2025-12-02 14:34:32 -07:00
parent 779ae2fb24
commit 3eea6b1b4e
15 changed files with 836 additions and 0 deletions
						
						
							
						
						
						
@@ -108,6 +108,20 @@ scripts/**/*.local.*            # Local script variants
scripts/**/*_prod.*             # Production script variants
scripts/**/*_prod.*             # Production script variants
scripts/**/fix_*_original.sh    # Original unsanitized fix scripts
scripts/**/fix_*_original.sh    # Original unsanitized fix scripts
# Docker Compose Service Exclusions
# ---------------------------------
# Ignore runtime data and sensitive files in services directory
services/**/.env                # Service environment files with secrets
services/**/.env.local          # Local environment overrides
services/**/volumes/            # Docker volume mount directories
services/**/data/               # Data directories
services/**/*.log               # Service log files
services/**/logs/               # Log directories
services/**/node_modules/       # Node.js dependencies in services
services/**/*.db                # Database files
services/**/*.sqlite            # SQLite database files
services/**/*.sqlite3           # SQLite3 database files
# Custom Exclusions
# Custom Exclusions
# ----------------
# ----------------
# Add any custom patterns specific to your homelab below:
# Add any custom patterns specific to your homelab below:
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -502,4 +502,307 @@ n8n starts → CREATE TABLE migrations → SUCCESS → run migrations → tables
---
---
## Current Task: Push Repository to Gitea
**Started**: 2025-12-02
**Completed**: 2025-12-02
**Goal**: Configure git remote and push homelab repository to self-hosted Gitea instance
**Phase**: ✅ COMPLETED
**Gitea Instance**: http://192.168.2.102:3060/jramos/homelab.git
**Status**: Repository successfully pushed to Gitea with all history and documentation
### Task Breakdown
- [x] **Step 1**: Configure git remote with username
  - Status: Completed at 2025-12-02
  - Owner: Librarian
  - Action: Updated origin remote from `http://192.168.2.102:3060/jramos/homelab.git` to `http://jramos@192.168.2.102:3060/jramos/homelab.git`
  - Result: Remote configured successfully, ready for authentication
- [x] **Step 2**: Configure authentication (Personal Access Token)
  - Status: Completed at 2025-12-02
  - Owner: User + Librarian
  - Action: User created PAT in Gitea web interface at http://192.168.2.102:3060
  - Implementation: Updated remote URL to include PAT: `http://jramos:<TOKEN>@192.168.2.102:3060/jramos/homelab.git`
  - Result: Authentication configured successfully
- [x] **Step 3**: Complete push operation
  - Status: Completed at 2025-12-02
  - Owner: Librarian
  - Action: Executed `git push -u origin main` with PAT authentication
  - Result: Successfully pushed main branch to Gitea (processed 1 reference, created new branch)
  - Branch tracking: main branch now tracks origin/main
  - Commits pushed: 5 recent commits including all n8n documentation and fixes
### Deployment Summary
**Push Operation Results**:
```
To http://192.168.2.102:3060/jramos/homelab.git
 * [new branch]      main -> main
branch 'main' set up to track 'origin/main'
```
**Repository State After Push**:
- Branch: main → origin/main (tracking configured)
- Latest commit: 779ae2f "docs(n8n): enhance setup guide with PostgreSQL 15+ fixes and encryption key validation"
- Total commits pushed: Complete repository history (5+ commits visible in recent log)
- Remote verification: ✅ Successful
**Commits Included in Push**:
1. `779ae2f` - docs(n8n): enhance setup guide with PostgreSQL 15+ fixes and encryption key validation
2. `a626c48` - docs(n8n): complete PostgreSQL 15+ troubleshooting and add operational scripts
3. `fe75402` - docs(n8n): document troubleshooting session for 502 Bad Gateway issue
4. `c16d521` - docs(n8n): correct architecture for Debian 12 and Nginx Proxy Manager
5. `a1841f1` - docs(infrastructure): add MCP setup and n8n deployment documentation
**Gitea Repository Status**:
- URL: http://192.168.2.102:3060/jramos/homelab
- Main branch: Created and populated
- Authentication: PAT-based (secure, revocable)
- Future pushes: Will use existing authentication automatically
**Pending Local Changes** (not included in push):
- Modified: CLAUDE_STATUS.md (this file - documenting the push operation)
- Untracked: scripts/fix_n8n_db_c_locale.sh (operational script from n8n troubleshooting)
