Improve docker-compose

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2026-05-01 15:46:06 +02:00 · 2025-01-19 21:08:53 +01:00
parent 3bdcd4d459
commit 3b4c3cb54c
66 changed files with 122 additions and 83 deletions
@@ -0,0 +1,15 @@
+{
+	email bensuperpc@gmail.com
+	key_type p384
+
+	log {
+		output file /data/logs/access.log
+		format json
+	}
+}
+
+import bensuperpc.org/*
+import bensuperpc.com/*
+import bensuperpc.net/*
+import bensuperpc.ovh/*
+import bensuperpc.fr/*
@@ -0,0 +1,7 @@
+bensuperpc.com {  
+  	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.com {  
+  	redir https://www.bensuperpc.org{uri} permanent
+}
@@ -0,0 +1,7 @@
+bensuperpc.fr {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.fr {
+	redir https://www.bensuperpc.org{uri} permanent
+}
@@ -0,0 +1,19 @@
+bensuperpc.net {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.net {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+git.bensuperpc.net {
+	redir https://git.bensuperpc.org{uri} permanent
+}
+
+jellyfin.bensuperpc.net {
+	redir https://jellyfin.bensuperpc.org{uri} permanent
+}
+
+uptimekuma.bensuperpc.net {
+	redir https://uptimekuma.bensuperpc.org{uri} permanent
+}
@@ -0,0 +1,170 @@
+www.bensuperpc.org {
+	reverse_proxy homepage:3000
+}
+
+bensuperpc.org {
+	redir https://www.{host}{uri} permanent
+}
+
+homepage.bensuperpc.org {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+public.bensuperpc.org {
+	root * /public_data
+	file_server browse
+}
+
+wordpress.bensuperpc.org {
+	root * /var/www/html
+	php_fastcgi wordpress:9000
+
+	file_server
+	encode zstd gzip
+
+	@disallowed {
+		path /xmlrpc.php
+		path *.sql
+		path /wp-content/uploads/*.php
+	}
+
+	rewrite @disallowed '/index.php'
+
+	respond /uploads/*.php 404
+
+	header {
+		# disable FLoC tracking
+		Permissions-Policy interest-cohort=()
+
+		# enable HSTS
+		Strict-Transport-Security max-age=31536000;
+
+		# disable clients from sniffing the media type
+		X-Content-Type-Options nosniff
+
+		# clickjacking protection
+		# X-Frame-Options DENY
+
+		# Disable powerful features we don't need
+        Permissions-Policy "geolocation=(), camera=(), microphone=() interest-cohort=()"
+	}
+}
+
+it-tools.bensuperpc.org {
+	# Load balance between 2 instances
+	reverse_proxy {
+		to it-tools0:80 it-tools1:80
+		lb_policy round_robin
+		lb_retries 3
+		lb_try_interval 1s
+	}
+}
+
+adminer.bensuperpc.org {
+	reverse_proxy adminer:8080
+}
+
+uptimekuma.bensuperpc.org {
+	reverse_proxy uptime-kuma:3001
+}
+
+torrent.bensuperpc.org {
+	reverse_proxy qbittorrent:8080
+}
+
+qbittorrent.bensuperpc.org {
+	redir https://torrent.bensuperpc.org permanent
+}
+
+transmission.bensuperpc.org {
+	reverse_proxy transmission:9091
+}
+
+gitea.bensuperpc.org {
+	redir https://git.bensuperpc.org permanent
+}
+
+git.bensuperpc.org {
+	reverse_proxy gitea:3000
+}
+
+jellyfin.bensuperpc.org {
+	reverse_proxy jellyfin:8096
+}
+
+transfer.bensuperpc.org {
+	reverse_proxy psitransfer:3000
+}
+
+psitransfer.bensuperpc.org {
+	redir https://transfer.bensuperpc.org{uri} permanent
+}
+
+picoshare.bensuperpc.org {
+	reverse_proxy picoshare:4001
+}
+
+syncthing.bensuperpc.org {
+	reverse_proxy syncthing:8384 {
+		header_up Host {upstream_hostport}
+	}
+}
+
+tools.bensuperpc.org {
+	redir https://it-tools.bensuperpc.org permanent
+}
+
+privatebin.bensuperpc.org {
+	reverse_proxy privatebin:8080
+}
+
+pastebin.bensuperpc.org {
+	redir https://privatebin.bensuperpc.org permanent
+}
+
+yacht.bensuperpc.org {
+	reverse_proxy yacht:8000
+}
+
+projectsend.bensuperpc.org {
+	reverse_proxy projectsend:80
+}
+
+dufs.bensuperpc.org {
+	reverse_proxy dufs:5000
+}
+
+stirlingpdf.bensuperpc.org {
+	reverse_proxy stirlingpdf:8080
+}
+
+link.bensuperpc.org {
+	# TODO: Use service with database
+	# Friendly links
+	redir /gnous https://gnous.eu permanent
+	redir /proxy https://imagisphe.re permanent
+	redir /patch https://spaceint.fr permanent
+	redir /greep https://greep.fr permanent
+
+	# Youtube links
+	redir /rickroll https://www.youtube.com/watch?v=dQw4w9WgXcQ permanent
+	redir /babyshark https://www.youtube.com/watch?v=XqZsoesa55w permanent
+	redir /cowcowcow https://www.youtube.com/watch?v=FavUpD_IjVY permanent
+	redir /badapple https://www.youtube.com/watch?v=FtutLA63Cp8 permanent
+	redir /macdo https://www.youtube.com/watch?v=Q16KpquGsIc permanent
+	redir /superiser https://www.youtube.com/watch?v=srnyVw-OR0g permanent
