Plenty changes

.gitignore

@@ -6,3 +6,6 @@ letsencrypt
 website-pro
 config/gitea/conf
 config/affine/private.key
+kopia-gcp-key.json
+config/garage
+DragnCards

apps.yml

@@ -38,28 +38,16 @@ services:
       - traefik.http.routers.filebrowser.tls.certresolver=myresolver
       - traefik.http.services.filebrowser.loadbalancer.server.port=80
 
-  actualbudget:
-    image: actualbudget/actual-server:latest
-    container_name: actualbudget
-    restart: unless-stopped
-    volumes:
-      - ./hdd0/actualbudget:/data
-    environment:
-      - TZ=Europe/Luxembourg
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.actualbudget.rule=Host(`budget.bouvais.lu`)
-      - traefik.http.routers.actualbudget.entrypoints=websecure
-      - traefik.http.routers.actualbudget.tls.certresolver=myresolver
-      - traefik.http.services.actualbudget.loadbalancer.server.port=5006
-
   vaultwarden:
-    image: vaultwarden/server:1.33.2
+    image: vaultwarden/server:latest
     container_name: vaultwarden
     restart: unless-stopped
     environment:
       DOMAIN: https://vault.bouvais.lu
-      SIGNUPS_ALLOWED: false
+      SIGNUPS_ALLOWED: true
+      ADMIN_TOKEN: ${ADMIN_PASSWORD}
+    ports:
+      - "80:80"
     volumes:
       - ./hdd0/vaultwarden:/data/
     labels:
@@ -75,24 +63,6 @@ services:
       - traefik.http.routers.vaultwarden-admin.middlewares=auth@docker
       - traefik.http.routers.vaultwarden-admin.service=my-vaultwarden-service@docker
 
-  siyuan:
-    image: b3log/siyuan:latest
-    container_name: siyuan
-    command: ['--workspace=/siyuan/workspace/']
-    volumes:
-      - /siyuan/workspace:/siyuan/workspace
-      - ./hdd0/siyuan/workspace:/siyuan/workspace
-    restart: unless-stopped
-    environment:
-      - TZ=Europe/Luxembourg
-      - SIYUAN_ACCESS_AUTH_CODE=${SIYUAN_ACCESS_AUTH_CODE}
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.siyuan.rule=Host(`notes.bouvais.lu`)
-      - traefik.http.routers.siyuan.entrypoints=websecure
-      - traefik.http.routers.siyuan.tls.certresolver=myresolver
-      - traefik.http.services.siyuan.loadbalancer.server.port=6806
-
   libreoffice:
     image: lscr.io/linuxserver/libreoffice:latest
     container_name: libreoffice
@@ -115,3 +85,31 @@ services:
       - traefik.http.routers.libreoffice.entrypoints=websecure
       - traefik.http.routers.libreoffice.tls.certresolver=myresolver
       - traefik.http.services.libreoffice.loadbalancer.server.port=3000
+
+  home:
+    image: registry.bouvais.lu/home:v0.1.4
+    container_name: home
+    restart: unless-stopped
+    depends_on:
+      - registry
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.myapp.rule=Host(`home.bouvais.lu`)"
+      - "traefik.http.routers.myapp.entrypoints=websecure"
+      - "traefik.http.routers.myapp.tls.certresolver=myresolver"
+      - "traefik.http.services.myapp.loadbalancer.server.port=8080"
+
+  drawio:
+    image: jgraph/drawio:latest
+    container_name: drawio
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/Luxembourg
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.drawio.rule=Host(`draw.bouvais.lu`)"
+      - "traefik.http.routers.drawio.entrypoints=websecure"
+      - "traefik.http.routers.drawio.tls.certresolver=myresolver"
+      - "traefik.http.services.drawio.loadbalancer.server.port=8080"
+
+

developer.yml

@@ -2,7 +2,7 @@ services:
   gitea:
     image: docker.gitea.com/gitea:1.23.8
     container_name: gitea
-    restart: unless-stopped
+    restart: always
     environment:
       - GITEA_CUSTOM=/etc/gitea
     volumes:
@@ -21,6 +21,14 @@ services:
       - traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)
       - traefik.tcp.routers.gitea-ssh.entrypoints=ssh
       - traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22
+    deploy:
+      resources:
+        limits:
+          memory: 4G
+          cpus: 2
+        reservations:
+          memory: 512M
+          cpus: 1
 
   gitea-runner:
     image: docker.io/gitea/act_runner:latest
@@ -36,20 +44,6 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./hdd0/mkdocs-sites:/sites
 