### Authentication Method Selected
**Option 3: Personal Access Token (PAT)**
- Most secure method for automated/scripted operations
- Token replaces password in remote URL
- Allows granular permission control
- Can be revoked without changing account password
**Alternative Methods (Not Selected)**:
- Option 1: Username + Password prompt (blocked by non-interactive environment)
- Option 2: Credential helper caching (requires initial password prompt, same blocker)
### Files Referenced
- `.git/config` - Git remote configuration
- Gitea Web UI - Personal Access Token creation (http://192.168.2.102:3060/user/settings/applications)
---
## Current Task: Migrate Docker Compose Configurations from GitLab to Gitea
**Started**: 2025-12-02
**Completed**: 2025-12-02 14:20 MST
**Goal**: Migrate all docker-compose service configurations from old GitLab instance to current homelab repository and Gitea
**Phase**: ✅ COMPLETED
**Status**: Successfully Migrated - Ready for Commit
### Context
User has two git platforms:
- **Old Platform**: GitLab instance at https://vulcan.apophisnetworking.net with repository `jramos/homelab`
- **New Platform**: Gitea instance on 192.168.2.102:3060 (already configured and working)
**Migration Goal**: Move docker-compose configurations from GitLab to this repository, enabling eventual decommissioning of GitLab VM 101.
### Migration Summary
**Source**: https://vulcan.apophisnetworking.net/jramos/homelab.git
**Authentication**: Personal Access Token (PAT) via oauth2 protocol
**Clone Protocol**: HTTPS (http redirect to https)
**Destination**: `/home/jramos/homelab/services/`
**Migration Method**: Automated via Claude Code
### Services Migrated
Successfully migrated **6 services** with complete configurations:
1. **bytestash** - Code snippet management system
   - Port: 5000
   - Image: ghcr.io/jordan-dalby/bytestash:latest
   - Files: docker-compose.yaml
2. **filebrowser** - Web-based file browser
   - Port: 8095
   - Image: filebrowser/filebrowser:latest
   - Files: docker-compose.yaml
3. **gitlab** - GitLab QoL utilities
   - Scripts: sync-npm-certs.sh
   - Systemd units: sync-npm-certs.service, sync-npm-certs.timer
   - Purpose: Automated NPM certificate synchronization
4. **paperless-ngx** - Document management system with OCR
   - Port: 8000
   - URL: https://atlas.apophisnetworking.net
   - Multi-container stack: webserver, PostgreSQL 17, Redis 8, Gotenberg, Tika
   - Files: docker-compose.yaml, .env
5. **portainer** - Docker container management UI
   - Ports: 8000 (edge agent), 9443 (web UI)
   - Image: portainer/portainer-ce:latest
   - Files: docker-compose.yaml
6. **speedtest-tracker** - Internet speed test tracker
   - Ports: 8180 (HTTP), 8143 (HTTPS)
   - Image: lscr.io/linuxserver/speedtest-tracker:latest
   - Files: docker-compose.yaml
### File Statistics
- **Total Files Migrated**: 10 files (excluding .gitkeep placeholders)
- **Total Directories**: 9 directories (including subdirectories)
- **Total Size**: 84 KB
- **Docker Compose Files**: 6 services with compose configurations
- **Additional Files**: 3 GitLab utility files (scripts and systemd units)
### Task Breakdown
- [x] **Step 1**: Resolve GitLab instance access
  - Status: Completed at 2025-12-02 14:17 MST
  - Owner: General-purpose agent
  - Action: Identified GitLab at https://vulcan.apophisnetworking.net
  - Result: Successfully authenticated with PAT via oauth2 protocol
- [x] **Step 2**: Clone GitLab repository
  - Status: Completed at 2025-12-02 14:19 MST
  - Owner: General-purpose agent
  - Action: Cloned jramos/homelab from GitLab to /tmp/gitlab-homelab-migration
  - Result: 6 service directories successfully cloned
- [x] **Step 3**: Create `/services/` directory structure
  - Status: Completed at 2025-12-02 14:20 MST
  - Owner: General-purpose agent
  - Action: Created /home/jramos/homelab/services/ directory
  - Result: Target directory ready for migration
- [x] **Step 4**: Migrate docker-compose service folders
  - Status: Completed at 2025-12-02 14:20 MST
  - Owner: General-purpose agent
  - Action: Copied all 6 service folders maintaining complete structure
  - Result: All services migrated to /home/jramos/homelab/services/
- [x] **Step 5**: Update .gitignore for services
  - Status: Completed at 2025-12-02 14:20 MST
  - Owner: General-purpose agent
  - Action: Added Docker Compose service exclusions section