+	redir /daicon https://youtu.be/-840keiiFDE?si=zIPIokytxcnGw5fJ&t=162 permanent
+	redir /scp https://www.youtube.com/watch?v=FGCDndN20G8 permanent
+	redir /scpfb https://youtu.be/9zrKk-1E8zM?si=8R_ZBVG3GzMUYOe8&t=36 permanent
+	redir /mother https://youtu.be/w3NyycHR3fE?si=rNNSW9zYv0bcO2Eu permanent
+	redir /cpu https://www.youtube.com/watch?v=y39D4529FM4 permanent
+	redir /lechanteur https://youtu.be/HXdP15Ubu6M?si=N0qvhqo--3pmSGmb permanent
+	redir /nohero https://youtu.be/4DuUejBkMqE?si=bkB8G6PHwCp56jxb permanent
+	redir /indochine https://youtu.be/M7X6oYg6iro?si=ZRarm3qamTJ8vIJ0 permanent
+	redir /bna https://youtu.be/3T3ofoKfEoY?si=_7HkGQXMC7rBng8O permanent
+	redir /jojo https://youtu.be/U0TXIXTzJEY?si=2acWJWX06ju2w4uj permanent
+	redir /patapon https://youtu.be/H6CbNHLHkmk?si=ZvU8SzrOK-oCUXT5 permanent
+	redir /darkwater https://youtu.be/Tr8ZgF4Dc0E?si=CEOmm2J6Jp5rdbbt permanent
+	redir /train https://youtu.be/l8mScKWj3kQ?si=BV07uJ9eP3kzV9Kl permanent
+	redir /jdg https://www.youtube.com/@joueurdugrenier permanent
+}
@@ -0,0 +1,7 @@
+bensuperpc.ovh {
+	redir https://www.bensuperpc.org{uri} permanent
+}
+
+www.bensuperpc.ovh {
+	redir https://www.bensuperpc.org{uri} permanent
+}
@@ -0,0 +1,63 @@
+services:
+  # Caddy
+  caddy:
+    image: caddy:latest
+    container_name: caddy
+    profiles:
+      - caddy
+    depends_on:
+      main_infrastructure:
+        condition: service_completed_successfully
+    restart: on-failure:5
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - caddy_data:/data:rw
+      - caddy_config:/config:rw
+      - ./config:/etc/caddy:ro
+      - wordpress:/var/www/html:rw
+      - public_data:/public_data:ro
+
+    networks:
+      - infra-network
+    env_file:
+      - ./env/caddy.env
+    security_opt:
+      - no-new-privileges:true
+    healthcheck:
+      test: pidof caddy || exit 1
+      interval: 120s
+      timeout: 10s
+      retries: 3
+
+  caddy_backup:
+    image: mazzolino/restic:latest
+    container_name: caddy_backup
+    profiles:
+      - caddy
+    depends_on:
+      - caddy
+    restart: on-failure:5
+    env_file:
+      - ./env/caddy_backup.env
+    volumes:
+      - caddy_backup:/mnt/restic
+      - caddy_data:/data:ro
+    network_mode: none
+    cap_drop:
+      - NET_ADMIN
+      - NET_RAW
+      - SYS_ADMIN
+
+volumes:
+  caddy_data:
+    name: caddy_data
+  caddy_config:
+    name: caddy_config
+  caddy_backup:
+    name: caddy_backup
+  wordpress:
+    name: wordpress
+  public_data:
+    name: public_data
@@ -0,0 +1,14 @@
+#RUN_ON_STARTUP=true
+RESTIC_REPOSITORY=/mnt/restic
+RESTIC_BACKUP_SOURCES=/data
+RESTIC_PASSWORD=YFQh8v3Wi95v0p6h88D4u8C8z4gLfdMw
+# Backup (exuclusive with Check and Prune)
+BACKUP_CRON=*/30 * * * *
+RESTIC_BACKUP_ARGS=--tag docker-volumes --verbose
+#RESTIC_FORGET_ARGS=--prune --keep-last 8 --keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 4
+# Check (exuclusive with Check and Prune)
+#CHECK_CRON=*/30 * * * *
+#RESTIC_CHECK_ARGS=--read-data-subset=40%
+# Prune (exuclusive with Check and Prune)
+#PRUNE_CRON=*/30 * * * *
+#RESTIC_PRUNE_ARGS=
@@ -0,0 +1,25 @@
+services:
+  # dufs
+  dufs:
+    image: sigoden/dufs:latest
+    container_name: dufs
+    profiles:
+      - dufs
+    user: ${PUID:-1000}:${PGID:-1000} 
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    env_file:
+      - ./env/dufs.env
+    volumes:
+      - public_data:/data
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  public_data:
+    name: public_data
+  private_data:
+    name: private_data
@@ -0,0 +1,7 @@
+DUFS_BIND=0.0.0.0
+DUFS_PORT=5000
+DUFS_SERVE_PATH=/data
+DUFS_HIDDEN=tmp,*.log,*.lock
+DUFS_ALLOW_ALL=true
+DUFS_COMPRESS=medium
+DUFS_AUTH="admin:heqihlOfBmJDESGFlpbPi7P7Mi6F7RkV@/:rw|@/:ro"
@@ -0,0 +1,98 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 1
+  # Extra environment variables to run jobs.
+  envs:
+    A_TEST_ENV_NAME_1: a_test_env_value_1
+    A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+  # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `daemon`, will use labels in `.runner` file.
+  labels:
+    - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+    - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+    - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: ""
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 0
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: ""
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+  # If the path starts with '/', the '/' will be trimmed.