-  mkdocs-zippondb:
-    image: squidfunk/mkdocs-material
-    container_name: mkdocs-zippondb
-    restart: unless-stopped
-    volumes:
-      - ./hdd0/mkdocs-sites/zippondb:/docs
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.gitea_runner.rule=Host(`docs.bouvais.lu`)
-      - traefik.http.routers.gitea_runner.entrypoints=websecure
-      - traefik.http.routers.gitea_runner.tls.certresolver=myresolver
-      - traefik.http.routers.gitea_runner.middlewares=auth@docker
-      - traefik.http.services.gitea_runner.loadbalancer.server.port=3000
-
   registry:
     image: registry:2
     container_name: registry
@@ -86,3 +80,47 @@ services:
       - traefik.http.routers.registry_ui.entrypoints=websecure
       - traefik.http.routers.registry_ui.tls.certresolver=myresolver 
       - traefik.http.services.registry_ui.loadbalancer.server.port=80
+
+  garage:
+    image: dxflrs/garage:v2.1.0
+    container_name: garage
+    restart: unless-stopped
+    volumes:
+      - ./config/garage/garage.toml:/etc/garage.toml
+      - ./hdd0/garage/meta:/var/lib/garage/meta
+      - ./hdd0/garage/data:/var/lib/garage/data
+    environment:
+      - RUST_LOG=garage=info
+    labels:
+      - traefik.enable=true
+
+      # S3 API
+      - traefik.http.routers.garages3.rule=Host(`s3.garage.bouvais.lu`)
+      - traefik.http.routers.garages3.entrypoints=websecure
+      - traefik.http.routers.garages3.tls.certresolver=myresolver
+      - traefik.http.routers.garages3.service=garages3
+      - traefik.http.services.garages3.loadbalancer.server.port=3900
+
+      # Admin API
+      - traefik.http.routers.garageadmin.rule=Host(`admin.garage.bouvais.lu`)
+      - traefik.http.routers.garageadmin.entrypoints=websecure
+      - traefik.http.routers.garageadmin.tls.certresolver=myresolver
+      - traefik.http.routers.garageadmin.service=garageadmin
+      - traefik.http.services.garageadmin.loadbalancer.server.port=3903
+
+      # Web (Garage's internal web endpoint)
+      - traefik.http.routers.garageweb.rule=Host(`web.garage.bouvais.lu`)
+      - traefik.http.routers.garageweb.entrypoints=websecure
+      - traefik.http.routers.garageweb.tls.certresolver=myresolver
+      - traefik.http.routers.garageweb.service=garageweb_svc
+      - traefik.http.services.garageweb_svc.loadbalancer.server.port=3902
+      
+      - traefik.http.routers.mystaticsite.rule=Host(`zig-dimal.bouvais.lu`)
+      - traefik.http.routers.mystaticsite.entrypoints=websecure
+      - traefik.http.routers.mystaticsite.tls.certresolver=myresolver
+      - traefik.http.routers.mystaticsite.service=garageweb_svc
+      
+      - traefik.http.routers.mystaticsite.rule=Host(`zigma.bouvais.lu`)
+      - traefik.http.routers.mystaticsite.entrypoints=websecure
+      - traefik.http.routers.mystaticsite.tls.certresolver=myresolver
+      - traefik.http.routers.mystaticsite.service=garageweb_svc

docker-compose.yml

@@ -2,12 +2,10 @@ include:
   - apps.yml
   - developer.yml
   - llm.yml
-  - monitoring.yml
-  - vms.yml
 
 services:
   traefik:
-    image: traefik:v3.4
+    image: traefik:latest
     container_name: traefik
     restart: unless-stopped
     command:
@@ -110,55 +108,29 @@ services:
       - traefik.http.routers.kopia.tls.certresolver=myresolver
       - traefik.http.services.kopia.loadbalancer.server.port=51515
 
