init

2026-02-05 21:56:40 +01:00
commit 1f62da7828
17 changed files with 655 additions and 0 deletions
--- a/Home/Node1/admin/docker-compose.yml
+++ b/Home/Node1/admin/docker-compose.yml
@@ -0,0 +1,60 @@
+name: admin-system
+
+services:
+  # --- Stack Manager (Port 9000) ---
+  dockman:
+    image: ra341/dockman:latest
+    container_name: dockman
+    restart: always
+    ports:
+      - "9000:8080"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      # WICHTIG: Dockman muss das Git-Repo sehen
+      - /opt/dockman/stacks/home-node-01:/app/stacks
+      - ./data/dockman:/app/data
+    environment:
+      - DOCKMAN_STACKS_DIR=/app/stacks
+
+  # --- Dashboard (Port 9001) ---
+  glance:
+    image: glanceapp/glance
+    container_name: glance
+    restart: unless-stopped
+    ports:
+      - "9001:8080"
+    volumes:
+      - ./config/glance.yml:/app/glance.yml
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+
+  # --- Monitoring (Port 9002) ---
+  uptime-kuma:
+    image: louislam/uptime-kuma:1
+    container_name: uptime-kuma
+    restart: always
+    ports:
+      - "9002:3001"
+    volumes:
+      - ./data/uptime-kuma:/app/data
+
+  # --- Update Checker (Port 9003) ---
+  wud:
+    image: fmartinou/whats-up-docker
+    container_name: wud
+    restart: always
+    ports:
+      - "9003:3000"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - WUD_WATCHER_LOCAL_SOCKET=/var/run/docker.sock
+
+
+  # --- Omnitools (Port 9004) ---
+  omnitools:
+    image: omnitools/omnitools:latest # Bitte exaktes Image prüfen
+    container_name: omnitools
+    restart: unless-stopped
+    ports:
+      - "9004:80"
--- a/Home/Node1/connectivity/docker-compose.yml
+++ b/Home/Node1/connectivity/docker-compose.yml
@@ -0,0 +1,9 @@
+services:
+  newt:
+    image: fosrl/newt
+    container_name: newt
+    restart: unless-stopped
+    environment:
+      - PANGOLIN_ENDPOINT=https://pangolin.kornzuhause.space
+      - NEWT_ID=y2tf3oyp0aofunu
+      - NEWT_SECRET=**************
--- a/Home/Node1/core-infra/docker-compose.yml
+++ b/Home/Node1/core-infra/docker-compose.yml
@@ -0,0 +1,39 @@
+name: core-infra
+
+secrets:
+  db_password:
+    file: ./secrets/db_password.txt
+
+services:
+  # Zentrale Postgres Datenbank für Paperless, Gitea, etc.
+  database:
+    image: postgres:16-alpine
+    container_name: postgres-core
+    restart: always
+    environment:
+      POSTGRES_USER: admin
+      POSTGRES_DB: main_db
+      # Docker Secret Magic: Liest das Passwort aus der Datei
+      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
+    secrets:
+      - db_password
+    volumes:
+      - db_data:/var/lib/postgresql/data
+    networks:
+      - core_net
+
+  # Zentrale Redis Instanz (Cache für Paperless, Immich etc.)
+  redis:
+    image: redis:alpine
+    container_name: redis-core
+    restart: always
+    networks:
+      - core_net
+
+volumes:
+  db_data:
+
+networks:
+  core_net:
+    name: core_net
+    driver: bridge
--- a/Home/Node1/core-infra/secrets/db_password.txt
+++ b/Home/Node1/core-infra/secrets/db_password.txt
@@ -0,0 +1 @@
+DeinSicheresDatenbankPasswort123!
--- a/Home/Node1/media/.env
+++ b/Home/Node1/media/.env
@@ -0,0 +1,7 @@
+PUID=1000
+PGID=1000
+TZ=Europe/Berlin
+
+# WICHTIG: Passe diesen Pfad an deine echte Festplatte an!
+# Zum Beispiel: /mnt/hdd/media
+MEDIA_ROOT=/mnt/storage/media
--- a/Home/Node1/media/docker-compose.yml
+++ b/Home/Node1/media/docker-compose.yml
@@ -0,0 +1,205 @@
+name: media
+
+services:
+  # --- Jellyfin (Port 8096) ---
+  jellyfin:
+    image: lscr.io/linuxserver/jellyfin:latest
+    container_name: jellyfin
+    restart: unless-stopped
+    ports:
+      - "7003:8096"
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+    volumes:
+      - ./config/jellyfin:/config
+      - ${MEDIA_ROOT}:/data/media # Pfad aus der .env
+    # Hardware Transcoding (Intel/AMD):
+    #devices:
+    #  - /dev/dri:/dev/dri
+
+  # --- Audiobookshelf (Port 13378) ---
+  audiobookshelf:
+    image: ghcr.io/advplyr/audiobookshelf:latest
+    container_name: audiobookshelf
+    restart: unless-stopped
+    ports:
+      - "7001:80"
+    volumes:
+      - ./config/audiobookshelf/config:/config
+      - ./config/audiobookshelf/metadata:/metadata
+      - ${MEDIA_ROOT}/audiobooks:/audiobooks
+      - ${MEDIA_ROOT}/podcasts:/podcasts
+
+  # --- RomM (Port 7000) ---
+  romm:
+    image: rommapp/romm:latest
+    container_name: romm
+    restart: unless-stopped
+    ports:
+      - "7000:8080"
+    environment:
+      - DB_HOST=romm-db
+      - DB_NAME=romm
+      - DB_USER=romm-user
+      - DB_PASSWD=romm-password
+    volumes:
+      - ./config/romm/resources:/romm/resources
+      - ${MEDIA_ROOT}/games:/romm/library
+    depends_on:
+      - romm-db
+
+  # Datenbank für RomM (nur intern sichtbar)
+  romm-db:
+    image: mariaDB:10.6
+    labels:
+      - "wud.watch=false"
+    environment:
+      - MYSQL_ROOT_PASSWORD=root-pass
+      - MYSQL_DATABASE=romm
+      - MYSQL_USER=romm-user
+      - MYSQL_PASSWORD=romm-password
+    volumes:
+      - romm_db_data:/var/lib/mysql
+
+  # --- Immich (Port 7002) ---
+  # ACHTUNG: Immich ist komplex. Das ist die vereinfachte All-in-One Struktur.
+  immich-server:
+    image: ghcr.io/immich-app/immich-server:release
+    container_name: immich_server
+    command: ["start.sh", "immich"]
+    restart: always
+    ports:
+      - "7999:2283"
+    environment:
+      - DB_HOSTNAME=immich-postgres
+      - DB_USERNAME=postgres
+      - DB_PASSWORD=postgres
+      - DB_DATABASE_NAME=immich
+      - REDIS_HOSTNAME=immich-redis
+    volumes:
+      - ${MEDIA_ROOT}/photos:/usr/src/app/upload
+    depends_on:
+      - immich-redis
+      - immich-postgres
+
+  immich-microservices:
+    image: ghcr.io/immich-app/immich-server:release
+    container_name: immich_microservices
+    command: ["start.sh", "microservices"]
+    restart: always
+    environment:
+      - DB_HOSTNAME=immich-postgres
+      - DB_USERNAME=postgres
+      - DB_PASSWORD=postgres
+      - DB_DATABASE_NAME=immich
+      - REDIS_HOSTNAME=immich-redis
+    volumes:
+      - ${MEDIA_ROOT}/photos:/usr/src/app/upload
+    depends_on:
+      - immich-redis
+      - immich-postgres
+
+  # Immich braucht seine eigene DB (Vectordaten etc.)
+  immich-postgres:
+    image: tensorchord/pgvecto-rs:pg14-v0.2.0
+    container_name: immich_postgres
+    labels:
+      - "wud.watch=false"
+    restart: always
+    environment:
+      - POSTGRES_PASSWORD=postgres
+      - POSTGRES_USER=postgres
+      - POSTGRES_DB=immich
+    volumes:
+      - immich_pg_data:/var/lib/postgresql/data
+
+  immich-redis:
+    image: redis:6.2-alpine
+    container_name: immich_redis
+    restart: always
+    labels:
+      - "wud.watch=false"
+
+  immich-drop:
+    image: ghcr.io/nasogaa/immich-drop:latest
+    pull_policy: always
+    container_name: immich-drop
+    restart: unless-stopped
+    # Configure all settings here (no .env required)
+    environment:
+      # Immich connection (must include /api)
+      IMMICH_BASE_URL: https://immich.example.com/api
+      IMMICH_API_KEY: ${IMMICH_API_KEY}
+      # Optional behavior
+      IMMICH_ALBUM_NAME: dead-drop
+      PUBLIC_UPLOAD_PAGE_ENABLED: "false"   # keep disabled by default
+      PUBLIC_BASE_URL: https://drop.example.com
+      # Large files: chunked uploads (bypass 100MB proxy limits)
+      CHUNKED_UPLOADS_ENABLED: "false"      # enable chunked uploads
+      CHUNK_SIZE_MB: "95"                  # per-chunk size (MB)
+      # App internals
+      SESSION_SECRET: ${SESSION_SECRET}
+    # Expose the app on the host
+    ports:
+      - 7998:8080
+    # Persist local dedupe cache (state.db) across restarts
+    volumes:
+      - immich_drop_data:/data
+    # Simple healthcheck
+    healthcheck:
+      test: ["CMD-SHELL", "python - <<'PY'\nimport os,urllib.request,sys; url=f\"http://127.0.0.1:{os.getenv('PORT','8080')}/\";\ntry: urllib.request.urlopen(url, timeout=3); sys.exit(0)\nexcept Exception: sys.exit(1)\nPY"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+  immich-public-proxy:
+    image: alangrainger/immich-public-proxy:latest
+    container_name: immich-public-proxy
+    restart: always
+    ports:
+      - "7997:3000"
+    environment:
+      PUBLIC_BASE_URL: https://your-proxy-url.com
+      IMMICH_URL: http://your-internal-immich-server:2283
+    healthcheck:
+      test: curl -s http://localhost:3000/share/healthcheck -o /dev/null || exit 1
+      start_period: 10s
+      timeout: 5s
+
+
+  immich-kiosk:
+    image: ghcr.io/damongolding/immich-kiosk:latest
+    container_name: immich-kiosk
+    tty: true
+    environment:
+      LANG: "de_DE"
+      TZ: "Europe/Berlin"
+    ports:
+      - 7996:3000
+    volumes:
+      - ./config:/config
+      # - ./custom.css:/custom.css
+      # - ./offline-assets:/offline-assets
+    restart: always
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+  power-tools:
+    image: ghcr.io/varun-raj/immich-power-tools:latest
+    ports:
+      - "7995:3000"
+    env_file:
+      - .env
+
+
+volumes:
+  romm_db_data:
+  immich_pg_data:
+    immich_drop_data:
--- a/Home/Node1/productivity/.env
+++ b/Home/Node1/productivity/.env
@@ -0,0 +1,3 @@
+TZ=Europe/Berlin
+PUID=1000
+PGID=1000
--- a/Home/Node1/productivity/docker-compose.yml
+++ b/Home/Node1/productivity/docker-compose.yml
@@ -0,0 +1,183 @@
+name: productivity
+
+secrets:
+  db_password:
+    file: ./secrets/db_password.txt
+
+networks:
+  # Verbindung zum Core-Stack (Postgres/Redis)
+  core_net:
+    external: true
+
+services:
+  # --- Dokumente (Port 8000) ---
+  paperless:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    container_name: paperless
+    restart: unless-stopped
+    ports:
+      - "8000:8000"
+    environment:
+      PAPERLESS_URL: https://paperless.deinedomain.de
+      PAPERLESS_TIME_ZONE: ${TZ}
+      PAPERLESS_DBHOST: postgres-core
+      PAPERLESS_DBNAME: main_db
+      PAPERLESS_DBUSER: admin
+      PAPERLESS_DBPASS_FILE: /run/secrets/db_password
+      PAPERLESS_REDIS: redis://redis-core:6379
+    secrets:
+      - db_password
+    volumes:
+      - ./data/paperless/data:/usr/src/paperless/data
+      - ./data/paperless/media:/usr/src/paperless/media
+      - ./data/paperless/consume:/usr/src/paperless/consume
+    networks:
+      - core_net
+      - default
+
+  # --- Focalboard (Port 8001) ---
+  focalboard:
+    image: mattermost/focalboard
+    container_name: focalboard
+    restart: unless-stopped
+    ports:
+      - "8001:8000"
+    networks:
+      - default
+      - core_net
+
+  # --- PDF Tools (Port 8002) ---
+  stirling-pdf:
+    image: frooodle/s-pdf:latest
+    container_name: stirling-pdf
+    restart: unless-stopped
+    ports:
+      - "8002:8080"
+    environment:
+      - DOCKER_ENABLE_SECURITY=false
+    networks:
+      - default
+
+  # --- Gramps Web (Port 8003) ---
+  # Web-Version der Ahnenforschung
+  gramps:
+    image: ghcr.io/gramps-project/gramps-web:latest
+    container_name: gramps
+    restart: unless-stopped
+    ports:
+      - "8003:5000"
+    environment:
+      GRAMPSWEB_TREE: "Stammbaum"
+      GRAMPSWEB_CELERY_CONFIG__broker_url: "redis://redis-core:6379/0" # Nutzt Core Redis
+    volumes:
+      - ./data/gramps/users:/app/users
+      - ./data/gramps/index:/app/index
+    networks:
+      - default
+      - core_net
+
+  # --- Silverbullet (Port 8004) ---
+  # Markdown Notizen
+  silverbullet:
+    image: zefhemel/silverbullet
+    container_name: silverbullet
+    restart: unless-stopped
+    ports:
+      - "8004:3000"
+    volumes:
+      - ./data/silverbullet:/space
+    networks:
+      - default
+
+  # --- Rx Resume (Port 8005) ---
+  # Lebenslauf Builder (Standalone/Simple Mode)
+  rx-resume:
+    image: amruthpillai/reactive-resume:latest
+    container_name: rx_resume
+    restart: unless-stopped
+    ports:
+      - "8005:3000"
+    environment:
+      # Benötigt zwingend eine Datenbank (Core Postgres)
+      - POSTGRES_DB=main_db
+      - POSTGRES_USER=admin
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
+      - POSTGRES_HOST=postgres-core
+      - POSTGRES_PORT=5432
+      - PUBLIC_URL=http://deine-ip:8005
+    secrets:
+      - db_password
+    networks:
+      - core_net
+      - default
+
+  # --- Fossflow / Projektmanagement (Port 8006) ---
+  # Annahme: Leantime oder OpenProject? (Image prüfen!)
