Mac mini server intial commit

.gitignore

@@ -0,0 +1,62 @@
+### Environment files (secrets)
+*.env
+.env
+.env.*
+
+### Container data (DO NOT VERSION)
+/portainer/config
+/portainer/config/*
+**/data/
+**/db/
+**/mysql/
+**/redis/
+**/postgres/
+**/mariadb/
+**/volumes/
+**/storage/
+**/config/       # Prevents permission denied warnings (Portainer, Syncthing, Nextcloud, etc.)
+**/appdata/
+**/cache/
+**/tls/
+**/certs/
+**/letsencrypt/
+**/uploads/
+
+### Cloudflared & networking secrets
+**/cert.pem
+**/*.pem
+**/*.key
+**/*.crt
+**/*.json
+
+### Syncthing internal data
+**/index*
+**/syncthing/config/
+
+### Logs & backups
+*.log
+*.bak
+*.backup
+*~ 
+*.tmp
+
+### Editor / IDE files
+*.swp
+*.swo
+*.swn
+*.swm
+*.DS_Store
+Thumbs.db
+.vscode/
+.idea/
+*.code-workspace
+
+### Docker-related junk
+docker-compose.override.yml
+*.pid
+*.sock
+
+### Misc hidden / temp files
+*.retry
+*.orig
+*.old

adguard/.gitignore

@@ -0,0 +1,13 @@
+work/
+work/**
+config/
+config/**
+.env
+.env.*
+.DS_Store
+Thumbs.db
+*.swp
+*.swo
+*~
+.vscode/
+docker-compose.override.yml

adguard/docker-compose.yml

@@ -0,0 +1,14 @@
+services:
+  adguardhome:
+    image: 'adguard/adguardhome:latest'
+    container_name: 'adguard'
+    hostname: 'adguard'
+    restart: 'unless-stopped'
+    volumes:
+      - '/etc/localtime:/etc/localtime:ro'
+      - './work:/opt/adguardhome/work'
+      - './config:/opt/adguardhome/conf'
+    ports:
+      - '53:53/tcp'
+      - '53:53/udp'
+      - '3000:3000'

cloudflared/.gitignore

@@ -0,0 +1,20 @@
+# Ignore sensitive files
+cloudflared/*.json
+# Ignore all JSON files-> ignores <tunnel_id>.json
+cert.pem
+config.yml
+.env
+
+# Ignore docker-compose override files (local configurations)
+docker-compose.override.yml
+
+# Ignore log files
+*.log
+
+# Ignore backup or swap files created by editors
+*.bak
+*.swp
+
+# Ignore any temporary files or directories created during runtime
+tmp/
+*.pid

cloudflared/README.md

@@ -0,0 +1,42 @@
+# Cloudflare Tunnel Info
+
+## Instructions:
+- Make sure config.yml is updated with changes from config.git.yml
+
+## Contents:
+**`cloudflared`**  
+│   ├── **`<tunnel_id>.json`**  
+│   ├── **`cert.pem`**  
+│   ├── **`config.git.yml`**  
+│   ├── **`config.yml`**  
+│   ├── **`docker-compose.yml`**  
+│   ├── **`.env`**  
+│   ├── **`.gitignore`**  
+│   └── **`README.md`**
+
+### File Descriptions:
+- **`<tunnel_id>.json`**: Cloudflare tunnel credentials file
+- **`cert.pem`**: Cloudflare certificate file
+- **`config.git.yml`**: Version-controlled template for `config.yml`
+- **`config.yml`**: Configuration file for Cloudflare tunnel ingress methods
+- **`docker-compose.yml`**: Docker Compose file for running the Cloudflare tunnel
+- **`.env`**: Environment variables, including the tunnel ID
+- **`.gitignore`**: Git ignore file
+- **`README.md`**: Documentation
+
+### Environment Variables:
+- **`tunnel_id`**: Cloudflare tunnel ID (stored in `.env`).
+
+### Ignored Files:
+- **`<tunnel_id>.json`**: Sensitive file containing the Cloudflare tunnel credentials
+- **`cert.pem`**: Cloudflare certificate file
+- **`config.yml`**: Configuration file with sensitive data
+- **`.env`**: Environment file containing sensitive data
+
+### Current Ingress Methods:
+- **szumko.net** --> dashy dashboard
+- **cloud.szumko.net** --> nextcloud
+- **git.szumko.net** --> Gitea
+- **ha.szumko.net** --> Home Assistant
+- **pihole.szumko.net** --> Pihole Admin
+- **lib.szumko.net** --> Calibre

