From 5fc4fbcef30d8ac795ac8f3107c3e158a143758b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillaume=20T=C3=A2che?= Date: Thu, 6 Nov 2025 20:28:41 +0100 Subject: [PATCH] Initial commit --- .gitignore | 87 ++ .idea/.gitignore | 8 + .idea/inspectionProfiles/Project_Default.xml | 741 ++++++++++++++++++ .idea/misc.xml | 6 + .idea/modules.xml | 8 + .idea/vcs.xml | 6 + files/add-secrets.sh | 16 + files/copy-music.service | 9 + files/copy-music.timer | 11 + files/install-additional-packages.service | 27 + files/jail.local | 9 + files/move-downloads-nextcloud.service | 9 + files/move-downloads-nextcloud.timer | 11 + files/poweroff | 1 + files/smartd.conf | 2 + files/sshd_config | 2 + generate-config.sh | 87 ++ home/arr/.secrets | 2 + home/gitea/.secrets | 1 + home/jdownloader/.secrets | 2 + home/navidrome/.secrets | 1 + home/nextcloud/.secrets | 6 + home/nextcloud/pre-generate-preview.sh | 4 + home/paperless/.secrets | 2 + home/pihole/.secrets | 1 + home/pihole/update-hints.sh | 4 + home/pihole/update-root.sh | 7 + home/qbittorrent/.secrets | 2 + home/root/.secrets | 2 + home/root/copy-music.sh | 8 + home/root/move-downloads-nextcloud.sh | 28 + home/synapse/.secrets | 1 + home/tga/.dyndns | 1 + home/tga/dyndns.sh | 13 + home/wallabag/.secrets | 2 + init/configure-firewalld.service | 14 + init/configure-firewalld.sh | 48 ++ init/enable-all-quadlets.service | 15 + init/enable-all-quadlets.sh | 35 + pi4.bu | 143 ++++ quadlets/arr/arr.pod | 8 + quadlets/arr/bazarr-config.volume | 7 + quadlets/arr/bazarr-data.volume | 7 + quadlets/arr/bazarr.container | 24 + quadlets/arr/gluetun.container | 26 + quadlets/arr/lidarr-config.volume | 7 + quadlets/arr/lidarr-data.volume | 7 + quadlets/arr/lidarr.container | 24 + quadlets/arr/overseerr-config.volume | 7 + quadlets/arr/overseerr.container | 23 + quadlets/arr/prowlarr-config.volume | 7 + quadlets/arr/prowlarr-data.volume | 7 + quadlets/arr/prowlarr.container | 24 + quadlets/arr/radarr-config.volume | 7 + quadlets/arr/radarr-data.volume | 7 + quadlets/arr/radarr.container | 24 + quadlets/arr/sonarr-config.volume | 7 + quadlets/arr/sonarr-data.volume | 7 + quadlets/arr/sonarr.container | 24 + quadlets/gitea/gitea-data.volume | 7 + quadlets/gitea/gitea-database.container | 25 + quadlets/gitea/gitea-database.volume | 7 + quadlets/gitea/gitea.container | 29 + quadlets/gitea/gitea.pod | 4 + .../homeassistant/homeassistant-config.volume | 7 + .../homeassistant/homeassistant-ssh.volume | 7 + .../homeassistant/homeassistant.container | 21 + quadlets/homeassistant/homeassistant.pod | 3 + .../jdownloader/jdownloader-config.volume | 7 + .../jdownloader/jdownloader-output.volume | 7 + quadlets/jdownloader/jdownloader.container | 25 + quadlets/jdownloader/jdownloader.pod | 3 + quadlets/kiwix/kiwix-data.volume | 7 + quadlets/kiwix/kiwix.container | 18 + quadlets/kiwix/kiwix.pod | 3 + quadlets/komga/komga-config.volume | 7 + quadlets/komga/komga-data.volume | 7 + quadlets/komga/komga.container | 19 + quadlets/komga/komga.pod | 3 + quadlets/navidrome/navidrome-data.volume | 7 + quadlets/navidrome/navidrome-music.volume | 7 + quadlets/navidrome/navidrome.container | 20 + quadlets/navidrome/navidrome.pod | 3 + quadlets/nextcloud/nextcloud-apps.volume | 7 + quadlets/nextcloud/nextcloud-config.volume | 7 + quadlets/nextcloud/nextcloud-cron.container | 30 + quadlets/nextcloud/nextcloud-data.volume | 7 + .../nextcloud/nextcloud-database.container | 22 + quadlets/nextcloud/nextcloud-database.volume | 7 + quadlets/nextcloud/nextcloud-harp.container | 29 + quadlets/nextcloud/nextcloud-html.volume | 7 + .../nextcloud/nextcloud-php-config.volume | 7 + .../nextcloud/nextcloud-redis-config.volume | 7 + .../nextcloud/nextcloud-redis-data.volume | 7 + quadlets/nextcloud/nextcloud-redis.container | 21 + quadlets/nextcloud/nextcloud-themes.volume | 7 + quadlets/nextcloud/nextcloud.container | 40 + quadlets/nextcloud/nextcloud.pod | 3 + quadlets/nginx/nginx-acme.container | 33 + quadlets/nginx/nginx-acme.volume | 7 + quadlets/nginx/nginx-certs.volume | 7 + quadlets/nginx/nginx-config.volume | 7 + quadlets/nginx/nginx-html.volume | 7 + quadlets/nginx/nginx-stream.volume | 7 + quadlets/nginx/nginx-vhost.volume | 7 + quadlets/nginx/nginx.container | 24 + quadlets/nginx/nginx.pod | 4 + quadlets/pairdrop/pairdrop.container | 21 + quadlets/pairdrop/pairdrop.pod | 3 + quadlets/paperless/gotenberg.container | 18 + quadlets/paperless/paperless-consume.volume | 7 + quadlets/paperless/paperless-data.volume | 7 + .../paperless/paperless-database.container | 21 + quadlets/paperless/paperless-database.volume | 7 + quadlets/paperless/paperless-export.volume | 7 + quadlets/paperless/paperless-media.volume | 7 + .../paperless/paperless-redis-data.volume | 7 + quadlets/paperless/paperless-redis.container | 18 + quadlets/paperless/paperless.container | 43 + quadlets/paperless/paperless.pod | 3 + quadlets/paperless/tika.container | 17 + quadlets/pihole/pihole-config.volume | 7 + quadlets/pihole/pihole-dnsmasq.volume | 7 + quadlets/pihole/pihole.container | 36 + quadlets/pihole/pihole.network | 4 + quadlets/pihole/pihole.pod | 4 + quadlets/pihole/unbound-conf.volume | 7 + quadlets/pihole/unbound-iana.volume | 7 + quadlets/pihole/unbound-log.volume | 7 + quadlets/pihole/unbound-redis-cache.volume | 7 + quadlets/pihole/unbound-redis-conf.volume | 7 + quadlets/pihole/unbound-redis-data.volume | 7 + .../pihole/unbound-redis-socket.container | 19 + quadlets/pihole/unbound-redis.container | 27 + quadlets/pihole/unbound-zones.volume | 7 + quadlets/pihole/unbound.container | 38 + quadlets/pihole/unbound.volume | 7 + quadlets/qbittorrent/gluetun.container | 26 + .../qbittorrent/qbittorrent-config.volume | 7 + .../qbittorrent/qbittorrent-downloads.volume | 7 + quadlets/qbittorrent/qbittorrent.container | 28 + quadlets/qbittorrent/qbittorrent.pod | 6 + quadlets/samba/samba.container | 25 + quadlets/synapse/synapse-data.volume | 7 + quadlets/synapse/synapse-database.container | 26 + quadlets/synapse/synapse-database.volume | 7 + quadlets/synapse/synapse-mautrix.volume | 7 + quadlets/synapse/synapse-media.volume | 7 + quadlets/synapse/synapse.container | 23 + quadlets/synapse/synapse.pod | 4 + quadlets/wallabag/wallabag-database.container | 23 + quadlets/wallabag/wallabag-database.volume | 7 + quadlets/wallabag/wallabag-images.volume | 7 + quadlets/wallabag/wallabag-redis.container | 21 + quadlets/wallabag/wallabag.container | 39 + quadlets/wallabag/wallabag.pod | 3 + services/kiwix/clone-zim-updater.service | 11 + .../nextcloud/pre-generate-preview.service | 6 + services/nextcloud/pre-generate-preview.timer | 11 + services/pihole/update-hints.service | 6 + services/pihole/update-hints.timer | 11 + services/pihole/update-root.service | 6 + services/pihole/update-root.timer | 10 + services/tga/update-dyndns.service | 6 + services/tga/update-dyndns.timer | 10 + user-template.bu | 19 + users/arr.bu | 249 ++++++ users/gitea.bu | 83 ++ users/homeassistant.bu | 67 ++ users/jdownloader.bu | 75 ++ users/kiwix.bu | 61 ++ users/komga.bu | 67 ++ users/navidrome.bu | 75 ++ users/nextcloud.bu | 221 ++++++ users/nginx.bu | 89 +++ users/pairdrop.bu | 39 + users/paperless.bu | 163 ++++ users/pihole.bu | 253 ++++++ users/qbittorrent.bu | 83 ++ users/synapse.bu | 111 +++ users/tga.bu | 55 ++ users/wallabag.bu | 91 +++ 182 files changed, 4742 insertions(+) create mode 100644 .gitignore create mode 100644 .idea/.gitignore create mode 100644 .idea/inspectionProfiles/Project_Default.xml create mode 100644 .idea/misc.xml create mode 100644 .idea/modules.xml create mode 100644 .idea/vcs.xml create mode 100644 files/add-secrets.sh create mode 100644 files/copy-music.service create mode 100644 files/copy-music.timer create mode 100644 files/install-additional-packages.service create mode 100644 files/jail.local create mode 100644 files/move-downloads-nextcloud.service create mode 100644 files/move-downloads-nextcloud.timer create mode 100644 files/poweroff create mode 100644 files/smartd.conf create mode 100644 files/sshd_config create mode 100755 generate-config.sh create mode 100644 home/arr/.secrets create mode 100644 home/gitea/.secrets create mode 100644 home/jdownloader/.secrets create mode 100644 home/navidrome/.secrets create mode 100644 home/nextcloud/.secrets create mode 100644 home/nextcloud/pre-generate-preview.sh create mode 100644 home/paperless/.secrets create mode 100644 home/pihole/.secrets create mode 100644 home/pihole/update-hints.sh create mode 100644 home/pihole/update-root.sh create mode 100644 home/qbittorrent/.secrets create mode 100644 home/root/.secrets create mode 100644 home/root/copy-music.sh create mode 100644 home/root/move-downloads-nextcloud.sh create mode 100644 home/synapse/.secrets create mode 100644 home/tga/.dyndns create mode 100644 home/tga/dyndns.sh create mode 100644 home/wallabag/.secrets create mode 100644 init/configure-firewalld.service create mode 100644 init/configure-firewalld.sh create mode 100644 init/enable-all-quadlets.service create mode 100644 init/enable-all-quadlets.sh create mode 100644 pi4.bu create mode 100644 quadlets/arr/arr.pod create mode 100644 quadlets/arr/bazarr-config.volume create mode 100644 quadlets/arr/bazarr-data.volume create mode 100644 quadlets/arr/bazarr.container create mode 100644 quadlets/arr/gluetun.container create mode 100644 quadlets/arr/lidarr-config.volume create mode 100644 quadlets/arr/lidarr-data.volume create mode 100644 quadlets/arr/lidarr.container create mode 100644 quadlets/arr/overseerr-config.volume create mode 100644 quadlets/arr/overseerr.container create mode 100644 quadlets/arr/prowlarr-config.volume create mode 100644 quadlets/arr/prowlarr-data.volume create mode 100644 quadlets/arr/prowlarr.container create mode 100644 quadlets/arr/radarr-config.volume create mode 100644 quadlets/arr/radarr-data.volume create mode 100644 quadlets/arr/radarr.container create mode 100644 quadlets/arr/sonarr-config.volume create mode 100644 quadlets/arr/sonarr-data.volume create mode 100644 quadlets/arr/sonarr.container create mode 100644 quadlets/gitea/gitea-data.volume create mode 100644 quadlets/gitea/gitea-database.container create mode 100644 quadlets/gitea/gitea-database.volume create mode 100644 quadlets/gitea/gitea.container create mode 100644 quadlets/gitea/gitea.pod create mode 100644 quadlets/homeassistant/homeassistant-config.volume create mode 100644 quadlets/homeassistant/homeassistant-ssh.volume create mode 100644 quadlets/homeassistant/homeassistant.container create mode 100644 quadlets/homeassistant/homeassistant.pod create mode 100644 quadlets/jdownloader/jdownloader-config.volume create mode 100644 quadlets/jdownloader/jdownloader-output.volume create mode 100644 quadlets/jdownloader/jdownloader.container create mode 100644 quadlets/jdownloader/jdownloader.pod create mode 100644 quadlets/kiwix/kiwix-data.volume create mode 100644 quadlets/kiwix/kiwix.container create mode 100644 quadlets/kiwix/kiwix.pod create mode 100644 quadlets/komga/komga-config.volume create mode 100644 quadlets/komga/komga-data.volume create mode 100644 quadlets/komga/komga.container create mode 100644 quadlets/komga/komga.pod create mode 100644 quadlets/navidrome/navidrome-data.volume create mode 100644 quadlets/navidrome/navidrome-music.volume create mode 100644 quadlets/navidrome/navidrome.container create mode 100644 quadlets/navidrome/navidrome.pod create mode 100644 quadlets/nextcloud/nextcloud-apps.volume create mode 100644 quadlets/nextcloud/nextcloud-config.volume create mode 100644 quadlets/nextcloud/nextcloud-cron.container create mode 100644 quadlets/nextcloud/nextcloud-data.volume create mode 100644 quadlets/nextcloud/nextcloud-database.container create mode 100644 quadlets/nextcloud/nextcloud-database.volume create mode 100644 quadlets/nextcloud/nextcloud-harp.container create mode 100644 quadlets/nextcloud/nextcloud-html.volume create mode 100644 quadlets/nextcloud/nextcloud-php-config.volume create mode 100644 quadlets/nextcloud/nextcloud-redis-config.volume create mode 100644 quadlets/nextcloud/nextcloud-redis-data.volume create mode 100644 quadlets/nextcloud/nextcloud-redis.container create mode 100644 quadlets/nextcloud/nextcloud-themes.volume create mode 100644 quadlets/nextcloud/nextcloud.container create mode 100644 quadlets/nextcloud/nextcloud.pod create mode 100644 quadlets/nginx/nginx-acme.container create mode 100644 quadlets/nginx/nginx-acme.volume create mode 100644 quadlets/nginx/nginx-certs.volume create mode 100644 quadlets/nginx/nginx-config.volume create mode 100644 quadlets/nginx/nginx-html.volume create mode 100644 quadlets/nginx/nginx-stream.volume create mode 100644 quadlets/nginx/nginx-vhost.volume create mode 100644 quadlets/nginx/nginx.container create mode 100644 quadlets/nginx/nginx.pod create mode 100644 quadlets/pairdrop/pairdrop.container create mode 100644 quadlets/pairdrop/pairdrop.pod create mode 100644 quadlets/paperless/gotenberg.container create mode 100644 quadlets/paperless/paperless-consume.volume create mode 100644 quadlets/paperless/paperless-data.volume create mode 100644 quadlets/paperless/paperless-database.container create mode 100644 quadlets/paperless/paperless-database.volume create mode 100644 quadlets/paperless/paperless-export.volume create mode 100644 quadlets/paperless/paperless-media.volume create mode 100644 quadlets/paperless/paperless-redis-data.volume create mode 100644 quadlets/paperless/paperless-redis.container create mode 100644 quadlets/paperless/paperless.container create mode 100644 quadlets/paperless/paperless.pod create mode 100644 quadlets/paperless/tika.container create mode 100644 quadlets/pihole/pihole-config.volume create mode 100644 quadlets/pihole/pihole-dnsmasq.volume create mode 100644 quadlets/pihole/pihole.container create mode 100644 quadlets/pihole/pihole.network create mode 100644 quadlets/pihole/pihole.pod create mode 100644 quadlets/pihole/unbound-conf.volume create mode 100644 quadlets/pihole/unbound-iana.volume create mode 100644 quadlets/pihole/unbound-log.volume create mode 100644 quadlets/pihole/unbound-redis-cache.volume create mode 100644 quadlets/pihole/unbound-redis-conf.volume create mode 100644 quadlets/pihole/unbound-redis-data.volume create mode 100644 quadlets/pihole/unbound-redis-socket.container create mode 100644 quadlets/pihole/unbound-redis.container create mode 100644 quadlets/pihole/unbound-zones.volume create mode 100644 quadlets/pihole/unbound.container create mode 100644 quadlets/pihole/unbound.volume create mode 100644 quadlets/qbittorrent/gluetun.container create mode 100644 quadlets/qbittorrent/qbittorrent-config.volume create mode 100644 quadlets/qbittorrent/qbittorrent-downloads.volume create mode 100644 quadlets/qbittorrent/qbittorrent.container create mode 100644 quadlets/qbittorrent/qbittorrent.pod create mode 100644 quadlets/samba/samba.container create mode 100644 quadlets/synapse/synapse-data.volume create mode 100644 quadlets/synapse/synapse-database.container create mode 100644 quadlets/synapse/synapse-database.volume create mode 100644 quadlets/synapse/synapse-mautrix.volume create mode 100644 quadlets/synapse/synapse-media.volume create mode 100644 quadlets/synapse/synapse.container create mode 100644 quadlets/synapse/synapse.pod create mode 100644 quadlets/wallabag/wallabag-database.container create mode 100644 quadlets/wallabag/wallabag-database.volume create mode 100644 quadlets/wallabag/wallabag-images.volume create mode 100644 quadlets/wallabag/wallabag-redis.container create mode 100644 quadlets/wallabag/wallabag.container create mode 100644 quadlets/wallabag/wallabag.pod create mode 100644 services/kiwix/clone-zim-updater.service create mode 100644 services/nextcloud/pre-generate-preview.service create mode 100644 services/nextcloud/pre-generate-preview.timer create mode 100644 services/pihole/update-hints.service create mode 100644 services/pihole/update-hints.timer create mode 100644 services/pihole/update-root.service create mode 100644 services/pihole/update-root.timer create mode 100644 services/tga/update-dyndns.service create mode 100644 services/tga/update-dyndns.timer create mode 100644 user-template.bu create mode 100644 users/arr.bu create mode 100644 users/gitea.bu create mode 100644 users/homeassistant.bu create mode 100644 users/jdownloader.bu create mode 100644 users/kiwix.bu create mode 100644 users/komga.bu create mode 100644 users/navidrome.bu create mode 100644 users/nextcloud.bu create mode 100644 users/nginx.bu create mode 100644 users/pairdrop.bu create mode 100644 users/paperless.bu create mode 100644 users/pihole.bu create mode 100644 users/qbittorrent.bu create mode 100644 users/synapse.bu create mode 100644 users/tga.bu create mode 100644 users/wallabag.bu diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ba1d97c --- /dev/null +++ b/.gitignore @@ -0,0 +1,87 @@ +# Covers JetBrains IDEs: IntelliJ, GoLand, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/**/usage.statistics.xml +.idea/**/dictionaries +.idea/**/shelf + +# AWS User-specific +.idea/**/aws.xml + +# Generated files +.idea/**/contentModel.xml + +# Sensitive or high-churn files +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml +.idea/**/dbnavigator.xml + +# Gradle +.idea/**/gradle.xml +.idea/**/libraries + +# Gradle and Maven with auto-import +# When using Gradle or Maven with auto-import, you should exclude module files, +# since they will be recreated, and may cause churn. Uncomment if using +# auto-import. +# .idea/artifacts +# .idea/compiler.xml +# .idea/jarRepositories.xml +# .idea/modules.xml +# .idea/*.iml +# .idea/modules +# *.iml +# *.ipr + +# CMake +cmake-build-*/ + +# Mongo Explorer plugin +.idea/**/mongoSettings.xml + +# File-based project format +*.iws + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# SonarLint plugin +.idea/sonarlint/ +.idea/sonarlint.xml # see https://community.sonarsource.com/t/is-the-file-idea-idea-idea-sonarlint-xml-intended-to-be-under-source-control/121119 + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties + +# Editor-based HTTP Client +.idea/httpRequests +http-client.private.env.json + +# Android studio 3.1+ serialized cache file +.idea/caches/build_file_checksums.ser + +# Apifox Helper cache +.idea/.cache/.Apifox_Helper +.idea/ApifoxUploaderProjectSetting.xml + +**/*.ign +*.iml +data/ diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 0000000..13566b8 --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,8 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml new file mode 100644 index 0000000..79ee8c7 --- /dev/null +++ b/.idea/inspectionProfiles/Project_Default.xml @@ -0,0 +1,741 @@ + + + + \ No newline at end of file diff --git a/.idea/misc.xml b/.idea/misc.xml new file mode 100644 index 0000000..639900d --- /dev/null +++ b/.idea/misc.