Sanitized mirror from private repository - 2026-04-18 11:19:59 UTC

hosts/vms/chicago-vm/factorio.yml

@@ -0,0 +1,11 @@
+# Factorio - Game server
+# Port: 34197/udp
+# Factorio dedicated game server
+
+sudo docker run -d \
+  -p 34197:34197/udp \
+  -p 27015:27015/tcp \
+  -v /root/factorio:/factorio \
+  --name factorio \
+  --restart=always \
+  factoriotools/factorio

hosts/vms/chicago-vm/gitlab.yml

@@ -0,0 +1,22 @@
+# GitLab - Git repository
+# Port: 8929
+# Self-hosted Git and CI/CD platform
+
+version: '3.6'
+services:
+  web:
+    image: 'gitlab/gitlab-ce:latest'
+    restart: unless-stopped
+    hostname: 'gl.thevish.io'
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'http://glssh.thevish.io:8929'
+        gitlab_rails['gitlab_shell_ssh_port'] = 2224
+    ports:
+      - '8929:8929'
+      - '2224:22'
+    volumes:
+      - '$GITLAB_HOME/config:/etc/gitlab'
+      - '$GITLAB_HOME/logs:/var/log/gitlab'
+      - '$GITLAB_HOME/data:/var/opt/gitlab'
+    shm_size: '256m'

hosts/vms/chicago-vm/jdownloader2.yml

@@ -0,0 +1,19 @@
+# JDownloader2 - Download manager
+# Port: 5800
+# Multi-host download manager
+
+version: '3.9'
+services:
+  jdownloader-2:
+    image: jlesage/jdownloader-2
+    restart: unless-stopped
+    volumes:
+      - /root/docker/j2/output:/output
+      - /root/docker/j2/config:/config
+    environment:
+      - TZ=America/Los_Angeles
+    ports:
+      - 13016:5900
+      - 53578:5800
+      - 20123:3129
+    container_name: jdownloader2

hosts/vms/chicago-vm/jellyfin.yml

@@ -0,0 +1,27 @@
+# Jellyfin - Media server
+# Port: 8096
+# Free media streaming server
+
+version: '3.5'
+services:
+  jellyfin:
+    image: jellyfin/jellyfin
+    container_name: jellyfin
+    user: 0:0
+    volumes:
+      - /root/jellyfin/config:/config
+      - /root/jellyfin/cache:/cache
+      - /root/jellyfin/media:/media
+      - /root/jellyfin/media2:/media2:ro
+    restart: 'unless-stopped'
+    # Optional - alternative address used for autodiscovery
+    environment:
+      - JELLYFIN_PublishedServerUrl=http://stuff.thevish.io
+    # Optional - may be necessary for docker healthcheck to pass if running in host network mode
+    ports:
+      - 8096:8096
+      - 8920:8920 #optional
+      - 7359:7359/udp #optional
+      - 1900:1900/udp #optional
+    extra_hosts:
+      - "host.docker.internal:host-gateway"

hosts/vms/chicago-vm/matrix.yml

@@ -0,0 +1,44 @@
+# Matrix Synapse - Chat server
+# Port: 8008
+# Federated Matrix homeserver
+
+version: "3.9"
+services:
+  synapse-db:
+    image: postgres
+    container_name: Synapse-DB
+    hostname: synapse-db
+    security_opt:
+      - no-new-privileges:true
+    healthcheck:
+      test: ["CMD", "pg_isready", "-q", "-d", "synapsedb", "-U", "synapseuser"]
+      timeout: 45s
+      interval: 10s
+      retries: 10
+
+    volumes:
+      - /root/docker/db//var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=synapsedb
+      - POSTGRES_USER=synapseuser
+      - POSTGRES_PASSWORD="REDACTED_PASSWORD"
+      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+    restart: unless-stopped
+
+  synapse:
+    image: matrixdotorg/synapse:latest
+    container_name: Synapse
+    hostname: synapse
+    security_opt:
+      - no-new-privileges:true
+    environment:
+      - TZ=America/Los_Angeles
+      - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
+    volumes:
+      - /root/docker/data:/data
+    ports:
+      - 8500:8008/tcp
+    restart: unless-stopped
+    depends_on:
+      synapse-db:
+        condition: service_started