cloudflared/config.git.yml

@@ -0,0 +1,17 @@
+tunnel: <tunnel_id>  # your tunnel ID
+credentials-file: /etc/cloudflared/<tunnel_id>.json
+
+ingress:
+  - hostname: szumko.net
+    service: http://nginx-app-1:80
+  - hostname: pihole.szumko.net
+    service: http://nginx-app-1:80
+  - hostname: git.szumko.net
+    service: http://nginx-app-1:80
+  - hostname: cloud.szumko.net
+    service: http://nginx-app-1:80
+  - hostname: ha.szumko.net
+    service: http://nginx-app-1:80
+  - hostname: lib.szumko.net
+    service: http://nginx-app-1:80
+  - service: http_status:404

cloudflared/docker-compose.yml

@@ -0,0 +1,19 @@
+services:
+  cloudflared:
+    container_name: 'Cloudflared'
+    image: cloudflare/cloudflared:latest
+    restart: unless-stopped
+    user: '1000:1000'
+    networks:
+      - 'default'
+      - 'tunnel'
+    volumes:
+      - ./config.yml:/etc/cloudflared/config.yml
+      - ./${TUNNEL_ID}.json:/etc/cloudflared/${TUNNEL_ID}.json   # Use environment variable for tunnel ID
+    command: tunnel --no-autoupdate --config /etc/cloudflared/config.yml run
+    env_file:
+      - .env  # Reference the .env file to inject environment variables
+
+networks:
+  tunnel:
+    external: true

gitea/.gitignore

@@ -0,0 +1,27 @@
+# Ignore environment file that contains sensitive information
+.env
+
+# Ignore any log files that may be generated by services
+*.log
+
+# Ignore temporary or backup files that might be created by editors
+*.bak
+*.swp
+
+# Ignore docker-compose override files (local configurations, not meant to be versioned)
+docker-compose.override.yml
+
+# Ignore any database files that are mapped as volumes (persistent data)
+config/
+data/
+mysql/
+
+# Ignore any tmp or pid files that might be created during runtime
+tmp/
+*.pid
+
+# Ignore any SQLite database files (if applicable)
+*.sqlite
+
+# Ignore any generated Nextcloud data files (if they're stored here instead of in volumes)
+*.db

gitea/docker-compose.yml

@@ -0,0 +1,38 @@
+services:
+  server:
+    image: docker.gitea.com/gitea:latest-rootless
+    environment:
+      - GITEA__database__DB_TYPE=mysql
+      - GITEA__database__HOST=db:3306
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=${GITEA__database__USER}
+      - GITEA__database__PASSWD=${GITEA__database__PASSWD}
+    restart: always
+    volumes:
+      - ./data:/var/lib/gitea
+      - ./config:/etc/gitea
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3001:3000"
+      - "2222:2222"
+    networks:
+      - 'default'
+      - 'homelab'
+    depends_on:
+      - db
+
+  db:
+    image: docker.io/library/mysql:8
+    restart: always
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+    volumes:
+      - ./mysql:/var/lib/mysql
+
+networks:
+  homelab:
+    external: true

glances/.gitignore

@@ -0,0 +1,10 @@
+# Ignore sensitive data
+.env                     # Environment variables file (contains sensitive info)
+
+# Ignore temporary or log files
+*.log                    # Log files
+*.bak                    # Backup files
+*.swp                    # Swap files (e.g., from text editors)
+
+# Ignore any local overrides or extra Docker Compose files
+docker-compose.override.yml   # Local override for docker-compose (optional)

glances/README.md

@@ -0,0 +1,35 @@
+# Glances Info
+
+## Instructions:
+- Access WebUI on port 61208
+
+## Contents:
+**`glances/`**     
+├── **`docker-compose.yml`**  
+├── **`.env`**  
+├── **`.gitignore`**  
+└── **`README.md`**
+
+ 
+## File Descrptions: 
+- **`docker-compose.yml`**: Docker compose file
+- **`.env`**: Environment Variables
+- **`.gitignore`**: Git ignore file
+- **`README.md`**: Documentation
+
+## Environmet Variables:
+- None
+
+## Ignored Files:
+-  **`.env`**: Environment Variables
+
+## NPM Configurations
+- ```
+    location /data/ {
+        proxy_pass http://glances:61208/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        add_header Access-Control-Allow-Origin *;
+    }

