merge

autossh/.env.example

@@ -2,5 +2,5 @@ SSH_HOST=192.168.32.1
 SSH_USER=user
 SSH_PASSWORD=password
 SSH_PORT=22
-SSH_TUNNEL_FROM=1080
-SSH_TUNNEL_TO=1443
+SSH_TUNNEL_FROM=1080 #VPS port
+SSH_TUNNEL_TO=1443 #local port

autossh/Dockerfile

@@ -1,4 +1,4 @@
-FROM jnovack/autossh:2.1.0
+FROM docker.io/jnovack/autossh:2.1.0
 
 # Устанавливаем sshpass для работы с паролями
 RUN apk add --no-cache sshpass

autossh/docker-compose.yml

@@ -2,7 +2,7 @@ services:
   autossh:
     build: .
     container_name: autossh
-    restart: unless-stopped
+    restart: always
     ports:
       - "${SSH_TUNNEL_TO:?}:${SSH_TUNNEL_TO:?}"
 

cloud/create-database.sh

@@ -1 +0,0 @@
-touch filebrowser.db

cloud/docker-compose.yml

@@ -1,8 +1,8 @@
 services:
   filebrowser:
-    image: filebrowser/filebrowser:latest
+    image: docker.io/filebrowser/filebrowser:latest
     container_name: filebrowser
-    restart: unless-stopped
+    restart: always
     volumes:
       # Папка с вашими файлами (замените /path/to/your/files на реальный путь)
       - ${SHARED_FOLDER}:/srv
@@ -23,7 +23,7 @@ services:
         filebrowser config set --root /srv --database /database/filebrowser.db
         filebrowser users add ${ADMIN_USER:?} ${ADMIN_PASSWORD:?} --perm.admin --scope "." --database /database/filebrowser.db || \
         filebrowser users update ${ADMIN_USER:?} --password ${ADMIN_PASSWORD:?} --scope "." --database /database/filebrowser.db
-        filebrowser --database /database/filebrowser.db --address 0.0.0.0 --port 80 --root /srv
+        filebrowser --database /database/filebrowser.db --address 0.0.0.0 --port 8080 --root /srv
     deploy:
       resources:
         limits:

gitea/docker-compose.yml

@@ -12,7 +12,6 @@ services:
     volumes:
       - ./data:/var/lib/gitea
       - ./config:/etc/gitea
-      - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     #ports:
     #  - ${GITEA_HTTP_PORT:?}:3000

grafana/.env.example

@@ -1,3 +1 @@
 GRAFANA_PORT=3000
-GRAFANA_USER=user
-GRAFANA_PASSWORD=password

grafana/docker-compose.yml

@@ -1,8 +1,8 @@
 services:
   prometheus:
-    image: prom/prometheus:latest
+    image: docker.io/prom/prometheus:latest
     container_name: prometheus
-    restart: unless-stopped
+    restart: always
     volumes:
       - ./prometheus.yml:/etc/prometheus/prometheus.yml
       - prometheus_data:/prometheus
@@ -20,17 +20,18 @@ services:
       - grafana_network
 
   grafana:
-    image: grafana/grafana:latest
+    image: docker.io/grafana/grafana:latest
     container_name: grafana
-    restart: unless-stopped
+    restart: always
     ports:
       - ${GRAFANA_PORT:?}:3000
     volumes:
       - ./grafana:/etc/grafana/provisioning
       - grafana_data:/var/lib/grafana
     environment:
-      - GF_SECURITY_ADMIN_USER=${GRAFANA_USER:?} # Ваш логин
-      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD:?} # Ваш пароль
+      - GF_AUTH_ANONYMOUS_ENABLED=true
+      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+      - GF_AUTH_DISABLE_LOGIN_FORM=true
     deploy:
       resources:
         limits:
@@ -42,9 +43,9 @@ services:
       - grafana_network
 