+  # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  # Pull docker image(s) even if already present
+  force_pull: true
+  # Rebuild docker image(s) even if already present
+  force_rebuild: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:
@@ -0,0 +1,74 @@
+services:
+  # Gitea
+  gitea:
+    image: gitea/gitea:latest-rootless
+    container_name: gitea
+    profiles:
+      - gitea
+    restart: on-failure:5
+    depends_on:
+      - database_gitea
+      - caddy
+    ports:
+      - "22:22"
+    env_file:
+      - ./env/gitea.env
+    volumes:
+      - gitea_data:/var/lib/gitea
+      - gitea_config:/etc/gitea
+#      - /etc/timezone:/etc/timezone:ro
+#      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+  
+  # Database gitea
+  database_gitea:
+    image: mariadb:latest
+    container_name: database_gitea
+    profiles:
+      - database
+      - gitea
+    depends_on:
+      - caddy
+    restart: on-failure:5
+    volumes:
+      - gitea_db:/var/lib/mysql:rw
+    env_file:
+      - ./env/gitea_db.env
+    command: '--default-authentication-plugin=mysql_native_password'
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+  # Gitea-runner
+  gitea-runner:
+    image: gitea/act_runner:latest
+    container_name: gitea-runner
+    profiles:
+      - gitea-runner
+    depends_on:
+      - gitea
+    restart: on-failure:5
+    env_file:
+      - ./env/gitea-runner.env
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - gitea_runner:/data
+      - ./config/gitea_runner/config.yaml:/config.yaml:ro
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  gitea_data:
+    name: gitea_data
+  gitea_config:
+    name: gitea_config
+  gitea_db:
+    name: gitea_db
+  gitea_runner:
+    name: gitea_runner
@@ -0,0 +1,5 @@
+GITEA_INSTANCE_URL=https://git.bensuperpc.org
+GITEA_RUNNER_REGISTRATION_TOKEN=TBGzS0m823Xk732zRqjrbcSWFTEPajj5V5OFzXWP
+GITEA_RUNNER_NAME=runner-1
+#GITEA_RUNNER_LABELS=
+CONFIG_FILE=/config.yaml
@@ -0,0 +1,15 @@
+USER_UID=1000
+USER_GID=1000
+GITEA__database__DB_TYPE=mysql
+GITEA__database__HOST=database_gitea:3306
+GITEA__database__NAME=gitea
+GITEA__database__USER=bensuperpc
+GITEA__database__PASSWD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
+GITEA__security__SECRET_KEY=ykcZt23an1E4lFHWvrCKdAyt16WAiK9c
+#GITEA__security__INTERNAL_TOKEN=
+GITEA__server__DOMAIN=git.bensuperpc.org
+GITEA__server__SSH_DOMAIN=git.bensuperpc.org
+GITEA__server__HTTP_PORT=3000
+GITEA__server__SSH_LISTEN_PORT=22
+GITEA__server__SSH_PORT=22
+GITEA__server__ROOT_URL=https://git.bensuperpc.org
@@ -0,0 +1,4 @@
+MARIADB_ROOT_PASSWORD=xpc4zIhHZzWKqVHcjBu4aW6aS7jG8d7X
+MARIADB_USER=bensuperpc
+MARIADB_PASSWORD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
+MARIADB_DATABASE=gitea
@@ -0,0 +1,51 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/bookmarks
+
+- Developer:
+    - Github:
+        - abbr: GH
+          href: https://github.com/bensuperpc
+          description: github.com
+
+- Social:
+    - Reddit:
+        - abbr: RE
+          href: https://reddit.com/u/bensuperpc
+          description: reddit.com
+    - Twitter:
+        - abbr: TW
+          href: https://twitter.com/bensuperpc
+          description: twitter.com
+    - Bluesky:
+        - abbr: BS
+          href: https://bsky.app/profile/bensuperpc.bsky.social
+          description: bsky.app
+    - Mastodon:
+        - abbr: MA
+          href: https://mastodon.social/@bensuperpc
+          description: mastodon.social
+
+- Entertainment:
+    - YouTube:
+        - abbr: YT
+          href: https://youtube.com/c/bensuperpc
+          description: youtube.com
+    - Twitch:
+        - abbr: TW
+          href: https://twitch.tv/bensuperpc
+          description: twitch.tv
+
+- Friends:
+    - Gnous:
+        - abbr: Gn
+          href: https://gnous.eu/
+          description: gnous.eu
+    - Imagisphe:
+        - abbr: IM
+          href: https://imagisphe.re/
+          description: imagisphe.re
+    - Greep:
+        - abbr: GP
+          href: https://greep.fr/#/
+          description: greep.fr
@@ -0,0 +1,10 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/docker/
+
+#jellyfin:
+#  host: jellyfin
+#  port: 8096
+
+#my-docker:
+#   socket: /var/run/docker.sock
@@ -0,0 +1,2 @@
+---
+# sample kubernetes config
@@ -0,0 +1,133 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/services
+
+- Personal:
+    - wordpress:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/wordpress.png
+        href: https://wordpress.bensuperpc.org/
+        description: Wordpress
+        ping: wordpress.bensuperpc.org
+        container: wordpress
+    - jellyfin:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/jellyfin.png
+        href: https://jellyfin.bensuperpc.org/
+        description: Jellyfin
+        ping: jellyfin.bensuperpc.org
+        container: jellyfin
+    - projectsend:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/projectsend.png
+        href: https://projectsend.bensuperpc.org/
+        description: ProjectSend
+        ping: projectsend.bensuperpc.org
+        container: projectsend
+- Sharing:
+    - psitransfer:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/psitransfer.png
+        href: https://psitransfer.bensuperpc.org/
+        description: PsiTransfer
+        ping: psitransfer.bensuperpc.org
+        container: psitransfer
+    - picoshare:
+#        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/picoshare.png
+        href: https://picoshare.bensuperpc.org/
+        description: PicoShare
+        ping: picoshare.bensuperpc.org
+        container: picoshare
+    - privatebin:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/privatebin.png
+        href: https://privatebin.bensuperpc.org/
+        description: PrivateBin
+        ping: privatebin.bensuperpc.org
+        container: privatebin
+    - qbittorrent:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/qbittorrent.png
+        href: https://qbittorrent.bensuperpc.org/
+        description: qBittorrent
+        ping: qbittorrent.bensuperpc.org
+        container: qbittorrent
+    - syncthing:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/syncthing.png
+        href: https://syncthing.bensuperpc.org/
+        description: Syncthing
+        ping: syncthing.bensuperpc.org