+  fossflow:
+    image: leantime/leantime:latest # Placeholder: Leantime ist ein guter Kandidat
+    container_name: fossflow
+    restart: unless-stopped
+    ports:
+      - "8006:80"
+    environment:
+      - LEAN_DB_HOST=postgres-core
+      - LEAN_DB_USER=admin
+      - LEAN_DB_PASSWORD_FILE=/run/secrets/db_password
+      - LEAN_DB_DATABASE=main_db
+    secrets:
+      - db_password
+    volumes:
+      - ./data/fossflow:/var/www/html/public/userfiles
+    networks:
+      - core_net
+      - default
+
+  # --- Trip / Reisen (Port 8007) ---
+  # Annahme: TravelMap
+  trip:
+    image: jilguy/travelmap:latest
+    container_name: trip
+    restart: unless-stopped
+    ports:
+      - "8007:80"
+    volumes:
+      - ./data/trip:/var/www/html/data
+    networks:
+      - default
+
+  # --- Norish / Rezepte (Port 8008) ---
+  # Annahme: Mealie (Sehr populär für Rezepte)
+  norish:
+    image: ghcr.io/mealie-recipes/mealie:latest
+    container_name: norish
+    restart: unless-stopped
+    ports:
+      - "8008:9000" # Mealie nutzt intern 9000
+    volumes:
+      - ./data/norish:/app/data
+    networks:
+      - default
+
+  # --- Koffan / Einkaufszettel (Port 8009) ---
+  # Annahme: KitchenOwl oder Grocy
+  koffan:
+    image: tombursch/kitchenowl:latest 
+    container_name: koffan
+    restart: unless-stopped
+    ports:
+      - "8009:80"
+    networks:
+      - default
+
+  # --- Yubal / YT Downloader (Port 8010) ---
+  # Annahme: MeTube (bester simpler Web-Downloader)
+  yubal:
+    image: alexta69/metube:latest
+    container_name: yubal
+    restart: unless-stopped
+    ports:
+      - "8010:8081" # MeTube nutzt intern 8081
+    volumes:
+      - /mnt/storage/downloads:/downloads # Pfad anpassen!
+    networks:
+      - default
--- a/Home/Node1/smarthome/.env
+++ b/Home/Node1/smarthome/.env
@@ -0,0 +1,3 @@
+PUID=1000
+PGID=1000
+TZ=Europe/Berlin
--- a/Home/Node1/smarthome/docker-compose.yml
+++ b/Home/Node1/smarthome/docker-compose.yml
@@ -0,0 +1,41 @@
+name: smarthome
+
+networks:
+  # Verbindung zum MQTT Broker in Stack 20
+  core_net:
+    external: true
+
+services:
+  # --- Home Assistant (Port 8123) ---
+  homeassistant:
+    image: lscr.io/linuxserver/homeassistant:latest
+    container_name: homeassistant
+    restart: always
+    ports:
+      - "8123:8123"
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=${TZ}
+    volumes:
+      - ./config/ha:/config
+    networks:
+      - core_net
+      - default
+    # Optional: Falls du USB-Sticks (Zigbee/Z-Wave) durchreichen musst:
+    # devices:
+    #   - /dev/ttyUSB0:/dev/ttyUSB0
+    # privileged: true
+
+  # --- MagicMirror (Port 8180) ---
+  magicmirror:
+    image: bastilimbach/docker-magicmirror
+    container_name: magicmirror
+    restart: unless-stopped
+    ports:
+      - "8180:8080"
+    volumes:
+      - ./config/magicmirror/config:/opt/magic_mirror/config
+      - ./config/magicmirror/modules:/opt/magic_mirror/modules
+    networks:
+      - default