   node-exporter:
-    image: prom/node-exporter:latest
+    image: docker.io/prom/node-exporter:latest
     container_name: node-exporter
-    restart: unless-stopped
+    restart: always
     volumes:
       - /proc:/host/proc:ro
       - /sys:/host/sys:ro

matrix/.env.example

@@ -1,3 +1,4 @@
 MATRIX_DB=matrix
 MATRIX_DB_USER=user
 MATRIX_DB_PASSWORD=password
+MATRIX_ELEMENT_PORT=8083

matrix/docker-compose.yml

@@ -41,9 +41,11 @@ services:
       - matrix_network
 
   matrix-element:
-    image: vectorim/element-web:latest
+    image: docker.io/vectorim/element-web:latest
     container_name: matrix-element
     restart: unless-stopped
+    environment:
+      - ELEMENT_WEB_PORT=${MATRIX_ELEMENT_PORT:?}
     deploy:
       resources:
         limits:
@@ -54,6 +56,23 @@ services:
     networks:
       - matrix_network
 
+  synapse-admin:
+    container_name: synapse-admin
+    hostname: synapse-admin
+    image: docker.io/awesometechnologies/synapse-admin:latest
+    ports:
+      - "8009:80"
+    restart: always
+    networks:
+      - matrix_network
+    deploy:
+      resources:
+        limits:
+          cpus: '1.0'
+          memory: 256M
+        reservations:
+          memory: 128M
+
 networks:
   matrix_network:
     name: matrix_network

portainer/.env.example

@@ -1 +1,2 @@
 PORTAINER_PORT=9000
+UID=1000

portainer/docker-compose.yml

@@ -1,13 +1,13 @@
 services:
   portainer:
-    image: portainer/portainer-ce:latest
+    image: docker.io/portainer/portainer-ce:latest
     container_name: portainer
-    restart: unless-stopped
+    restart: always
     security_opt:
       - no-new-privileges:true
     volumes:
       - /etc/localtime:/etc/localtime:ro
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/run/user/${UID:?}/podman/podman.sock:/var/run/docker.sock
       - portainer_data:/data
     ports:
       - "${PORTAINER_PORT:?}:9000"

proxy/.env.example

@@ -1,3 +1,2 @@
 REGRU_LOGIN=login
 REGRU_PASSWORD=password
-CROWDSEC_API_KEY=api_key

proxy/crowdsec/config/acquis.yaml

@@ -1,4 +0,0 @@
-filenames:
-  - /var/log/nginx/*.log
-labels:
-  type: nginx

proxy/ddns/domains.txt.example

@@ -2,6 +2,6 @@ domain.ru
 @
 www
 git
-disk
+cloud
 matrix
-chat
+chat

proxy/docker-compose.yml

@@ -1,18 +1,16 @@
 services:
   nginx-proxy:
-    image: nginx:alpine
+    image: docker.io/nginx:alpine
     container_name: nginx-proxy
     restart: always
     ports:
-      - 80:80
-      - 443:443
+      - 8080:80
+      - 8443:443
     volumes:
       - ./nginx/conf.d:/etc/nginx/conf.d:ro
       # Папки для SSL сертификатов
       - ./ssl/conf:/etc/letsencrypt:ro
       - ./ssl/www:/var/www/certbot:ro
-      # Логи для канали CrowdSec
-      - ./nginx/logs:/var/log/nginx
     # Подхватываем новые ssl сертификаты
     command: /bin/sh -c "while :; do sleep 24h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
     deploy:
@@ -28,43 +26,10 @@ services:
       - cloud_network
       - matrix_network
 