+        container: syncthing
+    - transmission:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/transmission.png
+        href: https://transmission.bensuperpc.org/
+        description: Transmission
+        ping: transmission.bensuperpc.org
+        container: transmission
+    - dufs:
+#        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/dufs.png
+        href: https://dufs.bensuperpc.org/
+        description: Dufs
+        ping: dufs.bensuperpc.org
+        container: dufs
+    - caddy:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/caddy.png
+        href: https://public.bensuperpc.org/
+        description: File browser
+        ping: public.bensuperpc.org
+        container: caddy
+
+- Utils:
+    - it-tools:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/it-tools.png
+        href: https://it-tools.bensuperpc.org/
+        description: IT Tools
+        ping: it-tools.bensuperpc.org
+        container: it-tools0
+    - stirlingpdf:
+        #icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/stirlingpdf.png
+        href: https://stirlingpdf.bensuperpc.org/
+        description: StirlingPDF
+        ping: stirlingpdf.bensuperpc.org
+        container: stirlingpdf
+    - gitea:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/gitea.png
+        href: https://gitea.bensuperpc.org/
+        description: Gitea
+        ping: gitea.bensuperpc.org
+        container: gitea
+
+- Admin:
+    - uptime-kuma:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/uptime-kuma.png
+        href: https://uptimekuma.bensuperpc.org/
+        description: Uptime Kuma
+        ping: uptimekuma.bensuperpc.org
+        container: uptime-kuma
+    - yacht:
+#        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/yacht.png
+        href: https://yacht.bensuperpc.org/
+        description: Yacht
+        ping: yacht.bensuperpc.org
+        container: yacht
+    - adminer:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/adminer.png
+        href: https://adminer.bensuperpc.org/
+        description: Adminer
+        ping: adminer.bensuperpc.org
+        container: adminer
+
+- Games:
+    - minecraft:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/minecraft.png
+#        href: https://minecraft.bensuperpc.org/
+        description: Minecraft server
+#        ping: minecraft.bensuperpc.org
+        container: minecraft-server
+    - 7dtd:
+#        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/7dtd.png
+#        href: https://7dtd.bensuperpc.org/
+        description: 7 Days to Die server
+#        ping: 7dtd.bensuperpc.org
+        container: 7dtd-server
+    - satisfactory:
+#        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/7dtd.png
+#        href: https://7dtd.bensuperpc.org/
+        description: Satisfactory server
+#        ping: 7dtd.bensuperpc.org
+        container: satisfactory-server
+
@@ -0,0 +1,56 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/settings
+
+title: Bensuperpc
+
+base: https://www.bensuperpc.org
+
+favicon: /image/favicon.ico
+
+logpath: /app/logs
+
+background: 
+  image: /image/background.jpg
+  blur: md
+  opacity: 50
+  brightness: 50
+
+theme: dark
+color: slate
+
+language: en
+
+layout:
+  Personal:
+    style: row
+    columns: 6
+  Sharing:
+    style: row
+    columns: 6
+  Admin:
+    style: row
+    columns: 6
+  Utils:
+    style: row
+    columns: 6
+    initiallyCollapsed: false
+  Games:
+    style: row
+    columns: 6
+    initiallyCollapsed: false
+
+quicklaunch:
+  searchDescriptions: true
+  hideInternetSearch: false
+  hideVisitURL: false
+
+hideVersion: true
+
+headerStyle: boxed
+
+useEqualHeights: true
+
+#providers:
+#  openweathermap: openweathermapapikey
+#  weatherapi: weatherapiapikey
@@ -0,0 +1,37 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/service-widgets
+# https://gethomepage.dev/main/widgets/services/qbittorrent
+
+#- logo:
+#    icon: /image/daisy.jpg
+
+- resources:
+    cpu: true
+    cputemp: true
+    memory: true
+    disk: /
+    uptime: true
+    refresh: 3000
+
+#- search:
+#    provider: duckduckgo
+#    target: _blank
+#    showSearchSuggestions: true
+
+- datetime:
+    text_size: xl
+    locale: fr
+    format:
+        timeStyle: short
+        dateStyle: short
+
+- openmeteo:
+    label: Nantes # optional
+    latitude: 47.216671
+    longitude: -1.55
+    timezone: Europe/Paris # optional
+    units: metric # or imperial
+    cache: 5 # Time in minutes to cache API responses, to stay within limits
+    format: # optional, Intl.NumberFormat options
+      maximumFractionDigits: 1
@@ -0,0 +1,30 @@
+services:
+  # homepage
+  homepage:
+    image: ghcr.io/gethomepage/homepage:latest
+    container_name: homepage
+    profiles:
+      - homepage
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    env_file:
+      - ./env/homepage.env
+    volumes:
+      - homepage_log:/app/logs
+      - ./config:/app/config:ro
+      - ./image:/app/public/image:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+#    develop:
+#      watch:
+#        - action: sync+restart
+#          path: ./homepage/image
+#          target: /app/public/image
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  homepage_log:
+    name: homepage_log
@@ -0,0 +1,2 @@
+PSITRANSFER_ADMIN_PASS=n9jLVNT9QUotTJTT91JqH4GyBTg9pvEn
+#PSITRANSFER_PORT=3000
@@ -0,0 +1,51 @@
+services:
+  # it-tools
+  it-tools0:
+    image: corentinth/it-tools:latest
+    container_name: it-tools0
+    profiles:
+      - it-tools
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    networks:
+      - infra-network
+    read_only: false
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - SYS_ADMIN
+
+    deploy:
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 512M
+        reservations:
+          cpus: '0.001'
+          memory: 20M
+
+  it-tools1:
+    image: corentinth/it-tools:latest
+    container_name: it-tools1
+    profiles:
+      - it-tools
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    networks:
+      - infra-network
+    read_only: false
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - SYS_ADMIN
+
+    deploy:
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 512M
+        reservations:
+          cpus: '0.001'