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml new file mode 100644 index 0000000..da341a6 --- /dev/null +++ b/.idea/modules.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 0000000..94a25f7 --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/files/add-secrets.sh b/files/add-secrets.sh new file mode 100644 index 0000000..bc4012f --- /dev/null +++ b/files/add-secrets.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -o errexit -o pipefail -o noclobber -o nounset -o errtrace -o functrace + +file="$1" +if [[ ! -f "${file}" ]]; then + echo "File ${file} does not exist" + exit 1 +fi + +while read -r line; do + secret="${line%%=*}" + value="${line#*=}" + echo "Adding secret ${secret}" + printf '%s' "${value}" | podman secret create "${secret}" - +done < "${file}" +rm -f "${file}" diff --git a/files/copy-music.service b/files/copy-music.service new file mode 100644 index 0000000..52824de --- /dev/null +++ b/files/copy-music.service @@ -0,0 +1,9 @@ +[Unit] +Description=Copies the music from Nextcloud to Navidrome + +[Service] +Type=oneshot +ExecStart=/root/scripts/copy-music.sh + +[Install] +WantedBy=multi-user.target diff --git a/files/copy-music.timer b/files/copy-music.timer new file mode 100644 index 0000000..02bef31 --- /dev/null +++ b/files/copy-music.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Timer for the copy-music service + +[Timer] +OnCalendar=12:00:00 +OnCalendar=20:00:00 +Persistent=true +Unit=copy-music.service + +[Install] +WantedBy=timers.target diff --git a/files/install-additional-packages.service b/files/install-additional-packages.service new file mode 100644 index 0000000..6295a89 --- /dev/null +++ b/files/install-additional-packages.service @@ -0,0 +1,27 @@ +[Unit] +Description=Layer packages with rpm-ostree +Wants=network-online.target +After=network-online.target +# We run before `zincati.service` to avoid conflicting rpm-ostree +# transactions. +Before=zincati.service +ConditionPathExists=!/var/lib/additional-packages.stamp + +[Service] +Type=oneshot +RemainAfterExit=yes +# `--allow-inactive` ensures that rpm-ostree does not return an error +# if the package is already installed. This is useful if the package is +# added to the root image in a future Fedora CoreOS release as it will +# prevent the service from failing. +ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive firewalld fail2ban fail2ban-firewalld setroubleshoot-server setools +ExecStart=/bin/touch /var/lib/additional-packages.stamp +ExecStart=/bin/systemctl enable configure-firewalld.service enable-all-quadlets.service move-downloads-nextcloud.timer copy-music.timer +ExecStart=semanage fcontext -a -t bin_t "/var/opt/bin(/.*)?" +ExecStart=semanage fcontext -a -t bin_t "/root/scripts(/.*)?" +ExecStart=restorecon -vR /var/opt/bin +ExecStart=restorecon -vR /root/scripts +ExecStart=/bin/systemctl --no-block reboot + +[Install] +WantedBy=multi-user.target diff --git a/files/jail.local b/files/jail.local new file mode 100644 index 0000000..1e1b12e --- /dev/null +++ b/files/jail.local @@ -0,0 +1,9 @@ +[DEFAULT] +banaction = firewallcmd-rich-rules[actiontype=] +banaction_allports = firewallcmd-rich-rules[actiontype=] +bantime = 1h +bantime.multipliers = 1 5 30 60 300 720 1440 2880 +ignoreip = 127.0.0.1/8 ::1 + +[sshd] +enabled = true diff --git a/files/move-downloads-nextcloud.service b/files/move-downloads-nextcloud.service new file mode 100644 index 0000000..c640cf3 --- /dev/null +++ b/files/move-downloads-nextcloud.service @@ -0,0 +1,9 @@ +[Unit] +Description=Move the completed torrents and jdownloader downloads to nextcloud + +[Service] +Type=oneshot +ExecStart=/root/scripts/move-downloads-nextcloud.sh + +[Install] +WantedBy=multi-user.target diff --git a/files/move-downloads-nextcloud.timer b/files/move-downloads-nextcloud.timer new file mode 100644 index 0000000..7d9e71e --- /dev/null +++ b/files/move-downloads-nextcloud.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Timer for the move-downloads-nextcloud service + +[Timer] +OnCalendar=12:00:00 +OnCalendar=20:00:00 +Persistent=true +Unit=move-downloads-nextcloud.service + +[Install] +WantedBy=timers.target diff --git a/files/poweroff b/files/poweroff new file mode 100644 index 0000000..59b4a03 --- /dev/null +++ b/files/poweroff @@ -0,0 +1 @@ +homeassistant ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown diff --git a/files/smartd.conf b/files/smartd.conf new file mode 100644 index 0000000..9bc342c --- /dev/null +++ b/files/smartd.conf @@ -0,0 +1,2 @@ +/dev/disk/by-id/ata-WDC_WD120EFBX-68B0EN0_5QKYB19B -a -o on -S on -n standby,q -s (S/../.././12|L/../01/./08) -W 4,45,60 -m tga +/dev/disk/by-id/ata-WDC_WD120EFGX-68CPHN0_WD-B00K2ELD -a -o on -S on -n standby,q -s (S/../.././12|L/../01/./08) -W 4,45,60 -m tga diff --git a/files/sshd_config b/files/sshd_config new file mode 100644 index 0000000..b468d05 --- /dev/null +++ b/files/sshd_config @@ -0,0 +1,2 @@ +PasswordAuthentication no +AllowUsers tga homeassistant git diff --git a/generate-config.sh b/generate-config.sh new file mode 100755 index 0000000..fa6d321 --- /dev/null +++ b/generate-config.sh @@ -0,0 +1,87 @@ +#!/bin/bash +set -o errexit -o pipefail -o noclobber -o nounset -o errtrace -o functrace + +shopt -s dotglob + +quadlet_template=" + - path: /home/__USER__/.config/containers/systemd/user/__FILE__ + mode: 0644 + contents: + local: quadlets/__USER__/__FILE__ + user: + name: __USER__ + group: + name: __USER__" +home_template=" + - path: /var/home/__USER__/__FILE__ + mode: 0755 + contents: + local: home/__USER__/__FILE__ + user: + name: __USER__ + group: + name: __USER__" +service_template=" + - path: /var/home/__USER__/.config/systemd/user/__FILE__ + mode: 0755 + contents: + local: services/__USER__/__FILE__ + user: + name: __USER__ + group: + name: __USER__" +directory_template=" + - path: /var/mnt/nas/containers/__USER__/storage/__VOLUME__ + mode: 0755 + user: + name: __USER__ + group: + name: __USER__" +files_template=" + files: + - path: /var/lib/systemd/linger/__USER__ + mode: 0644" +users=('arr' 'gitea' 'homeassistant' 'jdownloader' 'kiwix' 'komga' 'navidrome' 'nextcloud' 'nginx' 'pairdrop' 'paperless' 'pihole' 'qbittorrent' 'synapse' 'tga' 'wallabag') +mkdir -p users +for user in "${users[@]}"; do + user_butane="users/${user}.bu" + sed "s/__USER__/${user}/g" user-template.bu >| "${user_butane}" + if [[ -d "quadlets/${user}" ]]; then + directory_template_user="${directory_template//__USER__/${user}}" + for file in "quadlets/${user}/"*.volume; do + if [[ -f "${file}" ]]; then + content="$(grep "Device" "${file}")" + if [[ "${content}" =~ ^Device=/var/mnt/nas/containers/${user}/storage/(.+)$ ]]; then + volume="${BASH_REMATCH[1]}" + printf '%s' "${directory_template_user//__VOLUME__/${volume}}" >> "${user_butane}" + else + echo "Not found! ${content}" + fi + fi + done + fi + printf '%s' "${files_template//__USER__/${user}}" >> "${user_butane}" + if [[ -d "quadlets/${user}" ]]; then + quadlet_template_user="${quadlet_template//__USER__/${user}}" + for file in "quadlets/${user}/"*; do + filename="$(basename "${file}")" + printf '%s' "${quadlet_template_user//__FILE__/${filename}}" >> "${user_butane}" + done + fi + if [[ -d "home/${user}" ]]; then + home_template_user="${home_template//__USER__/${user}}" + for file in "home/${user}/"*; do + filename="$(basename "${file}")" + printf '%s' "${home_template_user//__FILE__/${filename}}" >> "${user_butane}" + done + fi + if [[ -d "services/${user}" ]]; then + service_template_user="${service_template//__USER__/${user}}" + for file in "services/${user}/"*; do + filename="$(basename "${file}")" + printf '%s' "${service_template_user//__FILE__/${filename}}" >> "${user_butane}" + done + fi + podman run --rm --interactive --security-opt label=disable --volume "${PWD}:/pwd" --workdir /pwd quay.io/coreos/butane:release --pretty --strict -d /pwd "${user_butane}" >| "users/${user}.ign" +done +podman run --rm --interactive --security-opt label=disable --volume "${PWD}:/pwd" --workdir /pwd quay.io/coreos/butane:release --pretty --strict -d /pwd pi4.bu >| pi4.ign diff --git a/home/arr/.secrets b/home/arr/.secrets new file mode 100644 index 0000000..d419999 --- /dev/null +++ b/home/arr/.secrets @@ -0,0 +1,2 @@ +vpn-password=em7nvgebJxKfLudBaP2kL5sW +vpn-user=qkidWqgZDC8CxDmPaHiHyMY4 diff --git a/home/gitea/.secrets b/home/gitea/.secrets new file mode 100644 index 0000000..d83cde7 --- /dev/null +++ b/home/gitea/.secrets @@ -0,0 +1 @@ +database-password=gD6J2CRDpRGI5f14QSmF0SuBdhYAEDdy diff --git a/home/jdownloader/.secrets b/home/jdownloader/.secrets new file mode 100644 index 0000000..aa7fedf --- /dev/null +++ b/home/jdownloader/.secrets @@ -0,0 +1,2 @@ +jdownloader-email=guillaume.tache@gmail.com +jdownloader-password=^v2NL*!4GL*Ry%~B diff --git a/home/navidrome/.secrets b/home/navidrome/.secrets new file mode 100644 index 0000000..2ac5cd0 --- /dev/null +++ b/home/navidrome/.secrets @@ -0,0 +1 @@ +encryption-key=dFUu7Iu7tDrRtOOwFrgCAbgEuTvXeFKj diff --git a/home/nextcloud/.secrets b/home/nextcloud/.secrets new file mode 100644 index 0000000..956aefc --- /dev/null +++ b/home/nextcloud/.secrets @@ -0,0 +1,6 @@ +database-password=7w6,{R_C=LdZ@9iy +database-root-password=[-B#xMVj~\3X*vC> +database-user=nextcloud +nextcloud-admin-password=tcf@fg]%2BL]K*p` +nextcloud-admin-user=admin +nextcloud-redis-password=AznBSv9lCflXg2z0 diff --git a/home/nextcloud/pre-generate-preview.sh b/home/nextcloud/pre-generate-preview.sh new file mode 100644 index 0000000..7f8a3d0 --- /dev/null +++ b/home/nextcloud/pre-generate-preview.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -o errexit -o pipefail -o noclobber -o nounset + +podman exec nextcloud ./occ preview:pre-generate diff --git a/home/paperless/.secrets b/home/paperless/.secrets new file mode 100644 index 0000000..8523dca --- /dev/null +++ b/home/paperless/.secrets @@ -0,0 +1,2 @@ +database-password=paperless +paperless-secret-key=9+Zw}(Nqv<>#@=s2^%a_hMlh@fBmmQch[<_dS{#tP=^b8S)*{Mc(JrI1SmK`r4=n diff --git a/home/pihole/.secrets b/home/pihole/.secrets new file mode 100644 index 0000000..2d93b3e --- /dev/null +++ b/home/pihole/.secrets @@ -0,0 +1 @@ +webserver-password=.\_,`>ol9=.f+Y{R diff --git a/home/pihole/update-hints.sh b/home/pihole/update-hints.sh new file mode 100644 index 0000000..e5186e5 --- /dev/null +++ b/home/pihole/update-hints.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -o errexit -o noclobber -o pipefail -o nounset + +podman exec unbound sh -c "/usr/bin/curl -sSL https://www.internic.net/domain/named.cache -o /usr/local/unbound/iana.d/root.hints" diff --git a/home/pihole/update-root.sh b/home/pihole/update-root.sh new file mode 100644 index 0000000..4991efd --- /dev/null +++ b/home/pihole/update-root.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -o errexit -o noclobber -o pipefail -o nounset + +podman exec unbound sh -c "curl -sSL https://www.internic.net/domain/named.cache -o /usr/local/unbound/iana.d/root.hints" +podman exec unbound sh -c "curl -sSL https://www.internic.net/domain/root.zone -o /usr/local/unbound/iana.d/root.zone" +podman exec unbound sh -c "unbound-anchor -v -a /usr/local/unbound/iana.d/root.key" +systemctl --user restart unbound diff --git a/home/qbittorrent/.secrets b/home/qbittorrent/.secrets new file mode 100644 index 0000000..d419999 --- /dev/null +++ b/home/qbittorrent/.secrets @@ -0,0 +1,2 @@ +vpn-password=em7nvgebJxKfLudBaP2kL5sW +vpn-user=qkidWqgZDC8CxDmPaHiHyMY4 diff --git a/home/root/.secrets b/home/root/.secrets new file mode 100644 index 0000000..9fedf5e --- /dev/null +++ b/home/root/.secrets @@ -0,0 +1,2 @@ +tga-credentials=tga:9yL5b4+WqM +zero-credentials=zero:38cjbsqogkHbsq36uXkWgCpla3cxYopL diff --git a/home/root/copy-music.sh b/home/root/copy-music.sh new file mode 100644 index 0000000..468d0ab --- /dev/null +++ b/home/root/copy-music.sh @@ -0,0 +1,8 @@ +#!/bin/bash +set -o errexit -o pipefail -o noclobber -o nounset + +target=/var/mnt/nas/containers/navidrome/storage/music +ugid="$(stat -c "%U:%G" "${target}")" +source=/var/mnt/nas/containers/nextcloud/storage/data/__groupfolders/1/media/music +podman run --rm -v "${source}":/input -v "${target}":/output docker.io/eeacms/rsync -a /input /output +chown -R "${ugid}" "${target}" diff --git a/home/root/move-downloads-nextcloud.sh b/home/root/move-downloads-nextcloud.sh new file mode 100644 index 0000000..18dd03d --- /dev/null +++ b/home/root/move-downloads-nextcloud.sh @@ -0,0 +1,28 @@ +#!/bin/bash +set -o errexit -o pipefail -o noclobber -o nounset + +echo "Running $(date)" +torrents=/var/mnt/nas/containers/qbittorrent/storage/torrents +jdownloader=/var/mnt/nas/containers/jdownloader/storage/output/completed +target=/var/mnt/nas/containers/nextcloud/storage/data/__groupfolders/1/downloads + +num_torrents="$(find "${torrents}" -maxdepth 1 -type f | wc -l)" || echo 0 +if [[ "${num_torrents}" -gt 0 ]]; then + find "${torrents}" -maxdepth 1 -type f -exec mv {} "${target}/" \; +fi +echo "Found ${num_torrents} torrent files" +num_jdownloader="$(ls "${jdownloader}" | wc -l)" || echo 0 +if [[ "${num_jdownloader}" -gt 0 ]]; then + mv "${jdownloader}/"* "${target}/" +fi +echo "Found ${num_jdownloader} jdownloader files" +total_files=$(("${num_torrents}" + "${num_jdownloader}")) +if [[ "${total_files}" -gt 0 ]]; then + ugid="$(stat -c "%U:%G" "${target}")" + chown -R "${ugid}" "${target}/"* + chmod 755 "${target}/"* + echo "Running podman" + cd /var/home/nextcloud + sudo -u nextcloud podman exec -it nextcloud bash -c "/var/www/html/occ groupfolders:scan 1" + cd - +fi diff --git a/home/synapse/.secrets b/home/synapse/.secrets new file mode 100644 index 0000000..7095d4c --- /dev/null +++ b/home/synapse/.secrets @@ -0,0 +1 @@ +database-password=EdW2lUOj6kY8Z2ti07wB diff --git a/home/tga/.dyndns b/home/tga/.dyndns new file mode 100644 index 0000000..85a9b0d --- /dev/null +++ b/home/tga/.dyndns @@ -0,0 +1 @@ +username=tga&password=xpkV4kGDH592WZ394fTv&hostname=gtache.ch diff --git a/home/tga/dyndns.sh b/home/tga/dyndns.sh new file mode 100644 index 0000000..4a8e25f --- /dev/null +++ b/home/tga/dyndns.sh @@ -0,0 +1,13 @@ +#!/bin/bash +set -o errexit -o pipefail -o noclobber -o nounset -o errtrace -o functrace + +update_url=https://infomaniak.com/nic/update +subdomains=(git home komga mail matrix mealie navidrome nextcloud nexus odoo paperless photos pihole torrent wallabag) +data_file="${HOME}/.dyndns" +file="${HOME}/tmp_data.txt" +for subdomain in "${subdomains[@]}"; do + sed "s/gtache.ch/${subdomain}.gtache.ch/" "${data_file}" >| "${file}" + curl -d "@${file}" -X POST "${update_url}" +done +rm -f "${file}" +curl -d "@${data_file}" -X POST "${update_url}" diff --git a/home/wallabag/.secrets b/home/wallabag/.secrets new file mode 100644 index 0000000..baa08e7 --- /dev/null +++ b/home/wallabag/.secrets @@ -0,0 +1,2 @@ +database-password=YdBYea47YBCpjhL7ped9 +database-root-password=zUMuEkTzOG8CH8VjvLXE diff --git a/init/configure-firewalld.service b/init/configure-firewalld.service new file mode 100644 index 0000000..d5fbbe4 --- /dev/null +++ b/init/configure-firewalld.service @@ -0,0 +1,14 @@ +# Enabled by install-additional-packages.service to run after first reboot +[Unit] +After=network-online.target +Wants=network-online.target +ConditionPathExists=!/var/lib/configure-firewalld + +[Service] +Type=oneshot +ExecStart=/opt/bin/configure-firewalld.sh +ExecStartPost=/usr/bin/touch /var/lib/configure-firewalld +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target diff --git a/init/configure-firewalld.sh b/init/configure-firewalld.sh new file mode 100644 index 0000000..4a45489 --- /dev/null +++ b/init/configure-firewalld.sh @@ -0,0 +1,48 @@ +#!