add pihole and grocy

.gitignore

@@ -6,3 +6,4 @@
 /logs/
 /secrets/
 /volumes/
+/letsencrypt/

docker-compose.yaml

@@ -4,7 +4,7 @@ volumes:
 services:
 
 #############################################################################
-#####################		MariaDB	1		#####################
+#####################		MariaDB	Vikunja		#####################
 #############################################################################
   db:
     container_name: mariadb-vikunja
@@ -25,7 +25,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
 
 #############################################################################
-#####################		MariaDB	2		#####################
+#####################		MariaDB	Gitea		#####################
 #############################################################################
   gitdb:
    container_name: mariadb-git
@@ -48,62 +48,79 @@ services:
      - /etc/localtime:/etc/localtime:ro
 
 #############################################################################
-#####################		MariaDB	3		#####################
+#####################		MariaDB	Nextcloud	#####################
 #############################################################################
-  nextcloud-db:
+#   nextcloud-db:
-   container_name: mariadb-nextcloud
+#    container_name: mariadb-nextcloud
-   image: tobi312/rpi-mariadb:10.11-alpine
+#    image: tobi312/rpi-mariadb:10.11-alpine
-#   image: yobasystems/alpine-mariadb:10.5.9
+# #   image: yobasystems/alpine-mariadb:10.5.9
-   command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+#    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
-#   networks:
+# #   networks:
-   # ports:    
+#    # ports:    
-   #   - "3326:3306"
+#    #   - "3326:3306"
-   #   - "3327:3307"
+#    #   - "3327:3307"
-   restart: unless-stopped
+#    restart: unless-stopped
-   environment:
+#    environment:
-     - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT}
+#      - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT}
-     - MYSQL_DATABASE=nextcloud
+#      - MYSQL_DATABASE=nextcloud
-     - MYSQL_USER=nextcloud
+#      - MYSQL_USER=nextcloud
-     - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW}
+#      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW}
-   volumes:
+#    volumes:
-     - ./databases/db-nextcloud:/var/lib/mysql
+#      - ./databases/db-nextcloud:/var/lib/mysql
-     - /etc/localtime:/etc/localtime:ro
+#      - /etc/localtime:/etc/localtime:ro
+
+#############################################################################
+#####################		MariaDB	Baikal  	#####################
+#############################################################################
+
+  baikal-db:
+    container_name: mariadb-baikal
+    image: tobi312/rpi-mariadb:10.11-alpine
+    restart: unless-stopped
+    environment:
+      - MYSQL_ROOT_PASSWORD=${BAIKAL_DB_ROOT}
+      - MYSQL_DATABASE=baikal
+      - MYSQL_USER=baikal
+      - MYSQL_PASSWORD=${BAIKAL_DB_PW}
+    volumes:
+      - ./databases/db-baikal:/var/lib/mysql  
+      - /etc/localtime:/etc/localtime:ro   
 
 #############################################################################
 #####################		Nextcloud		#####################
 #############################################################################
 