+          memory: 20M
@@ -0,0 +1,37 @@
+services:
+  # Jellyfin
+  jellyfin:
+    image: lscr.io/linuxserver/jellyfin:latest
+    container_name: jellyfin
+    profiles:
+      - jellyfin
+    restart: on-failure:5
+    environment:
+      - PUID=${PUID:-1000}
+      - PGID=${PGID:-1000}
+    depends_on:
+      - caddy
+    env_file:
+      - ./env/jellyfin.env
+    volumes:
+      - jellyfin_config:/config
+      - jellyfin_cache:/cache
+      - public_data:/public
+      - private_data:/private
+    # Hardware acceleration (For Intel and AMD GPUs)
+    devices:
+      - /dev/dri:/dev/dri
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  jellyfin_config:
+    name: jellyfin_config
+  jellyfin_cache:
+    name: jellyfin_cache
+  public_data:
+    name: public_data
+  private_data:
+    name: private_data
@@ -0,0 +1,2 @@
+TZ=Etc/UTC
+DOCKER_MODS=linuxserver/mods:jellyfin-opencl-intel
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVtzpnPr0Boy+bUbL+viOYfqeetDZF6Hu40EwNLXNb0 bensuperpc@gmail.com
@@ -0,0 +1,42 @@
+services:
+  # openssh
+  openssh:
+    image: linuxserver/openssh-server:latest
+    container_name: openssh
+    profiles:
+      - openssh
+    depends_on:
+      - caddy
+    restart: on-failure:5
+    env_file:
+      - ./env/openssh.env
+    environment:
+      - PUID=${PUID:-1000}
+      - PGID=${PGID:-1000}
+    volumes:
+      - openssh_config:/config:rw
+      - ./config/authorized_keys:/authorized_ssh_keys:ro
+      - public_data:/public:rw
+      - private_data:/private:rw
+      - caddy_data:/caddy_data:rw
+      - caddy_config:/caddy_config:rw
+      - caddy_backup:/caddy_backup:rw
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:false
+    ports:
+      - 2222:2222
+volumes:
+  openssh_config:
+    name: openssh_config
+  public_data:
+    name: public_data
+  private_data:
+    name: private_data
+  caddy_data:
+    name: caddy_data
+  caddy_config:
+    name: caddy_config
+  caddy_backup:
+    name: caddy_backup
@@ -0,0 +1,15 @@
+TZ=Etc/UTC
+SUDO_ACCESS=true
+PASSWORD_ACCESS=false
+DOCKER_MODS=linuxserver/mods:openssh-server-rsync
+#PUBLIC_KEY_URL=https://github.com/bensuperpc.keys
+PUBLIC_KEY_DIR=/authorized_ssh_keys
+USER_NAME=admin
+USER_PASSWORD=rdUwf36C11PLmpU9Lvq7tP5pfFBKAuCh
+
+#PUBLIC_KEY=yourpublickey
+#PUBLIC_KEY_FILE=/path/to/file
+#PUBLIC_KEY_DIR=/path/to/directory/containing/_only_/pubkeys
+#PUBLIC_KEY_URL=https://github.com/username.keys
+#USER_PASSWORD_FILE=/path/to/file
+#LOG_STDOUT=
@@ -0,0 +1,35 @@
+services:
+  # picoshare
+  picoshare:
+    image: mtlynch/picoshare:latest
+    container_name: picoshare
+    profiles:
+      - picoshare
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    env_file:
+      - ./env/picoshare.env
+    volumes:
+      - picoshare_data:/data
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+    read_only: false
+    cap_drop:
+      - SYS_ADMIN
+#    tmpfs:
+#      - /tmp
+    deploy:
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 512M
+        reservations:
+          cpus: '0.001'
+          memory: 20M
+
+volumes:
+  picoshare_data:
+    name: picoshare_data
@@ -0,0 +1,3 @@
+PS_SHARED_SECRET=CBuS4DJLqIe93xF1KGYRrnhxUFBqLD2n
+PORT=4001
+PS_BEHIND_PROXY=true
@@ -0,0 +1,283 @@
+;<?php http_response_code(403); /*
+; config file for PrivateBin
+;
+; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
+
+[main]
+; (optional) set a project name to be displayed on the website
+; name = "PrivateBin"
+
+; The full URL, with the domain name and directories that point to the
+; PrivateBin files, including an ending slash (/). This URL is essential to
+; allow Opengraph images to be displayed on social networks.
+; basepath = "https://privatebin.example.com/"
+
+; enable or disable the discussion feature, defaults to true
+discussion = true
+
+; preselect the discussion feature, defaults to false
+opendiscussion = false
+
+; enable or disable the display of dates & times in the comments, defaults to true
+; Note that internally the creation time will still get tracked in order to sort
+; the comments by creation time, but you can choose not to display them.
+; discussiondatedisplay = false
+
+; enable or disable the password feature, defaults to true
+password = true
+
+; enable or disable the file upload feature, defaults to false
+fileupload = false
+
+; preselect the burn-after-reading feature, defaults to false
+burnafterreadingselected = false
+
+; which display mode to preselect by default, defaults to "plaintext"
+; make sure the value exists in [formatter_options]
+defaultformatter = "plaintext"
+
+; (optional) set a syntax highlighting theme, as found in css/prettify/
+; syntaxhighlightingtheme = "sons-of-obsidian"
+
+; size limit per paste or comment in bytes, defaults to 10 Mebibytes
+sizelimit = 10485760
+
+; template to include, default is "bootstrap" (tpl/bootstrap.php), also
+; available are "page" (tpl/page.php), the classic ZeroBin style and several
+; bootstrap variants: "bootstrap-dark", "bootstrap-compact", "bootstrap-page",
+; which can be combined with "-dark" and "-compact" for "bootstrap-dark-page"
+; and finally "bootstrap-compact-page" - previews at:
+; https://privatebin.info/screenshots.html
+template = "bootstrap-dark"
+
+; (optional) info text to display
+; use single, instead of double quotes for HTML attributes
+;info = "More information on the <a href='https://privatebin.info/'>project page</a>."
+
+; (optional) notice to display
+; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service."
+
+; by default PrivateBin will guess the visitors language based on the browsers
+; settings. Optionally you can enable the language selection menu, which uses
+; a session cookie to store the choice until the browser is closed.
+languageselection = false
+
+; set the language your installs defaults to, defaults to English
+; if this is set and language selection is disabled, this will be the only language
+; languagedefault = "en"
+
+; (optional) URL shortener address to offer after a new paste is created.
+; It is suggested to only use this with self-hosted shorteners as this will leak
+; the pastes encryption key.
+; urlshortener = "https://shortener.example.com/api?link="
+
+; (optional) Let users create a QR code for sharing the paste URL with one click.