  - Result: Excludes .env files, volumes/, data/, logs/, *.db, *.log, node_modules/
- [x] **Step 6**: Create services documentation
  - Status: Completed at 2025-12-02 14:20 MST
  - Owner: General-purpose agent
  - Action: Created comprehensive /home/jramos/homelab/services/README.md
  - Result: 400+ line documentation with deployment guides, troubleshooting, security notes
- [x] **Step 7**: Clean up and stage changes
  - Status: Completed at 2025-12-02 14:20 MST
  - Owner: General-purpose agent
  - Action: Removed temporary clone, staged all changes for git commit
  - Result: 14 files staged (13 new, 1 modified)
### Git Status After Migration
**Changes Staged for Commit**:
- Modified: `.gitignore` (added service exclusions)
- New: `services/README.md` (comprehensive documentation)
- New: 6 service directories with docker-compose configurations
- New: 3 GitLab utility files (sync-npm-certs scripts and systemd units)
**Files Excluded from Commit** (via .gitignore):
- `services/paperless-ngx/.env` (contains secrets)
- All `.gitkeep` placeholder files
**Line Ending Warnings**: Git will normalize CRLF to LF in 7 docker-compose files (expected behavior for cross-platform compatibility)
### Structure After Migration
```
/home/jramos/homelab/services/
├── README.md                              # Comprehensive service documentation
├── bytestash/
│   ├── .gitkeep
│   └── docker-compose.yaml
├── filebrowser/
│   ├── .gitkeep
│   └── docker-compose.yaml
├── gitlab/
│   ├── QoL Config Files/
│   │   ├── sync-npm-certs.service
│   │   └── sync-npm-certs.timer
│   └── QoL Scripts/
│       └── sync-npm-certs.sh
├── paperless-ngx/
│   ├── .env                               # Excluded from git
│   └── docker-compose.yaml
├── portainer/
│   ├── .gitkeep
│   └── docker-compose.yaml
└── speedtest-tracker/
    ├── .gitkeep
    └── docker-compose.yaml
```
### Security Considerations
**Secrets Identified in Migrated Files**:
1. **bytestash/docker-compose.yaml**:
   - `JWT_SECRET: your-secret` (placeholder - needs replacement)
2. **paperless-ngx/docker-compose.yaml**:
   - Database password: `paperless` (should be changed)
   - Contains `.env` file (excluded from git via .gitignore)
3. **speedtest-tracker/docker-compose.yaml**:
   - `APP_KEY: base64:h1jjtLUHV//AKUdBC2a7MUpNQrs5fgJ30Ia522iP+/E=` (pre-generated)
**Recommendations**:
- Change all default passwords before deployment
- Move hardcoded secrets to .env files
- Rotate JWT secrets and app keys
- Review volume mount permissions (filebrowser mounts entire filesystem)
### Post-Migration Tasks
**Immediate Actions Required** (before deployment):
- [ ] Review and update secrets in docker-compose files
- [ ] Create/update `.env` files with production credentials
- [ ] Verify host volume mount paths exist:
  - `/home/jramos/docker/bytestash/data`
  - `/home/docker/filebrowser/`
  - `/home/jramos/paperless-ngx/consume`
  - `/home/jramos/docker/speedtest-tracker/config`
- [ ] Ensure `portainer_data` Docker volume exists
**Recommended Next Steps**:
- [ ] Commit staged changes to git
- [ ] Push to Gitea repository
- [ ] Test service deployments one by one
- [ ] Configure NPM proxy hosts for external access
- [ ] Document any deployment-specific customizations
- [ ] Plan GitLab VM 101 decommissioning timeline
### Lessons Learned
**GitLab Access Resolution**:
- Initial clone attempts failed at 192.168.2.101 (NPM, not GitLab)
- GitLab VM 101 was powered off according to Proxmox status
- Actual GitLab accessible at domain: https://vulcan.apophisnetworking.net
- oauth2 PAT format required for git clone authentication
**Migration Best Practices**:
- Always use PATs instead of passwords for git authentication
- Temporary clones in /tmp for security (auto-cleanup)
- Comprehensive .gitignore patterns before committing
- Document services during migration, not after
- Stage changes for user review before committing
### Files Referenced
**Migrated Content**:
- Source: https://vulcan.apophisnetworking.net/jramos/homelab.git
- Destination: `/home/jramos/homelab/services/`
- Documentation: `/home/jramos/homelab/services/README.md`
- Git Configuration: `/home/jramos/homelab/.gitignore` (updated)
**Temporary Files** (cleaned up):
- `/tmp/gitlab-homelab-migration/` (removed after successful migration)
---
**Repository**: /home/jramos/homelab | **Branch**: main
**Repository**: /home/jramos/homelab | **Branch**: main
						
