From f60acd64435085c2d012eb751abe2e999c220947 Mon Sep 17 00:00:00 2001 From: BadStorm Developer Date: Thu, 7 May 2026 22:05:02 +0200 Subject: [PATCH] Added Nextcloud/Collabora --- Services/certbot.README | 3 + Services/certbot/certbot.container | 9 --- Services/gitea.container | 18 ----- Services/gitea/app.ini | 78 +++++++++++++++++++ Services/gitea/gitea.container | 27 +++++++ Services/gitea/gitea.nginx | 28 +++++++ .../{ => giteamcp}/giteamcp.Containerfile | 0 Services/{ => giteamcp}/giteamcp.container | 0 .../llamacpp-mistral.Containerfile | 0 .../llamacpp-vulkan.Containerfile | 0 Services/{ => llamacpp}/llamacpp.README | 0 Services/{ => llamacpp}/llamacpp.container | 0 Services/{ => llamacpp}/llamacpp.nginx | 0 Services/nextcloud/collaboraoffice.container | 21 +++++ Services/nextcloud/collaboraoffice.nginx | 43 ++++++++++ Services/nextcloud/nextcloud.README | 11 +++ Services/nextcloud/nextcloud.container | 21 +++++ Services/nextcloud/nextcloud.nginx | 48 ++++++++++++ Services/{nginx => }/nginx.container | 0 Services/{ => postgres}/postgres.README | 0 Services/{ => postgres}/postgres.container | 0 Services/{searxng => }/searxng.container | 0 22 files changed, 280 insertions(+), 27 deletions(-) create mode 100644 Services/certbot.README delete mode 100644 Services/certbot/certbot.container delete mode 100644 Services/gitea.container create mode 100644 Services/gitea/app.ini create mode 100644 Services/gitea/gitea.container create mode 100644 Services/gitea/gitea.nginx rename Services/{ => giteamcp}/giteamcp.Containerfile (100%) rename Services/{ => giteamcp}/giteamcp.container (100%) rename Services/{ => llamacpp}/llamacpp-mistral.Containerfile (100%) rename Services/{ => llamacpp}/llamacpp-vulkan.Containerfile (100%) rename Services/{ => llamacpp}/llamacpp.README (100%) rename Services/{ => llamacpp}/llamacpp.container (100%) rename Services/{ => llamacpp}/llamacpp.nginx (100%) create mode 100644 Services/nextcloud/collaboraoffice.container create mode 100644 Services/nextcloud/collaboraoffice.nginx create mode 100644 Services/nextcloud/nextcloud.README create mode 100644 Services/nextcloud/nextcloud.container create mode 100644 Services/nextcloud/nextcloud.nginx rename Services/{nginx => }/nginx.container (100%) rename Services/{ => postgres}/postgres.README (100%) rename Services/{ => postgres}/postgres.container (100%) rename Services/{searxng => }/searxng.container (100%) diff --git a/Services/certbot.README b/Services/certbot.README new file mode 100644 index 0000000..b0deb9e --- /dev/null +++ b/Services/certbot.README @@ -0,0 +1,3 @@ +podman pull certbot/certbot + +podman run -it -v /srv/containers/nginx/ssl:/etc/letsencrypt certbot certonly --manual --preferred-challenges dns -d *.[DOMAIN] \ No newline at end of file diff --git a/Services/certbot/certbot.container b/Services/certbot/certbot.container deleted file mode 100644 index bb92b48..0000000 --- a/Services/certbot/certbot.container +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Name=certbot - -[Container] -ContainerName=certbot -Image=certbot/certbot -AutoUpdate=registry - -Volume=/srv/containers/nginx/ssl:/etc/letsencrypt diff --git a/Services/gitea.container b/Services/gitea.container deleted file mode 100644 index 528c6b8..0000000 --- a/Services/gitea.container +++ /dev/null @@ -1,18 +0,0 @@ -[Container] -Image=gitea/gitea -ContainerName=gitea -Network=internal.network - -PublishPort=3000:3000 -PublishPort=2222:22 - -Volume=/srv/containers/gitea:/data - -#Environment=USER_UID=1000 -#Environment=USER_GID=1000 - -[Service] -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/Services/gitea/app.ini b/Services/gitea/app.ini new file mode 100644 index 0000000..dace7b6 --- /dev/null +++ b/Services/gitea/app.ini @@ -0,0 +1,78 @@ +APP_NAME = [SERVER_NAME] +RUN_MODE = prod +RUN_USER = git + +[repository] +ROOT = /data/git/repositories + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +ENABLED = true +TEMP_PATH = /data/gitea/uploads +ALLOWED_TYPES = +FILE_MAX_SIZE = 1024 +MAX_FILES = 10 + +[server] +APP_DATA_PATH = /data/gitea +DOMAIN = code.[DOMAIN] +SSH_DOMAIN = code.[DOMAIN] +HTTP_PORT = 3000 +ROOT_URL = https://code.