+; It works both when a new paste is created and when you view a paste.
+; qrcode = true
+
+; (optional) Let users send an email sharing the paste URL with one click.
+; It works both when a new paste is created and when you view a paste.
+; email = true
+
+; (optional) IP based icons are a weak mechanism to detect if a comment was from
+; a different user when the same username was used in a comment. It might get
+; used to get the IP of a comment poster if the server salt is leaked and a
+; SHA512 HMAC rainbow table is generated for all (relevant) IPs.
+; Can be set to one these values:
+; "none" / "identicon" (default) / "jdenticon" / "vizhash".
+; icon = "none"
+
+; Content Security Policy headers allow a website to restrict what sources are
+; allowed to be accessed in its context. You need to change this if you added
+; custom scripts from third-party domains to your templates, e.g. tracking
+; scripts or run your site behind certain DDoS-protection services.
+; Check the documentation at https://content-security-policy.com/
+; Notes:
+; - If you use any bootstrap theme, you can remove the allow-popups from the
+;   sandbox restrictions.
+; - If you use the bootstrap5 theme, you must change default-src to 'self' to
+;   enable display of the svg icons
+; - By default this disallows to load images from third-party servers, e.g. when
+;   they are embedded in pastes. If you wish to allow that, you can adjust the
+;   policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
+;   for details.
+; - The 'unsafe-eval' is used in two cases; to check if the browser supports
+;   async functions and display an error if not and for Chrome to enable
+;   webassembly support (used for zlib compression). You can remove it if Chrome
+;   doesn't need to be supported and old browsers don't need to be warned.
+; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
+
+; stay compatible with PrivateBin Alpha 0.19, less secure
+; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
+; sha256 in HMAC for the deletion token
+; zerobincompatibility = false
+
+; Enable or disable the warning message when the site is served over an insecure
+; connection (insecure HTTP instead of HTTPS), defaults to true.
+; Secure transport methods like Tor and I2P domains are automatically whitelisted.
+; It is **strongly discouraged** to disable this.
+; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
+; httpwarning = true
+
+; Pick compression algorithm or disable it. Only applies to pastes/comments
+; created after changing the setting.
+; Can be set to one these values: "none" / "zlib" (default).
+; compression = "zlib"
+
+[expire]
+; expire value that is selected per default
+; make sure the value exists in [expire_options]
+default = "1week"
+
+[expire_options]
+; Set each one of these to the number of seconds in the expiration period,
+; or 0 if it should never expire
+5min = 300
+10min = 600
+1hour = 3600
+1day = 86400
+1week = 604800
+; Well this is not *exactly* one month, it's 30 days:
+1month = 2592000
+1year = 31536000
+never = 0
+
+[formatter_options]
+; Set available formatters, their order and their labels
+plaintext = "Plain Text"
+syntaxhighlighting = "Source Code"
+markdown = "Markdown"
+
+[traffic]
+; time limit between calls from the same IP address in seconds
+; Set this to 0 to disable rate limiting.
+limit = 10
+
+; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
+; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
+; be exempted, the list needs to be comma separated. Leave unset to disable
+; exemptions.
+; exempted = "1.2.3.4,10.10.10/24"
+
+; (optional) If you want only some source IP addresses (v4 or v6) or subnets
+; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
+; ignored. If multiple values are to be exempted, the list needs to be comma
+; separated. Leave unset to allow anyone to create pastes.
+; creators = "1.2.3.4,10.10.10/24"
+
+; (optional) if your website runs behind a reverse proxy or load balancer,
+; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
+; header = "X_FORWARDED_FOR"
+
+[purge]
+; minimum time limit between two purgings of expired pastes, it is only
+; triggered when pastes are created
+; Set this to 0 to run a purge every time a paste is created.
+limit = 300
+
+; maximum amount of expired pastes to delete in one purge
+; Set this to 0 to disable purging. Set it higher, if you are running a large
+; site
+batchsize = 10
+
+[model]
+; name of data model class to load and directory for storage
+; the default model "Filesystem" stores everything in the filesystem
+class = Filesystem
+[model_options]
+dir = PATH "data"
+
+;[model]
+; example of a Google Cloud Storage configuration
+;class = GoogleCloudStorage
+;[model_options]
+;bucket = "my-private-bin"
+;prefix = "pastes"
+;uniformacl = false
+
+;[model]
+; example of DB configuration for MySQL
+;class = Database
+;[model_options]
+;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
+;tbl = "privatebin_"	; table prefix
+;usr = "privatebin"
+;pwd = "Z3r0P4ss"
+;opt[12] = true	  ; PDO::ATTR_PERSISTENT
+
+;[model]
+; example of DB configuration for SQLite
+;class = Database
+;[model_options]
+;dsn = "sqlite:" PATH "data/db.sq3"
+;usr = null
+;pwd = null
+;opt[12] = true	; PDO::ATTR_PERSISTENT
+
+;[model]
+; example of DB configuration for PostgreSQL
+;class = Database
+;[model_options]
+;dsn = "pgsql:host=localhost;dbname=privatebin"
+;tbl = "privatebin_"     ; table prefix
+;usr = "privatebin"
+;pwd = "Z3r0P4ss"
+;opt[12] = true    ; PDO::ATTR_PERSISTENT
+
+;[model]
+; example of S3 configuration for Rados gateway / CEPH
+;class = S3Storage
+;[model_options]
+;region = ""
+;version = "2006-03-01"
+;endpoint = "https://s3.my-ceph.invalid"
+;use_path_style_endpoint = true
+;bucket = "my-bucket"
+;accesskey = "my-rados-user"
+;secretkey = "my-rados-pass"
+
+;[model]
+; example of S3 configuration for AWS
+;class = S3Storage
+;[model_options]
+;region = "eu-central-1"
+;version = "latest"
+;bucket = "my-bucket"
+;accesskey = "access key id"
+;secretkey = "secret access key"
+
+;[model]
+; example of S3 configuration for AWS using its SDK default credential provider chain
+; if relying on environment variables, the AWS SDK will look for the following:
+; - AWS_ACCESS_KEY_ID
+; - AWS_SECRET_ACCESS_KEY
+; - AWS_SESSION_TOKEN (if needed)
+; for more details, see https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain
+;class = S3Storage
+;[model_options]
+;region = "eu-central-1"
+;version = "latest"
+;bucket = "my-bucket"
+
+[yourls]
+; When using YOURLS as a "urlshortener" config item:
+; - By default, "urlshortener" will point to the YOURLS API URL, with or without
+;   credentials, and will be visible in public on the PrivateBin web page.