						
						
						
 
						
						
						
						
@@ -0,0 +1,358 @@
# Docker Compose Services
This directory contains Docker Compose configurations for various services deployed in the homelab environment.
## Migration Information
**Migration Date**: 2025-12-02
**Source**: GitLab instance at https://vulcan.apophisnetworking.net/jramos/homelab
**Target**: Gitea instance at http://192.168.2.102:3060/jramos/homelab
**Migration Tool**: Claude Code automated migration
All service configurations have been migrated from the legacy GitLab instance to this repository as part of the infrastructure consolidation effort.
## Services Overview
### ByteStash
**Directory**: `bytestash/`
**Port**: 5000
**Description**: Code snippet and text snippet management system with JWT-based authentication
**Image**: ghcr.io/jordan-dalby/bytestash:latest
**Key Features**:
- Snippet storage and organization
- User account management
- OIDC/SSO support (configurable)
- Debug mode available
**Deployment**:
```bash
cd bytestash
docker compose up -d
```
### FileBrowser
**Directory**: `filebrowser/`
**Port**: 8095
**Description**: Web-based file browser providing file management through a web interface
**Image**: filebrowser/filebrowser:latest
**Key Features**:
- Full filesystem access (mounted at root `/`)
- User and group ID configuration
- SQLite database for settings
- Customizable via settings.json
**Deployment**:
```bash
cd filebrowser
docker compose up -d
```
**Note**: Review volume mounts before deployment - currently configured to mount entire filesystem.
### GitLab Utilities
**Directory**: `gitlab/`
**Description**: Quality of Life (QoL) scripts and systemd configurations for GitLab management
**Contents**:
- `QoL Scripts/sync-npm-certs.sh`: Script to sync Nginx Proxy Manager certificates
- `QoL Config Files/sync-npm-certs.service`: Systemd service unit
- `QoL Config Files/sync-npm-certs.timer`: Systemd timer for automated certificate sync
**Purpose**: Automates certificate synchronization between Nginx Proxy Manager and GitLab instance.
### Paperless-ngx
**Directory**: `paperless-ngx/`
**Port**: 8000
**URL**: https://atlas.apophisnetworking.net
**Description**: Document management system with OCR, full-text search, and automated organization
**Images**:
- ghcr.io/paperless-ngx/paperless-ngx:latest (webserver)
- postgres:17 (database)
- redis:8 (message broker)
- gotenberg:8.20 (document conversion)
- apache/tika:latest (text extraction)
**Key Features**:
- OCR for scanned documents
- Automated document processing
- Tag and organization system
- PostgreSQL backend
- Redis task queue
- Tika integration for file parsing
- Gotenberg for document conversion
**Deployment**:
```bash
cd paperless-ngx
docker compose up -d
```
**Environment Configuration**: Check `.env` file or Portainer environment variables for production deployment.
### Portainer
**Directory**: `portainer/`
**Ports**:
- 8000 (Edge agent)
- 9443 (Web UI - HTTPS)
**Description**: Docker container management platform with web UI
**Image**: portainer/portainer-ce:latest
**Key Features**:
- Docker container management
- Stack deployment
- Image registry management
- User access control
- Remote agent support
**Deployment**:
```bash
cd portainer
docker compose up -d
```
**Note**: Uses external volume `portainer_data` - ensure volume exists before deployment.
### Speedtest Tracker
**Directory**: `speedtest-tracker/`
**Ports**:
- 8180 (HTTP)
- 8143 (HTTPS)
**Description**: Automated internet speed test tracker with historical data and public dashboard
**Image**: lscr.io/linuxserver/speedtest-tracker:latest
**Key Features**:
- Scheduled speed tests (cron: daily at midnight)
- SQLite database
- Public dashboard view
- Historical speed test data
- LinuxServer.io image with PUID/PGID support
**Deployment**:
```bash
cd speedtest-tracker
docker compose up -d
```
## General Deployment Instructions
### Prerequisites
- Docker Engine 20.10+
- Docker Compose v2.0+
- Sufficient disk space for volumes
- Network ports available (check port conflicts)
### Standard Deployment Workflow
1. **Review Configuration**
   ```bash
   cd services/<service-name>
   cat docker-compose.yaml
   ```
2. **Configure Environment Variables** (if applicable)
   ```bash
   # Copy example env file if available
   cp .env.example .env
   # Edit with actual values
   nano .env
   ```
3. **Create Required Directories**
   ```bash
   # Ensure volume mount points exist
   # Example for bytestash:
   mkdir -p /home/jramos/docker/bytestash/data
   ```
4. **Deploy Stack**
   ```bash
   docker compose up -d
   ```
5. **Verify Deployment**
   ```bash
   docker compose ps
   docker compose logs -f
   ```
6. **Configure Reverse Proxy** (if using NPM)
   - Access Nginx Proxy Manager at http://192.168.2.101:81
   - Create proxy host pointing to service IP:PORT
   - Configure SSL certificate via Let's Encrypt
   - Set appropriate forwarding scheme (http/https)
### Maintenance Commands
**View Logs**:
```bash
cd services/<service-name>
docker compose logs -f
```
**Restart Service**:
```bash
docker compose restart
```
**Update Service**:
```bash
docker compose pull
docker compose up -d
```
**Stop Service**:
```bash
docker compose down
```
**Remove Service and Volumes** (DESTRUCTIVE):
```bash
docker compose down -v
```
## Directory Structure
```
services/
├── README.md                    # This file
├── bytestash/
│   ├── docker-compose.yaml
│   └── .gitkeep
├── filebrowser/
│   ├── docker-compose.yaml
│   └── .gitkeep
├── gitlab/
│   ├── QoL Config Files/
│   │   ├── sync-npm-certs.service
│   │   └── sync-npm-certs.timer
│   └── QoL Scripts/
│       └── sync-npm-certs.sh
├── paperless-ngx/
│   ├── docker-compose.yaml
│   └── .env
├── portainer/
│   ├── docker-compose.yaml
│   └── .gitkeep
└── speedtest-tracker/
    ├── docker-compose.yaml
    └── .gitkeep
```
## Volume Mounts and Data Locations
Services use the following host paths for persistent data:
| Service | Host Path | Purpose |
|---------|-----------|---------|
| ByteStash | `/home/jramos/docker/bytestash/data` | Snippet storage |
| FileBrowser | `/home/docker/filebrowser/` | Database and settings |
| Paperless-ngx | `/home/jramos/paperless-ngx/consume` | Document intake directory |
| Speedtest Tracker | `/home/jramos/docker/speedtest-tracker/config` | Configuration and database |
| Portainer | `portainer_data` (Docker volume) | Application data |
**Important**: Ensure these directories exist with appropriate permissions before deploying services.
## Network Configuration
All services are configured to use host networking or specific port mappings. If deploying behind Nginx Proxy Manager (CT 102 at 192.168.2.101):
1. Services should be accessible via internal IPs and ports
2. NPM handles external HTTPS access and SSL termination
3. Use `http` scheme in NPM when forwarding to backend services
4. Enable "Force SSL" in NPM for external HTTPS access
## Security Considerations
### Environment Files
- `.env` files are excluded from git via `.gitignore`
- Never commit credentials or API keys
- Use strong, unique passwords for database services
- Rotate JWT secrets and app keys regularly
### Secrets in Docker Compose Files
Several services have embedded secrets in their docker-compose.yaml files:
- **ByteStash**: `JWT_SECRET: your-secret` (CHANGE THIS)
- **Paperless-ngx**: Database password `paperless` (CHANGE THIS)
- **Speedtest Tracker**: `APP_KEY` (already generated, but sensitive)
**Action Required**: Create `.env` files and move secrets out of docker-compose.yaml files.
### Network Exposure
- Review port mappings before deployment
- Consider using Docker networks instead of host port binding
- Use NPM for external access with SSL
- Implement authentication on all services
## Troubleshooting
### Service Won't Start
1. Check logs: `docker compose logs -f`
2. Verify port availability: `netstat -tulpn | grep <port>`
3. Check volume permissions: `ls -la /path/to/volume`
4. Validate docker-compose.yaml syntax: `docker compose config`
### Cannot Access Service Externally
1. Verify service is running: `docker compose ps`
2. Test local access: `curl http://localhost:<port>`
3. Check NPM proxy host configuration
4. Verify DNS resolution
5. Check firewall rules: `iptables -L -n -v`
### Database Connection Errors (Paperless-ngx)
1. Verify PostgreSQL container is running
2. Check database credentials in environment variables
3. Ensure database initialization completed: `docker compose logs db`
4. Verify network connectivity between containers
### Permission Denied Errors
1. Check PUID/PGID settings in docker-compose.yaml
2. Verify host directory ownership: `chown -R <user>:<group> /path/to/volume`
3. Check SELinux context (if applicable): `ls -Z /path/to/volume`
## Migration Notes
### Post-Migration Tasks
- [ ] Review all `.env` files and update with production values
- [ ] Change default passwords and secrets in docker-compose files
- [ ] Verify volume mount paths exist on target system
- [ ] Test each service deployment individually
- [ ] Configure NPM proxy hosts for external access
- [ ] Update DNS records if service URLs changed
- [ ] Backup existing service data before redeployment
- [ ] Document any service-specific configuration changes
### Known Issues
- **FileBrowser**: Mounts entire filesystem root - review and restrict as needed
- **Paperless-ngx**: Contains `.env` file with secrets - ensure it's excluded from git
- **GitLab Utilities**: May require path adjustments depending on GitLab installation location
## Contributing
When adding new services to this directory:
1. Create a new subdirectory with service name (lowercase, hyphenated)
2. Include `docker-compose.yaml` (or `docker-compose.yml`)
3. Add `.env.example` if service requires environment variables
4. Document service in this README under "Services Overview"
5. Update directory structure diagram
6. Test deployment from scratch before committing
7. Ensure `.gitignore` excludes sensitive files
## Additional Resources
- [Docker Compose Documentation](https://docs.docker.com/compose/)
- [Nginx Proxy Manager Docs](https://nginxproxymanager.com/guide/)
- [Proxmox Homelab Documentation](../CLAUDE.md)
- [n8n Setup Guide](../n8n/N8N-SETUP-PLAN.md)
## Support
For homelab-specific questions or issues:
- Check existing documentation in `/home/jramos/homelab/`
- Review `CLAUDE_STATUS.md` for current infrastructure state
- Consult service-specific documentation linked in each service section
---
**Last Updated**: 2025-12-02
**Maintainer**: jramos
**Repository**: http://192.168.2.102:3060/jramos/homelab
						
						
						
						
@@ -0,0 +1,25 @@
services:
  bytestash:
    image: "ghcr.io/jordan-dalby/bytestash:latest"
    restart: always
    volumes:
      - /home/jramos/docker/bytestash/data:/data/snippets
    ports:
      - "5000:5000"
    environment:
      # See https://github.com/jordan-dalby/ByteStash/wiki/FAQ#environment-variables
      BASE_PATH: ""
      JWT_SECRET: your-secret
      TOKEN_EXPIRY: 24h
      ALLOW_NEW_ACCOUNTS: "true"
      DEBUG: "true"
      DISABLE_ACCOUNTS: "false"
      DISABLE_INTERNAL_ACCOUNTS: "false"
      # See https://github.com/jordan-dalby/ByteStash/wiki/Single-Sign%E2%80%90on-Setup for more info
      OIDC_ENABLED: "false"
      OIDC_DISPLAY_NAME: ""
      OIDC_ISSUER_URL: ""
      OIDC_CLIENT_ID: ""
      OIDC_CLIENT_SECRET: ""
      OIDC_SCOPES: ""
						
						
						
						
@@ -0,0 +1,14 @@
version: '3'
services:
  filebrowser:
    image: filebrowser/filebrowser:latest
    container_name: filebrowser
    volumes:
      - /:/srv #Change to match your directory
      - /home/docker/filebrowser/filebrowser.db:/database/filebrowser.db #Change to match your directory
      - /home/docker/filebrowser/settings.json:/config/settings.json #Change to match your directory
    environment:
      - PUID=$(id -u)
      - PGID=$(id -g)
    ports:
      - 8095:80
						