glances/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  glances:
+    image: nicolargo/glances:latest-full
+    container_name: glances
+    environment:
+      - TZ=America/Detroit
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /run/user/1000/podman/podman.sock:/run/user/1000/podman/podman.sock:ro
+    pid: host
+    privileged: true
+    ports:
+      - '61208:61208'
+    restart: unless-stopped
+    command: glances -w -B 0.0.0.0

nginx/.gitignore

@@ -0,0 +1,14 @@
+# Ignore sensitive data
+.env                     # Environment variables file (contains sensitive info)
+
+# Ignore directories with persistent or sensitive data
+data/                    # Contains persistent data (e.g., databases, configuration files)
+letsencrypt/             # Contains SSL certificates (do not track in Git)
+
+# Ignore temporary or log files
+*.log                    # Log files
+*.bak                    # Backup files
+*.swp                    # Swap files (e.g., from text editors)
+
+# Ignore any local overrides or extra Docker Compose files
+docker-compose.override.yml   # Local override for docker-compose (optional)

nginx/README.md

@@ -0,0 +1,32 @@
+# Nginx Proxy Manager Info
+
+## Instructions:
+- Use for controlling paths/subdomains in cloudflare tunnel
+- Access WebUI on port 81
+
+## Contents:
+**`nginx/`**  
+├── **`data/`**  
+├── **`docker-compose.yml`**  
+├── **`.env`**  
+├── **`.gitignore`**  
+├── **`letsencrypt/`**  
+└── **`README.md`**  
+
+
+
+## File Descrptions:
+- **`data/`**: Nginx Data
+- **`docker-compose.yml`**: Compose file  
+-  **`.env`**: Environment Variables
+- **`.gitignore`**: Git Ignore file 
+- **`letsencrypt/`**: Letsencrypt Data
+- **`README.md`**: Documentation
+
+## Environmet Variables:
+- None
+
+## Ignored Files:
+- **`data/`**: Persistant Data
+-  **`.env`**: Environment Variables
+- **`letsencrypt/`**: Potentially sensitive data

nginx/docker-compose.yml

@@ -0,0 +1,21 @@
+services:
+  nginx:
+    container_name: 'NPM'
+    image: 'docker.io/jc21/nginx-proxy-manager:latest'
+    restart: unless-stopped
+    ports:
+      - '80:80'
+      - '81:81'
+      # - '443:443'
+    networks:
+      - 'homelab'
+      - 'tunnel'
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
+
+networks:
+  homelab:
+    external: true
+  tunnel:
+    external: true

portainer/.gitignore

@@ -0,0 +1,13 @@
+# Ignore sensitive data
+.env                     # Environment variables file (contains sensitive info)
+
+# Ignore persistent or sensitive data directories
+config/                  # Portainer config folder (contains sensitive data)
+
+# Ignore temporary or log files
+*.log                    # Log files
+*.bak                    # Backup files
+*.swp                    # Swap files (e.g., from text editors)
+
+# Ignore any local overrides or extra Docker Compose files
+docker-compose.override.yml   # Local override for docker-compose (optional)

portainer/README.md

@@ -0,0 +1,27 @@
+# Portainer Info
+
+## Instructions:
+- Use for managing containers with a UW
+- Access WebUI on port 9443
+
+## Contents:
+**`portainer/`**  
+├── **`config/`**  
+├── **`docker-compose.yml`**  
+├── **`.env`**  
+├── **`.gitignore`**  
+└── **`README.md`**
+ 
+## File Descrptions: 
+- **`config/`**: Portainer Configuration Data
+- **`docker-compose.yml`**: Docker compose file
+- **`.env`**: Environment Variables
+- **`.gitignore`**: Git ignore file
+- **`README.md`**: Documentation
+
+## Environmet Variables:
+- None
+
+## Ignored Files:
+- **`config/`**: Persistant Data
+- **`.env`**: Environment VariablesPortainer Info

portainer/docker-compose.yml

@@ -0,0 +1,11 @@
+services:
+  portainer:
+    container_name: portainer
+    image: portainer/portainer-ce:lts
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /home/szumkoal/docker/portainer/config:/data
+    ports:
+      - 9443:9443
+      - 8000:8000