hosts/vms/chicago-vm/neko.yml

@@ -0,0 +1,32 @@
+# n.eko - Virtual browser
+# Port: 8080
+# Virtual browser in Docker for screen sharing
+
+version: "3.5"
+
+networks:
+  default:
+    attachable: true
+    name: "neko-rooms-net"
+
+services:
+  neko-rooms:
+    image: "m1k1o/neko-rooms:latest"
+    restart: "unless-stopped"
+    environment:
+      - "TZ=America/Los_Angeles"
+      - "NEKO_ROOMS_MUX=true"
+      - "NEKO_ROOMS_EPR=59000-59049"
+      - "NEKO_ROOMS_NAT1TO1=74.91.118.242" # IP address of your server that is reachable from client
+      - "NEKO_ROOMS_INSTANCE_URL=https://showtime.vish.gg/" # external URL
+      - "NEKO_ROOMS_STORAGE_ENABLED=true"
+      - "NEKO_ROOMS_STORAGE_INTERNAL=/data"
+      - "NEKO_ROOMS_STORAGE_EXTERNAL=/opt/neko-rooms/data"
+      - "NEKO_ROOMS_INSTANCE_NETWORK=neko-rooms-net"
+      - "NEKO_ROOMS_TRAEFIK_ENABLED=false"
+      - "NEKO_ROOMS_PATH_PREFIX=/room/"
+    ports:
+      - "8080:8080"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "/opt/neko-rooms/data:/data"

hosts/vms/chicago-vm/proxitok.yml

@@ -0,0 +1,69 @@
+# ProxiTok - TikTok frontend
+# Port: 8080
+# Privacy-respecting TikTok viewer
+
+version: '3'
+
+services:
+  web:
+    container_name: proxitok-web
+    image: ghcr.io/pablouser1/proxitok:master
+    ports:
+      - 9770:8080
+    environment:
+      - LATTE_CACHE=/cache
+      - API_CACHE=redis
+      - REDIS_HOST=proxitok-redis
+      - REDIS_PORT=6379
+      - API_SIGNER=remote
+      - API_SIGNER_URL=http://proxitok-signer:8080/signature
+    volumes:
+      - proxitok-cache:/cache
+    depends_on:
+      - redis
+      - signer
+    networks:
+      - proxitok
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
+
+  redis:
+    container_name: proxitok-redis
+    image: redis:7-alpine
+    command: redis-server --save 60 1 --loglevel warning
+    restart: unless-stopped
+    networks:
+      - proxitok
+    user: nobody
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    tmpfs:
+      - /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
+    cap_drop:
+      - ALL
+
+  signer:
+    container_name: proxitok-signer
+    image: ghcr.io/pablouser1/signtok:master
+    init: true
+    networks:
+      - proxitok
+    user: nobody
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+
+volumes:
+  proxitok-cache:
+
+networks:
+  proxitok:

hosts/vms/chicago-vm/watchtower.yml

@@ -0,0 +1,19 @@
+# Watchtower - Container update notifier for Chicago VM (schedule disabled - GitOps managed)
+# Auto-update schedule removed; image updates are handled via Renovate PRs.
+# Manual update trigger: POST http://localhost:8080/v1/update
+#   Header: Authorization: Bearer watchtower-metrics-token
+version: "3"
+services:
+  watchtower:
+    image: containrrr/watchtower:latest
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - WATCHTOWER_CLEANUP=true
+      - WATCHTOWER_HTTP_API_UPDATE=true
+      - WATCHTOWER_HTTP_API_METRICS=true
+      - WATCHTOWER_HTTP_API_TOKEN="REDACTED_HTTP_TOKEN"
+      - TZ=America/Los_Angeles
+    restart: unless-stopped
+    labels:
+      - "com.centurylinklabs.watchtower.enable=false"