-  nextcloud:
+#   nextcloud:
-    container_name: nextcloud
+#     container_name: nextcloud
-    image: nextcloud:latest
+#     image: nextcloud:latest
-    restart: always
+#     restart: always
-    links:
+#     links:
-      - nextcloud-db
+#       - nextcloud-db
-    volumes:
+#     volumes:
-      - ./volumes/nextcloud:/var/www/html
+#       - ./volumes/nextcloud:/var/www/html
-    environment:
+#     environment:
-      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW}
+#       - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW}
-      - MYSQL_DATABASE=nextcloud
+#       - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
+#       - MYSQL_USER=nextcloud
-      - MYSQL_HOST=nextcloud-db
+#       - MYSQL_HOST=nextcloud-db
-      - OVERWRITEPROTOCOL=https
+#       - OVERWRITEPROTOCOL=https
-      - OVERWRITECLIURL=https://cloud.gerle.duckdns.org
+#       - OVERWRITECLIURL=https://cloud.gerle.duckdns.org
-      - OVERWRITEHOST=cloud.gerle.duckdns.org
+#       - OVERWRITEHOST=cloud.gerle.duckdns.org
-    networks:
+#     networks:
-      - dockernet
+#       - dockernet
-      - default
+#       - default
-    labels:
+#     labels:
-      - 'traefik.enable=true'
+#       - 'traefik.enable=true'
-      - 'traefik.http.routers.nextcloud.rule=Host(`cloud.gerle.duckdns.org`)'      
+#       - 'traefik.http.routers.nextcloud.rule=Host(`cloud.gerle.duckdns.org`)'      
-      - "traefik.http.routers.nextcloud.entrypoints=websecure"
+#       - "traefik.http.routers.nextcloud.entrypoints=websecure"
-      - "traefik.http.routers.nextcloud.tls.certResolver=letsencrypt"
+#       - "traefik.http.routers.nextcloud.tls=true"
-      - "traefik.http.routers.nextcloud.tls=true"
+#       - "traefik.http.routers.nextcloud.tls.certResolver=letsencrypt"
-      - 'traefik.http.services.nextcloud.loadbalancer.server.port=80'
+#       - 'traefik.http.services.nextcloud.loadbalancer.server.port=80'
-      - "traefik.http.routers.nextcloud.service=nextcloud"
+#       - "traefik.http.routers.nextcloud.service=nextcloud"
-#      - "traefik.docker.network=proxy"
+# #      - "traefik.docker.network=proxy"
-      - "traefik.http.routers.nextcloud.middlewares=nextcloud-dav" #,default@file"
+#       - "traefik.http.routers.nextcloud.middlewares=nextcloud-dav" #,default@file"
-      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
+#       - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
-      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
+#       - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
       
 #############################################################################
 ######################		Vikunja Api		#####################
@@ -183,8 +200,10 @@ services:
       - api
     environment:
       - ACME_DNS_API_BASE="http://10.0.0.8:4443"
-      - ACME_DNS_STORAGE_PATH="/.lego-acme-dns-accounts.json"
+      - ACME_DNS_STORAGE_PATH="/letsencrypt/lego-acme-dns-accounts.json"
       - DUCKDNS_TOKEN=${DUCKDNS}
+      - DUCKDNS_PROPAGATION_TIMEOUT=120
+#      - DUCKDNS_SEQUENCE_INTERVAL
       - LEGO_DISABLE_CNAME_SUPPORT=true
       - FREEMYIP_TOKEN=${FMIP_TOKEN}
   #    - CF_API_EMAIL=${CLOUDFLARE_MAIL}
@@ -194,6 +213,7 @@ services:
       - '80:80'
       - '8080:8080'
       - '443:443'
+      - '2222:2222/tcp'
     volumes:
       - '/var/run/docker.sock:/var/run/docker.sock:ro'
       - './traefik.yaml:/traefik.yaml'
@@ -201,7 +221,8 @@ services:
       - "./logs/:/logs/"
       - './secrets/acme.json:/acme.json'
       - './secrets/acme_ds.json:/acme_ds.json'
-      - "./secrets/lego-acme-dns-accounts.json:/.lego-acme-dns-accounts.json"
+      - './letsencrypt/:/letsencrypt'
+      - "./secrets/lego-acme-dns-accounts.json:/lego-acme-dns-accounts.json"
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.api.rule=Host(`berry.local/traefik`)"
@@ -241,32 +262,32 @@ services:
 #############################################################################
 #####################		Baikal			#####################
 #############################################################################      
-#   baikal:
+  baikal:
-#     container_name: baikal
+    container_name: baikal
-#     image: ckulka/baikal:latest
+    image: ckulka/baikal:latest
-#     restart: always
+    restart: always
-#     labels:
+    labels:
-#       - 'traefik.enable=true'
+      - 'traefik.enable=true'
-#       - 'traefik.http.routers.baikal.rule=Host(`baikal.gerle.duckdns.org`)'
+      - 'traefik.http.routers.baikal.rule=Host(`baikal.gerle.duckdns.org`)'
-#       - 'traefik.http.services.baikal.loadbalancer.server.port=80'    
+      - 'traefik.http.services.baikal.loadbalancer.server.port=80'    
-#       - "traefik.http.routers.baikal.entrypoints=websecure"
+      - "traefik.http.routers.baikal.entrypoints=websecure"
-#       - "traefik.http.routers.baikal.tls.certResolver=letsencrypt"
+      - "traefik.http.routers.baikal.tls.certResolver=letsencrypt"
-# #      traefik.port: 80
+#      traefik.port: 80
-#       # Traefik middleware required for iOS, see https://github.com/ckulka/baikal-docker/issues/37.
+      # Traefik middleware required for iOS, see https://github.com/ckulka/baikal-docker/issues/37.
-#       # When using a Traefik provider file (YAML/TOML) instead of these labels, remove the escape
+      # When using a Traefik provider file (YAML/TOML) instead of these labels, remove the escape
-#       # character from "*.redirectregex.replacement" - it's only needed in Docker Compose YAML files:
+      # character from "*.redirectregex.replacement" - it's only needed in Docker Compose YAML files:
-#       # redirectRegex:
+      # redirectRegex:
-#       #   replacement: "https://$1/dav/php/
+      #   replacement: "https://$1/dav/php/
-#       - 'traefik.http.middlewares.baikal-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav'
+      - 'traefik.http.middlewares.baikal-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav'
-#       - 'traefik.http.middlewares.baikal-dav.redirectregex.replacement=https://$$1/dav.php/'
+      - 'traefik.http.middlewares.baikal-dav.redirectregex.replacement=https://$$1/dav.php/'
-#       - 'traefik.http.middlewares.baikal-dav.redirectregex.permanent=true'
+      - 'traefik.http.middlewares.baikal-dav.redirectregex.permanent=true'
-#       - 'traefik.http.routers.baikal.middlewares=baikal-dav'
+      - 'traefik.http.routers.baikal.middlewares=baikal-dav'
-#     volumes:
+    volumes:
-#       - ./volumes/baikal-config:/var/www/baikal/config
+      - ./volumes/baikal-config:/var/www/baikal/config
-#       - ./volumes/baikal-data:/var/www/baikal/Specific
+      - ./volumes/baikal-data:/var/www/baikal/Specific
-#     networks:
+    networks:
-#       - dockernet
+      - dockernet
-#       - default
+      - default
 
 
   # acmedns:
@@ -307,6 +328,10 @@ services:
       - GITEA__mailer__USER=${MAIL_USER}
       - GITEA__mailer__PASSWD=${MAIL_PW}
       - GITEA__server__ROOT_URL="https://git.gerle.duckdns.org"
+      - GITEA__server__START_SSH_SERVER=true
+      - GITEA__server__SSH_DOMAIN="git.gerle.duckdns.org"
+      - GITEA__server__SSH_PORT=22
+      - GITEA__server__SSH_LISTEN_PORT=2222
     restart: always
     networks:
       - gitea
@@ -317,9 +342,16 @@ services:
       - /etc/localtime:/etc/localtime:ro
     ports:
       - "3000:3000"
-      - "222:22"
+#      - "222:22"
     labels:
       - 'traefik.enable=true'
+      # - 'traefik.http.routers.git-ssh.rule=Host(`git.gerle.duckdns.org`)'
+      # - 'traefik.http.services.git-ssh.loadbalancer.server.port=22'    
+      # - "traefik.http.routers.git-ssh.entrypoints=ssh" 
+      - traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)
+      - traefik.tcp.routers.gitea-ssh.entrypoints=ssh
+      - traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc
+      - traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=2222
       - 'traefik.http.routers.git.rule=Host(`git.gerle.duckdns.org`)'
       - 'traefik.http.services.git.loadbalancer.server.port=3000'    
       - "traefik.http.routers.git.entrypoints=websecure"
@@ -327,6 +359,116 @@ services:
     depends_on:
       - gitdb
 