-  kopia-cloud:
+  # kopia-cloud:
-    image: kopia/kopia:latest
+  #   image: kopia/kopia:latest
-    container_name: kopia-cloud
+  #   container_name: kopia-cloud
-    restart: unless-stopped
+  #   restart: unless-stopped
-    command:
+  #   command:
-      - server
+  #     - server
-      - start
+  #     - start
-      - --insecure
+  #     - --insecure
-      - --address=0.0.0.0:51516
+  #     - --address=0.0.0.0:51516
-      - --server-username=adrien
+  #     - --server-username=adrien
-      - --server-password=${MASTER_PASSWORD}
+  #     - --server-password=${MASTER_PASSWORD}
-    environment:
+  #   environment:
-        KOPIA_PASSWORD: ${MASTER_PASSWORD}
+  #       KOPIA_PASSWORD: ${MASTER_PASSWORD}
-        USER: "adrien"
+  #       USER: "adrien"
-    volumes:
+  #   volumes:
-      - ./config/kopia-cloud:/app/config
+  #     - ./config/kopia-cloud:/app/config
-      - ./cache/kopia-cloud:/app/cache
+  #     - ./cache/kopia-cloud:/app/cache
-      - ./hdd0/logs/kopia-cloud:/app/logs
+  #     - ./hdd0/logs/kopia-cloud:/app/logs
-      - ./hdd0:/hdd0
+  #     - ./hdd0:/hdd0
-      - ./kopia-gcp-key.json:/cred.json
+  #     - ./kopia-gcp-key.json:/cred.json
-    labels:
+  #   labels:
-      - traefik.enable=true
+  #     - traefik.enable=true
-      - traefik.http.routers.kopia_gcp.rule=Host(`kopia-cloud.bouvais.lu`)
+  #     - traefik.http.routers.kopia_gcp.rule=Host(`kopia-cloud.bouvais.lu`)
-      - traefik.http.routers.kopia_gcp.entrypoints=websecure
+  #     - traefik.http.routers.kopia_gcp.entrypoints=websecure
-      - traefik.http.routers.kopia_gcp.tls.certresolver=myresolver
+  #     - traefik.http.routers.kopia_gcp.tls.certresolver=myresolver
-      - traefik.http.services.kopia_gcp.loadbalancer.server.port=51516
+  #     - traefik.http.services.kopia_gcp.loadbalancer.server.port=51516
-
-  minio:
-    image: minio/minio:latest
-    container_name: minio
-    restart: unless-stopped
-    environment:
-      MINIO_ROOT_USER: adrien
-      MINIO_ROOT_PASSWORD: ${MASTER_PASSWORD}
-    command: server /data --console-address ":9001"
-    volumes:
-      - ./hdd0/minio_data:/data
-    labels:
-      - traefik.enable=true
-      # Router and service for the MinIO API
-      - traefik.http.routers.minio-api.rule=Host(`minio-api.bouvais.lu`)
-      - traefik.http.routers.minio-api.entrypoints=websecure
-      - traefik.http.routers.minio-api.tls.certresolver=myresolver
-      - traefik.http.services.minio-api-service.loadbalancer.server.port=9000
-      - traefik.http.routers.minio-api.service=minio-api-service
-
-      # Router and service for the MinIO Console (WebUI)
-      - traefik.http.routers.minio-console.rule=Host(`minio-console.bouvais.lu`)
-      - traefik.http.routers.minio-console.entrypoints=websecure
-      - traefik.http.routers.minio-console.tls.certresolver=myresolver
-      - traefik.http.services.minio-console-service.loadbalancer.server.port=9001
-      - traefik.http.routers.minio-console.service=minio-console-service

llm.yml

@@ -14,19 +14,6 @@ services:
     environment:
       OLLAMA_BASE_URLS: http://ollama:11434
 
