First commit

README.org

@@ -0,0 +1,13 @@
+#+title: Self-hosted Docker Compose Setup Templates
+#+author: Emmet
+
+This is a repo I'm using to stash templated information about my self-hosted homelab.
+
+[[img/self-hosted-dashboard.png]]
+
+Inside here are templates I've crafted through experimenting with self-hosting many different services.
+
+I have 3 templates currently:
+- [[./homelab][homelab]] - These included self-hosted cloud services such as [[https://nextcloud.com/][Nextcloud]], [[https://syncthing.net/][Syncthing]], [[https://about.gitea.com/][Gitea]], [[https://freshrss.org/][FreshRSS]], and a personal dashboard ([[https://heimdall.site/][Heimdall]])
+- [[./network][network]] - These include network goodies such as [[https://pi-hole.net/][Pi-hole]] (network-level adblock) and [[https://www.wireguard.com/][Wiregaurd]] (to VPN into my home network)
+- [[./gameservers][gameservers]] - What it sounds like, self-hosted servers for games like [[https://www.minecraft.net/en-us][Minecraft]], [[https://terraria.org/][Terraria]], etc...

homelab/builds/nextcloud-app/Dockerfile

@@ -0,0 +1 @@
+FROM nextcloud:apache

homelab/builds/nginx-proxy/Dockerfile

@@ -0,0 +1,4 @@
+FROM nginxproxy/nginx-proxy:alpine
+
+COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
+

homelab/builds/nginx-proxy/uploadsize.conf

@@ -0,0 +1,2 @@
+client_max_body_size 10G;
+proxy_request_buffering off;

homelab/docker-compose.yml

@@ -0,0 +1,184 @@
+version: '3.8'
+
+services:
+  nextcloud-db:
+    image: mariadb:10.5
+    container_name: nextcloud-db
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    restart: unless-stopped
+    volumes:
+      - ./data/nextcloud-db:/var/lib/mysql
+    environment:
+      - MARIADB_AUTO_UPGRADE=1
+      - MARIADB_DISABLE_UPGRADE_BACKUP=1
+    env_file:
+      - ./env/nextcloud-db.env
+
+  nextcloud-redis:
+    image: redis:alpine
+    container_name: nextcloud-redis
+    restart: unless-stopped
+
+  nextcloud-app:
+    build: ./builds/nextcloud-app/
+    container_name: nextcloud-app
+    restart: unless-stopped
+    volumes:
+      - ./data/nextcloud-app:/var/www/html
+    environment:
+      - VIRTUAL_HOST=nextcloud.yourdomain.com
+      - LETSENCRYPT_HOST=nextcloud.yourdomain.com
+      - LETSENCRYPT_EMAIL=youremail@domain.com
+      - MYSQL_HOST=nextcloud-db
+      - REDIS_HOST=nextcloud-redis
+    env_file:
+      - ./env/nextcloud-db.env
+    depends_on:
+      - nextcloud-db
+      - nextcloud-redis
+    networks:
+      - proxy-tier
+      - default
+
+  nextcloud-cron:
+    image: nextcloud:apache
+    container_name: nextcloud-cron
+    restart: unless-stopped
+    volumes:
+      - ./data/nextcloud-app:/var/www/html
+    entrypoint: /cron.sh
+    depends_on:
+      - nextcloud-db
+      - nextcloud-redis
+
+  gitea-app:
+    image: gitea/gitea:nightly
+    container_name: gitea-app
+    environment:
+      - VIRTUAL_HOST=gitea.yourdomain.com
+      - LETSENCRYPT_HOST=gitea.yourdomain.com
+      - LETSENCRYPT_EMAIL=youremail@domain.com
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=mysql
+      - GITEA__database__HOST=gitea-db:3306
+      - SSH_PORT=2321
+    env_file:
+      - ./env/gitea-db.env
+    restart: unless-stopped
+    networks:
+      - proxy-tier
+    volumes:
+      - ./data/gitea-app:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "2321:22"
+    depends_on:
+      - gitea-db
+
+  gitea-db:
+    image: mariadb:10.5
+    container_name: gitea-db
+    restart: unless-stopped
+    env_file:
+      - ./env/gitea-db.env
+    networks:
+      - proxy-tier
+    volumes:
+      - ./data/gitea-db:/var/lib/mysql
+
+  syncthing-app:
+    image: lscr.io/linuxserver/syncthing:latest
+    container_name: syncthing-app
+    hostname: yourhostname
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=YourRegion/YourCity
+    networks:
+      - proxy-tier
+    volumes:
+      - ./data/syncthing-app/config:/config
+      - ./data/syncthing-app/data:/source
+    ports:
+      - 8384:8384
+      - 22000:22000/tcp
+      - 22000:22000/udp
+      - 21027:21027/udp
+    restart: unless-stopped
+
+  freshrss:
+    image: lscr.io/linuxserver/freshrss:latest
+    container_name: freshrss-app
+    environment:
+      - VIRTUAL_HOST=freshrss.yourdomain.com
+      - LETSENCRYPT_HOST=freshrss.yourdomain.com
+      - LETSENCRYPT_EMAIL=youremail@domain.com
+      - PUID=1000
+      - PGID=1000
+      - TZ=YourRegion/YourCity
+    networks:
+      - proxy-tier
+    volumes:
+      - ./data/freshrss-app/config:/config
+    restart: unless-stopped
+
+  heimdall-app:
+    image: lscr.io/linuxserver/heimdall:latest
+    container_name: heimdall-app
+    environment:
+      - VIRTUAL_HOST=homepage.yourdomain.com
+      - LETSENCRYPT_HOST=homepage.yourdomain.com
+      - LETSENCRYPT_EMAIL=youremail@domain.com
+      - PUID=1000
+      - PGID=1000
+      - TZ=YourRegion/YourCity
+    volumes:
+      - ./data/heimdall-app/config:/config
+    networks:
+      - proxy-tier
+    restart: unless-stopped
+
+  nginx-proxy:
+    build: ./builds/nginx-proxy/
+    container_name: nginx-proxy
+    restart: unless-stopped
+    ports:
+      - 80:80
+      - 443:443
+    labels:
+      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+    volumes:
+      - certs:/etc/nginx/certs:ro
+      - vhost.d:/etc/nginx/vhost.d
+      - html:/usr/share/nginx/html
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    networks:
+      - proxy-tier
+
+  letsencrypt-companion:
+    image: nginxproxy/acme-companion
+    container_name: letsencrypt-companion
+    restart: unless-stopped
+    volumes:
+      - certs:/etc/nginx/certs
+      - acme:/etc/acme.sh
+      - vhost.d:/etc/nginx/vhost.d
+      - html:/usr/share/nginx/html
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - proxy-tier
+    depends_on:
+      - nginx-proxy
+
+volumes:
+  certs:
+  acme:
+  vhost.d:
+  html:
+
+networks:
+  proxy-tier:
+    external: true

