first commit

MonitoRSS

@@ -0,0 +1 @@
+Subproject commit 9329d3064ea0341e8446d0526b7d73a9c6233c08

ghost/docker-compose.yml

@@ -0,0 +1,49 @@
+version: '3.1'
+
+services:
+
+  ghost:
+    image: ghost:5-alpine
+    restart: always
+    expose: 
+      - "8084"
+    ports:
+      - 8084:2368
+    environment:
+      # see https://ghost.org/docs/config/#configuration-options
+      database__client: mysql
+      database__connection__host: db
+      database__connection__user: ghost
+      database__connection__password: 
+      database__connection__database: ghostdb
+      # this url value is just an example, and is likely wrong for your environment!
+      url: https://blog.conorz.at/
+      # contrary to the default mentioned in the linked documentation, this image defaults to NODE_ENV=production (so development mode needs to be explicitly specified if desired)
+      #NODE_ENV: development
+    volumes:
+      - ./ghost:/var/lib/ghost/content
+
+  db:
+    image: ghcr.io/polarix-containers/mariadb:11.4-alpine
+    restart: always
+    environment:
+        MYSQL_ROOT_PASSWORD: 
+        MYSQL_USER: ghost
+        MYSQL_PASSWORD:
+        MYSQL_DATABASE: ghostdb
+    volumes:
+      - ./db:/var/lib/mysql
+    user: "3005:3005"
+    read_only: true
+    tmpfs:
+      - /var/tmp:mode=0770,uid=3005,gid=3005,noexec,nosuid,nodev
+      - /run/mariadb:size=50M,mode=0770,uid=3005,gid=3005,noexec,nosuid,nodev
+    security_opt:
+      - "no-new-privileges=true"
+    cap_drop:
+      - ALL
+
+volumes:
+  ghost:
+  db:
+

gitea/docker-compose.yml

@@ -0,0 +1,52 @@
+version: "2"
+
+services:
+  server:
+    image: ghcr.io/polarix-containers/gitea:latest 
+    environment:
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=gitea-db-1:5432
+      - GITEA__database__NAME=giteadb
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=
+    restart: always
+    volumes:
+      - ./data:/var/lib/gitea
+      - ./config:/etc/gitea
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3004:3000"
+      - "2220:2220"
+    depends_on:
+      - db
+    read_only: false
+    user: "3002:3002"
+    security_opt:
+      - "no-new-privileges=true"
+#    cap_drop:
+#      - ALL
+
+  db:
+    image: ghcr.io/polarix-containers/postgres:17
+    restart: always
+    environment:
+      - POSTGRES_USER=gitea
+      - POSTGRES_PASSWORD=
+      - POSTGRES_DB=giteadb
+    volumes:
+      - ./postgres:/var/lib/postgresql/data:Z
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "gitea", "-d", "giteadb"]
+      interval: 15s
+      timeout: 5s
+    ports:
+      - "5433:5432"
+    user: "70:70"
+    read_only: true
+    tmpfs:
+      - /var/run/postgresql:size=50M,mode=0770,uid=70,gid=70,noexec,nosuid,nodev
+    security_opt:
+      - "no-new-privileges=true"
+    cap_drop:
+      - ALL

isso-comments/config/isso.cfg

@@ -0,0 +1,17 @@
+# Isso example configuration file
+# vim: set filetype=dosini
+
+[general]
+
+# Change dbpath to /db/comments.db if running in docker!
+dbpath = /db/comments.db
+host = https://blog.conorz.at/
+
+[server]
+listen = http://localhost:8080/
+trusted-proxies = http://localhost:8080/
+[admin]
+enabled = true
+password = 
+
+# public-endpoint =

isso-comments/isso.sh

@@ -0,0 +1,3 @@
+sudo docker run -d --rm --name isso -p 127.0.0.1:8086:8080 \
+    -v /home/titanz/comments/config:/config -v /home/titanz/comments/db:/db \
+    ghcr.io/isso-comments/isso:release