-  ollama:
-    image: ollama/ollama:latest
-    container_name: ollama
-    volumes:
-      - ./hdd0/ollama:/root/.ollama
-    deploy:
-      resources:
-        reservations:
-          devices:
-            - driver: nvidia
-              capabilities: ["gpu"]
-              count: all
-
   openwebui-pipeline:
     image: ghcr.io/open-webui/pipelines:main
     container_name: openwebui-pipelines
@@ -35,3 +22,19 @@ services:
       - 9099:9099
     volumes:
       - ./hdd0/openwebui-pipelines:/app/pipelines
+
+  ollama:
+    image: ollama/ollama:latest
+    container_name: ollama
+    restart: unless-stopped
+    volumes:
+      - ./usb1/ollama:/root/.ollama
+    environment:
+      - OLLAMA_CONTEXT_LENGTH=64000
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: 1
+              capabilities: [gpu]

monitoring.yml

@@ -22,9 +22,6 @@ services:
       - traefik.http.routers.prometheus.service=prometheus
       - traefik.http.services.prometheus.loadbalancer.server.port=9090
       - traefik.http.routers.prometheus.middlewares=auth@docker
-    depends_on:
-      - cadvisor
-      - node-exporter
 
   grafana:
     image: grafana/grafana:12.0.1
@@ -48,21 +45,7 @@ services:
       - traefik.http.routers.grafana.middlewares=auth@docker
     depends_on:
       - prometheus
-
+  #
-  cadvisor:
-    image: gcr.io/cadvisor/cadvisor:v0.52.0
-    container_name: cadvisor
-    privileged: true
-    restart: unless-stopped
-    volumes:
-      - /:/rootfs:ro
-      - /var/run:/var/run:rw
-      - /sys:/sys:ro
-      - /var/lib/docker/:/var/lib/docker:ro
-      - /dev/disk/:/dev/disk:ro
-    devices:
-      - /dev/kmsg:/dev/kmsg
-
   node-exporter:
     image: prom/node-exporter:v1.9.1
     container_name: node-exporter
@@ -77,22 +60,3 @@ services:
       - --path.sysfs=/host/sys
       - --path.rootfs=/rootfs
       - --collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)
-
-  nvidia-gpu-exporter:
-    image: utkuozdemir/nvidia_gpu_exporter:1.3.1
-    container_name: nvidia-gpu-exporter
-    restart: unless-stopped
-    privileged: true
-    devices:
-      - /dev/nvidia0:/dev/nvidia0
-    volumes:
-      - /usr/bin/nvidia-smi:/usr/bin/nvidia-smi:ro
-      - /usr/lib/x86_64-linux-gnu/libnvidia-ml.so:/usr/lib/x86_64-linux-gnu/libnvidia-ml.so:ro
-      - /usr/lib/x86_64-linux-gnu/libnvidia-ml.so.1:/usr/lib/x86_64-linux-gnu/libnvidia-ml.so.1:ro
-    command:
-      - --web.listen-address=:9835
-      - --web.telemetry-path=/metrics
-      - --nvidia-smi-command=nvidia-smi
-      - --log.level=info
-      - --query-field-names=AUTO
-      - --log.format=logfmt

vms.yml

@@ -1,29 +0,0 @@
-services:
-  arch-cpu:
-    image: registry.bouvais.lu/vms/arch-ttyd-cpu:1.0.0
-    container_name: arch-cpu
-    restart: unless-stopped
-    volumes:
-      - ./hdd0/vms/arch/data:/data
-      - ./hdd0/vms/arch/root:/root
-    command: >
-      ttyd
-      -p 7681
-      -c "${TTYD_USERNAME}:${MASTER_PASSWORD}"
-      -W
-      bash
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.arch.rule=Host(`arch.bouvais.lu`)
-      - traefik.http.routers.arch.entrypoints=websecure
-      - traefik.http.routers.arch.tls.certresolver=myresolver
-      - traefik.http.services.arch.loadbalancer.server.port=7681
-    deploy:
-      resources:
-        limits:
-          cpus: '2.0'
-          memory: 4G
-        reservations:
-          cpus: '0.5'
-          memory: 256M
-