/bin/bash +set -o errexit -o pipefail -o noclobber -o nounset -o errtrace -o functrace + +# Run after first reboot when firewalld and fail2ban are installed +systemctl enable --now firewalld + +firewall-cmd --zone=internal --add-source=192.168.0.0/16 --add-source=172.16.0.0/12 --add-source=10.0.0.0/8 --permanent +firewall-cmd --zone=internal --add-service=ssh --permanent +firewall-cmd --zone=internal --add-service=dns --permanent +firewall-cmd --zone=internal --add-service=samba --permanent +firewall-cmd --zone=internal --add-port=5335/tcp --permanent +firewall-cmd --zone=internal --add-port=5335/udp --permanent +firewall-cmd --zone=internal --add-port=3129/tcp --permanent +firewall-cmd --zone=internal --add-port=3129/udp --permanent +firewall-cmd --zone=internal --add-port=9090/tcp --permanent +firewall-cmd --zone=internal --add-port=9090/udp --permanent +firewall-cmd --zone=internal --add-port=2222/tcp --permanent + +firewall-cmd --add-service=http --permanent +firewall-cmd --add-service=https --permanent +firewall-cmd --add-port=8080/tcp --permanent +firewall-cmd --add-port=8080/udp --permanent +firewall-cmd --add-port=4443/tcp --permanent +firewall-cmd --add-port=4443/udp --permanent +firewall-cmd --add-port=6881/tcp --permanent +firewall-cmd --zone=internal --add-service=http --permanent +firewall-cmd --zone=internal --add-service=https --permanent +firewall-cmd --zone=internal --add-port=8080/tcp --permanent +firewall-cmd --zone=internal --add-port=8080/udp --permanent +firewall-cmd --zone=internal --add-port=4443/tcp --permanent +firewall-cmd --zone=internal --add-port=4443/udp --permanent +firewall-cmd --zone=internal --add-port=6881/tcp --permanent + +firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080 --permanent +firewall-cmd --add-forward-port=port=80:proto=udp:toport=8080 --permanent +firewall-cmd --add-forward-port=port=443:proto=tcp:toport=4443 --permanent +firewall-cmd --add-forward-port=port=443:proto=udp:toport=4443 --permanent +firewall-cmd --zone=internal --add-forward-port=port=80:proto=tcp:toport=8080 --permanent +firewall-cmd --zone=internal --add-forward-port=port=80:proto=udp:toport=8080 --permanent +firewall-cmd --zone=internal --add-forward-port=port=443:proto=tcp:toport=4443 --permanent +firewall-cmd --zone=internal --add-forward-port=port=443:proto=udp:toport=4443 --permanent + +firewall-cmd --reload + +mv /root/jail.local /etc/fail2ban/jail.local +restorecon -v /etc/fail2ban/jail.local + +systemctl enable --now fail2ban diff --git a/init/enable-all-quadlets.service b/init/enable-all-quadlets.service new file mode 100644 index 0000000..48cace4 --- /dev/null +++ b/init/enable-all-quadlets.service @@ -0,0 +1,15 @@ +[Unit] +After=systemd-user-sessions.service +After=network-online.target +Wants=network-online.target +Wants=systemd-user-sessions.service +ConditionPathExists=!/var/lib/quadlets-enabled + +[Service] +Type=oneshot +ExecStart=/opt/bin/enable-all-quadlets.sh +ExecStartPost=/usr/bin/touch /var/lib/quadlets-enabled +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target diff --git a/init/enable-all-quadlets.sh b/init/enable-all-quadlets.sh new file mode 100644 index 0000000..f903cc0 --- /dev/null +++ b/init/enable-all-quadlets.sh @@ -0,0 +1,35 @@ +#!/bin/bash +set -o errexit -o pipefail -o noclobber -o nounset -o errtrace -o functrace + +setsebool -P container_use_devices on +setsebool -P openvpn_run_unconfined on +semanage fcontext -a -t container_file_t "/mnt/nas(/.*)?" +#semanage fcontext -a -t container_file_t "/mnt/nas/containers/.*/storage/.*(/.*)?" +restorecon -vR /mnt/nas + +users=("gitea" "homeassistant" "jdownloader" "kiwix" "komga" "navidrome" "nextcloud" "nginx" "pairdrop" "paperless" "pihole" "qbittorrent" "synapse" "wallabag") +for user in "${users[@]}"; do + chown -R "${user}:${user}" "/var/home/${user}" + secrets_file="/var/home/${user}/.secrets" + if [[ -f "${secrets_file}" ]];then + sudo -u "${user}" /opt/bin/add-secrets.sh "${secrets_file}" + fi + systemctl --user -M "${user}@" daemon-reload + systemctl --user -M "${user}@" enable --now "podman-auto-update.timer" || true + systemctl --user -M "${user}@" stop "${user}.service" || true + systemctl --user -M "${user}@" start "${user}.service" + echo "${user} done" +done +systemctl --user -M "arr@" daemon-reload +systemctl --user -M "arr@" start "overseerr.service" +systemctl --user -M "tga@" daemon-reload +systemctl --user -M "tga@" enable --now "update-dyndns.timer" + +systemctl --user -M "kiwix@" enable --now "clone-zim-updater.service" +systemctl --user -M "nextcloud@" enable --now "pre-generate-preview.timer" +systemctl --user -M "pihole@" enable --now "update-hints.timer" +systemctl --user -M "pihole@" enable --now "update-root.timer" + +/opt/bin/add-secrets.sh /root/.secrets +systemctl daemon-reload +systemctl start samba.service diff --git a/pi4.bu b/pi4.bu new file mode 100644 index 0000000..11f1e1f --- /dev/null +++ b/pi4.bu @@ -0,0 +1,143 @@ +variant: fcos +version: 1.6.0 +ignition: + config: + merge: + - local: users/arr.ign + - local: users/gitea.ign + - local: users/homeassistant.ign + - local: users/jdownloader.ign + - local: users/kiwix.ign + - local: users/komga.ign + - local: users/navidrome.ign + - local: users/nextcloud.ign + - local: users/nginx.ign + - local: users/pairdrop.ign + - local: users/paperless.ign + - local: users/pihole.ign + - local: users/qbittorrent.ign + - local: users/synapse.ign + - local: users/tga.ign + - local: users/wallabag.ign +passwd: + users: + - name: tga + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU3HVxgnW01J1p7fzs3urKETfkhH++liutmaqe4xe20 tga@fedora + groups: + - sudo + - wheel + - name: zero +storage: + disks: + - device: /dev/disk/by-id/ata-WDC_WD120EFBX-68B0EN0_5QKYB19B + wipe_table: false + partitions: + - number: 1 + start_mib: 0 + wipe_partition_entry: false + should_exist: true + resize: false + - device : /dev/disk/by-id/ata-WDC_WD120EFGX-68CPHN0_WD-B00K2ELD + wipe_table: false + partitions: + - number: 1 + start_mib: 0 + wipe_partition_entry: false + should_exist: true + resize: false + filesystems: + - device: /dev/disk/by-label/nas + format: btrfs + path: /var/mnt/nas + wipe_filesystem: false + label: nas + uuid: ddc68e10-2b26-4267-ad9c-8ee7753497d9 + mount_options: + - defaults + - noatime + - nofail + with_mount_unit: true + files: + - path: /opt/bin/enable-all-quadlets.sh + contents: + local: init/enable-all-quadlets.sh + mode: 0755 + - path: /opt/bin/configure-firewalld.sh + contents: + local: init/configure-firewalld.sh + mode: 0755 + - path: /opt/bin/add-secrets.sh + contents: + local: files/add-secrets.sh + mode: 0755 + - path: /etc/containers/systemd/samba.container + contents: + local: quadlets/samba/samba.container + - path: /root/.secrets + mode: 0600 + contents: + local: /home/root/.secrets + - path: /root/scripts/move-downloads-nextcloud.sh + mode: 0755 + contents: + local: /home/root/move-downloads-nextcloud.sh + - path: /root/scripts/copy-music.sh + mode: 0755 + contents: + local: /home/root/copy-music.sh + - path: /etc/ssh/sshd_config.d/99-custom + mode: 0644 + contents: + local: files/sshd_config + - path: /etc/smartmontools/smartd.conf + mode: 0644 + overwrite: true + contents: + local: files/smartd.conf + - path: /etc/sudoers.d/99-poweroff + mode: 0644 + contents: + local: files/poweroff + - path: /root/jail.local + mode: 0644 + contents: + local: files/jail.local +systemd: + units: + - name: fstrim.timer + enabled: true + mask: false + - name: docker.service + enabled: false + mask: true + - name: enable-all-quadlets.service + enabled: false + contents_local: init/enable-all-quadlets.service + mask: false + - name: configure-firewalld.service + enabled: false + contents_local: init/configure-firewalld.service + mask: false + - name: move-downloads-nextcloud.timer + enabled: false + contents_local: files/move-downloads-nextcloud.timer + mask: false + - name: move-downloads-nextcloud.service + enabled: false + contents_local: files/move-downloads-nextcloud.service + mask: false + - name: copy-music.timer + enabled: false + contents_local: files/copy-music.timer + mask: false + - name: copy-music.service + enabled: false + contents_local: files/copy-music.service + mask: false + - name: install-additional-packages.service + enabled: true + contents_local: files/install-additional-packages.service + mask: false +boot_device: + layout: aarch64 diff --git a/quadlets/arr/arr.pod b/quadlets/arr/arr.pod new file mode 100644 index 0000000..84ec8d5 --- /dev/null +++ b/quadlets/arr/arr.pod @@ -0,0 +1,8 @@ +[Pod] +PodName=arr +PublishPort=9018:8080 +PublishPort=9019:8686 +PublishPort=9020:8989 +PublishPort=9021:9696 +PublishPort=9022:7878 +PublishPort=9023:6767 \ No newline at end of file diff --git a/quadlets/arr/bazarr-config.volume b/quadlets/arr/bazarr-config.volume new file mode 100644 index 0000000..2f6f4e0 --- /dev/null +++ b/quadlets/arr/bazarr-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/arr/storage/bazarr-config +Driver=local +Options=bind +Type=none +VolumeName=bazarr-config diff --git a/quadlets/arr/bazarr-data.volume b/quadlets/arr/bazarr-data.volume new file mode 100644 index 0000000..42476e2 --- /dev/null +++ b/quadlets/arr/bazarr-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/arr/storage/bazarr-data +Driver=local +Options=bind +Type=none +VolumeName=bazarr-data diff --git a/quadlets/arr/bazarr.container b/quadlets/arr/bazarr.container new file mode 100644 index 0000000..28ab671 --- /dev/null +++ b/quadlets/arr/bazarr.container @@ -0,0 +1,24 @@ +[Unit] +Description=Bazarr container +After=gluetun.container +Requires=gluetun.container + +[Container] +AutoUpdate=registry +ContainerName=bazarr +Environment=PGID=1000 +Environment=PUID=1000 +Environment=TZ=Europe/Zurich +Image=lscr.io/linuxserver/bazarr:latest +Network=gluetun.container +Pod=arr.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=bazarr-config.volume:/config +Volume=bazarr-data.volume:/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/arr/gluetun.container b/quadlets/arr/gluetun.container new file mode 100644 index 0000000..1bd182a --- /dev/null +++ b/quadlets/arr/gluetun.container @@ -0,0 +1,26 @@ +[Unit] +Description=Arr* Gluetun container + +[Container] +AddCapability=NET_ADMIN +AddDevice=/dev/net/tun:/dev/net/tun +AutoUpdate=registry +ContainerName=gluetun +Environment=OPENVPN_VERSION=2.5 +Environment=SERVER_COUNTRIES=Netherlands +Environment=UPDATER_PERIOD= +Environment=VPN_SERVICE_PROVIDER=nordvpn +Environment=VPN_TYPE=openvpn +Environment=TZ=Europe/Zurich +Image=docker.io/qmcgaw/gluetun:v3.40 +Pod=arr.pod +Secret=vpn-user,type=env,target=OPENVPN_USER +Secret=vpn-password,type=env,target=OPENVPN_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/arr/lidarr-config.volume b/quadlets/arr/lidarr-config.volume new file mode 100644 index 0000000..4d20dcf --- /dev/null +++ b/quadlets/arr/lidarr-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/arr/storage/lidarr-config +Driver=local +Options=bind +Type=none +VolumeName=lidarr-config diff --git a/quadlets/arr/lidarr-data.volume b/quadlets/arr/lidarr-data.volume new file mode 100644 index 0000000..939cf46 --- /dev/null +++ b/quadlets/arr/lidarr-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/arr/storage/lidarr-data +Driver=local +Options=bind +Type=none +VolumeName=lidarr-data diff --git a/quadlets/arr/lidarr.container b/quadlets/arr/lidarr.container new file mode 100644 index 0000000..5563c16 --- /dev/null +++ b/quadlets/arr/lidarr.container @@ -0,0 +1,24 @@ +[Unit] +Description=Lidarr container +After=gluetun.container +Requires=gluetun.container + +[Container] +AutoUpdate=registry +ContainerName=lidarr +Environment=PGID=1000 +Environment=PUID=1000 +Environment=TZ=Europe/Zurich +Image=lscr.io/linuxserver/lidarr:latest +Network=gluetun.container +Pod=arr.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=lidarr-config.volume:/config +Volume=lidarr-data.volume:/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/arr/overseerr-config.volume b/quadlets/arr/overseerr-config.volume new file mode 100644 index 0000000..145c027 --- /dev/null +++ b/quadlets/arr/overseerr-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/arr/storage/overseerr-config +Driver=local +Options=bind +Type=none +VolumeName=overseerr-config diff --git a/quadlets/arr/overseerr.container b/quadlets/arr/overseerr.container new file mode 100644 index 0000000..42d27e6 --- /dev/null +++ b/quadlets/arr/overseerr.container @@ -0,0 +1,23 @@ +[Unit] +Description=Overseerr container +After=gluetun.container +Requires=gluetun.container + +[Container] +AutoUpdate=registry +ContainerName=overseerr +Environment=LOG_LEVEL=debug +Environment=PORT=8080 +Environment=TZ=Europe/Zurich +Image=docker.io/sctx/overseerr:latest +Network=gluetun.container +Pod=arr.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=overseerr-config.volume:/app/config + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/arr/prowlarr-config.volume b/quadlets/arr/prowlarr-config.volume new file mode 100644 index 0000000..ba10ac1 --- /dev/null +++ b/quadlets/arr/prowlarr-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/arr/storage/prowlarr-config +Driver=local +Options=bind +Type=none +VolumeName=prowlarr-config diff --git a/quadlets/arr/prowlarr-data.volume b/quadlets/arr/prowlarr-data.volume new file mode 100644 index 0000000..8892f92 --- /dev/null +++ b/quadlets/arr/prowlarr-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/arr/storage/prowlarr-data +Driver=local +Options=bind +Type=none +VolumeName=prowlarr-data diff --git a/quadlets/arr/prowlarr.container b/quadlets/arr/prowlarr.container new file mode 100644 index 0000000..ca9e893 --- /dev/null +++ b/quadlets/arr/prowlarr.container @@ -0,0 +1,24 @@ +[Unit] +Description=Prowlarr container +After=gluetun.container +Requires=gluetun.container + +[Container] +AutoUpdate=registry +ContainerName=prowlarr +Environment=PGID=1000 +Environment=PUID=1000 +Environment=TZ=Europe/Zurich +Image=lscr.io/linuxserver/prowlarr:latest +Network=gluetun.container +Pod=arr.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=prowlarr-config.volume:/config +Volume=prowlarr-data.volume:/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/arr/radarr-config.volume b/quadlets/arr/radarr-config.volume new file mode 100644 index 0000000..05a6ff6 --- /dev/null +++ b/quadlets/arr/radarr-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/arr/storage/radarr-config +Driver=local +Options=bind +Type=none +VolumeName=radarr-config diff --git a/quadlets/arr/radarr-data.volume b/quadlets/arr/radarr-data.volume new file mode 100644 index 0000000..b46a9cd --- /dev/null +++ b/quadlets/arr/radarr-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/arr/storage/radarr-data +Driver=local +Options=bind +Type=none +VolumeName=radarr-data diff --git a/quadlets/arr/radarr.container b/quadlets/arr/radarr.container new file mode 100644 index 0000000..126ea40 --- /dev/null +++ b/quadlets/arr/radarr.container @@ -0,0 +1,24 @@ +[Unit] +Description=Radarr container +After=gluetun.container +Requires=gluetun.container + +[Container] +AutoUpdate=registry +ContainerName=radarr +Environment=PGID=1000 +Environment=PUID=1000 +Environment=TZ=Europe/Zurich +Image=lscr.io/linuxserver/radarr:latest +Network=gluetun.container +Pod=arr.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=radarr-config.volume:/config +Volume=radarr-data.volume:/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/arr/sonarr-config.volume b/quadlets/arr/sonarr-config.volume new file mode 100644 index 0000000..8096db0 --- /dev/null +++ b/quadlets/arr/sonarr-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/arr/storage/sonarr-config +Driver=local +Options=bind +Type=none +VolumeName=sonarr-config diff --git a/quadlets/arr/sonarr-data.volume b/quadlets/arr/sonarr-data.volume new file mode 100644 index 0000000..1ebfb04 --- /dev/null +++ b/quadlets/arr/sonarr-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/arr/storage/sonarr-data +Driver=local +Options=bind +Type=none +VolumeName=sonarr-data diff --git a/quadlets/arr/sonarr.container b/quadlets/arr/sonarr.container new file mode 100644 index 0000000..de3fcb8 --- /dev/null +++ b/quadlets/arr/sonarr.container @@ -0,0 +1,24 @@ +[Unit] +Description=Sonarr container +After=gluetun.container +Requires=gluetun.container + +[Container] +AutoUpdate=registry +ContainerName=sonarr +Environment=PGID=1000 +Environment=PUID=1000 +Environment=TZ=Europe/Zurich +Image=lscr.io/linuxserver/sonarr:latest +Network=gluetun.container +Pod=arr.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=sonarr-config.volume:/config +Volume=sonarr-data.volume:/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/gitea/gitea-data.volume b/quadlets/gitea/gitea-data.volume new file mode 100644 index 0000000..8320a3f --- /dev/null +++ b/quadlets/gitea/gitea-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/gitea/storage/data +Driver=local +Options=bind +Type=none +VolumeName=gitea-data diff --git a/quadlets/gitea/gitea-database.container b/quadlets/gitea/gitea-database.container new file mode 100644 index 0000000..10c0aee --- /dev/null +++ b/quadlets/gitea/gitea-database.container @@ -0,0 +1,25 @@ +[Unit] +Description=Gitea database container + +[Container] +AutoUpdate=registry +ContainerName=gitea-database +Environment=POSTGRES_USER=gitea +Environment=POSTGRES_DB=gitea +Environment=TZ=Europe/Zurich +HealthCmd=pg_isready -U gitea +HealthInterval=30s +HealthTimeout=10s +HealthRetries=5 +Image=docker.io/postgres:18 +Pod=gitea.pod +Secret=database-password,type=env,target=POSTGRES_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich +Volume=gitea-database.volume:/var/lib/postgresql + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/gitea/gitea-database.volume b/quadlets/gitea/gitea-database.volume new file mode 100644 index 0000000..ebdb268 --- /dev/null +++ b/quadlets/gitea/gitea-database.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/gitea/storage/database +Driver=local +Options=bind +Type=none +VolumeName=gitea-database diff --git a/quadlets/gitea/gitea.container b/quadlets/gitea/gitea.container new file mode 100644 index 0000000..915c9ef --- /dev/null +++ b/quadlets/gitea/gitea.container @@ -0,0 +1,29 @@ +[Unit] +Description=Gitea container +After=gitea-database.container +Requires=gitea-database.container + +[Container] +AutoUpdate=registry +ContainerName=gitea +Environment=DOMAIN=git.gtache.ch +Environment=GITEA__database__DB_TYPE=postgres +Environment=GITEA__database__HOST=gitea-database:5432 +Environment=GITEA__database__NAME=gitea +Environment=GITEA__database__USER=gitea +Environment=SSH_DOMAIN=git.gtache.ch +Environment=SSH_LISTEN_PORT=2222 +Environment=SSH_PORT=2222 +Environment=TZ=Europe/Zurich +Image=docker.io/gitea/gitea:latest +Pod=gitea.pod +Secret=database-password,type=env,target=GITEA__database__PASSWD +StartWithPod=true +Timezone=Europe/Zurich +Volume=gitea-data.volume:/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/gitea/gitea.pod b/quadlets/gitea/gitea.pod new file mode 100644 index 0000000..794eb54 --- /dev/null +++ b/quadlets/gitea/gitea.pod @@ -0,0 +1,4 @@ +[Pod] +PodName=gitea +PublishPort=9007:3000 +PublishPort=2222:2222 diff --git a/quadlets/homeassistant/homeassistant-config.volume b/quadlets/homeassistant/homeassistant-config.volume new file mode 100644 index 0000000..f3f0480 --- /dev/null +++ b/quadlets/homeassistant/homeassistant-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/homeassistant/storage/config +Driver=local +Options=bind +Type=none +VolumeName=homeassistant-config diff --git a/quadlets/homeassistant/homeassistant-ssh.volume b/quadlets/homeassistant/homeassistant-ssh.volume new file mode 100644 index 0000000..0386ff1 --- /dev/null +++ b/quadlets/homeassistant/homeassistant-ssh.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/homeassistant/storage/ssh +Driver=local +Options=bind +Type=none +VolumeName=homeassistant-ssh diff --git a/quadlets/homeassistant/homeassistant.container b/quadlets/homeassistant/homeassistant.container new file mode 100644 index 0000000..e35e6be --- /dev/null +++ b/quadlets/homeassistant/homeassistant.container @@ -0,0 +1,21 @@ +[Unit] +Description=Homeassistant container + +[Container] +AutoUpdate=registry +ContainerName=homeassistant +Environment=PUID=1006 +Environment=PGID=1006 +Environment=TZ=Europe/Zurich +Image=lscr.io/linuxserver/homeassistant:latest +Pod=homeassistant.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=homeassistant-config.volume:/config +Volume=homeassistant-ssh.volume:/root/.ssh + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/homeassistant/homeassistant.pod b/quadlets/homeassistant/homeassistant.pod new file mode 100644 index 0000000..26884e7 --- /dev/null +++ b/quadlets/homeassistant/homeassistant.pod @@ -0,0 +1,3 @@ +[Pod] +PodName=homeassistant +PublishPort=9003:8123 diff --git a/quadlets/jdownloader/jdownloader-config.volume b/quadlets/jdownloader/jdownloader-config.volume new file mode 100644 index 0000000..d21f362 --- /dev/null +++ b/quadlets/jdownloader/jdownloader-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/jdownloader/storage/config +Driver=local +Options=bind +Type=none +VolumeName=jdownloader-config diff --git a/quadlets/jdownloader/jdownloader-output.volume b/quadlets/jdownloader/jdownloader-output.volume new file mode 100644 index 0000000..2c93618 --- /dev/null +++ b/quadlets/jdownloader/jdownloader-output.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/jdownloader/storage/output +Driver=local +Options=bind +Type=none +VolumeName=jdownloader-output diff --git a/quadlets/jdownloader/jdownloader.container b/quadlets/jdownloader/jdownloader.container new file mode 100644 index 0000000..f34c325 --- /dev/null +++ b/quadlets/jdownloader/jdownloader.container @@ -0,0 +1,25 @@ +[Unit] +Description=JDownloader container + +[Container] +AutoUpdate=registry +ContainerName=jdownloader +Environment=GROUP_ID=1005 +Environment=JDOWNLOADER_HEADLESS=1 +Environment=MYJDOWNLOADER_DEVICE_NAME=pi4 +Environment=TZ=Europe/Zurich +Environment=USER_ID=1005 +Image=docker.io/jlesage/jdownloader-2:latest +Pod=jdownloader.pod +Secret=jdownloader-email,type=env,target=MYJDOWNLOADER_EMAIL +Secret=jdownloader-password,type=env,target=MYJDOWNLOADER_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich +Volume=jdownloader-config.volume:/config +Volume=jdownloader-output.volume:/output + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/jdownloader/jdownloader.pod b/quadlets/jdownloader/jdownloader.pod new file mode 100644 index 0000000..934d238 --- /dev/null +++ b/quadlets/jdownloader/jdownloader.pod @@ -0,0 +1,3 @@ +[Pod] +PodName=jdownloader +PublishPort=3129:3129 diff --git a/quadlets/kiwix/kiwix-data.volume b/quadlets/kiwix/kiwix-data.volume new file mode 100644 index 0000000..5e8ea2a --- /dev/null +++ b/quadlets/kiwix/kiwix-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/kiwix/storage/data +Driver=local +Options=bind +Type=none +VolumeName=kiwix-data diff --git a/quadlets/kiwix/kiwix.container b/quadlets/kiwix/kiwix.container new file mode 100644 index 0000000..79597c9 --- /dev/null +++ b/quadlets/kiwix/kiwix.container @@ -0,0 +1,18 @@ +[Unit] +Description=Kiwix container + +[Container] +AutoUpdate=registry +ContainerName=kiwix +Exec='*.zim' +Image=ghcr.io/kiwix/kiwix-serve:latest +Pod=kiwix.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=kiwix-data.volume:/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/kiwix/kiwix.pod b/quadlets/kiwix/kiwix.pod new file mode 100644 index 0000000..0198d9d --- /dev/null +++ b/quadlets/kiwix/kiwix.pod @@ -0,0 +1,3 @@ +[Pod] +PodName=kiwix +PublishPort=9017:8080 diff --git a/quadlets/komga/komga-config.volume b/quadlets/komga/komga-config.volume new file mode 100644 index 0000000..1ba26af --- /dev/null +++ b/quadlets/komga/komga-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/komga/storage/config +Driver=local +Options=bind +Type=none +VolumeName=komga-config diff --git a/quadlets/komga/komga-data.volume b/quadlets/komga/komga-data.volume new file mode 100644 index 0000000..f441f7c --- /dev/null +++ b/quadlets/komga/komga-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/komga/storage/data +Driver=local +Options=bind +Type=none +VolumeName=komga-data diff --git a/quadlets/komga/komga.container b/quadlets/komga/komga.container new file mode 100644 index 0000000..2dfb139 --- /dev/null +++ b/quadlets/komga/komga.container @@ -0,0 +1,19 @@ +[Unit] +Description=Komga container + +[Container] +AutoUpdate=registry +ContainerName=komga +Environment=TZ=Europe/Zurich +Image=docker.io/gotson/komga:latest +Pod=komga.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=komga-config.volume:/config +Volume=komga-data.volume:/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/komga/komga.pod b/quadlets/komga/komga.pod new file mode 100644 index 0000000..0d1809f --- /dev/null +++ b/quadlets/komga/komga.pod @@ -0,0 +1,3 @@ +[Pod] +PodName=komga +PublishPort=9015:25600 diff --git a/quadlets/navidrome/navidrome-data.volume b/quadlets/navidrome/navidrome-data.volume new file mode 100644 index 0000000..97f4815 --- /dev/null +++ b/quadlets/navidrome/navidrome-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/navidrome/storage/data +Driver=local +Options=bind +Type=none +VolumeName=navidrome-data diff --git a/quadlets/navidrome/navidrome-music.volume b/quadlets/navidrome/navidrome-music.volume new file mode 100644 index 0000000..9f44140 --- /dev/null +++ b/quadlets/navidrome/navidrome-music.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/navidrome/storage/music +Driver=local +Options=bind +Type=none +VolumeName=navidrome-music diff --git a/quadlets/navidrome/navidrome.container b/quadlets/navidrome/navidrome.container new file mode 100644 index 0000000..5db82f1 --- /dev/null +++ b/quadlets/navidrome/navidrome.container @@ -0,0 +1,20 @@ +[Unit] +Description=Navidrome container + +[Container] +AutoUpdate=registry +ContainerName=navidrome +Environment=TZ=Europe/Zurich +Image=ghcr.io/navidrome/navidrome:latest +Pod=navidrome.pod +Secret=encryption-key,type=env,target=ND_PASSWORDENCRYPTIONKEY +StartWithPod=true +Timezone=Europe/Zurich +Volume=navidrome-data.volume:/data +Volume=navidrome-music.volume:/music:ro + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/navidrome/navidrome.pod b/quadlets/navidrome/navidrome.pod new file mode 100644 index 0000000..fe2baff --- /dev/null +++ b/quadlets/navidrome/navidrome.pod @@ -0,0 +1,3 @@ +[Pod] +PodName=navidrome +PublishPort=9006:4533 diff --git a/quadlets/nextcloud/nextcloud-apps.volume b/quadlets/nextcloud/nextcloud-apps.volume new file mode 100644 index 0000000..24b6a9a --- /dev/null +++ b/quadlets/nextcloud/nextcloud-apps.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nextcloud/storage/apps +Driver=local +Options=bind +Type=none +VolumeName=nextcloud-apps diff --git a/quadlets/nextcloud/nextcloud-config.volume b/quadlets/nextcloud/nextcloud-config.volume new file mode 100644 index 0000000..96e393c --- /dev/null +++ b/quadlets/nextcloud/nextcloud-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nextcloud/storage/config +Driver=local +Options=bind +Type=none +VolumeName=nextcloud-config diff --git a/quadlets/nextcloud/nextcloud-cron.container b/quadlets/nextcloud/nextcloud-cron.container new file mode 100644 index 0000000..6b8cb5e --- /dev/null +++ b/quadlets/nextcloud/nextcloud-cron.container @@ -0,0 +1,30 @@ +[Unit] +Description=Nextcloud cron container +After=nextcloud-database.container +After=nextcloud-redis.container +After=nextcloud.container +Requires=nextcloud-database.container +Requires=nextcloud-redis.container +Requires=nextcloud.container + +[Container] +AutoUpdate=registry +ContainerName=nextcloud-cron +Entrypoint=/cron.sh +Environment=TZ=Europe/Zurich +Image=docker.io/nextcloud:32 +Pod=nextcloud.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=nextcloud-html.volume:/var/www/html +Volume=nextcloud-config.volume:/var/www/html/config +Volume=nextcloud-apps.volume:/var/www/html/custom_apps +Volume=nextcloud-themes.volume:/var/www/html/themes +Volume=/var/mnt/nas/containers/nextcloud/storage/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini +Volume=nextcloud-data.volume:/var/www/html/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/nextcloud/nextcloud-data.volume b/quadlets/nextcloud/nextcloud-data.volume new file mode 100644 index 0000000..24928f2 --- /dev/null +++ b/quadlets/nextcloud/nextcloud-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nextcloud/storage/data +Driver=local +Options=bind +Type=none +VolumeName=nextcloud-data diff --git a/quadlets/nextcloud/nextcloud-database.container b/quadlets/nextcloud/nextcloud-database.container new file mode 100644 index 0000000..0e2bb4f --- /dev/null +++ b/quadlets/nextcloud/nextcloud-database.container @@ -0,0 +1,22 @@ +[Unit] +Description=Nextcloud database container + +[Container] +AutoUpdate=registry +ContainerName=nextcloud-database +Environment=MYSQL_DATABASE=nextcloud +Environment=TZ=Europe/Zurich +Image=docker.io/mariadb:latest +Pod=nextcloud.pod +Secret=database-user,type=env,target=MYSQL_USER +Secret=database-password,type=env,target=MYSQL_PASSWORD +Secret=database-root-password,type=env,target=MYSQL_ROOT_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich +Volume=nextcloud-database.volume:/var/lib/mysql + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/nextcloud/nextcloud-database.volume b/quadlets/nextcloud/nextcloud-database.volume new file mode 100644 index 0000000..a746703 --- /dev/null +++ b/quadlets/nextcloud/nextcloud-database.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nextcloud/storage/database +Driver=local +Options=bind +Type=none +VolumeName=nextcloud-database diff --git a/quadlets/nextcloud/nextcloud-harp.container b/quadlets/nextcloud/nextcloud-harp.container new file mode 100644 index 0000000..b86e4d8 --- /dev/null +++ b/quadlets/nextcloud/nextcloud-harp.container @@ -0,0 +1,29 @@ +[Unit] +Description=Nextcloud HaRP container +After=nextcloud-database.container +After=nextcloud-redis.container +Requires=nextcloud-database.container +Requires=nextcloud-redis.container + +[Container] +AutoUpdate=registry +ContainerName=nextcloud +Environment=NC_INSTANCE_URL=http://nextcloud.local +Environment=TZ=Europe/Zurich +Image=ghcr.io/nextcloud/nextcloud-appapi-harp:release +Pod=nextcloud.pod +Secret=hp-key,type=env,target=HP_SHARED_KEY +StartWithPod=true +Timezone=Europe/Zurich +Volume=nextcloud-html.volume:/var/www/html +Volume=nextcloud-config.volume:/var/www/html/config +Volume=nextcloud-apps.volume:/var/www/html/custom_apps +Volume=nextcloud-themes.volume:/var/www/html/themes +Volume=/var/mnt/nas/containers/nextcloud/storage/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini +Volume=nextcloud-data.volume:/var/www/html/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/nextcloud/nextcloud-html.volume b/quadlets/nextcloud/nextcloud-html.volume new file mode 100644 index 0000000..b8cd421 --- /dev/null +++ b/quadlets/nextcloud/nextcloud-html.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nextcloud/storage/html +Driver=local +Options=bind +Type=none +VolumeName=nextcloud-html diff --git a/quadlets/nextcloud/nextcloud-php-config.volume b/quadlets/nextcloud/nextcloud-php-config.volume new file mode 100644 index 0000000..9715092 --- /dev/null +++ b/quadlets/nextcloud/nextcloud-php-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nextcloud/storage/php-config +Driver=local +Options=bind +Type=none +VolumeName=nextcloud-php-config diff --git a/quadlets/nextcloud/nextcloud-redis-config.volume b/quadlets/nextcloud/nextcloud-redis-config.volume new file mode 100644 index 0000000..955f708 --- /dev/null +++ b/quadlets/nextcloud/nextcloud-redis-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nextcloud/storage/redis-config +Driver=local +Options=bind +Type=none +VolumeName=nextcloud-redis-config diff --git a/quadlets/nextcloud/nextcloud-redis-data.volume b/quadlets/nextcloud/nextcloud-redis-data.volume new file mode 100644 index 0000000..b8a3691 --- /dev/null +++ b/quadlets/nextcloud/nextcloud-redis-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nextcloud/storage/redis-data +Driver=local +Options=bind +Type=none +VolumeName=nextcloud-redis-data diff --git a/quadlets/nextcloud/nextcloud-redis.container b/quadlets/nextcloud/nextcloud-redis.container new file mode 100644 index 0000000..8817ae6 --- /dev/null +++ b/quadlets/nextcloud/nextcloud-redis.container @@ -0,0 +1,21 @@ +[Unit] +Description=Nextcloud Redis container + +[Container] +AutoUpdate=registry +ContainerName=nextcloud-redis +Environment=TZ=Europe/Zurich +Exec=/bin/sh -c 'redis-server --appendonly yes --requirepass $${REDIS_PASSWORD}' +Image=docker.io/redis:alpine +Pod=nextcloud.pod +Secret=nextcloud-redis-password,type=env,target=REDIS_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich +Volume=nextcloud-redis-config.volume:/usr/local/etc/redis +Volume=nextcloud-redis-data.volume:/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/nextcloud/nextcloud-themes.volume b/quadlets/nextcloud/nextcloud-themes.volume new file mode 100644 index 0000000..ee5708f --- /dev/null +++ b/quadlets/nextcloud/nextcloud-themes.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nextcloud/storage/themes +Driver=local +Options=bind +Type=none +VolumeName=nextcloud-themes diff --git a/quadlets/nextcloud/nextcloud.container b/quadlets/nextcloud/nextcloud.container new file mode 100644 index 0000000..e1a7b94 --- /dev/null +++ b/quadlets/nextcloud/nextcloud.container @@ -0,0 +1,40 @@ +[Unit] +Description=Nextcloud container +After=nextcloud-database.container +After=nextcloud-redis.container +Requires=nextcloud-database.container +Requires=nextcloud-redis.container + +[Container] +AutoUpdate=registry +ContainerName=nextcloud +Environment=MYSQL_DATABASE=nextcloud +Environment=MYSQL_HOST=nextcloud-database +Environment=NEXTCLOUD_TRUSTED_DOMAINS=localhost host.containers.internal nextcloud.gtache.ch +Environment=PHP_MEMORY_LIMIT=1024M +Environment=PHP_UPLOAD_LIMIT=100G +Environment=REDIS_HOST=nextcloud-redis +Environment=TRUSTED_PROXIES=192.168.0.0/16 172.16.0.0/12 169.254.0.0/16 10.0.0.0/8 +Environment=TZ=Europe/Zurich +Image=docker.io/nextcloud:32 +Pod=nextcloud.pod +Secret=database-user,type=env,target=MYSQL_USER +Secret=database-password,type=env,target=MYSQL_PASSWORD +Secret=nextcloud-admin-user,type=env,target=NEXTCLOUD_ADMIN_USER +Secret=nextcloud-admin-password,type=env,target=NEXTCLOUD_ADMIN_PASSWORD +Secret=nextcloud-redis-password,type=env,target=REDIS_HOST_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich +Volume=nextcloud-html.volume:/var/www/html +Volume=nextcloud-config.volume:/var/www/html/config +Volume=nextcloud-apps.volume:/var/www/html/custom_apps +Volume=nextcloud-themes.volume:/var/www/html/themes +Volume=/var/mnt/nas/containers/nextcloud/storage/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini +Volume=/var/mnt/nas/containers/nextcloud/storage/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf +Volume=nextcloud-data.volume:/var/www/html/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/nextcloud/nextcloud.pod b/quadlets/nextcloud/nextcloud.pod new file mode 100644 index 0000000..0921882 --- /dev/null +++ b/quadlets/nextcloud/nextcloud.pod @@ -0,0 +1,3 @@ +[Pod] +PodName=nextcloud +PublishPort=9004:80 diff --git a/quadlets/nginx/nginx-acme.container b/quadlets/nginx/nginx-acme.container new file mode 100644 index 0000000..9c20a8d --- /dev/null +++ b/quadlets/nginx/nginx-acme.container @@ -0,0 +1,33 @@ +[Unit] +Description=NGINX ACME container +After=nginx.container +Requires=nginx.container + +[Container] +AutoUpdate=registry +ContainerName=nginx-acme +Environment=DEFAULT_EMAIL=guillaume.tache@hotmail.com +Environment=TZ=Europe/Zurich +Image=docker.io/nginxproxy/acme-companion:2.2.9 +Pod=nginx.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=/var/mnt/nas/containers/nginx/storage/network_internal.conf:/etc/nginx/network_internal.conf:ro +Volume=/var/mnt/nas/containers/nginx/storage/nginx.conf:/etc/nginx/nginx.conf:ro +Volume=nginx-certs.volume:/etc/nginx/certs:z +Volume=nginx-config.volume:/etc/nginx/conf.d +Volume=nginx-html.volume:/usr/share/nginx/html +Volume=nginx-stream.volume:/etc/nginx/stream.d +Volume=nginx-vhost.volume:/etc/nginx/vhost.d +Volume=nginx-acme:/etc/acme.sh:Z +Volume=/var/mnt/nas/containers/nginx/storage/app/entrypoint.sh:/app/entrypoint.sh:ro +Volume=/var/mnt/nas/containers/nginx/storage/app/functions.sh:/app/functions.sh:ro +Volume=/var/mnt/nas/containers/nginx/storage/app/start.sh:/app/start.sh:ro +Volume=/var/mnt/nas/containers/nginx/storage/app/letsencrypt_service:/app/letsencrypt_service:ro +Volume=/var/mnt/nas/containers/nginx/storage/app/letsencrypt_user_data:/app/letsencrypt_user_data:ro + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/nginx/nginx-acme.volume b/quadlets/nginx/nginx-acme.volume new file mode 100644 index 0000000..aa64a23 --- /dev/null +++ b/quadlets/nginx/nginx-acme.