Sanitized mirror from private repository - 2026-04-18 11:19:59 UTC

2026-04-18 11:19:59 +00:00
commit fb00a325d1
1418 changed files with 359990 additions and 0 deletions
--- a/hosts/vms/bulgaria-vm/.gitkeep
+++ b/hosts/vms/bulgaria-vm/.gitkeep
--- a/hosts/vms/bulgaria-vm/droppy.yml
+++ b/hosts/vms/bulgaria-vm/droppy.yml
@@ -0,0 +1,20 @@
+# Droppy - File sharing
+# Port: 8989
+# Self-hosted file sharing
+
+version: '3.8'
+services:
+  droppy:
+    container_name: droppy
+    image: silverwind/droppy
+    ports:
+      - 8989:8989
+    volumes:
+      - /root/docker/droppy/config/:/config
+      - /root/docker/droppy/files/:/files
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8989"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
--- a/hosts/vms/bulgaria-vm/fenrus.yml
+++ b/hosts/vms/bulgaria-vm/fenrus.yml
@@ -0,0 +1,24 @@
+# Fenrus - Dashboard
+# Port: 5000
+# Application dashboard
+
+version: '3.8'
+
+services:
+  fenrus:
+    image: revenz/fenrus
+    container_name: fenrus
+    environment:
+      - TZ=America/Los_Angeles
+    volumes:
+      - /root/docker/fenrus/data:/app/data
+      - /root/docker/fenrus/images:/app/wwwroot/images
+    ports:
+      - 35000:3000
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
--- a/hosts/vms/bulgaria-vm/hemmelig.yml
+++ b/hosts/vms/bulgaria-vm/hemmelig.yml
@@ -0,0 +1,45 @@
+# Hemmelig - Secret sharing
+# Port: 3000
+# Self-destructing secret sharing
+
+services:
+  hemmelig:
+    image: hemmeligapp/hemmelig:latest  # The Docker image to use for the hemmelig service
+    hostname: hemmelig  # The hostname of the hemmelig service
+    init: true  # Whether to enable initialization scripts
+    volumes:
+      - /root/docker/hem/files/:/var/tmp/hemmelig/upload/files  # Mounts the host directory to the container directory for file uploads
+    environment:
+      - SECRET_REDIS_HOST=hemmelig-redis  # The hostname of the Redis server
+      - SECRET_LOCAL_HOSTNAME=0.0.0.0      # The local hostname for the Fastify instance
+      - SECRET_PORT=3000                  # The port number for the Fastify instance
+      - SECRET_HOST=                      # Used for i.e. setting CORS to your domain name
+      - SECRET_DISABLE_USERS=false        # Whether user registration is disabled
+      - SECRET_ENABLE_FILE_UPLOAD=true    # Whether file upload is enabled or disabled
+      - SECRET_FILE_SIZE=4                # The total allowed upload file size in MB
+      - SECRET_FORCED_LANGUAGE=en         # The default language for the application
+      - SECRET_JWT_SECRET=REDACTED_PASSWORD123!     # The secret signing JWT tokens for login # pragma: allowlist secret
+      - SECRET_MAX_TEXT_SIZE=256          # The max text size for a secret, set in KB (i.e. 256 for 256KB)
+    ports:
+      - "3000:3000"  # Maps the host port to the container port
+    depends_on:
+      - redis  # Ensures that Redis is started before Hemmelig
+    restart: unless-stopped  # Always restarts the service if it stops unexpectedly
+    stop_grace_period: 1m  # The amount of time to wait before stopping the service
+    healthcheck:
+      test: "wget -O /dev/null localhost:3000 || exit 1"  # Tests whether the Hemmelig service is responsive
+      timeout: 5s  # The amount of time to wait for a response from the health check
+      retries: 1  # The number of times to retry the health check if it fails
+  redis:
+    image: redis  # The Docker image to use for the Redis server
+    hostname: hemmelig-redis  # The hostname of the Redis server
+    init: true  # Whether to enable initialization scripts
+    volumes:
+      - ./root/docker/hem/redis/:/data  # Mounts the host directory to the container directory for persistent data
+    command: redis-server --appendonly yes  # Runs Redis with append-only mode enabled
+    restart: unless-stopped  # Always restarts the service if it stops unexpectedly
+    stop_grace_period: 1m  # The amount of time to wait before stopping the service
+    healthcheck:
+      test: "redis-cli ping | grep PONG || exit 1"  # Tests whether the Redis server is responsive
+      timeout: 5s  # The amount of time to wait for a response from the health check
+      retries: 1  # The number of times to retry the health check if it fails
--- a/hosts/vms/bulgaria-vm/invidious.yml
+++ b/hosts/vms/bulgaria-vm/invidious.yml
@@ -0,0 +1,60 @@
+# Invidious - YouTube frontend
+# Port: 3000
+# Privacy-respecting YouTube viewer
+
+version: "3.9"
+services:
+  invidious-db:
+    image: postgres
+    container_name: Invidious-DB
+    hostname: invidious-db
+    security_opt:
+      - no-new-privileges:true
+    healthcheck:
+      test: ["CMD", "pg_isready", "-q", "-d", "invidious", "-U", "kemal"]
+      timeout: 45s
+      interval: 10s
+      retries: 10
+    user: 0:0
+    volumes:
+      - /volume1/docker/invidiousdb:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: invidious
+      POSTGRES_USER: kemal
+      POSTGRES_PASSWORD: "REDACTED_PASSWORD"
+    restart: unless-stopped
+
+  invidious:
+    image: quay.io/invidious/invidious:latest
+    container_name: Invidious
+    hostname: invidious
+    user: 0:0
+    security_opt:
+      - no-new-privileges:true
+    healthcheck:
+      test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
+      interval: 30s
+      timeout: 5s
+      retries: 2
+    ports:
+      - 94.72.140.37:7601:3000
+    environment:
+      INVIDIOUS_CONFIG: |
+        db:
+          dbname: invidious
+          user: kemal
+          password: "REDACTED_PASSWORD"
+          host: invidious-db
+          port: 5432
+        check_tables: true
+        captcha_enabled: false
+        default_user_preferences:
+          locale: us
+          region: US
+        external_port: 7601
+        domain: invidious.vish.gg
+        https_only: true
+    restart: unless-stopped
+    depends_on:
+      invidious-db:
+        condition: service_healthy
--- a/hosts/vms/bulgaria-vm/mattermost.yml
+++ b/hosts/vms/bulgaria-vm/mattermost.yml
@@ -0,0 +1,54 @@
+# Mattermost - Team collaboration
+# Port: 8065
+# Self-hosted Slack alternative
+version: "3.9"
+services:
+  mattermost-db:
+    image: postgres
+    container_name: Mattermost-DB
+    hostname: mattermost-db
+    security_opt:
+      - no-new-privileges:true
+    pids_limit: 100
+    healthcheck:
+      test: ["CMD", "pg_isready", "-q", "-d", "mattermost", "-U", "mattermostuser"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    user: 0:0
+    volumes:
+      - /root/docker/mattermost/db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=mattermost
+      - POSTGRES_USER=mattermostuser
+      - POSTGRES_PASSWORD="REDACTED_PASSWORD"
+      - TZ=America/Los_Angeles
+    restart: unless-stopped
+
+  mattermost:
+    image: mattermost/mattermost-team-edition:latest
+    container_name: Mattermost
+    hostname: mattermost
+    security_opt:
+      - no-new-privileges:true
+    pids_limit: 200
+    user: 0:0
+    volumes:
+      - /root/docker/mattermost/config:/mattermost/config:rw
+      - /root/docker/mattermost/data:/mattermost/data:rw
+      - /root/docker/mattermost/logs:/mattermost/logs:rw
+      - /root/docker/mattermost/plugins:/mattermost/plugins:rw
+      - /root/docker/mattermost/client:/mattermost/client/plugins:rw
+      - /root/docker/mattermost/indexes:/mattermost/bleve-indexes:rw
+    environment:
+      - TZ=America/Los_Angeles
+      - MM_SQLSETTINGS_DRIVERNAME=postgres
+      - MM_SQLSETTINGS_DATASOURCE=postgres://mattermostuser:mattermostpw@mattermost-db:5432/mattermost?sslmode=disable&connect_timeout=10
+      - MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes
+      - MM_SERVICESETTINGS_SITEURL=https://mm.vish.gg
+    ports:
+      - 8401:8065
+    restart: unless-stopped
+    depends_on:
+      mattermost-db:
+        condition: service_healthy
--- a/hosts/vms/bulgaria-vm/metube.yml
+++ b/hosts/vms/bulgaria-vm/metube.yml
@@ -0,0 +1,14 @@
+# MeTube - YouTube downloader
+# Port: 8081
+# Web GUI for yt-dlp
+
+version: "3"
+services:
+  metube:
+    image: alexta69/metube
+    container_name: metube
+    restart: unless-stopped
+    ports:
+      - "8871:8081"
+    volumes:
+      - /root/docker/yt:/downloads
--- a/hosts/vms/bulgaria-vm/navidrome.yml
+++ b/hosts/vms/bulgaria-vm/navidrome.yml
@@ -0,0 +1,21 @@
+# Navidrome - Music server
+# Port: 4533
+# Personal music streaming server
+
+version: "3"
+services:
+  navidrome:
+    image: deluan/navidrome:latest
+    user: 0:0 # should be owner of volumes
+    ports:
+      - "4533:4533"
+    restart: unless-stopped
+    environment:
+      # Optional: put your config options customization here. Examples:
+      ND_SCANSCHEDULE: 1h
+      ND_LOGLEVEL: info
+      ND_SESSIONTIMEOUT: 24h
+      ND_BASEURL: ""
+    volumes:
+      - "/root/docker/navidrome:/data"
+      - "/root/plex/:/music:ro"
--- a/hosts/vms/bulgaria-vm/nginx_proxy_manager.yml
+++ b/hosts/vms/bulgaria-vm/nginx_proxy_manager.yml
@@ -0,0 +1,16 @@
+# Nginx Proxy Manager
+# Port: 81
+# Reverse proxy management
+
+version: '3'
+services:
+  app:
+    image: 'jc21/nginx-proxy-manager:latest'
+    restart: unless-stopped
+    ports:
+      - '80:80'
+      - '8181:81'
+      - '443:443'
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
--- a/hosts/vms/bulgaria-vm/rainloop.yml
+++ b/hosts/vms/bulgaria-vm/rainloop.yml
@@ -0,0 +1,15 @@
+# RainLoop - Webmail
+# Port: 8888
+# Simple webmail client
+
+version: '3'
+
+services:
+  rainloop:
+    image: wernerfred/docker-rainloop:latest
+    container_name: docker-rainloop
+    restart: unless-stopped
+    ports:
+      - 8080:80
+    volumes:
+      - /opt/docker-rainloop/data:/rainloop/data
--- a/hosts/vms/bulgaria-vm/syncthing.yml
+++ b/hosts/vms/bulgaria-vm/syncthing.yml
@@ -0,0 +1,23 @@
+# Syncthing - File synchronization
+# Port: 8384 (web), 22000 (sync)
+# Continuous file synchronization between devices
+version: "2.1"
+services:
+  syncthing:
+    image: lscr.io/linuxserver/syncthing:latest
+    container_name: syncthing
+    hostname: syncthing #optional
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/Los_Angeles
+    volumes:
+      - /root/docker/syncthing/config:/config
+      - /root/docker/syncthing/data1
+      - /root/docker/syncthing/data2
+    ports:
+      - 8384:8384
+      - 22000:22000/tcp
+      - 22000:22000/udp
+      - 21027:21027/udp
+    restart: unless-stopped
--- a/hosts/vms/bulgaria-vm/watchtower.yml
+++ b/hosts/vms/bulgaria-vm/watchtower.yml
@@ -0,0 +1,19 @@
+# Watchtower - Container update notifier for Bulgaria VM (schedule disabled - GitOps managed)
+# Auto-update schedule removed; image updates are handled via Renovate PRs.
+# Manual update trigger: POST http://localhost:8080/v1/update
+#   Header: Authorization: Bearer watchtower-metrics-token
+version: "3"
+services:
+  watchtower:
+    image: containrrr/watchtower:latest
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - WATCHTOWER_CLEANUP=true
+      - WATCHTOWER_HTTP_API_UPDATE=true
+      - WATCHTOWER_HTTP_API_METRICS=true
+      - WATCHTOWER_HTTP_API_TOKEN="REDACTED_HTTP_TOKEN"
+      - TZ=America/Los_Angeles
+    restart: unless-stopped
+    labels:
+      - "com.centurylinklabs.watchtower.enable=false"
--- a/hosts/vms/bulgaria-vm/yourspotify.yml
+++ b/hosts/vms/bulgaria-vm/yourspotify.yml
@@ -0,0 +1,61 @@
+# This specifies the version of Docker Compose to use.
+version: "3"
+
+# This defines all of the services that will be run in this Docker Compose setup.
+services:
+
+  # This defines a service named "server".
+  server:
+    # This specifies the Docker image to use for this service.
+    image: yooooomi/your_spotify_server
+
+    # This sets the restart policy for this service. In this case, it will always restart if it stops.
+    restart: unless-stopped
+
+    # This maps port 15000 on the host machine to port 8080 on the container.
+    ports:
+      - "15000:8080"
+
+    # This links the "mongo" service to this one. This allows them to communicate with each other.
+    links:
+      - mongo
+
+    # This specifies that the "mongo" service must be started before this one.
+    depends_on:
+      - mongo
+
+    # This sets environment variables for the container.
+    environment:
+      - API_ENDPOINT=http://vish.gg:15000 # This MUST be included as a valid URL in the spotify dashboard
+      - CLIENT_ENDPOINT=http://vish.gg:4000
+      - SPOTIFY_PUBLIC=d6b3bda999f042099ce79a8b6e9f9e68
+      - SPOTIFY_SECRET=72c650e7a25f441baa245b963003a672
+      - CORS=http://vish.gg:4000,http://vish.gg:4001 # all if you want to allow every origin
+
+  # This defines a service named "mongo".
+  mongo:
+    # This sets the container name for this service.
+    container_name: mongo
+
+    # This specifies the Docker image to use for this service.
+    image: mongo:4.4.8
+
+    # This mounts a volume from the host machine into the container. In this case, it mounts "./your_spotify_db" on the host machine to "/data/db" in the container.
+    volumes:
+      - ./your_spotify_db:/data/db
+
+  # This defines a service named "web".
+  web:
+    # This specifies the Docker image to use for this service.
+    image: yooooomi/your_spotify_client
+
+    # This sets the restart policy for this service. In this case, it will always restart if it stops.
+    restart: unless-stopped
+
+    # This maps port 4000 on the host machine to port 3000 on the container.
+    ports:
+      - "4000:3000"
+
+    # This sets environment variables for the container.
+    environment:
+      - API_ENDPOINT=http://vish.gg:15000