						
						
						
@@ -0,0 +1,7 @@
[Unit]
Description=Sync GitLab TLS Certs
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/sync-npm-certs.sh
						
						
						
						
@@ -0,0 +1,9 @@
[Unit]
Description=Weekly GitLab Cert Sync
[Timer]
OnCalendar=weekly
Persistent=true
[Install]
WantedBy=timers.target
						
						
						
						
@@ -0,0 +1,14 @@
#!/bin/bash
set -euo pipefail
NPM_HOST="192.168.2.101"
NPM_USER="root"
REMOTE_DIR="/etc/letsencrypt/live/npm-7"
LOCAL_DIR="/etc/gitlab/ssl"
rsync -az -e ssh $NPM_USER@$NPM_HOST:$REMOTE_DIR/fullchain.pem /tmp/fullchain.pem
rsync -az -e ssh $NPM_USER@$NPM_HOST:$REMOTE_DIR/privkey.pem /tmp/privkey.pem
[[ -s /tmp/fullchain.pem && -s /tmp/privkey.pem ]] || {
echo "Missing or empty cert files"; exit 1;
}
sudo mv /tmp/fullchain.pem /tmp/privkey.pem $LOCAL_DIR/
						
						
						
						
@@ -0,0 +1,56 @@
services:
  broker:
    image: docker.io/library/redis:8
    restart: unless-stopped
    volumes:
      - redisdata:/data
  db:
    image: docker.io/library/postgres:17
    restart: unless-stopped
    volumes:
      - pgdata:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: paperless
      POSTGRES_USER: paperless
      POSTGRES_PASSWORD: paperless
      PAPERLESS_URL: https://atlas.apophisnetworking.net
  webserver:
    image: ghcr.io/paperless-ngx/paperless-ngx:latest
    restart: unless-stopped
    depends_on:
      - db
      - broker
      - gotenberg
      - tika
    ports:
      - "8000:8000"
    volumes:
      - data:/usr/src/paperless/data
      - media:/usr/src/paperless/media
      - ./export:/usr/src/paperless/export
      - /home/jramos/paperless-ngx/consume:/usr/src/paperless/consume
    # env_file: docker-compose.env uncomment if deploying from CLI. ENV variables entered directly in portainer
    environment:
      PAPERLESS_REDIS: redis://broker:6379
      PAPERLESS_DBHOST: db
      PAPERLESS_TIKA_ENABLED: 1
      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
      PAPERLESS_TIKA_ENDPOINT: http://tika:9998
     # PAPERLESS_URL: <enter domain name> # Required if not using IP:PORT to access
  gotenberg:
    image: docker.io/gotenberg/gotenberg:8.20
    restart: unless-stopped
    # The gotenberg chromium route is used to convert .eml files. We do not
    # want to allow external content like tracking pixels or even javascript.
    command:
      - "gotenberg"
      - "--chromium-disable-javascript=true"
      - "--chromium-allow-list=file:///tmp/.*"
  tika:
    image: docker.io/apache/tika:latest
    restart: unless-stopped
volumes:
  data:
  media:
  pgdata:
  redisdata:
						
						
						
						
@@ -0,0 +1,17 @@
version: "3.8"
services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    restart: always
    ports:
      - "8000:8000"   # Edge agent
      - "9443:9443"   # Web UI (HTTPS)
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data   # <-- existing volume
volumes:
  portainer_data:
    external: true
						
						
						
						
@@ -0,0 +1,19 @@
services:
    speedtest-tracker:
        image: lscr.io/linuxserver/speedtest-tracker:latest
        restart: unless-stopped
        container_name: speedtest-tracker
        ports:
            - 8180:80
            - 8143:443
        environment:
            - PUID=1000
            - PGID=1000
            - APP_KEY=base64:h1jjtLUHV//AKUdBC2a7MUpNQrs5fgJ30Ia522iP+/E=
            - DB_CONNECTION=sqlite
            - SPEEDTEST_SCHEDULE=0 0 * * *
            - PUBLIC_DASHBOARD=true
            - APP-DEBUG=true
        volumes:
            - /home/jramos/docker/speedtest-tracker/config:/config
            #- /path/to-custom-ssl-keys:/config/keys