homelab/env/gitea-db.env

@@ -0,0 +1,14 @@
+# MYSQL ROOT PASSWORD
+MYSQL_ROOT_PASSWORD=CHANGEME
+
+# GITEA DB NAME, THESE SHOULD BE THE SAME
+GITEA__database__NAME=gitea
+MYSQL_DATABASE=gitea
+
+# GITEA DB USER, THESE SHOULD BE THE SAME
+GITEA__database__USER=gitea
+MYSQL_USER=gitea
+
+# GITEA DB PASSWORD, THESE SHOULD BE THE SAME
+GITEA__database__PASSWD=CHANGEME
+MYSQL_PASSWORD=CHANGEME

homelab/env/nextcloud-db.env

@@ -0,0 +1,11 @@
+# MYSQL ROOT PASSWORD
+MYSQL_ROOT_PASSWORD=CHANGEME
+
+# NEXTCLOUD DB NAME
+MYSQL_DATABASE=nextcloud
+
+# NEXTCLOUD DB USER
+MYSQL_USER=nextcloud
+
+# NEXTCLOUD DB PASSWORD
+MYSQL_PASSWORD=CHANGEME

network/docker-compose.yml

@@ -0,0 +1,58 @@
+version: '3.8'
+
+services:
+  wireguard-vpn:
+    image: lscr.io/linuxserver/wireguard:latest
+    container_name: wireguard-vpn
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE #optional
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=YourRegion/YourCity
+      - SERVERURL=yourdomain.com
+      - SERVERPORT=51820
+      - PEERS=1 #optional
+      - PEERDNS=auto #optional
+#      - INTERNAL_SUBNET=10.13.13.0 #optional
+#      - ALLOWEDIPS=0.0.0.0/0 #optional
+#      - PERSISTENTKEEPALIVE_PEERS= #optional
+#      - LOG_CONFS=true #optional
+    networks:
+      - proxy-tier
+    volumes:
+      - ./data/wireguard-vpn/config:/config
+#      - /lib/modules:/lib/modules #optional
+    ports:
+      - 51820:51820/udp
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    restart: unless-stopped
+
+  pihole-adblock:
+    container_name: pihole-adblock
+    image: pihole/pihole:latest
+    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
+    networks:
+      - proxy-tier
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+#      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
+      - "8093:80/tcp"
+      - "8094:443/tcp"
+    environment:
+      TZ: 'YourRegion/YourCity'
+      WEBPASSWORD: CHANGEME
+    volumes:
+      - './data/pihole-adblock/etc/pihole:/etc/pihole'
+      - './data/pihole-adblock/etc/dnsmasq.d:/etc/dnsmasq.d'
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+#    cap_add:
+#      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
+    restart: unless-stopped
+
+networks:
+  proxy-tier:
+    external: true