[DOMAIN]/ +PROTOCOL = http +DISABLE_SSH = false +SSH_PORT = 2222 +SSH_LISTEN_PORT = 22 +LFS_START_SERVER = true +LFS_CONTENT_PATH = /data/git/lfs + +[database] +DB_TYPE = postgres +HOST = postgres:5432 +NAME = gitea +USER = gitea +PASSWD = [PASSWORD] +SSL_MODE = disable +LOG_SQL = false + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + +[session] +PROVIDER = file +PROVIDER_CONFIG = /data/gitea/sessions + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars + +[attachment] +PATH = /data/gitea/attachments +ALLOWED_TYPES = +MAX_SIZE = 1024 +MAX_FILES = 10 + +[release.attachment] +ALLOWED_TYPES = +FILE_MAX_SIZE = 1024 +MAX_FILES = 10 + +[log] +MODE = console +LEVEL = info +ROOT_PATH = /data/gitea/log + +[security] +INSTALL_LOCK = true +SECRET_KEY = [SECRET_KEY] +REVERSE_PROXY_LIMIT = 1 +REVERSE_PROXY_TRUSTED_PROXIES = * + +[service] +DISABLE_REGISTRATION = false +REQUIRE_SIGNIN_VIEW = false + +[lfs] +PATH = /data/git/lfs \ No newline at end of file diff --git a/Services/gitea/gitea.container b/Services/gitea/gitea.container new file mode 100644 index 0000000..03eaf29 --- /dev/null +++ b/Services/gitea/gitea.container @@ -0,0 +1,27 @@ +[Unit] +Name=gitea + +[Container] +ContainerName=gitea +Image=docker.gitea.com/gitea:1.26.1 +#AutoUpdate=registry + +Network=internal.network +#NetworkAlias=gitea + +PublishPort=3000:3000 +PublishPort=2222:22 + +Volume=/srv/containers/gitea:/data +Volume=/etc/timezone:/etc/timezone:ro +Volume=/etc/localtime:/etc/localtime:ro + +#Environment=USER_UID=1000 +#Environment=USER_GID=1000 + +[Service] +TimeoutStartSec=5m +Restart=always + +[Install] +WantedBy=multi-user.target default.target \ No newline at end of file diff --git a/Services/gitea/gitea.nginx b/Services/gitea/gitea.nginx new file mode 100644 index 0000000..c145da8 --- /dev/null +++ b/Services/gitea/gitea.nginx @@ -0,0 +1,28 @@ +server { + listen 443 ssl http2; + server_name code.[DOMAIN]; + + ssl_certificate /etc/letsencrypt/live/[DOMAIN]/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/[DOMAIN]/privkey.pem; + + client_max_body_size 1G; + + location / { + proxy_pass http://gitea:3000; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Ssl on; + + proxy_read_timeout 3600; + proxy_send_timeout 3600; + proxy_connect_timeout 3600; + + proxy_request_buffering off; + proxy_buffering off; + } +} \ No newline at end of file diff --git a/Services/giteamcp.Containerfile b/Services/giteamcp/giteamcp.Containerfile similarity index 100% rename from Services/giteamcp.Containerfile rename to Services/giteamcp/giteamcp.Containerfile diff --git a/Services/giteamcp.container b/Services/giteamcp/giteamcp.container similarity index 100% rename from Services/giteamcp.container rename to Services/giteamcp/giteamcp.container diff --git a/Services/llamacpp-mistral.Containerfile b/Services/llamacpp/llamacpp-mistral.Containerfile similarity index 100% rename from Services/llamacpp-mistral.Containerfile rename to Services/llamacpp/llamacpp-mistral.Containerfile diff --git a/Services/llamacpp-vulkan.Containerfile b/Services/llamacpp/llamacpp-vulkan.Containerfile similarity index 100% rename from Services/llamacpp-vulkan.Containerfile rename to Services/llamacpp/llamacpp-vulkan.Containerfile diff --git a/Services/llamacpp.README b/Services/llamacpp/llamacpp.README similarity index 100% rename from Services/llamacpp.README rename to Services/llamacpp/llamacpp.README diff --git a/Services/llamacpp.container b/Services/llamacpp/llamacpp.container similarity index 100% rename from Services/llamacpp.container rename to Services/llamacpp/llamacpp.container diff --git a/Services/llamacpp.nginx b/Services/llamacpp/llamacpp.nginx similarity index 100% rename from Services/llamacpp.nginx rename to Services/llamacpp/llamacpp.nginx diff --git a/Services/nextcloud/collaboraoffice.container b/Services/nextcloud/collaboraoffice.container new file mode 100644 index 0000000..f3468a2 --- /dev/null +++ b/Services/nextcloud/collaboraoffice.container @@ -0,0 +1,21 @@ +[Unit] +Name=collaboraoffice + +[Container] +ContainerName=collaboraoffice +Image=docker.io/library/collabora/code:latest +AutoUpdate=registry +Network=internal.network + +Environment=extra_params="--o:ssl.enable=false --o:ssl.termination=true --o:net.proto=IPv4" +Environment=server_name=[DOMAIN] +Environment=aliasgroup1=https://[DOMAIN] + +PublishPort=9980:9980 + +[Service] +TimeoutStartSec=5m +Restart=on-failure + +[Install] +WantedBy=multi-user.target default.target diff --git a/Services/nextcloud/collaboraoffice.nginx b/Services/nextcloud/collaboraoffice.nginx new file mode 100644 index 0000000..eb661a6 --- /dev/null +++ b/Services/nextcloud/collaboraoffice.nginx @@ -0,0 +1,43 @@ +server { + listen 443 ssl http2; + server_name office.