+
+      
+#############################################################################
+#####################		Pihole			#####################
+#############################################################################   
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:latest
+    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
+      - "8022:80/tcp"
+    environment:
+      TZ: 'Europe/Berlin'
+      WEBPASSWORD: ${PIHOLE_PW}
+    # Volumes store your data between container upgrades
+    volumes:
+      - './volumes/pihole-etc:/etc/pihole'
+      - './volumes/pihole-etc-dnsmasq.d:/etc/dnsmasq.d'
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+#    cap_add:
+   #   - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
+    restart: unless-stopped
+
+      
+#############################################################################
+#####################		Grocy			#####################
+#############################################################################      
+
+#   grocy-frontend:
+#     container_name: grocy-frontend
+#     image: grocy/frontend:v3.3.2
+#     # build:
+#     #   args:
+#     #     GROCY_VERSION: v3.3.2
+#     #     PLATFORM: linux/amd64
+#     #   context: .
+#     #   dockerfile: Containerfile-frontend
+#     depends_on:
+#       - backend
+# #    ports:
+# #      - "8888:80"      
+#     networks:
+#       - dockernet
+#       - default
+#     read_only: true
+#     volumes:
+#       - ./volumes/grocy:/var/www/data
+#     tmpfs:
+#       - /tmp
+#     restart: unless-stopped
+#     labels:
+#       - 'traefik.enable=true'
+#       - 'traefik.http.routers.grocy.rule=Host(`grocy.gerle.duckdns.org`)'
+# #      - 'traefik.http.services.grocy.loadbalancer.server.port=8888'    
+#       - "traefik.http.routers.grocy.entrypoints=websecure"
+#       - "traefik.http.routers.grocy.tls.certResolver=letsencrypt"
+
+#   backend:
+#     container_name: grocy-backend
+#     image: grocy/backend:v3.3.2
+#     expose:
+#       - '9000'
+#     read_only: true
+#     networks:
+#   #    - dockernet
+#       - default
+#     tmpfs:
+#       - /tmp
+#     volumes:
+#       - ./volumes/grocy:/var/www/data
+#     environment:
+# #      - GROCY_MODE=production
+#       - GROCY_CULTURE=de
+#       - MAX_UPLOAD=50M
+#       - PHP_MAX_FILE_UPLOAD=200
+#       - PHP_MAX_POST=100M
+#       - PHP_MEMORY_LIMIT=512M
+#       - GROCY_CURRENCY=EUR
+#     restart: unless-stopped
+
+
+    
+  grocy:
+    image: lscr.io/linuxserver/grocy:latest
+    container_name: grocy
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - GROCY_CURRENCY=EUR
+      - GROCY_CULTURE=de
+    volumes:
+      - ./volumes/grocy:/config
+#    ports:
+#      - 9283:80
+    restart: unless-stopped
+    networks:
+      - gitea
+      - dockernet
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.grocy.rule=Host(`grocy.gerle.duckdns.org`)'      
+      - "traefik.http.routers.grocy.entrypoints=websecure"
+      - "traefik.http.routers.grocy.tls.certResolver=letsencrypt"
+      - "traefik.http.routers.grocy.tls=true"
+      - 'traefik.http.services.grocy.loadbalancer.server.port=80'
+      
 #############################################################################
 #####################		Networks		#####################
 #############################################################################

traefik.yaml

@@ -7,6 +7,9 @@ entryPoints:
           to: "websecure"
           scheme: "https"
           permanent: true
+
+  ssh:
+    address: ":2222"
       
 
   websecure:
@@ -26,7 +29,7 @@ accessLog:
 
 
 log:
-  level: DEBUG
+#  level: DEBUG
   filePath: "/logs/traefik.log"
    
 providers:
@@ -42,17 +45,20 @@ certificatesResolvers:
   letsencrypt:
     acme:
       email: team-gg@gmx.de
-      storage: acme.json
+      storage: /letsencrypt/acme.json
       dnsChallenge:
         provider: duckdns
-        delayBeforeCheck: 30
+        delayBeforeCheck: 10
+        # disablePropagationCheck: true
         resolvers:
+        #   # - "99.79.143.35:53"
+        #   # - "35.182.183.211:53"
           - "1.1.1.1:53"
           - "8.8.8.8:53"
   diskstation:
     acme:
       email: team-gg@gmx.de
-      storage: acme_ds.json
+      storage: /letsencrypt/acme_ds.json
 #      tlsChallenge: {}
       httpChallenge:
         entryPoint: web