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nginx/storage/acme +Driver=local +Options=bind +Type=none +VolumeName=nginx-acme diff --git a/quadlets/nginx/nginx-certs.volume b/quadlets/nginx/nginx-certs.volume new file mode 100644 index 0000000..6e40fea --- /dev/null +++ b/quadlets/nginx/nginx-certs.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nginx/storage/certs +Driver=local +Options=bind +Type=none +VolumeName=nginx-certs diff --git a/quadlets/nginx/nginx-config.volume b/quadlets/nginx/nginx-config.volume new file mode 100644 index 0000000..4e1ab17 --- /dev/null +++ b/quadlets/nginx/nginx-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nginx/storage/config +Driver=local +Options=bind +Type=none +VolumeName=nginx-config diff --git a/quadlets/nginx/nginx-html.volume b/quadlets/nginx/nginx-html.volume new file mode 100644 index 0000000..e585dfa --- /dev/null +++ b/quadlets/nginx/nginx-html.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nginx/storage/html +Driver=local +Options=bind +Type=none +VolumeName=nginx-html diff --git a/quadlets/nginx/nginx-stream.volume b/quadlets/nginx/nginx-stream.volume new file mode 100644 index 0000000..b04632b --- /dev/null +++ b/quadlets/nginx/nginx-stream.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nginx/storage/stream +Driver=local +Options=bind +Type=none +VolumeName=nginx-stream diff --git a/quadlets/nginx/nginx-vhost.volume b/quadlets/nginx/nginx-vhost.volume new file mode 100644 index 0000000..33cd773 --- /dev/null +++ b/quadlets/nginx/nginx-vhost.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/nginx/storage/vhost +Driver=local +Options=bind +Type=none +VolumeName=nginx-vhost diff --git a/quadlets/nginx/nginx.container b/quadlets/nginx/nginx.container new file mode 100644 index 0000000..c5633a1 --- /dev/null +++ b/quadlets/nginx/nginx.container @@ -0,0 +1,24 @@ +[Unit] +Description=NGINX container + +[Container] +AutoUpdate=registry +ContainerName=nginx +Environment=TZ=Europe/Zurich +Image=docker.io/nginx:latest +Pod=nginx.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=/var/mnt/nas/containers/nginx/storage/network_internal.conf:/etc/nginx/network_internal.conf:ro +Volume=/var/mnt/nas/containers/nginx/storage/nginx.conf:/etc/nginx/nginx.conf:ro +Volume=nginx-certs.volume:/etc/nginx/certs:z +Volume=nginx-config.volume:/etc/nginx/conf.d +Volume=nginx-html.volume:/usr/share/nginx/html +Volume=nginx-stream.volume:/etc/nginx/stream.d +Volume=nginx-vhost.volume:/etc/nginx/vhost.d + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/nginx/nginx.pod b/quadlets/nginx/nginx.pod new file mode 100644 index 0000000..afd62b1 --- /dev/null +++ b/quadlets/nginx/nginx.pod @@ -0,0 +1,4 @@ +[Pod] +PodName=nginx +PublishPort=8080:80 +PublishPort=4443:443 diff --git a/quadlets/pairdrop/pairdrop.container b/quadlets/pairdrop/pairdrop.container new file mode 100644 index 0000000..06784d1 --- /dev/null +++ b/quadlets/pairdrop/pairdrop.container @@ -0,0 +1,21 @@ +[Unit] +Description=Pairdrop container + +[Container] +AutoUpdate=registry +ContainerName=pairdrop +Environment=DEBUG_MODE=false +Environment=RATE_LIMIT=false +Environment=TZ=Europe/Zurich +Environment=WS_FALLBACK=false +Image=lscr.io/linuxserver/pairdrop:latest +Pod=pairdrop.pod +ReadOnly=true +StartWithPod=true +Timezone=Europe/Zurich + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/pairdrop/pairdrop.pod b/quadlets/pairdrop/pairdrop.pod new file mode 100644 index 0000000..4d9afc3 --- /dev/null +++ b/quadlets/pairdrop/pairdrop.pod @@ -0,0 +1,3 @@ +[Pod] +PodName=pairdrop +PublishPort=3000:3000 diff --git a/quadlets/paperless/gotenberg.container b/quadlets/paperless/gotenberg.container new file mode 100644 index 0000000..0da7c6b --- /dev/null +++ b/quadlets/paperless/gotenberg.container @@ -0,0 +1,18 @@ +[Unit] +Description=Gotenberg container for Paperless + +[Container] +AutoUpdate=registry +ContainerName=gotenberg +Environment=TZ=Europe/Zurich +Exec=gotenberg --chromium-disable-javascript=true --chromium-allow-list=file:///tmp/.* +Image=docker.io/gotenberg/gotenberg:8 +Pod=paperless.pod +StartWithPod=true +Timezone=Europe/Zurich + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/paperless/paperless-consume.volume b/quadlets/paperless/paperless-consume.volume new file mode 100644 index 0000000..7458add --- /dev/null +++ b/quadlets/paperless/paperless-consume.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/paperless/storage/consume +Driver=local +Options=bind +Type=none +VolumeName=paperless-consume diff --git a/quadlets/paperless/paperless-data.volume b/quadlets/paperless/paperless-data.volume new file mode 100644 index 0000000..1666571 --- /dev/null +++ b/quadlets/paperless/paperless-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/paperless/storage/data +Driver=local +Options=bind +Type=none +VolumeName=paperless-data diff --git a/quadlets/paperless/paperless-database.container b/quadlets/paperless/paperless-database.container new file mode 100644 index 0000000..ca8551d --- /dev/null +++ b/quadlets/paperless/paperless-database.container @@ -0,0 +1,21 @@ +[Unit] +Description=Database container for Paperless + +[Container] +AutoUpdate=registry +ContainerName=paperless-database +Environment=POSTGRES_USER=paperless +Environment=POSTGRES_DB=paperless +Environment=TZ=Europe/Zurich +Image=docker.io/library/postgres:18 +Pod=paperless.pod +Secret=database-password,type=env,target=POSTGRES_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich +Volume=paperless-database.volume:/var/lib/postgresql + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/paperless/paperless-database.volume b/quadlets/paperless/paperless-database.volume new file mode 100644 index 0000000..8478a30 --- /dev/null +++ b/quadlets/paperless/paperless-database.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/paperless/storage/database +Driver=local +Options=bind +Type=none +VolumeName=paperless-database diff --git a/quadlets/paperless/paperless-export.volume b/quadlets/paperless/paperless-export.volume new file mode 100644 index 0000000..8ca04ba --- /dev/null +++ b/quadlets/paperless/paperless-export.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/paperless/storage/export +Driver=local +Options=bind +Type=none +VolumeName=paperless-export diff --git a/quadlets/paperless/paperless-media.volume b/quadlets/paperless/paperless-media.volume new file mode 100644 index 0000000..9fd9676 --- /dev/null +++ b/quadlets/paperless/paperless-media.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/paperless/storage/media +Driver=local +Options=bind +Type=none +VolumeName=paperless-media diff --git a/quadlets/paperless/paperless-redis-data.volume b/quadlets/paperless/paperless-redis-data.volume new file mode 100644 index 0000000..3b1bad1 --- /dev/null +++ b/quadlets/paperless/paperless-redis-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/paperless/storage/redis-data +Driver=local +Options=bind +Type=none +VolumeName=paperless-redis-data diff --git a/quadlets/paperless/paperless-redis.container b/quadlets/paperless/paperless-redis.container new file mode 100644 index 0000000..4e0fa5e --- /dev/null +++ b/quadlets/paperless/paperless-redis.container @@ -0,0 +1,18 @@ +[Unit] +Description=Redis container for Paperless + +[Container] +AutoUpdate=registry +ContainerName=paperless-redis +Environment=TZ=Europe/Zurich +Image=docker.io/library/redis:8 +Pod=paperless.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=paperless-redis-data.volume:/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/paperless/paperless.container b/quadlets/paperless/paperless.container new file mode 100644 index 0000000..9b7295d --- /dev/null +++ b/quadlets/paperless/paperless.container @@ -0,0 +1,43 @@ +[Unit] +Description=Paperless container +After=gotenberg.container +After=paperless-database.container +After=paperless-redis.container +After=tika.container +Requires=gotenberg.container +Requires=paperless-database.container +Requires=paperless-redis.container +Requires=tika.container + +[Container] +AutoUpdate=registry +ContainerName=paperless +Environment=PAPERLESS_CONSUMER_DELETE_DUPLICATES=1 +Environment=PAPERLESS_DBHOST=paperless-database +Environment=PAPERLESS_OCR_LANGUAGE=fra +Environment=PAPERLESS_OCR_USER_ARGS='{"invalidate_digital_signatures": true}' +Environment=PAPERLESS_REDIS=redis://paperless-redis:6379 +Environment=PAPERLESS_TASK_WORKERS=2 +Environment=PAPERLESS_TIKA_ENABLED=1 +Environment=PAPERLESS_TIKA_GOTENBERG_ENDPOINT=http://gotenberg:3000 +Environment=PAPERLESS_TIKA_ENDPOINT=http://tika:9998 +Environment=PAPERLESS_TIME_ZONE=Europe/Zurich +Environment=PAPERLESS_URL=https://paperless.gtache.ch +Environment=TZ=Europe/Zurich +Environment=USERMAP_GID=1020 +Environment=USERMAP_UID=1020 +Image=ghcr.io/paperless-ngx/paperless-ngx:latest +Pod=paperless.pod +Secret=paperless-secret-key,type=env,target=PAPERLESS_SECRET_KEY +StartWithPod=true +Timezone=Europe/Zurich +Volume=paperless-data.volume:/usr/src/paperless/data +Volume=paperless-media.volume:/usr/src/paperless/media +Volume=paperless-export.volume:/usr/src/paperless/export +Volume=paperless-consume.volume:/usr/src/paperless/consume + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/paperless/paperless.pod b/quadlets/paperless/paperless.pod new file mode 100644 index 0000000..637b9df --- /dev/null +++ b/quadlets/paperless/paperless.pod @@ -0,0 +1,3 @@ +[Pod] +PodName=paperless +PublishPort=9010:8000 diff --git a/quadlets/paperless/tika.container b/quadlets/paperless/tika.container new file mode 100644 index 0000000..40f8c71 --- /dev/null +++ b/quadlets/paperless/tika.container @@ -0,0 +1,17 @@ +[Unit] +Description=Tika container for Paperless + +[Container] +AutoUpdate=registry +ContainerName=tika +Environment=TZ=Europe/Zurich +Image=docker.io/apache/tika:latest +Pod=paperless.pod +StartWithPod=true +Timezone=Europe/Zurich + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/pihole/pihole-config.volume b/quadlets/pihole/pihole-config.volume new file mode 100644 index 0000000..fe7f17b --- /dev/null +++ b/quadlets/pihole/pihole-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/pihole/storage/config +Driver=local +Options=bind +Type=none +VolumeName=pihole-config diff --git a/quadlets/pihole/pihole-dnsmasq.volume b/quadlets/pihole/pihole-dnsmasq.volume new file mode 100644 index 0000000..4782696 --- /dev/null +++ b/quadlets/pihole/pihole-dnsmasq.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/pihole/storage/dnsmasq +Driver=local +Options=bind +Type=none +VolumeName=pihole-dnsmasq diff --git a/quadlets/pihole/pihole.container b/quadlets/pihole/pihole.container new file mode 100644 index 0000000..92fb59e --- /dev/null +++ b/quadlets/pihole/pihole.container @@ -0,0 +1,36 @@ +[Unit] +Description=Unbound container +After=unbound.container +Requires=unbound.container + +[Container] +AutoUpdate=registry +Command=CMD redis-server /usr/local/etc/redis/redis.conf +ContainerName=pihole +Environment=DNSMASQ_USER=pihole +Environment=FTLCONF_LOCAL_IPV4=192.168.1.103 +Environment=PIHOLE_DNS_=172.20.0.7#5335 +Environment=PIHOLE_GID=1001 +Environment=PIHOLE_UID=1001 +Environment=VIRTUAL_HOST=pihole +Environment=TZ=Europe/Zurich +HealthCheck=CMD /usr/local/unbound/sbin/healthcheck.sh +HealthInterval=30s +HealthTimeout=10s +HealthRetries=5 +Image=docker.io/pihole/pihole:latest +IP=172.20.0.6 +Network=pihole.network +Pod=pihole.pod +Secret=webserver-password,type=env,target=FTLCONF_webserver_api_password +StartWithPod=true +Timezone=Europe/Zurich +Volume=redis-data.volume:/data +Volume=pihole-config.volume:/etc/pihole +Volume=pihole-dnsmasq.volume:/etc/dnsmasq.d + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/pihole/pihole.network b/quadlets/pihole/pihole.network new file mode 100644 index 0000000..a01b7c1 --- /dev/null +++ b/quadlets/pihole/pihole.network @@ -0,0 +1,4 @@ +[Network] +Driver=bridge +NetworkName=pihole +Subnet=172.20.0.0/16 \ No newline at end of file diff --git a/quadlets/pihole/pihole.pod b/quadlets/pihole/pihole.pod new file mode 100644 index 0000000..536db2c --- /dev/null +++ b/quadlets/pihole/pihole.pod @@ -0,0 +1,4 @@ +[Pod] +PodName=pihole +PublishPort=5335:53 +PublishPort=9005:80 diff --git a/quadlets/pihole/unbound-conf.volume b/quadlets/pihole/unbound-conf.volume new file mode 100644 index 0000000..1dd35d4 --- /dev/null +++ b/quadlets/pihole/unbound-conf.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/pihole/storage/unbound-conf +Driver=local +Options=bind +Type=none +VolumeName=unbound-conf diff --git a/quadlets/pihole/unbound-iana.volume b/quadlets/pihole/unbound-iana.volume new file mode 100644 index 0000000..e38015a --- /dev/null +++ b/quadlets/pihole/unbound-iana.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/pihole/storage/unbound-iana +Driver=local +Options=bind +Type=none +VolumeName=unbound-iana diff --git a/quadlets/pihole/unbound-log.volume b/quadlets/pihole/unbound-log.volume new file mode 100644 index 0000000..22458dd --- /dev/null +++ b/quadlets/pihole/unbound-log.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/pihole/storage/unbound-log +Driver=local +Options=bind +Type=none +VolumeName=unbound-log diff --git a/quadlets/pihole/unbound-redis-cache.volume b/quadlets/pihole/unbound-redis-cache.volume new file mode 100644 index 0000000..5c703fe --- /dev/null +++ b/quadlets/pihole/unbound-redis-cache.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/pihole/storage/unbound-redis-cache +Driver=local +Options=bind +Type=none +VolumeName=unbound-redis-cache diff --git a/quadlets/pihole/unbound-redis-conf.volume b/quadlets/pihole/unbound-redis-conf.volume new file mode 100644 index 0000000..1ffe63b --- /dev/null +++ b/quadlets/pihole/unbound-redis-conf.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/pihole/storage/unbound-redis-conf +Driver=local +Options=bind +Type=none +VolumeName=unbound-redis-conf diff --git a/quadlets/pihole/unbound-redis-data.volume b/quadlets/pihole/unbound-redis-data.volume new file mode 100644 index 0000000..bc46785 --- /dev/null +++ b/quadlets/pihole/unbound-redis-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/pihole/storage/unbound-redis-data +Driver=local +Options=bind +Type=none +VolumeName=unbound-redis-data diff --git a/quadlets/pihole/unbound-redis-socket.container b/quadlets/pihole/unbound-redis-socket.container new file mode 100644 index 0000000..48b1cf2 --- /dev/null +++ b/quadlets/pihole/unbound-redis-socket.container @@ -0,0 +1,19 @@ +[Unit] +Description=Unbound socket container + +[Container] +AutoUpdate=registry +Command=CMD chown -R 999:1001 /usr/local/unbound/cachedb.d/ && /bin/sh +ContainerName=unbound-redis-socket +Environment=TZ=Europe/Zurich +Image=docker.io/busybox +Pod=pihole.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=unbound-redis-cache.volume:/usr/local/unbound/cachedb.d + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/pihole/unbound-redis.container b/quadlets/pihole/unbound-redis.container new file mode 100644 index 0000000..1865d44 --- /dev/null +++ b/quadlets/pihole/unbound-redis.container @@ -0,0 +1,27 @@ +[Unit] +Description=Redis container +After=unbound-redis-socket.container +Requires=unbound-redis-socket.container + +[Container] +AutoUpdate=registry +Command=CMD redis-server /usr/local/etc/redis/redis.conf +ContainerName=unbound-redis +Environment=TZ=Europe/Zurich +HealthCheck=CMD /bin/bash -c '[[ -S /usr/local/unbound/cachedb.d/redis.sock ]]' +HealthInterval=30s +HealthTimeout=10s +HealthRetries=5 +Image=docker.io/redis:alpine +Pod=pihole.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=unbound-redis-data.volume:/data +Volume=unbound-redis-conf.volume:/usr/local/etc/redis +Volume=unbound-redis-cache.volume:/usr/local/unbound/cachedb.d + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/pihole/unbound-zones.volume b/quadlets/pihole/unbound-zones.volume new file mode 100644 index 0000000..bda4fc6 --- /dev/null +++ b/quadlets/pihole/unbound-zones.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/pihole/storage/unbound-zones +Driver=local +Options=bind +Type=none +VolumeName=unbound-zones diff --git a/quadlets/pihole/unbound.container b/quadlets/pihole/unbound.container new file mode 100644 index 0000000..faa79f3 --- /dev/null +++ b/quadlets/pihole/unbound.container @@ -0,0 +1,38 @@ +[Unit] +Description=Unbound container +After=unbound-redis.container +Requires=unbound-redis.container + +[Container] +AutoUpdate=registry +Command=CMD redis-server /usr/local/etc/redis/redis.conf +ContainerName=unbound +DNS=172.20.0.7 +Environment=TZ=Europe/Zurich +Environment=GID=1001 +Environment=UID=1001 +Environment=UNBOUND_GID=1001 +Environment=UNBOUND_UID=1001 +HealthCheck=CMD /usr/local/unbound/sbin/healthcheck.sh +HealthInterval=30s +HealthTimeout=10s +HealthRetries=5 +Image=docker.io/madnuttah/unbound:latest +IP=172.20.0.7 +Network=pihole.network +Pod=pihole.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=redis-data.volume:/data +Volume=unbound.volume:/usr/local/unbound +Volume=unbound-conf.volume:/usr/local/unbound/conf.d +Volume=unbound-iana.volume:/usr/local/unbound/iana.d +Volume=unbound-log.volume:/usr/local/unbound/log.d +Volume=unbound-zones.volume:/usr/local/unbound/zones.d +Volume=unbound-cache.volume:/usr/local/unbound/cachedb.d/ + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/pihole/unbound.volume b/quadlets/pihole/unbound.volume new file mode 100644 index 0000000..0129631 --- /dev/null +++ b/quadlets/pihole/unbound.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/pihole/storage/unbound +Driver=local +Options=bind +Type=none +VolumeName=unbound diff --git a/quadlets/qbittorrent/gluetun.container b/quadlets/qbittorrent/gluetun.container new file mode 100644 index 0000000..99e725f --- /dev/null +++ b/quadlets/qbittorrent/gluetun.container @@ -0,0 +1,26 @@ +[Unit] +Description=QBittorrent Gluetun container + +[Container] +AddCapability=NET_ADMIN +AddDevice=/dev/net/tun:/dev/net/tun +AutoUpdate=registry +ContainerName=gluetun +Environment=OPENVPN_VERSION=2.5 +Environment=SERVER_COUNTRIES=Netherlands +Environment=UPDATER_PERIOD= +Environment=VPN_SERVICE_PROVIDER=nordvpn +Environment=VPN_TYPE=openvpn +Environment=TZ=Europe/Zurich +Image=docker.io/qmcgaw/gluetun:v3.40 +Pod=qbittorrent.pod +Secret=vpn-user,type=env,target=OPENVPN_USER +Secret=vpn-password,type=env,target=OPENVPN_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/qbittorrent/qbittorrent-config.volume b/quadlets/qbittorrent/qbittorrent-config.volume new file mode 100644 index 0000000..12ada15 --- /dev/null +++ b/quadlets/qbittorrent/qbittorrent-config.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/qbittorrent/storage/config +Driver=local +Options=bind +Type=none +VolumeName=qbittorrent-config diff --git a/quadlets/qbittorrent/qbittorrent-downloads.volume b/quadlets/qbittorrent/qbittorrent-downloads.volume new file mode 100644 index 0000000..19262b3 --- /dev/null +++ b/quadlets/qbittorrent/qbittorrent-downloads.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/qbittorrent/storage/downloads +Driver=local +Options=bind +Type=none +VolumeName=qbittorrent-downloads diff --git a/quadlets/qbittorrent/qbittorrent.container b/quadlets/qbittorrent/qbittorrent.container new file mode 100644 index 0000000..1d0db69 --- /dev/null +++ b/quadlets/qbittorrent/qbittorrent.container @@ -0,0 +1,28 @@ +[Unit] +Description=QBittorrent Nox container +After=gluetun.container +Requires=gluetun.container + +[Container] +AutoUpdate=registry +ContainerName=qbittorrent-nox +Environment=QBT_LEGAL_NOTICE=confirm +Environment=QBT_VERSION=latest +Environment=QBT_WEBUI_PORT=8080 +Environment=PGID=1004 +Environment=PUID=1004 +Environment=TZ=Europe/Zurich +Image=docker.io/qbittorrentofficial/qbittorrent-nox:latest +Network=gluetun.container +Pod=qbittorrent.pod +StartWithPod=true +Timezone=Europe/Zurich +Tmpfs=/tmp +Volume=qbittorrent-config.volume:/config +Volume=qbittorrent-downloads.volume:/downloads + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/qbittorrent/qbittorrent.pod b/quadlets/qbittorrent/qbittorrent.pod new file mode 100644 index 0000000..c8a9839 --- /dev/null +++ b/quadlets/qbittorrent/qbittorrent.pod @@ -0,0 +1,6 @@ +[Pod] +PodName=qbittorrent +PublishPort=6881:6881 +#PublishPort=8388:8388 +#PublishPort=8888:8888 +PublishPort=9001:8080 diff --git a/quadlets/samba/samba.container b/quadlets/samba/samba.container new file mode 100644 index 0000000..7f6db88 --- /dev/null +++ b/quadlets/samba/samba.container @@ -0,0 +1,25 @@ +[Unit] +Description=Samba server +After=network-online.target +Wants=network-online.target + +[Container] +ContainerName=samba +Environment=TZ=Europe/Zurich +Environment=SHARE=nas:/nas:true:true:false:tga:tga:tga +Environment=SHARE1=zero:/zero:true:false:false:zero:zero:zero +Environment=SHARE2=paperless:/paperless-input:true:false:false:tga:tga:tga +Image=registry.opensuse.org/opensuse/samba:latest +PublishPort=139:139 +PublishPort=445:445 +Secret=tga-credentials,type=env,target=USER +Secret=zero-credentials,type=env,target=USER1 +Volume=/var/mnt/nas:/nas +Volume=/var/mnt/nas/backup/zero:/zero +Volume=/var/mnt/nas/paperless/input:/paperless-input + +[Service] +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/quadlets/synapse/synapse-data.volume b/quadlets/synapse/synapse-data.volume new file mode 100644 index 0000000..2726f85 --- /dev/null +++ b/quadlets/synapse/synapse-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/synapse/storage/data +Driver=local +Options=bind +Type=none +VolumeName=synapse-data diff --git a/quadlets/synapse/synapse-database.container b/quadlets/synapse/synapse-database.container new file mode 100644 index 0000000..64e42ec --- /dev/null +++ b/quadlets/synapse/synapse-database.container @@ -0,0 +1,26 @@ +[Unit] +Description=Synapse database container + +[Container] +AutoUpdate=registry +ContainerName=synapse-database +Environment=POSTGRES_USER=synapse +Environment=POSTGRES_DB=synapse +Environment=POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C +Environment=TZ=Europe/Zurich +HealthCmd=pg_isready -U synapse +HealthInterval=30s +HealthTimeout=10s +HealthRetries=5 +Image=docker.io/postgres:18 +Pod=synapse.pod +Secret=database-password,type=env,target=POSTGRES_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich +Volume=synapse-database.volume:/var/lib/postgresql + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/synapse/synapse-database.volume b/quadlets/synapse/synapse-database.volume new file mode 100644 index 0000000..8021770 --- /dev/null +++ b/quadlets/synapse/synapse-database.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/synapse/storage/database +Driver=local +Options=bind +Type=none +VolumeName=synapse-database diff --git a/quadlets/synapse/synapse-mautrix.volume b/quadlets/synapse/synapse-mautrix.volume new file mode 100644 index 0000000..7930ffa --- /dev/null +++ b/quadlets/synapse/synapse-mautrix.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/synapse/storage/mautrix +Driver=local +Options=bind +Type=none +VolumeName=synapse-mautrix diff --git a/quadlets/synapse/synapse-media.volume b/quadlets/synapse/synapse-media.volume new file mode 100644 index 0000000..400ac38 --- /dev/null +++ b/quadlets/synapse/synapse-media.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/synapse/storage/media +Driver=local +Options=bind +Type=none +VolumeName=synapse-media diff --git a/quadlets/synapse/synapse.container b/quadlets/synapse/synapse.container new file mode 100644 index 0000000..9158f80 --- /dev/null +++ b/quadlets/synapse/synapse.container @@ -0,0 +1,23 @@ +[Unit] +Description=Synapse container +After=synapse-database.container +Requires=synapse-database.container + +[Container] +AutoUpdate=registry +ContainerName=synapse +Environment=SYNAPSE_CONFIG_PATH=/data/homeserver.yaml +Environment=TZ=Europe/Zurich +Image=docker.io/matrixdotorg/synapse:latest +Pod=synapse.pod +StartWithPod=true +Timezone=Europe/Zurich +Volume=synapse-data.volume:/data +Volume=synapse-mautrix.volume:/mautrix:ro +Volume=synapse-media.volume:/media_store + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/synapse/synapse.pod b/quadlets/synapse/synapse.pod new file mode 100644 index 0000000..628b74e --- /dev/null +++ b/quadlets/synapse/synapse.pod @@ -0,0 +1,4 @@ +[Pod] +PodName=synapse +PublishPort=9013:8008 +PublishPort=8448:8448 diff --git a/quadlets/wallabag/wallabag-database.container b/quadlets/wallabag/wallabag-database.container new file mode 100644 index 0000000..95cb034 --- /dev/null +++ b/quadlets/wallabag/wallabag-database.container @@ -0,0 +1,23 @@ +[Unit] +Description=Wallabag database container + +[Container] +AutoUpdate=registry +ContainerName=wallabag-database +Environment=TZ=Europe/Zurich +HealthCmd=CMD mysqladmin ping -h localhost +HealthInterval=30s +HealthTimeout=10s +HealthRetries=5 +Image=docker.io/mariadb:latest +Pod=wallabag.pod +Secret=database-root-password,type=env,target=MYSQL_ROOT_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich +Volume=wallabag-database.volume:/var/lib/mysql + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/wallabag/wallabag-database.volume b/quadlets/wallabag/wallabag-database.volume new file mode 100644 index 0000000..09e0dbf --- /dev/null +++ b/quadlets/wallabag/wallabag-database.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/wallabag/storage/database +Driver=local +Options=bind +Type=none +VolumeName=wallabag-database diff --git a/quadlets/wallabag/wallabag-images.volume b/quadlets/wallabag/wallabag-images.volume new file mode 100644 index 0000000..02213b1 --- /dev/null +++ b/quadlets/wallabag/wallabag-images.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/wallabag/storage/images +Driver=local +Options=bind +Type=none +VolumeName=wallabag-images diff --git a/quadlets/wallabag/wallabag-redis.container b/quadlets/wallabag/wallabag-redis.container new file mode 100644 index 0000000..894191b --- /dev/null +++ b/quadlets/wallabag/wallabag-redis.container @@ -0,0 +1,21 @@ +[Unit] +Description=Wallabag Redis container + +[Container] +AutoUpdate=registry +ContainerName=wallabag-redis +Environment=TZ=Europe/Zurich +HealthCmd=CMD redis-cli ping +HealthInterval=30s +HealthTimeout=10s +HealthRetries=5 +Image=docker.io/redis:alpine +Pod=wallabag.pod +StartWithPod=true +Timezone=Europe/Zurich + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/wallabag/wallabag.container b/quadlets/wallabag/wallabag.container new file mode 100644 index 0000000..0c137d4 --- /dev/null +++ b/quadlets/wallabag/wallabag.container @@ -0,0 +1,39 @@ +[Unit] +Description=Wallabag container +After=wallabag-database.container +After=wallabag-redis.container +Requires=wallabag-database.container +Requires=wallabag-redis.container + +[Container] +AutoUpdate=registry +ContainerName=wallabag +Environment=SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql +Environment=SYMFONY__ENV__DATABASE_HOST=wallabag-database +Environment=SYMFONY__ENV__DATABASE_PORT=3306 +Environment=SYMFONY__ENV__DATABASE_NAME=wallabag +Environment=SYMFONY__ENV__DATABASE_USER=wallabag +Environment=SYMFONY__ENV__DATABASE_CHARSET=utf8mb4 +Environment=SYMFONY__ENV__DATABASE_TABLE_PREFIX=wallabag_ +Environment=SYMFONY__ENV__MAILER_DSN=smtp:127.0.0.1 +Environment=SYMFONY__ENV__FROM_EMAIL=wallabag@gtache.ch +Environment=SYMFONY__ENV__DOMAIN_NAME=https://wallabag.gtache.ch +Environment=SYMFONY__ENV__SERVER_NAME=Wallabag +Environment=TZ=Europe/Zurich +HealthCmd=CMD wget --no-verbose --tries=1 --spider http://localhost +HealthInterval=30s +HealthTimeout=5s +HealthRetries=5 +Image=docker.io/wallabag/wallabag:latest +Pod=wallabag.pod +Secret=database-root-password,type=env,target=MYSQL_ROOT_PASSWORD +Secret=database-password,type=env,target=SYMFONY__ENV__DATABASE_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich +Volume=wallabag-images.volume:/var/www/wallabag/web/assets/images + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/wallabag/wallabag.pod b/quadlets/wallabag/wallabag.pod new file mode 100644 index 0000000..e2f71dc --- /dev/null +++ b/quadlets/wallabag/wallabag.pod @@ -0,0 +1,3 @@ +[Pod] +PodName=wallabag +PublishPort=9012:80 diff --git a/services/kiwix/clone-zim-updater.service b/services/kiwix/clone-zim-updater.service new file mode 100644 index 0000000..8b7f83d --- /dev/null +++ b/services/kiwix/clone-zim-updater.service @@ -0,0 +1,11 @@ +[Unit] +Description=Clones the ZIM updater repository +ConditionPathExists=!/var/home/kiwix/kiwix-zim-updater + +[Service] +Type=oneshot +ExecStart=bash -c "cd /var/home/kiwix && git clone https://github.com/jojo2357/kiwix-zim-updater.git" +RemainAfterExit=true + +[Install] +WantedBy=default.target diff --git a/services/nextcloud/pre-generate-preview.service b/services/nextcloud/pre-generate-preview.service new file mode 100644 index 0000000..9103667 --- /dev/null +++ b/services/nextcloud/pre-generate-preview.service @@ -0,0 +1,6 @@ +[Unit] +Description=Pre-generates previews for Nextcloud + +[Service] +Type=oneshot +ExecStart=/var/home/nextcloud/pre-generate-preview.sh diff --git a/services/nextcloud/pre-generate-preview.timer b/services/nextcloud/pre-generate-preview.timer new file mode 100644 index 0000000..2ca0977 --- /dev/null +++ b/services/nextcloud/pre-generate-preview.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Timer for the pre-generate-preview service + +[Timer] +OnCalendar=12:00:00 +OnCalendar=00:00:00 +Persistent=true +Unit=pre-generate-preview.service + +[Install] +WantedBy=timers.target diff --git a/services/pihole/update-hints.service b/services/pihole/update-hints.service new file mode 100644 index 0000000..0474b00 --- /dev/null +++ b/services/pihole/update-hints.service @@ -0,0 +1,6 @@ +[Unit] +Description=Update the unbound root hints + +[Service] +Type=oneshot +ExecStart=/var/home/pihole/update-hints.sh diff --git a/services/pihole/update-hints.timer b/services/pihole/update-hints.timer new file mode 100644 index 0000000..5265e7d --- /dev/null +++ b/services/pihole/update-hints.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Timer for the update-hints service + +[Timer] +OnCalendar=*-12-01 00:00:00 +OnCalendar=*-6-01 00:00:00 +Persistent=true +Unit=update-hints.service + +[Install] +WantedBy=timers.target diff --git a/services/pihole/update-root.service b/services/pihole/update-root.service new file mode 100644 index 0000000..5b3c64e --- /dev/null +++ b/services/pihole/update-root.service @@ -0,0 +1,6 @@ +[Unit] +Description=Update the unbound root entries + +[Service] +Type=oneshot +ExecStart=/var/home/pihole/update-root.sh diff --git a/services/pihole/update-root.timer b/services/pihole/update-root.timer new file mode 100644 index 0000000..00f9b2e --- /dev/null +++ b/services/pihole/update-root.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Timer for the update-root service + +[Timer] +OnCalendar=*-*-01 00:00:00 +Persistent=true +Unit=update-root.service + +[Install] +WantedBy=timers.target diff --git a/services/tga/update-dyndns.service b/services/tga/update-dyndns.service new file mode 100644 index 0000000..6f0a605 --- /dev/null +++ b/services/tga/update-dyndns.service @@ -0,0 +1,6 @@ +[Unit] +Description=Update the DynDns entries + +[Service] +Type=oneshot +ExecStart=/var/home/tga/dyndns.sh diff --git a/services/tga/update-dyndns.timer b/services/tga/update-dyndns.timer new file mode 100644 index 0000000..2d5b566 --- /dev/null +++ b/services/tga/update-dyndns.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Timer for the update-dyndns service + +[Timer] +OnCalendar=*:00/30 +Persistent=true +Unit=update-dyndns.service + +[Install] +WantedBy=timers.target diff --git a/user-template.bu b/user-template.bu new file mode 100644 index 0000000..7ea367e --- /dev/null +++ b/user-template.bu @@ -0,0 +1,19 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: __USER__ +storage: + directories: + - path: /home/__USER__/.config/systemd/user + mode: 0755 + user: + name: __USER__ + group: + name: __USER__ + - path: /var/mnt/nas/containers/__USER__ + mode: 0755 + user: + name: __USER__ + group: + name: __USER__ diff --git a/users/arr.bu b/users/arr.bu new file mode 100644 index 0000000..671990d --- /dev/null +++ b/users/arr.bu @@ -0,0 +1,249 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: arr +storage: + directories: + - path: /home/arr/.config/systemd/user + mode: 0755 + user: + name: arr + group: + name: arr + - path: /var/mnt/nas/containers/arr + mode: 0755 + user: + name: arr + group: + name: arr + + - path: /var/mnt/nas/containers/arr/storage/bazarr-config + mode: 0755 + user: + name: arr + group: + name: arr + - path: /var/mnt/nas/containers/arr/storage/bazarr-data + mode: 0755 + user: + name: arr + group: + name: arr + - path: /var/mnt/nas/containers/arr/storage/lidarr-config + mode: 0755 + user: + name: arr + group: + name: arr + - path: /var/mnt/nas/containers/arr/storage/lidarr-data + mode: 0755 + user: + name: arr + group: + name: arr + - path: /var/mnt/nas/containers/arr/storage/overseerr-config + mode: 0755 + user: + name: arr + group: + name: arr + - path: /var/mnt/nas/containers/arr/storage/prowlarr-config + mode: 0755 + user: + name: arr + group: + name: arr + - path: /var/mnt/nas/containers/arr/storage/prowlarr-data + mode: 0755 + user: + name: arr + group: + name: arr + - path: /var/mnt/nas/containers/arr/storage/radarr-config + mode: 0755 + user: + name: arr + group: + name: arr + - path: /var/mnt/nas/containers/arr/storage/radarr-data + mode: 0755 + user: + name: arr + group: + name: arr + - path: /var/mnt/nas/containers/arr/storage/sonarr-config + mode: 0755 + user: + name: arr + group: + name: arr + - path: /var/mnt/nas/containers/arr/storage/sonarr-data + mode: 0755 + user: + name: arr + group: + name: arr + files: + - path: /var/lib/systemd/linger/arr + mode: 0644 + - path: /home/arr/.config/containers/systemd/user/arr.pod + mode: 0644 + contents: + local: quadlets/arr/arr.pod + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/bazarr-config.volume + mode: 0644 + contents: + local: quadlets/arr/bazarr-config.volume + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/bazarr.container + mode: 0644 + contents: + local: quadlets/arr/bazarr.container + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/bazarr-data.volume + mode: 0644 + contents: + local: quadlets/arr/bazarr-data.volume + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/gluetun.container + mode: 0644 + contents: + local: quadlets/arr/gluetun.container + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/lidarr-config.volume + mode: 0644 + contents: + local: quadlets/arr/lidarr-config.volume + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/lidarr.container + mode: 0644 + contents: + local: quadlets/arr/lidarr.container + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/lidarr-data.volume + mode: 0644 + contents: + local: quadlets/arr/lidarr-data.volume + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/overseerr-config.volume + mode: 0644 + contents: + local: quadlets/arr/overseerr-config.volume + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/overseerr.container + mode: 0644 + contents: + local: quadlets/arr/overseerr.container + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/prowlarr-config.volume + mode: 0644 + contents: + local: quadlets/arr/prowlarr-config.volume + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/prowlarr.container + mode: 0644 + contents: + local: quadlets/arr/prowlarr.container + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/prowlarr-data.volume + mode: 0644 + contents: + local: quadlets/arr/prowlarr-data.volume + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/radarr-config.volume + mode: 0644 + contents: + local: quadlets/arr/radarr-config.volume + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/radarr.container + mode: 0644 + contents: + local: quadlets/arr/radarr.container + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/radarr-data.volume + mode: 0644 + contents: + local: quadlets/arr/radarr-data.volume + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/sonarr-config.volume + mode: 0644 + contents: + local: quadlets/arr/sonarr-config.volume + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/sonarr.container + mode: 0644 + contents: + local: quadlets/arr/sonarr.container + user: + name: arr + group: + name: arr + - path: /home/arr/.config/containers/systemd/user/sonarr-data.volume + mode: 0644 + contents: + local: quadlets/arr/sonarr-data.volume + user: + name: arr + group: + name: arr + - path: /var/home/arr/.secrets + mode: 0755 + contents: + local: home/arr/.secrets + user: + name: arr + group: + name: arr \ No newline at end of file diff --git a/users/gitea.bu b/users/gitea.bu new file mode 100644 index 0000000..811ca51 --- /dev/null +++ b/users/gitea.bu @@ -0,0 +1,83 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: gitea +storage: + directories: + - path: /home/gitea/.config/systemd/user + mode: 0755 + user: + name: gitea + group: + name: gitea + - path: /var/mnt/nas/containers/gitea + mode: 0755 + user: + name: gitea + group: + name: gitea + + - path: /var/mnt/nas/containers/gitea/storage/database-data + mode: 0755 + user: + name: gitea + group: + name: gitea + - path: /var/mnt/nas/containers/gitea/storage/data + mode: 0755 + user: + name: gitea + group: + name: gitea + files: + - path: /var/lib/systemd/linger/gitea + mode: 0644 + - path: /home/gitea/.config/containers/systemd/user/gitea.container + mode: 0644 + contents: + local: quadlets/gitea/gitea.container + user: + name: gitea + group: + name: gitea + - path: /home/gitea/.config/containers/systemd/user/gitea-database.container + mode: 0644 + contents: + local: quadlets/gitea/gitea-database.container + user: + name: gitea + group: + name: gitea + - path: /home/gitea/.config/containers/systemd/user/gitea-database.volume + mode: 0644 + contents: + local: quadlets/gitea/gitea-database.volume + user: + name: gitea + group: + name: gitea + - path: /home/gitea/.config/containers/systemd/user/gitea-data.volume + mode: 0644 + contents: + local: quadlets/gitea/gitea-data.volume + user: + name: gitea + group: + name: gitea + - path: /home/gitea/.config/containers/systemd/user/gitea.pod + mode: 0644 + contents: + local: quadlets/gitea/gitea.pod + user: + name: gitea + group: + name: gitea + - path: /var/home/gitea/.secrets + mode: 0755 + contents: + local: home/gitea/.secrets + user: + name: gitea + group: + name: gitea \ No newline at end of file diff --git a/users/homeassistant.bu b/users/homeassistant.bu new file mode 100644 index 0000000..4aebc9e --- /dev/null +++ b/users/homeassistant.bu @@ -0,0 +1,67 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: homeassistant +storage: + directories: + - path: /home/homeassistant/.config/systemd/user + mode: 0755 + user: + name: homeassistant + group: + name: homeassistant + - path: /var/mnt/nas/containers/homeassistant + mode: 0755 + user: + name: homeassistant + group: + name: homeassistant + + - path: /var/mnt/nas/containers/homeassistant/storage/config + mode: 0755 + user: + name: homeassistant + group: + name: homeassistant + - path: /var/mnt/nas/containers/homeassistant/storage/ssh + mode: 0755 + user: + name: homeassistant + group: + name: homeassistant + files: + - path: /var/lib/systemd/linger/homeassistant + mode: 0644 + - path: /home/homeassistant/.config/containers/systemd/user/homeassistant-config.volume + mode: 0644 + contents: + local: quadlets/homeassistant/homeassistant-config.volume + user: + name: homeassistant + group: + name: homeassistant + - path: /home/homeassistant/.config/containers/systemd/user/homeassistant.container + mode: 0644 + contents: + local: quadlets/homeassistant/homeassistant.container + user: + name: homeassistant + group: + name: homeassistant + - path: /home/homeassistant/.config/containers/systemd/user/homeassistant.pod + mode: 0644 + contents: + local: quadlets/homeassistant/homeassistant.pod + user: + name: homeassistant + group: + name: homeassistant + - path: /home/homeassistant/.config/containers/systemd/user/homeassistant-ssh.volume + mode: 0644 + contents: + local: quadlets/homeassistant/homeassistant-ssh.volume + user: + name: homeassistant + group: + name: homeassistant \ No newline at end of file diff --git a/users/jdownloader.bu b/users/jdownloader.bu new file mode 100644 index 0000000..7999740 --- /dev/null +++ b/users/jdownloader.bu @@ -0,0 +1,75 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: jdownloader +storage: + directories: + - path: /home/jdownloader/.config/systemd/user + mode: 0755 + user: + name: jdownloader + group: + name: jdownloader + - path: /var/mnt/nas/containers/jdownloader + mode: 0755 + user: + name: jdownloader + group: + name: jdownloader + + - path: /var/mnt/nas/containers/jdownloader/storage/config + mode: 0755 + user: + name: jdownloader + group: + name: jdownloader + - path: /var/mnt/nas/containers/jdownloader/storage/output + mode: 0755 + user: + name: jdownloader + group: + name: jdownloader + files: + - path: /var/lib/systemd/linger/jdownloader + mode: 0644 + - path: /home/jdownloader/.config/containers/systemd/user/jdownloader-config.volume + mode: 0644 + contents: + local: quadlets/jdownloader/jdownloader-config.volume + user: + name: jdownloader + group: + name: jdownloader + - path: /home/jdownloader/.config/containers/systemd/user/jdownloader.container + mode: 0644 + contents: + local: quadlets/jdownloader/jdownloader.container + user: + name: jdownloader + group: + name: jdownloader + - path: /home/jdownloader/.config/containers/systemd/user/jdownloader-output.volume + mode: 0644 + contents: + local: quadlets/jdownloader/jdownloader-output.volume + user: + name: jdownloader + group: + name: jdownloader + - path: /home/jdownloader/.config/containers/systemd/user/jdownloader.pod + mode: 0644 + contents: + local: quadlets/jdownloader/jdownloader.pod + user: + name: jdownloader + group: + name: jdownloader + - path: /var/home/jdownloader/.secrets + mode: 0755 + contents: + local: home/jdownloader/.secrets + user: + name: jdownloader + group: + name: jdownloader \ No newline at end of file diff --git a/users/kiwix.bu b/users/kiwix.bu new file mode 100644 index 0000000..51b3945 --- /dev/null +++ b/users/kiwix.bu @@ -0,0 +1,61 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: kiwix +storage: + directories: + - path: /home/kiwix/.config/systemd/user + mode: 0755 + user: + name: kiwix + group: + name: kiwix + - path: /var/mnt/nas/containers/kiwix + mode: 0755 + user: + name: kiwix + group: + name: kiwix + + - path: /var/mnt/nas/containers/kiwix/storage/data + mode: 0755 + user: + name: kiwix + group: + name: kiwix + files: + - path: /var/lib/systemd/linger/kiwix + mode: 0644 + - path: /home/kiwix/.config/containers/systemd/user/kiwix.container + mode: 0644 + contents: + local: quadlets/kiwix/kiwix.container + user: + name: kiwix + group: + name: kiwix + - path: /home/kiwix/.config/containers/systemd/user/kiwix-data.volume + mode: 0644 + contents: + local: quadlets/kiwix/kiwix-data.volume + user: + name: kiwix + group: + name: kiwix + - path: /home/kiwix/.config/containers/systemd/user/kiwix.pod + mode: 0644 + contents: + local: quadlets/kiwix/kiwix.pod + user: + name: kiwix + group: + name: kiwix + - path: /var/home/kiwix/.config/systemd/user/clone-zim-updater.service + mode: 0755 + contents: + local: services/kiwix/clone-zim-updater.service + user: + name: kiwix + group: + name: kiwix \ No newline at end of file diff --git a/users/komga.bu b/users/komga.bu new file mode 100644 index 0000000..9983f83 --- /dev/null +++ b/users/komga.bu @@ -0,0 +1,67 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: komga +storage: + directories: + - path: /home/komga/.config/systemd/user + mode: 0755 + user: + name: komga + group: + name: komga + - path: /var/mnt/nas/containers/komga + mode: 0755 + user: + name: komga + group: + name: komga + + - path: /var/mnt/nas/containers/komga/storage/config + mode: 0755 + user: + name: komga + group: + name: komga + - path: /var/mnt/nas/containers/komga/storage/data + mode: 0755 + user: + name: komga + group: + name: komga + files: + - path: /var/lib/systemd/linger/komga + mode: 0644 + - path: /home/komga/.config/containers/systemd/user/komga-config.volume + mode: 0644 + contents: + local: quadlets/komga/komga-config.volume + user: + name: komga + group: + name: komga + - path: /home/komga/.config/containers/systemd/user/komga.container + mode: 0644 + contents: + local: quadlets/komga/komga.container + user: + name: komga + group: + name: komga + - path: /home/komga/.config/containers/systemd/user/komga-data.volume + mode: 0644 + contents: + local: quadlets/komga/komga-data.volume + user: + name: komga + group: + name: komga + - path: /home/komga/.config/containers/systemd/user/komga.pod + mode: 0644 + contents: + local: quadlets/komga/komga.pod + user: + name: komga + group: + name: komga \ No newline at end of file diff --git a/users/navidrome.bu b/users/navidrome.bu new file mode 100644 index 0000000..226e2c4 --- /dev/null +++ b/users/navidrome.bu @@ -0,0 +1,75 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: navidrome +storage: + directories: + - path: /home/navidrome/.config/systemd/user + mode: 0755 + user: + name: navidrome + group: + name: navidrome + - path: /var/mnt/nas/containers/navidrome + mode: 0755 + user: + name: navidrome + group: + name: navidrome + + - path: /var/mnt/nas/containers/navidrome/storage/data + mode: 0755 + user: + name: navidrome + group: + name: navidrome + - path: /var/mnt/nas/containers/navidrome/storage/music + mode: 0755 + user: + name: navidrome + group: + name: navidrome + files: + - path: /var/lib/systemd/linger/navidrome + mode: 0644 + - path: /home/navidrome/.config/containers/systemd/user/navidrome.container + mode: 0644 + contents: + local: quadlets/navidrome/navidrome.container + user: + name: navidrome + group: + name: navidrome + - path: /home/navidrome/.config/containers/systemd/user/navidrome-data.volume + mode: 0644 + contents: + local: quadlets/navidrome/navidrome-data.volume + user: + name: navidrome + group: + name: navidrome + - path: /home/navidrome/.config/containers/systemd/user/navidrome-music.volume + mode: 0644 + contents: + local: quadlets/navidrome/navidrome-music.volume + user: + name: navidrome + group: + name: navidrome + - path: /home/navidrome/.config/containers/systemd/user/navidrome.pod + mode: 0644 + contents: + local: quadlets/navidrome/navidrome.pod + user: + name: navidrome + group: + name: navidrome + - path: /var/home/navidrome/.secrets + mode: 0755 + contents: + local: home/navidrome/.secrets + user: + name: navidrome + group: + name: navidrome \ No newline at end of file diff --git a/users/nextcloud.bu b/users/nextcloud.bu new file mode 100644 index 0000000..27eb0c3 --- /dev/null +++ b/users/nextcloud.bu @@ -0,0 +1,221 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: nextcloud +storage: + directories: + - path: /home/nextcloud/.config/systemd/user + mode: 0755 + user: + name: nextcloud + group: + name: nextcloud + - path: /var/mnt/nas/containers/nextcloud + mode: 0755 + user: + name: nextcloud + group: + name: nextcloud + + - path: /var/mnt/nas/containers/nextcloud/storage/apps + mode: 0755 + user: + name: nextcloud + group: + name: nextcloud + - path: /var/mnt/nas/containers/nextcloud/storage/config + mode: 0755 + user: + name: nextcloud + group: + name: nextcloud + - path: /var/mnt/nas/containers/nextcloud/storage/database + mode: 0755 + user: + name: nextcloud + group: + name: nextcloud + - path: /var/mnt/nas/containers/nextcloud/storage/data + mode: 0755 + user: + name: nextcloud + group: + name: nextcloud + - path: /var/mnt/nas/containers/nextcloud/storage/html + mode: 0755 + user: + name: nextcloud + group: + name: nextcloud + - path: /var/mnt/nas/containers/nextcloud/storage/php-config + mode: 0755 + user: + name: nextcloud + group: + name: nextcloud + - path: /var/mnt/nas/containers/nextcloud/storage/redis-config + mode: 0755 + user: + name: nextcloud + group: + name: nextcloud + - path: /var/mnt/nas/containers/nextcloud/storage/redis-data + mode: 0755 + user: + name: nextcloud + group: + name: nextcloud + - path: /var/mnt/nas/containers/nextcloud/storage/themes + mode: 0755 + user: + name: nextcloud + group: + name: nextcloud + files: + - path: /var/lib/systemd/linger/nextcloud + mode: 0644 + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-apps.volume + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-apps.volume + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-config.volume + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-config.volume + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud.container + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud.container + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-cron.container + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-cron.container + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-database.container + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-database.container + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-database.volume + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-database.volume + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-data.volume + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-data.volume + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-html.volume + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-html.volume + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-php-config.volume + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-php-config.volume + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud.pod + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud.pod + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-redis-config.volume + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-redis-config.volume + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-redis.container + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-redis.container + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-redis-data.volume + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-redis-data.volume + user: + name: nextcloud + group: + name: nextcloud + - path: /home/nextcloud/.config/containers/systemd/user/nextcloud-themes.volume + mode: 0644 + contents: + local: quadlets/nextcloud/nextcloud-themes.volume + user: + name: nextcloud + group: + name: nextcloud + - path: /var/home/nextcloud/pre-generate-preview.sh + mode: 0755 + contents: + local: home/nextcloud/pre-generate-preview.sh + user: + name: nextcloud + group: + name: nextcloud + - path: /var/home/nextcloud/.secrets + mode: 0755 + contents: + local: home/nextcloud/.secrets + user: + name: nextcloud + group: + name: nextcloud + - path: /var/home/nextcloud/.config/systemd/user/pre-generate-preview.service + mode: 0755 + contents: + local: services/nextcloud/pre-generate-preview.service + user: + name: nextcloud + group: + name: nextcloud + - path: /var/home/nextcloud/.config/systemd/user/pre-generate-preview.timer + mode: 0755 + contents: + local: services/nextcloud/pre-generate-preview.timer + user: + name: nextcloud + group: + name: nextcloud \ No newline at end of file diff --git a/users/nginx.bu b/users/nginx.bu new file mode 100644 index 0000000..759c930 --- /dev/null +++ b/users/nginx.bu @@ -0,0 +1,89 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: nginx +storage: + directories: + - path: /home/nginx/.config/systemd/user + mode: 0755 + user: + name: nginx + group: + name: nginx + - path: /var/mnt/nas/containers/nginx + mode: 0755 + user: + name: nginx + group: + name: nginx + + - path: /var/mnt/nas/containers/nginx/storage/acme + mode: 0755 + user: + name: nginx + group: + name: nginx + - path: /var/mnt/nas/containers/nginx/storage/certs + mode: 0755 + user: + name: nginx + group: + name: nginx + - path: /var/mnt/nas/containers/nginx/storage/html + mode: 0755 + user: + name: nginx + group: + name: nginx + files: + - path: /var/lib/systemd/linger/nginx + mode: 0644 + - path: /home/nginx/.config/containers/systemd/user/nginx-acme.container + mode: 0644 + contents: + local: quadlets/nginx/nginx-acme.container + user: + name: nginx + group: + name: nginx + - path: /home/nginx/.config/containers/systemd/user/nginx-acme.volume + mode: 0644 + contents: + local: quadlets/nginx/nginx-acme.volume + user: + name: nginx + group: + name: nginx + - path: /home/nginx/.config/containers/systemd/user/nginx-certs.volume + mode: 0644 + contents: + local: quadlets/nginx/nginx-certs.volume + user: + name: nginx + group: + name: nginx + - path: /home/nginx/.config/containers/systemd/user/nginx.container + mode: 0644 + contents: + local: quadlets/nginx/nginx.container + user: + name: nginx + group: + name: nginx + - path: /home/nginx/.config/containers/systemd/user/nginx-html.volume + mode: 0644 + contents: + local: quadlets/nginx/nginx-html.volume + user: + name: nginx + group: + name: nginx + - path: /home/nginx/.config/containers/systemd/user/nginx.pod + mode: 0644 + contents: + local: quadlets/nginx/nginx.pod + user: + name: nginx + group: + name: nginx \ No newline at end of file diff --git a/users/pairdrop.bu b/users/pairdrop.bu new file mode 100644 index 0000000..5180a78 --- /dev/null +++ b/users/pairdrop.bu @@ -0,0 +1,39 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: pairdrop +storage: + directories: + - path: /home/pairdrop/.config/systemd/user + mode: 0755 + user: + name: pairdrop + group: + name: pairdrop + - path: /var/mnt/nas/containers/pairdrop + mode: 0755 + user: + name: pairdrop + group: + name: pairdrop + + files: + - path: /var/lib/systemd/linger/pairdrop + mode: 0644 + - path: /home/pairdrop/.config/containers/systemd/user/pairdrop.container + mode: 0644 + contents: + local: quadlets/pairdrop/pairdrop.container + user: + name: pairdrop + group: + name: pairdrop + - path: /home/pairdrop/.config/containers/systemd/user/pairdrop.pod + mode: 0644 + contents: + local: quadlets/pairdrop/pairdrop.pod + user: + name: pairdrop + group: + name: pairdrop \ No newline at end of file diff --git a/users/paperless.bu b/users/paperless.bu new file mode 100644 index 0000000..6b43be3 --- /dev/null +++ b/users/paperless.bu @@ -0,0 +1,163 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: paperless +storage: + directories: + - path: /home/paperless/.config/systemd/user + mode: 0755 + user: + name: paperless + group: + name: paperless + - path: /var/mnt/nas/containers/paperless + mode: 0755 + user: + name: paperless + group: + name: paperless + + - path: /var/mnt/nas/containers/paperless/storage/consume + mode: 0755 + user: + name: paperless + group: + name: paperless + - path: /var/mnt/nas/containers/paperless/storage/database-data + mode: 0755 + user: + name: paperless + group: + name: paperless + - path: /var/mnt/nas/containers/paperless/storage/data + mode: 0755 + user: + name: paperless + group: + name: paperless + - path: /var/mnt/nas/containers/paperless/storage/export + mode: 0755 + user: + name: paperless + group: + name: paperless + - path: /var/mnt/nas/containers/paperless/storage/media + mode: 0755 + user: + name: paperless + group: + name: paperless + - path: /var/mnt/nas/containers/paperless/storage/redis-data + mode: 0755 + user: + name: paperless + group: + name: paperless + files: + - path: /var/lib/systemd/linger/paperless + mode: 0644 + - path: /home/paperless/.config/containers/systemd/user/gotenberg.container + mode: 0644 + contents: + local: quadlets/paperless/gotenberg.container + user: + name: paperless + group: + name: paperless + - path: /home/paperless/.config/containers/systemd/user/paperless-consume.volume + mode: 0644 + contents: + local: quadlets/paperless/paperless-consume.volume + user: + name: paperless + group: + name: paperless + - path: /home/paperless/.config/containers/systemd/user/paperless.container + mode: 0644 + contents: + local: quadlets/paperless/paperless.container + user: + name: paperless + group: + name: paperless + - path: /home/paperless/.config/containers/systemd/user/paperless-database.container + mode: 0644 + contents: + local: quadlets/paperless/paperless-database.container + user: + name: paperless + group: + name: paperless + - path: /home/paperless/.config/containers/systemd/user/paperless-database.volume + mode: 0644 + contents: + local: quadlets/paperless/paperless-database.volume + user: + name: paperless + group: + name: paperless + - path: /home/paperless/.config/containers/systemd/user/paperless-data.volume + mode: 0644 + contents: + local: quadlets/paperless/paperless-data.volume + user: + name: paperless + group: + name: paperless + - path: /home/paperless/.config/containers/systemd/user/paperless-export.volume + mode: 0644 + contents: + local: quadlets/paperless/paperless-export.volume + user: + name: paperless + group: + name: paperless + - path: /home/paperless/.config/containers/systemd/user/paperless-media.volume + mode: 0644 + contents: + local: quadlets/paperless/paperless-media.volume + user: + name: paperless + group: + name: paperless + - path: /home/paperless/.config/containers/systemd/user/paperless.pod + mode: 0644 + contents: + local: quadlets/paperless/paperless.pod + user: + name: paperless + group: + name: paperless + - path: /home/paperless/.config/containers/systemd/user/paperless-redis.container + mode: 0644 + contents: + local: quadlets/paperless/paperless-redis.container + user: + name: paperless + group: + name: paperless + - path: /home/paperless/.config/containers/systemd/user/paperless-redis-data.volume + mode: 0644 + contents: + local: quadlets/paperless/paperless-redis-data.volume + user: + name: paperless + group: + name: paperless + - path: /home/paperless/.config/containers/systemd/user/tika.container + mode: 0644 + contents: + local: quadlets/paperless/tika.container + user: + name: paperless + group: + name: paperless + - path: /var/home/paperless/.secrets + mode: 0755 + contents: + local: home/paperless/.secrets + user: + name: paperless + group: + name: paperless \ No newline at end of file diff --git a/users/pihole.bu b/users/pihole.bu new file mode 100644 index 0000000..a181e82 --- /dev/null +++ b/users/pihole.bu @@ -0,0 +1,253 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: pihole +storage: + directories: + - path: /home/pihole/.config/systemd/user + mode: 0755 + user: + name: pihole + group: + name: pihole + - path: /var/mnt/nas/containers/pihole + mode: 0755 + user: + name: pihole + group: + name: pihole + + - path: /var/mnt/nas/containers/pihole/storage/config + mode: 0755 + user: + name: pihole + group: + name: pihole + - path: /var/mnt/nas/containers/pihole/storage/dnsmasq + mode: 0755 + user: + name: pihole + group: + name: pihole + - path: /var/mnt/nas/containers/pihole/storage/unbound-conf + mode: 0755 + user: + name: pihole + group: + name: pihole + - path: /var/mnt/nas/containers/pihole/storage/unbound-iana + mode: 0755 + user: + name: pihole + group: + name: pihole + - path: /var/mnt/nas/containers/pihole/storage/unbound-log + mode: 0755 + user: + name: pihole + group: + name: pihole + - path: /var/mnt/nas/containers/pihole/storage/unbound-redis-cache + mode: 0755 + user: + name: pihole + group: + name: pihole + - path: /var/mnt/nas/containers/pihole/storage/unbound-redis-conf + mode: 0755 + user: + name: pihole + group: + name: pihole + - path: /var/mnt/nas/containers/pihole/storage/unbound-redis-data + mode: 0755 + user: + name: pihole + group: + name: pihole + - path: /var/mnt/nas/containers/pihole/storage/unbound-zones + mode: 0755 + user: + name: pihole + group: + name: pihole + files: + - path: /var/lib/systemd/linger/pihole + mode: 0644 + - path: /home/pihole/.config/containers/systemd/user/pihole-config.volume + mode: 0644 + contents: + local: quadlets/pihole/pihole-config.volume + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/pihole.container + mode: 0644 + contents: + local: quadlets/pihole/pihole.container + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/pihole-dnsmasq.volume + mode: 0644 + contents: + local: quadlets/pihole/pihole-dnsmasq.volume + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/pihole.network + mode: 0644 + contents: + local: quadlets/pihole/pihole.network + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/pihole.pod + mode: 0644 + contents: + local: quadlets/pihole/pihole.pod + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/unbound-conf.volume + mode: 0644 + contents: + local: quadlets/pihole/unbound-conf.volume + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/unbound.container + mode: 0644 + contents: + local: quadlets/pihole/unbound.container + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/unbound-iana.volume + mode: 0644 + contents: + local: quadlets/pihole/unbound-iana.volume + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/unbound-log.volume + mode: 0644 + contents: + local: quadlets/pihole/unbound-log.volume + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/unbound-redis-cache.volume + mode: 0644 + contents: + local: quadlets/pihole/unbound-redis-cache.volume + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/unbound-redis-conf.volume + mode: 0644 + contents: + local: quadlets/pihole/unbound-redis-conf.volume + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/unbound-redis.container + mode: 0644 + contents: + local: quadlets/pihole/unbound-redis.container + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/unbound-redis-data.volume + mode: 0644 + contents: + local: quadlets/pihole/unbound-redis-data.volume + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/unbound-redis-socket.container + mode: 0644 + contents: + local: quadlets/pihole/unbound-redis-socket.container + user: + name: pihole + group: + name: pihole + - path: /home/pihole/.config/containers/systemd/user/unbound-zones.volume + mode: 0644 + contents: + local: quadlets/pihole/unbound-zones.volume + user: + name: pihole + group: + name: pihole + - path: /var/home/pihole/.secrets + mode: 0755 + contents: + local: home/pihole/.secrets + user: + name: pihole + group: + name: pihole + - path: /var/home/pihole/update-hints.sh + mode: 0755 + contents: + local: home/pihole/update-hints.sh + user: + name: pihole + group: + name: pihole + - path: /var/home/pihole/update-root.sh + mode: 0755 + contents: + local: home/pihole/update-root.sh + user: + name: pihole + group: + name: pihole + - path: /var/home/pihole/.config/systemd/user/update-hints.service + mode: 0755 + contents: + local: services/pihole/update-hints.service + user: + name: pihole + group: + name: pihole + - path: /var/home/pihole/.config/systemd/user/update-hints.timer + mode: 0755 + contents: + local: services/pihole/update-hints.timer + user: + name: pihole + group: + name: pihole + - path: /var/home/pihole/.config/systemd/user/update-root.service + mode: 0755 + contents: + local: services/pihole/update-root.service + user: + name: pihole + group: + name: pihole + - path: /var/home/pihole/.config/systemd/user/update-root.timer + mode: 0755 + contents: + local: services/pihole/update-root.timer + user: + name: pihole + group: + name: pihole \ No newline at end of file diff --git a/users/qbittorrent.bu b/users/qbittorrent.bu new file mode 100644 index 0000000..44be5a4 --- /dev/null +++ b/users/qbittorrent.bu @@ -0,0 +1,83 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: qbittorrent +storage: + directories: + - path: /home/qbittorrent/.config/systemd/user + mode: 0755 + user: + name: qbittorrent + group: + name: qbittorrent + - path: /var/mnt/nas/containers/qbittorrent + mode: 0755 + user: + name: qbittorrent + group: + name: qbittorrent + + - path: /var/mnt/nas/containers/qbittorrent/storage/config + mode: 0755 + user: + name: qbittorrent + group: + name: qbittorrent + - path: /var/mnt/nas/containers/qbittorrent/storage/downloads + mode: 0755 + user: + name: qbittorrent + group: + name: qbittorrent + files: + - path: /var/lib/systemd/linger/qbittorrent + mode: 0644 + - path: /home/qbittorrent/.config/containers/systemd/user/gluetun.container + mode: 0644 + contents: + local: quadlets/qbittorrent/gluetun.container + user: + name: qbittorrent + group: + name: qbittorrent + - path: /home/qbittorrent/.config/containers/systemd/user/qbittorrent-config.volume + mode: 0644 + contents: + local: quadlets/qbittorrent/qbittorrent-config.volume + user: + name: qbittorrent + group: + name: qbittorrent + - path: /home/qbittorrent/.config/containers/systemd/user/qbittorrent.container + mode: 0644 + contents: + local: quadlets/qbittorrent/qbittorrent.container + user: + name: qbittorrent + group: + name: qbittorrent + - path: /home/qbittorrent/.config/containers/systemd/user/qbittorrent-downloads.volume + mode: 0644 + contents: + local: quadlets/qbittorrent/qbittorrent-downloads.volume + user: + name: qbittorrent + group: + name: qbittorrent + - path: /home/qbittorrent/.config/containers/systemd/user/qbittorrent.pod + mode: 0644 + contents: + local: quadlets/qbittorrent/qbittorrent.pod + user: + name: qbittorrent + group: + name: qbittorrent + - path: /var/home/qbittorrent/.secrets + mode: 0755 + contents: + local: home/qbittorrent/.secrets + user: + name: qbittorrent + group: + name: qbittorrent \ No newline at end of file diff --git a/users/synapse.bu b/users/synapse.bu new file mode 100644 index 0000000..c0130ee --- /dev/null +++ b/users/synapse.bu @@ -0,0 +1,111 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: synapse +storage: + directories: + - path: /home/synapse/.config/systemd/user + mode: 0755 + user: + name: synapse + group: + name: synapse + - path: /var/mnt/nas/containers/synapse + mode: 0755 + user: + name: synapse + group: + name: synapse + + - path: /var/mnt/nas/containers/synapse/storage/database-data + mode: 0755 + user: + name: synapse + group: + name: synapse + - path: /var/mnt/nas/containers/synapse/storage/data + mode: 0755 + user: + name: synapse + group: + name: synapse + - path: /var/mnt/nas/containers/synapse/storage/mautrix + mode: 0755 + user: + name: synapse + group: + name: synapse + - path: /var/mnt/nas/containers/synapse/storage/media + mode: 0755 + user: + name: synapse + group: + name: synapse + files: + - path: /var/lib/systemd/linger/synapse + mode: 0644 + - path: /home/synapse/.config/containers/systemd/user/synapse.container + mode: 0644 + contents: + local: quadlets/synapse/synapse.container + user: + name: synapse + group: + name: synapse + - path: /home/synapse/.config/containers/systemd/user/synapse-database.container + mode: 0644 + contents: + local: quadlets/synapse/synapse-database.container + user: + name: synapse + group: + name: synapse + - path: /home/synapse/.config/containers/systemd/user/synapse-database.volume + mode: 0644 + contents: + local: quadlets/synapse/synapse-database.volume + user: + name: synapse + group: + name: synapse + - path: /home/synapse/.config/containers/systemd/user/synapse-data.volume + mode: 0644 + contents: + local: quadlets/synapse/synapse-data.volume + user: + name: synapse + group: + name: synapse + - path: /home/synapse/.config/containers/systemd/user/synapse-mautrix.volume + mode: 0644 + contents: + local: quadlets/synapse/synapse-mautrix.volume + user: + name: synapse + group: + name: synapse + - path: /home/synapse/.config/containers/systemd/user/synapse-media.volume + mode: 0644 + contents: + local: quadlets/synapse/synapse-media.volume + user: + name: synapse + group: + name: synapse + - path: /home/synapse/.config/containers/systemd/user/synapse.pod + mode: 0644 + contents: + local: quadlets/synapse/synapse.pod + user: + name: synapse + group: + name: synapse + - path: /var/home/synapse/.secrets + mode: 0755 + contents: + local: home/synapse/.secrets + user: + name: synapse + group: + name: synapse \ No newline at end of file diff --git a/users/tga.bu b/users/tga.bu new file mode 100644 index 0000000..260a80a --- /dev/null +++ b/users/tga.bu @@ -0,0 +1,55 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: tga +storage: + directories: + - path: /home/tga/.config/systemd/user + mode: 0755 + user: + name: tga + group: + name: tga + - path: /var/mnt/nas/containers/tga + mode: 0755 + user: + name: tga + group: + name: tga + + files: + - path: /var/lib/systemd/linger/tga + mode: 0644 + - path: /var/home/tga/.dyndns + mode: 0755 + contents: + local: home/tga/.dyndns + user: + name: tga + group: + name: tga + - path: /var/home/tga/dyndns.sh + mode: 0755 + contents: + local: home/tga/dyndns.sh + user: + name: tga + group: + name: tga + - path: /var/home/tga/.config/systemd/user/update-dyndns.service + mode: 0755 + contents: + local: services/tga/update-dyndns.service + user: + name: tga + group: + name: tga + - path: /var/home/tga/.config/systemd/user/update-dyndns.timer + mode: 0755 + contents: + local: services/tga/update-dyndns.timer + user: + name: tga + group: + name: tga \ No newline at end of file diff --git a/users/wallabag.bu b/users/wallabag.bu new file mode 100644 index 0000000..19f8c26 --- /dev/null +++ b/users/wallabag.bu @@ -0,0 +1,91 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: wallabag +storage: + directories: + - path: /home/wallabag/.config/systemd/user + mode: 0755 + user: + name: wallabag + group: + name: wallabag + - path: /var/mnt/nas/containers/wallabag + mode: 0755 + user: + name: wallabag + group: + name: wallabag + + - path: /var/mnt/nas/containers/wallabag/storage/database + mode: 0755 + user: + name: wallabag + group: + name: wallabag + - path: /var/mnt/nas/containers/wallabag/storage/images + mode: 0755 + user: + name: wallabag + group: + name: wallabag + files: + - path: /var/lib/systemd/linger/wallabag + mode: 0644 + - path: /home/wallabag/.config/containers/systemd/user/wallabag.container + mode: 0644 + contents: + local: quadlets/wallabag/wallabag.container + user: + name: wallabag + group: + name: wallabag + - path: /home/wallabag/.config/containers/systemd/user/wallabag-database.container + mode: 0644 + contents: + local: quadlets/wallabag/wallabag-database.container + user: + name: wallabag + group: + name: wallabag + - path: /home/wallabag/.config/containers/systemd/user/wallabag-database.volume + mode: 0644 + contents: + local: quadlets/wallabag/wallabag-database.volume + user: + name: wallabag + group: + name: wallabag + - path: /home/wallabag/.config/containers/systemd/user/wallabag-images.volume + mode: 0644 + contents: + local: quadlets/wallabag/wallabag-images.volume + user: + name: wallabag + group: + name: wallabag + - path: /home/wallabag/.config/containers/systemd/user/wallabag.pod + mode: 0644 + contents: + local: quadlets/wallabag/wallabag.pod + user: + name: wallabag + group: + name: wallabag + - path: /home/wallabag/.config/containers/systemd/user/wallabag-redis.container + mode: 0644 + contents: + local: quadlets/wallabag/wallabag-redis.container + user: + name: wallabag + group: + name: wallabag + - path: /var/home/wallabag/.secrets + mode: 0755 + contents: + local: home/wallabag/.secrets + user: + name: wallabag + group: + name: wallabag \ No newline at end of file