[DOMAIN]; + + ssl_certificate /etc/letsencrypt/live/[DOMAIN]/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/[DOMAIN]/privkey.pem; + + location ^~ /browser { + proxy_pass http://collaboraoffice:9980; + proxy_set_header Host $http_host; + } + + location ^~ /hosting/discovery { + proxy_pass http://collaboraoffice:9980; + proxy_set_header Host $http_host; + } + + location ^~ /hosting/capabilities { + proxy_pass http://collaboraoffice:9980; + proxy_set_header Host $http_host; + } + + location ~ ^/cool/(.*)/ws$ { + proxy_pass http://collaboraoffice:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + + location ~ ^/(c|l)ool { + proxy_pass http://collaboraoffice:9980; + proxy_set_header Host $http_host; + } + + location ^~ /cool/adminws { + proxy_pass http://collaboraoffice:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } +} diff --git a/Services/nextcloud/nextcloud.README b/Services/nextcloud/nextcloud.README new file mode 100644 index 0000000..1e959f4 --- /dev/null +++ b/Services/nextcloud/nextcloud.README @@ -0,0 +1,11 @@ +### Configurazioni per SSL + +podman exec -it nextcloud php occ config:system:set trusted_domains 1 --value=cloud.[DOMAIN] +podman exec -it nextcloud php occ config:system:set overwriteprotocol --value=https +podman exec -it nextcloud php occ config:system:set overwritehost --value=cloud.[DOMAIN] +podman exec -it nextcloud php occ config:system:set trusted_proxies 0 --value=nginx +podman exec -it nextcloud php occ config:app:set richdocuments wopi_url --value="https://office.[DOMAIN]" +podman exec -it nextcloud php occ config:app:set richdocuments public_wopi_url --value="https://office.[DOMAIN]" +podman exec -it nextcloud php occ config:app:delete richdocuments wopi_discovery +podman exec -it nextcloud php occ config:app:delete richdocuments wopi_capabilities + diff --git a/Services/nextcloud/nextcloud.container b/Services/nextcloud/nextcloud.container new file mode 100644 index 0000000..0911dc9 --- /dev/null +++ b/Services/nextcloud/nextcloud.container @@ -0,0 +1,21 @@ +[Unit] +Name=nextcloud + +[Container] +ContainerName=nextcloud +Image=docker.io/library/nextcloud:latest +AutoUpdate=registry +Network=internal.network + +PublishPort=8080:80 + +Volume=/srv/containers/nextcloud/config:/var/www/html/config +Volume=/srv/containers/nextcloud/custom_apps:/var/www/html/custom_apps +Volume=/srv/containers/nextcloud/data:/var/www/html/data + +[Service] +TimeoutStartSec=5m +Restart=on-failure + +[Install] +WantedBy=multi-user.target default.target diff --git a/Services/nextcloud/nextcloud.nginx b/Services/nextcloud/nextcloud.nginx new file mode 100644 index 0000000..e1a5277 --- /dev/null +++ b/Services/nextcloud/nextcloud.nginx @@ -0,0 +1,48 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name cloud.[DOMAIN]; + + ssl_certificate /etc/letsencrypt/live/[DOMAIN]/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/[DOMAIN]/privkey.pem; + + client_max_body_size 0; + underscores_in_headers on; + + location / { + proxy_pass http://nextcloud:80; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Ssl on; + + proxy_redirect off; + proxy_buffering off; + proxy_request_buffering off; + proxy_max_temp_file_size 0; + + proxy_read_timeout 3600; + proxy_send_timeout 3600; + } + + location = /.well-known/carddav { + return 301 https://$http_host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 https://$http_host/remote.php/dav; + } + + location = /.well-known/webfinger { + return 301 https://$http_host/index.php/.well-known/webfinger; + } + + location = /.well-known/nodeinfo { + return 301 https://$http_host/index.php/.well-known/nodeinfo; + } +} \ No newline at end of file diff --git a/Services/nginx/nginx.container b/Services/nginx.container similarity index 100% rename from Services/nginx/nginx.container rename to Services/nginx.container diff --git a/Services/postgres.README b/Services/postgres/postgres.README similarity index 100% rename from Services/postgres.README rename to Services/postgres/postgres.README diff --git a/Services/postgres.container b/Services/postgres/postgres.container similarity index 100% rename from Services/postgres.container rename to Services/postgres/postgres.container diff --git a/Services/searxng/searxng.container b/Services/searxng.container similarity index 100% rename from Services/searxng/searxng.container rename to Services/searxng.container