.toml:/etc/garage.toml
- ./hdd0/garage/meta:/var/lib/garage/meta
- ./hdd0/garage/data:/var/lib/garage/data
environment:
- RUST_LOG=garage=info
labels:
- traefik.enable=true
# S3 API
- traefik.http.routers.garages3.rule=Host(`s3.garage.bouvais.lu`)
- traefik.http.routers.garages3.entrypoints=websecure
- traefik.http.routers.garages3.tls.certresolver=myresolver
- traefik.http.routers.garages3.service=garages3
- traefik.http.services.garages3.loadbalancer.server.port=3900
# Admin API
- traefik.http.routers.garageadmin.rule=Host(`admin.garage.bouvais.lu`)
- traefik.http.routers.garageadmin.entrypoints=websecure
- traefik.http.routers.garageadmin.tls.certresolver=myresolver
- traefik.http.routers.garageadmin.service=garageadmin
- traefik.http.services.garageadmin.loadbalancer.server.port=3903
# Web (Garage's internal web endpoint)
- traefik.http.routers.garageweb.rule=Host(`web.garage.bouvais.lu`)
- traefik.http.routers.garageweb.entrypoints=websecure
- traefik.http.routers.garageweb.tls.certresolver=myresolver
- traefik.http.routers.garageweb.service=garageweb_svc
- traefik.http.services.garageweb_svc.loadbalancer.server.port=3902
- traefik.http.routers.mystaticsite.rule=Host(`zig-dimal.bouvais.lu`)
- traefik.http.routers.mystaticsite.entrypoints=websecure
- traefik.http.routers.mystaticsite.tls.certresolver=myresolver
- traefik.http.routers.mystaticsite.service=garageweb_svc
- traefik.http.routers.mystaticsite.rule=Host(`zigma.bouvais.lu`)
- traefik.http.routers.mystaticsite.entrypoints=websecure
- traefik.http.routers.mystaticsite.tls.certresolver=myresolver
- traefik.http.routers.mystaticsite.service=garageweb_svc

82
docker-compose.yml
View File

@ -2,12 +2,10 @@ include:
- apps.yml
- developer.yml
- llm.yml
- monitoring.yml
- vms.yml
services:
traefik:
image: traefik:v3.4
image: traefik:latest
container_name: traefik
restart: unless-stopped
command:
@ -110,55 +108,29 @@ services:
- traefik.http.routers.kopia.tls.certresolver=myresolver
- traefik.http.services.kopia.loadbalancer.server.port=51515
kopia-cloud:
image: kopia/kopia:latest
container_name: kopia-cloud
restart: unless-stopped
command:
- server
- start
- --insecure
- --address=0.0.0.0:51516
- --server-username=adrien
- --server-password=${MASTER_PASSWORD}
environment:
KOPIA_PASSWORD: ${MASTER_PASSWORD}
USER: "adrien"
volumes:
- ./config/kopia-cloud:/app/config
- ./cache/kopia-cloud:/app/cache
- ./hdd0/logs/kopia-cloud:/app/logs
- ./hdd0:/hdd0
- ./kopia-gcp-key.json:/cred.json
labels:
- traefik.enable=true
- traefik.http.routers.kopia_gcp.rule=Host(`kopia-cloud.bouvais.lu`)
- traefik.http.routers.kopia_gcp.entrypoints=websecure
- traefik.http.routers.kopia_gcp.tls.certresolver=myresolver
- traefik.http.services.kopia_gcp.loadbalancer.server.port=51516
minio:
image: minio/minio:latest
container_name: minio
restart: unless-stopped
environment:
MINIO_ROOT_USER: adrien
MINIO_ROOT_PASSWORD: ${MASTER_PASSWORD}
command: server /data --console-address ":9001"
volumes:
- ./hdd0/minio_data:/data
labels:
- traefik.enable=true
# Router and service for the MinIO API
- traefik.http.routers.minio-api.rule=Host(`minio-api.bouvais.lu`)
- traefik.http.routers.minio-api.entrypoints=websecure
- traefik.http.routers.minio-api.tls.certresolver=myresolver
- traefik.http.services.minio-api-service.loadbalancer.server.port=9000
- traefik.http.routers.minio-api.service=minio-api-service
# Router and service for the MinIO Console (WebUI)
- traefik.http.routers.minio-console.rule=Host(`minio-console.bouvais.lu`)
- traefik.http.routers.minio-console.entrypoints=websecure
- traefik.http.routers.minio-console.tls.certresolver=myresolver
- traefik.http.services.minio-console-service.loadbalancer.server.port=9001
- traefik.http.routers.minio-console.service=minio-console-service
# kopia-cloud:
# image: kopia/kopia:latest
# container_name: kopia-cloud
# restart: unless-stopped
# command:
# - server
# - start
# - --insecure
# - --address=0.0.0.0:51516
# - --server-username=adrien
# - --server-password=${MASTER_PASSWORD}
# environment:
# KOPIA_PASSWORD: ${MASTER_PASSWORD}
# USER: "adrien"
# volumes:
# - ./config/kopia-cloud:/app/config
# - ./cache/kopia-cloud:/app/cache
# - ./hdd0/logs/kopia-cloud:/app/logs
# - ./hdd0:/hdd0
# - ./kopia-gcp-key.json:/cred.json
# labels:
# - traefik.enable=true
# - traefik.http.routers.kopia_gcp.rule=Host(`kopia-cloud.bouvais.lu`)
# - traefik.http.routers.kopia_gcp.entrypoints=websecure
# - traefik.http.routers.kopia_gcp.tls.certresolver=myresolver
# - traefik.http.services.kopia_gcp.loadbalancer.server.port=51516