nextcloud/.env

@@ -0,0 +1,14 @@
+MARIADB_ROOT_PASSWORD=
+MARIADB_DATABASE=nextclouddb
+MARIADB_USER=nextcloud
+MARIADB_PASSWORD=
+SMTP_HOST=
+SMTP_SECURE=ssl
+SMTP_PORT=465
+SMTP_NAME=
+SMTP_PASSWORD=
+MAIL_FROM_ADDRESS=
+MAIL_DOMAIN=
+TRUSTED_PROXIES=cloud.conorz.at
+NC_maintenance_window_start=0
+NC_default_phone_region=US

nextcloud/compose.yml

@@ -0,0 +1,127 @@
+services:
+  mariadb:
+    container_name: mariadb
+    restart: unless-stopped
+    image: ghcr.io/polarix-containers/mariadb:11.4-alpine
+    volumes:
+      - "./mariadb:/var/lib/mysql:Z"
+    networks:
+      - mariadb
+    environment:
+      - MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
+      - MARIADB_DATABASE=${MARIADB_DATABASE}
+      - MARIADB_USER=${MARIADB_USER}
+      - MARIADB_PASSWORD=${MARIADB_PASSWORD}
+    user: "3003:3003"
+    read_only: true
+    tmpfs:
+      - /var/tmp:mode=0770,uid=3003,gid=3003,noexec,nosuid,nodev
+      - /run/mariadb:size=50M,mode=0770,uid=3003,gid=3003,noexec,nosuid,nodev
+    security_opt:
+      - "no-new-privileges=true"
+    cap_drop:
+      - ALL
+
+  valkey:
+    container_name: valkey
+    image: ghcr.io/polarix-containers/valkey:8
+    restart: unless-stopped
+    volumes:
+      - ./valkey:/data:Z
+    networks:
+      - valkey
+    user: "3009:3009"
+    read_only: true
+    security_opt:
+      - "no-new-privileges=true"
+    cap_drop:
+      - ALL
+
+  nextcloud:
+    container_name: nextcloud
+    image: ghcr.io/polarix-containers/nextcloud:29
+    restart: unless-stopped
+    volumes:
+      - ./nextcloud:/var/www/html:z
+    networks:
+      - mariadb
+      - valkey
+      - nginx
+    depends_on:
+      - mariadb
+      - valkey
+    environment:
+      - MYSQL_HOST=mariadb
+      - MYSQL_DATABASE=${MARIADB_DATABASE}
+      - MYSQL_USER=${MARIADB_USER}
+      - MYSQL_PASSWORD=${MARIADB_PASSWORD}
+      - REDIS_HOST=valkey
+      - SMTP_HOST=${SMTP_HOST}
+      - SMTP_SECURE=${SMTP_SECURE}
+      - SMTP_PORT=${SMTP_PORT}
+      - SMTP_NAME=${SMTP_NAME}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
+      - MAIL_FROM_ADDRESS=${MAIL_FROM_ADDRESS}
+      - MAIL_DOMAIN=${MAIL_DOMAIN}
+      - TRUSTED_PROXIES=${TRUSTED_PROXIES}
+      - NC_maintenance_window_start=${NC_maintenance_window_start}
+      - NC_default_phone_region=${NC_default_phone_region}
+    security_opt:
+      - "no-new-privileges=true"
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETUID
+      - SETGID
+
+  cron:
+    container_name: cron
+    image: ghcr.io/polarix-containers/nextcloud:stable
+    restart: unless-stopped
+    volumes:
+      - ./nextcloud:/var/www/html:z
+    networks:
+      - mariadb
+      - valkey
+    depends_on:
+      - mariadb
+      - valkey
+    entrypoint: /cron.sh
+    security_opt:
+      - "no-new-privileges=true"
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETUID
+      - SETGID
+
+  nginx:
+    container_name: nginx
+    restart: unless-stopped
+    image: ghcr.io/polarix-containers/nginx:unprivileged-slim
+    ports:
+      - 8085:8080/tcp
+    volumes:
+      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:Z,ro
+      - ./nextcloud:/var/www/html:z
+    networks:
+      - nginx
+    depends_on:
+      - nextcloud
+    user: "101:101"
+    read_only: true
+    tmpfs:
+      - /var/cache/nginx:mode=0770,uid=101,gid=101,noexec,nosuid,nodev
+      - /tmp:mode=0770,uid=101,gid=101,noexec,nosuid,nodev
+    security_opt:
+      - "no-new-privileges=true"
+    cap_drop:
+      - ALL
+
+networks:
+  mariadb:
+  valkey:
+  nginx:

nextcloud/nginx/default.conf

@@ -0,0 +1,93 @@
+server {
+    listen 8080;
+
+    absolute_redirect off;
+    sendfile on;
+
+    include mime.types;
+    default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+        application/wasm wasm;
+    }
+
+    # set max upload size and increase upload timeout:
+    client_max_body_size 512M;
+    client_body_timeout 300s;
+    fastcgi_buffers 64 4K;
+
+    # https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
+    client_body_buffer_size 512k;
+
+    root /var/www/html;
+    index index.php index.html /index.php$request_uri;
+
+    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
+
+    # Microsoft DAV clients
+    location = / {
+        if ( $http_user_agent ~ ^DavClnt ) {
+            return 302 /remote.php/webdav/$is_args$args;
+        }
+    }
+
+    location ^~ /.well-known {
+        location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+        return 301 /index.php$request_uri;
+    }
+
+    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+    # which handle static assets (as seen below). If this block is not declared first,
+    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+    # to the URI, resulting in a HTTP 500 error response.
+    location ~ \.php(?:$|/) {
+        # Required for legacy support
+        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        set $path_info $fastcgi_path_info;
+
+        try_files $fastcgi_script_name =404;
+
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $path_info;
+        fastcgi_param HTTPS on;
+
+        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
+        fastcgi_param front_controller_active true;     # Enable pretty urls
+        fastcgi_pass nextcloud:9000;
+
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+
+        fastcgi_max_temp_file_size 0;
+    }
+
+    # Serve static files
+    location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
+        try_files $uri /index.php$request_uri;
+        add_header Cache-Control "public, max-age=15778463, immutable";
+        access_log off;     # Optional: Don't log access to assets
+
+        location ~ \.wasm$ {
+            default_type application/wasm;
+        }
+    }
+
+    location ~ \.(otf|woff2?)$ {
+        try_files $uri /index.php$request_uri;
+        add_header Cache-Control "public, max-age=604800";
+        access_log off;     # Optional: Don't log access to assets
+    }
+
+    location /remote {
+        return 301 /remote.php$request_uri;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php$request_uri;
+    }
+}

vaultwarden/.env

@@ -0,0 +1,6 @@
+ADMIN_TOKEN=''
+POSTGRES_USER=vaultwarden
+POSTGRES_PASSWORD=
+PUSH_INSTALLATION_ID=
+PUSH_INSTALLATION_KEY=
+DOMAIN=https://bitwarden.conorz.at/

vaultwarden/compose.yml

@@ -0,0 +1,49 @@
+services:
+  vaultwarden:
+    container_name: vaultwarden
+    image: ghcr.io/polarix-containers/vaultwarden:latest
+    restart: always
+    volumes:
+      - /home/titanz/vaultwarden:/data:Z
+    ports:
+      - "8081:8080/tcp"
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      - SIGNUPS_ALLOWED=false
+      - ADMIN_TOKEN=${ADMIN_TOKEN}
+      - PUSH_ENABLED=true
+      - PUSH_INSTALLATION_ID=${PUSH_INSTALLATION_ID}
+      - PUSH_INSTALLATION_KEY=${PUSH_INSTALLATION_KEY}
+      - DOMAIN=${DOMAIN}
+      - ROCKET_PORT=8080
+      - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_USER}
+      - YUBICO_CLIENT_ID=82851
+      - YUBICO_SECRET_KEY=mLPiA1hxQGOan61RXAtL63xLrLE=
+    user: "3001:3001"
+    read_only: true
+    security_opt:
+      - "no-new-privileges=true"
+    cap_drop:
+      - ALL
+
+  postgres:
+    container_name: vaultwarden-postgres
+    image: ghcr.io/polarix-containers/postgres:17
+    restart: always
+    volumes:
+      - ./postgres:/var/lib/postgresql/data:Z
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "vaultwarden"]
+      interval: 15s
+      timeout: 5s
+    user: "70:70"
+    read_only: true
+    tmpfs:
+      - /var/run/postgresql:size=50M,mode=0770,uid=70,gid=70,noexec,nosuid,nodev
+    security_opt:
+      - "no-new-privileges=true"