-  crowdsec:
-    image: crowdsecurity/crowdsec:latest
-    container_name: crowdsec
-    restart: always
-    environment:
-      # Какие коллекции правил установить сразу
-      COLLECTIONS: "crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors"
-      # Чтобы не захламлять вывод, можно включить только ошибки
-      # LEVEL_TRACE: "false"
-    volumes:
-      # Читаем логи Nginx
-      - ./nginx/logs:/var/log/nginx:ro
-      # Конфигурация и база данных
-      - ./crowdsec/config:/etc/crowdsec
-      - ./crowdsec/data:/var/lib/crowdsec/data
-    ports:
-      - 8081:8080
-    deploy:
-      resources:
-        limits:
-          cpus: '0.5'
-          memory: 256M
-
-  dashboard:
-    image: crowdsecurity/dashboard
-    container_name: crowdsec-dashboard
-    restart: always
-    environment:
-      - MB_DB_FILE=/data/metabase.db
-    volumes:
-      - ./crowdsec/data:/data
-    ports:
-      - 3001:3000
-
   certbot:
-    image: certbot/certbot
+    image: docker.io/certbot/certbot
     container_name: certbot
+    restart: always
     volumes:
       - ./ssl/conf:/etc/letsencrypt
       - ./ssl/www:/var/www/certbot

proxy/init-compose.yml

@@ -17,11 +17,11 @@ services:
           memory: 64M
 
   nginx-proxy:
-    image: nginx:alpine
+    image: docker.io/nginx:alpine
     container_name: nginx-proxy
     restart: always
     ports:
-      - 80:80
+      - 8080:80
     volumes:
       - ./nginx/init:/etc/nginx/conf.d:ro
       # Папки для SSL сертификатов

proxy/install-bouncer.sh

@@ -1,34 +0,0 @@
-curl -s https://api.github.com/repos/crowdsecurity/cs-firewall-bouncer/releases/latest | grep browser_download_url | grep linux-amd64 | cut -d '"' -f 4 | wget -qi -
-tar xzvf crowdsec-firewall-bouncer-linux-amd64.tgz
-cd crowdsec-firewall-bouncer-v*/
-# Выбираем nftables
-sudo ./install.sh
-
-# Получаем API KEY
-sudo docker exec crowdsec cscli bouncers add firewall-bouncer
-
-# Прописываем ключ в конфиге
-sudo nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
-# Указваем так же API_URL (см docker-compose.yml, по умолчанию меняем на 8081)
-# В разделе nftables ipv4 (и ipv6) добавляем параметр hook: prerouting
-
-# nftables:
-#   ipv4:
-#     enabled: true
-#     set-only: false
-#     table: crowdsec
-#     chain: crowdsec-chain
-#     priority: -10
-#     hook: prerouting
-#   ipv6:
-#     enabled: true
-#     set-only: false
-#     table: crowdsec6
-#     chain: crowdsec6-chain
-#     priority: -10
-#     hook: prerouting
-
-# Создаём список исключений
-sudo docker exec crowdsec cscli allowlists create my_vps -d "Allow list for my vps"
-# Добавляем туда IP нашего VPS сервера для AutoSSH сервиса
-sudo docker exec crowdsec cscli allowlists add my_vps 1.2.3.4

proxy/nginx/conf.d/default.conf.example

@@ -4,9 +4,6 @@ server {
     listen [::]:80 default_server;
     server_name domain.ru www.domain.ru git.domain.ru cloud.domain.ru m.domain.ru chat.domain.ru;
 
-    access_log /var/log/nginx/http_access.log main;
-    error_log /var/log/nginx/http_error.log;
-
     location /.well-known/acme-challenge/ {
         root /var/www/certbot;
     }
@@ -26,9 +23,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/root_access.log main;
-    error_log /var/log/nginx/root_error.log;
-
     location / {
         charset utf-8;
         default_type text/plain;
@@ -44,9 +38,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/git.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/git.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/git_access.log main;
-    error_log /var/log/nginx/git_error.log;
-
     location / {
         proxy_pass http://gitea:3000;
         proxy_set_header Host $host;
@@ -64,13 +55,10 @@ server {
     ssl_certificate /etc/letsencrypt/live/cloud.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/cloud.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/cloud_access.log main;
-    error_log /var/log/nginx/cloud_error.log;
-
     client_max_body_size 0;
 