29
llm.yml
View File

@ -14,19 +14,6 @@ services:
environment:
OLLAMA_BASE_URLS: http://ollama:11434
ollama:
image: ollama/ollama:latest
container_name: ollama
volumes:
- ./hdd0/ollama:/root/.ollama
deploy:
resources:
reservations:
devices:
- driver: nvidia
capabilities: ["gpu"]
count: all
openwebui-pipeline:
image: ghcr.io/open-webui/pipelines:main
container_name: openwebui-pipelines
@ -35,3 +22,19 @@ services:
- 9099:9099
volumes:
- ./hdd0/openwebui-pipelines:/app/pipelines
ollama:
image: ollama/ollama:latest
container_name: ollama
restart: unless-stopped
volumes:
- ./usb1/ollama:/root/.ollama
environment:
- OLLAMA_CONTEXT_LENGTH=64000
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities: [gpu]

38
monitoring.yml
View File

@ -22,9 +22,6 @@ services:
- traefik.http.routers.prometheus.service=prometheus
- traefik.http.services.prometheus.loadbalancer.server.port=9090
- traefik.http.routers.prometheus.middlewares=auth@docker
depends_on:
- cadvisor
- node-exporter
grafana:
image: grafana/grafana:12.0.1
@ -48,21 +45,7 @@ services:
- traefik.http.routers.grafana.middlewares=auth@docker
depends_on:
- prometheus
cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.52.0
container_name: cadvisor
privileged: true
restart: unless-stopped
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
devices:
- /dev/kmsg:/dev/kmsg
#
node-exporter:
image: prom/node-exporter:v1.9.1
container_name: node-exporter
@ -77,22 +60,3 @@ services:
- --path.sysfs=/host/sys
- --path.rootfs=/rootfs
- --collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)
nvidia-gpu-exporter:
image: utkuozdemir/nvidia_gpu_exporter:1.3.1
container_name: nvidia-gpu-exporter
restart: unless-stopped
privileged: true
devices:
- /dev/nvidia0:/dev/nvidia0
volumes:
- /usr/bin/nvidia-smi:/usr/bin/nvidia-smi:ro
- /usr/lib/x86_64-linux-gnu/libnvidia-ml.so:/usr/lib/x86_64-linux-gnu/libnvidia-ml.so:ro
- /usr/lib/x86_64-linux-gnu/libnvidia-ml.so.1:/usr/lib/x86_64-linux-gnu/libnvidia-ml.so.1:ro
command:
- --web.listen-address=:9835
- --web.telemetry-path=/metrics
- --nvidia-smi-command=nvidia-smi
- --log.level=info
- --query-field-names=AUTO
- --log.format=logfmt

29
vms.yml
View File

@ -1,29 +0,0 @@
services:
arch-cpu:
image: registry.bouvais.lu/vms/arch-ttyd-cpu:1.0.0
container_name: arch-cpu
restart: unless-stopped
volumes:
- ./hdd0/vms/arch/data:/data
- ./hdd0/vms/arch/root:/root
command: >
ttyd
-p 7681
-c "${TTYD_USERNAME}:${MASTER_PASSWORD}"
-W
bash
labels:
- traefik.enable=true
- traefik.http.routers.arch.rule=Host(`arch.bouvais.lu`)
- traefik.http.routers.arch.entrypoints=websecure
- traefik.http.routers.arch.tls.certresolver=myresolver
- traefik.http.services.arch.loadbalancer.server.port=7681
deploy:
resources:
limits:
cpus: '2.0'
memory: 4G
reservations:
cpus: '0.5'
memory: 256M