+;   Only use this if you allow short URL creation without credentials.
+; - Alternatively, using the parameters in this section ("signature" and
+;   "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin
+;   instance with "?shortenviayourls&link=" appended. For example:
+;   urlshortener = "${basepath}?shortenviayourls&link="
+;   This URL will in turn call YOURLS on the server side, using the URL from
+;   "apiurl" and the "access signature" from the "signature" parameters below.
+
+; (optional) the "signature" (access key) issued by YOURLS for the using account
+; signature = ""
+; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL
+; apiurl = "https://yourls.example.com/yourls-api.php"
+
+;[sri]
+; Subresource integrity (SRI) hashes used in template files. Uncomment and set
+; these for all js files used. See:
+; https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files
+;privatebin.js = sha512-[…]
@@ -0,0 +1,30 @@
+services:
+  # privatebin
+  privatebin:
+    image: privatebin/nginx-fpm-alpine:latest
+    container_name: privatebin
+    profiles:
+      - privatebin
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    volumes:
+      - privatebin_data:/srv/data
+      - ./config/conf.php:/srv/cfg/conf.php:ro
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
+    deploy:
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 512M
+        reservations:
+          cpus: '0.001'
+          memory: 20M
+
+volumes:
+  privatebin_data:
+    name: privatebin_data
@@ -0,0 +1,50 @@
+services:
+  # projectsend
+  projectsend:
+    image: linuxserver/projectsend:latest
+    container_name: projectsend
+    profiles:
+      - projectsend
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    env_file:
+      - ./env/projectsend.env
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - projectsend_config:/config
+      - projectsend_share:/data
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - SYS_ADMIN
+
+  # Database projectsend
+  projectsend_db:
+    image: mariadb:latest
+    container_name: projectsend_db
+    profiles:
+      - database
+      - projectsend
+    depends_on:
+      - caddy
+    restart: on-failure:5
+    volumes:
+      - projectsend_db:/var/lib/mysql:rw
+    env_file:
+      - ./env/projectsend_db.env
+    command: '--default-authentication-plugin=mysql_native_password'
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  projectsend_db:
+    name: projectsend_db
+  projectsend_config:
+    name: projectsend_config
+  projectsend_share:
+    name: projectsend_share
@@ -0,0 +1 @@
+MAX_UPLOAD=50000
@@ -0,0 +1,4 @@
+MARIADB_ROOT_PASSWORD=8O34297GrBfT3Ld34Lfg9mpotmZwbJtt
+MARIADB_USER=bensuperpc
+MARIADB_PASSWORD=wdSUa1JEZhXie5AJ5NcX1w73xmpO12EY
+MARIADB_DATABASE=projectsend
@@ -0,0 +1,32 @@
+services:
+  # psitransfer
+  psitransfer:
+    image: psitrax/psitransfer:latest
+    container_name: psitransfer
+    profiles:
+      - psitransfer
+    restart: on-failure:5
+    user: ${PUID:-1000}:${PGID:-1000} 
+    depends_on:
+      - caddy
+    env_file:
+      - ./env/psitransfer.env
+    volumes:
+      - psitransfer_data:/data
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
+    deploy:
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 512M
+        reservations:
+          cpus: '0.001'
+          memory: 20M
+
+volumes:
+  psitransfer_data:
+    name: psitransfer_data
@@ -0,0 +1,2 @@
+PSITRANSFER_ADMIN_PASS=n9jLVNT9QUotTJTT91JqH4GyBTg9pvEn
+#PSITRANSFER_PORT=3000
@@ -0,0 +1,30 @@
+services:
+  # qBittorrent
+  qbittorrent:
+    image: lscr.io/linuxserver/qbittorrent:latest
+    container_name: qbittorrent
+    profiles:
+      - qbittorrent
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    env_file:
+      - ./env/qbittorrent.env
+    environment:
+      - PUID=${PUID:-1000}
+      - PGID=${PGID:-1000}
+    volumes:
+      - qbittorrent_config:/config
+      - public_data:/downloads
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  qbittorrent_config:
+    name: qbittorrent_config
+  public_data:
+    name: public_data
+  private_data:
+    name: private_data
@@ -0,0 +1,3 @@
+TZ=Etc/UTC
+WEBUI_PORT=8080
+TORRENTING_PORT=6881
@@ -0,0 +1,26 @@
+services:
+  # stirlingpdf
+  stirlingpdf:
+    image: frooodle/s-pdf:latest
+    container_name: stirlingpdf
+    profiles:
+      - stirlingpdf
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    env_file:
+      - ./env/stirlingpdf.env
+    volumes:
+      - stirlingpdf_config:/configs
+      - stirlingpdf_tessdata:/usr/share/tessdata
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+    read_only: false
+
+volumes:
+  stirlingpdf_config:
+    name: stirlingpdf_config
+  stirlingpdf_tessdata:
+    name: stirlingpdf_tessdata
@@ -0,0 +1,9 @@
+LANGS=en_GB
+#SYSTEM_ROOTURIPATH=/
+# Enable security, optional
+#DOCKER_ENABLE_SECURITY=true
+#SECURITY_ENABLE_LOGIN=true
+# Can be disabled after initial login, optional,
+# default it admin:stirling
+#SECURITY_INITIALLOGIN_USERNAME=admin
+#SECURITY_INITIALLOGIN_PASSWORD=Jw9U039f5xc2mFcacvGvPD9RjwIh4DzO
@@ -0,0 +1,31 @@
+services:
+  # syncthing
+  syncthing:
+    image: linuxserver/syncthing:latest
+    container_name: syncthing
+    profiles:
+      - syncthing
+    depends_on:
+      - caddy
+    restart: on-failure:5
+    env_file:
+      - ./env/syncthing.env
+    environment:
+      - PUID=${PUID:-1000}
+      - PGID=${PGID:-1000}
+    volumes:
+      - syncthing_config:/config
+      - public_data:/data1
+      - private_data:/data2
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  syncthing_config:
+    name: syncthing_config
+  public_data:
+    name: public_data
+  private_data:
+    name: private_data
@@ -0,0 +1 @@
+TZ=Etc/UTC
@@ -0,0 +1,33 @@
+services:
+  # transmission
+  transmission:
+    image: lscr.io/linuxserver/transmission:latest
+    container_name: transmission
+    profiles:
+      - transmission
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    env_file:
+      - ./env/transmission.env
+    environment:
+      - PUID=${PUID:-1000}
+      - PGID=${PGID:-1000}
+    volumes:
+      - transmission_config:/config
+      - public_data:/downloads
+      - transmission_watch:/watch
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  transmission_config:
+    name: transmission_config
+  transmission_watch:
+    name: transmission_watch
+  public_data:
+    name: public_data
+  private_data:
+    name: private_data
@@ -0,0 +1,3 @@
+TZ=Etc/UTC
+USER=admin
+PASS=4vqXCNGG09JUBe7rXkuQS8MG7ovE6Vxj
@@ -0,0 +1,22 @@
+services:
+  # Uptime Kuma
+  uptime-kuma:
+    image: louislam/uptime-kuma:latest
+    container_name: uptime-kuma
+    profiles:
+      - uptime-kuma
+    volumes:
+      - uptimekuma_data:/app/data
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - SYS_ADMIN
+
+volumes:
+  uptimekuma_data:
+    name: uptimekuma_data
@@ -0,0 +1,3 @@
+memory_limit = 1024M
+upload_max_filesize = 64M
+post_max_size = 64M
@@ -0,0 +1,17 @@
+services:
+  # Adminer
+  adminer:
+    image: adminer:latest
+    container_name: adminer
+    profiles:
+      - adminer
+    restart: on-failure:5
+    env_file: 
+      - ./env/adminer.env
+    depends_on:
+      - wordpress_db
+      - caddy
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
@@ -0,0 +1,68 @@
+services:
+  # Wordpress
+  wordpress:
+    image: wordpress:fpm
+    container_name: wordpress
+    profiles:
+      - wordpress
+    restart: on-failure:5
+    depends_on:
+      - wordpress_db
+      - caddy
+    env_file:
+      - ./env/wordpress.env
+    volumes:
+      - ./config/wordpress/php.ini:/usr/local/etc/php/conf.d/custom.ini:ro
+      - wordpress:/var/www/html:rw
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+  # Database wordpress
+  wordpress_db:
+    image: mariadb:latest
+    container_name: wordpress_db
+    profiles:
+      - database
+      - wordpress
+    depends_on:
+      - caddy
+    restart: on-failure:5
+    volumes:
+      - wordpress_db:/var/lib/mysql:rw
+    env_file:
+      - ./env/wordpress_db.env
+    command: '--default-authentication-plugin=mysql_native_password'
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+  wordpress_backup:
+    image: mazzolino/restic:latest
+    container_name: wordpress_backup
+    profiles:
+      - wordpress
+    depends_on:
+      - wordpress
+    restart: on-failure:5
+    env_file:
+      - ./env/wordpress_backup.env
+    volumes:
+      - wordpress_backup:/mnt/restic
+      - wordpress_db:/data/wordpress_db:ro
+      - wordpress:/data/wordpress:ro
+    network_mode: none
+    cap_drop:
+      - NET_ADMIN
+      - NET_RAW
+      - SYS_ADMIN
+
+volumes:
+  wordpress_db:
+    name: wordpress_db
+  wordpress:
+    name: wordpress
+  wordpress_backup:
+    name: wordpress_backup
@@ -0,0 +1,4 @@
+MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
+MARIADB_USER=bensuperpc
+MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
+ADMINER_DEFAULT_SERVER=wordpress_db
@@ -0,0 +1,4 @@
+WORDPRESS_DB_USER=bensuperpc
+WORDPRESS_DB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
+WORDPRESS_DB_NAME=wordpress
+WORDPRESS_DB_HOST=wordpress_db:3306
@@ -0,0 +1,14 @@
+#RUN_ON_STARTUP=true
+RESTIC_REPOSITORY=/mnt/restic
+RESTIC_BACKUP_SOURCES=/data
+RESTIC_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
+# Backup (exuclusive with Check and Prune)
+BACKUP_CRON=*/30 * * * *
+RESTIC_BACKUP_ARGS=--tag docker-volumes --verbose
+RESTIC_FORGET_ARGS=--prune --keep-last 8 --keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 4
+# Check (exuclusive with Check and Prune)
+#CHECK_CRON=*/30 * * * *
+#RESTIC_CHECK_ARGS=--read-data-subset=40%
+# Prune (exuclusive with Check and Prune)
+#PRUNE_CRON=*/30 * * * *
+#RESTIC_PRUNE_ARGS=
@@ -0,0 +1,4 @@
+MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
+MARIADB_USER=bensuperpc
+MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw
+MARIADB_DATABASE=wordpress
@@ -0,0 +1,23 @@
+services:
+  # yacht
+  yacht:
+    image: selfhostedpro/yacht:latest
+    container_name: yacht
+    profiles:
+      - yacht
+    restart: on-failure:5
+    depends_on:
+      - caddy
+    env_file:
+      - ./env/yacht.env
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - yacht_config:/config
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+volumes:
+  yacht_config:
+    name: yacht_config
@@ -0,0 +1,3 @@
+ADMIN_EMAIL=bensuperpc@gmail.com
+SECRET_KEY=UZvg9nbcGIJlPEB3uI39TAEWyFOz9nm8
+#DATABASE_URL=postgresql://user:password@postgresserver/db
				`@@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVtzpnPr0Boy+bUbL+viOYfqeetDZF6Hu40EwNLXNb0 bensuperpc@gmail.com`