     location / {
-        proxy_pass http://filebrowser;
+        proxy_pass http://filebrowser:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -86,9 +74,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/m.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/m.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/matrix_synapse_access.log main;
-    error_log /var/log/nginx/matrix_synapse_error.log;
-
     location / {
         proxy_pass http://matrix-synapse:8008;
         proxy_set_header Host $host;
@@ -98,17 +83,6 @@ server {
 
         client_max_body_size 50M;
     }
-
-    #location /.well-known/matrix/server {
-    #    return 200 '{"m.server": "matrix.domain.ru:443"}';
-    #    add_header Content-Type application/json;
-    #}
-
-    #location /.well-known/matrix/client {
-    #    return 200 '{"m.homeserver": {"base_url": "https://matrix.domain.ru"}}';
-    #    add_header Content-Type application/json;
-    #    add_header Access-Control-Allow-Origin *;
-    #}
 }
 server {
     listen 443 ssl;
@@ -117,11 +91,8 @@ server {
     ssl_certificate /etc/letsencrypt/live/chat.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/chat.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/matrix_element_access.log main;
-    error_log /var/log/nginx/matrix_element_error.log;
-
     location / {
-        proxy_pass http://matrix-element;
+        proxy_pass http://matrix-element:8083;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

samba/.env.example

@@ -4,7 +4,7 @@ OWNER_USERID=1000
 OWNER_GROUPID=1000
 
 SMB_USER=user
-SMD_PASSWORD=password
+SMB_PASSWORD=password
 
 NET_NAME=Storage
 READONLY_NET_NAME=ReadonlyStorage

samba/docker-compose.yml

@@ -1,11 +1,11 @@
 services:
   samba:
-    image: dperson/samba
+    image: docker.io/dperson/samba
     container_name: samba
-    restart: unless-stopped
+    restart: always
     ports:
-      - "139:139"
-      - "445:445"
+      - "1139:139"
+      - "1445:445"
     volumes:
       - ${SHARED_FOLDER:?}:/mnt/shared
     environment:

syncthing/docker-compose.yml

@@ -1,15 +1,15 @@
 services:
   syncthing:
-    image: syncthing/syncthing:latest
+    image: docker.io/syncthing/syncthing:latest
     container_name: syncthing
     hostname: ${SYNCTHING_HOSTNAME:?} # Имя устройства в сети Syncthing
-    restart: unless-stopped
+    restart: always
     environment:
       - PUID=${OWNER_USERID:?} # ID пользователя в системе (можно узнать командой id)
       - PGID=${OWNER_GROUPID:?} # ID группы в системе
     volumes:
-      - ./config:/var/syncthing/config # Конфигурация и база данных
-      - ${SYNCTHING_FOLDER:?}:/var/syncthing/Sync # Папка с данными (путь на хосте:путь в контейнере)
+      - ./config:/var/syncthing/config:Z
+      - ${SYNCTHING_FOLDER:?}:/var/syncthing/Sync:Z # Папка с данными (путь на хосте:путь в контейнере)
     ports:
       - ${SYNCTHING_WEB_UI_PORT:?}:8384 # Web GUI (управление через браузер)
       - 22000:22000/tcp # Передача данных

transmission/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   transmission:
-    image: lscr.io/linuxserver/transmission:latest
+    image: docker.io/linuxserver/transmission:latest
     container_name: transmission
     environment:
       - PUID=${OWNER_USERID:?}
@@ -17,7 +17,7 @@ services:
       - ${TRANSMISSION_WEB_UI_PORT:?}:9091 # Веб-интерфейс
       - 51413:51413 # Порт для входящих соединений (TCP)
       - 51413:51413/udp # Порт для входящих соединений (UDP)
-    restart: unless-stopped
+    restart: always
     deploy:
       resources:
         limits: