From e54818959674fe2fd74e4d53c059763a9b869bb6 Mon Sep 17 00:00:00 2001
From: StepanovPlaton <mail2platon@yandex.ru>
Date: Thu, 29 Jan 2026 15:48:11 +0400
Subject: [PATCH] Migrate to podman

---
 autossh/.env.example                    |  4 +--
 autossh/Dockerfile                      |  2 +-
 autossh/docker-compose.yml              |  2 +-
 cloud/create-database.sh                |  1 -
 cloud/docker-compose.yml                |  6 ++--
 gitea/config/.keep                      |  0
 gitea/data/.keep                        |  0
 gitea/db/.keep                          |  0
 gitea/docker-compose.yml                |  1 -
 grafana/.env.example                    |  2 --
 grafana/docker-compose.yml              | 17 +++++-----
 matrix/.env.example                     |  1 +
 matrix/data/.keep                       |  0
 matrix/db/.keep                         |  0
 matrix/docker-compose.yml               | 21 +++++++++++-
 portainer/.env.example                  |  1 +
 portainer/docker-compose.yml            |  6 ++--
 proxy/.env.example                      |  1 -
 proxy/crowdsec/config/.keep             |  0
 proxy/crowdsec/config/acquis.yaml       |  4 ---
 proxy/ddns/domains.txt.example          |  4 +--
 proxy/docker-compose.yml                | 45 +++----------------------
 proxy/init-compose.yml                  |  4 +--
 proxy/install-bouncer.sh                | 12 -------
 proxy/nginx/conf.d/default.conf.example | 33 ++----------------
 proxy/nginx/logs/.keep                  |  0
 samba/.env.example                      |  2 +-
 samba/docker-compose.yml                |  8 ++---
 syncthing/config/.keep                  |  0
 syncthing/docker-compose.yml            |  8 ++---
 transmission/docker-compose.yml         |  4 +--
 31 files changed, 63 insertions(+), 126 deletions(-)
 delete mode 100644 cloud/create-database.sh
 delete mode 100644 gitea/config/.keep
 delete mode 100644 gitea/data/.keep
 delete mode 100644 gitea/db/.keep
 delete mode 100644 matrix/data/.keep
 delete mode 100644 matrix/db/.keep
 delete mode 100644 proxy/crowdsec/config/.keep
 delete mode 100644 proxy/crowdsec/config/acquis.yaml
 delete mode 100644 proxy/install-bouncer.sh
 delete mode 100644 proxy/nginx/logs/.keep
 delete mode 100644 syncthing/config/.keep

diff --git a/autossh/.env.example b/autossh/.env.example
index 33d3cc0..f0b24fe 100644
--- a/autossh/.env.example
+++ b/autossh/.env.example
@@ -2,5 +2,5 @@ SSH_HOST=192.168.32.1
 SSH_USER=user
 SSH_PASSWORD=password
 SSH_PORT=22
-SSH_TUNNEL_FROM=1080
-SSH_TUNNEL_TO=1443
+SSH_TUNNEL_FROM=1080 #VPS port
+SSH_TUNNEL_TO=1443 #local port
diff --git a/autossh/Dockerfile b/autossh/Dockerfile
index 49e1c5a..e49f48d 100644
--- a/autossh/Dockerfile
+++ b/autossh/Dockerfile
@@ -1,4 +1,4 @@
-FROM jnovack/autossh:2.1.0
+FROM docker.io/jnovack/autossh:2.1.0
 
 # Устанавливаем sshpass для работы с паролями
 RUN apk add --no-cache sshpass
diff --git a/autossh/docker-compose.yml b/autossh/docker-compose.yml
index 8aa0768..0850c47 100644
--- a/autossh/docker-compose.yml
+++ b/autossh/docker-compose.yml
@@ -2,7 +2,7 @@ services:
   autossh:
     build: .
     container_name: autossh
-    restart: unless-stopped
+    restart: always
     ports:
       - "${SSH_TUNNEL_TO:?}:${SSH_TUNNEL_TO:?}"
 
diff --git a/cloud/create-database.sh b/cloud/create-database.sh
deleted file mode 100644
index 1785f5d..0000000
--- a/cloud/create-database.sh
+++ /dev/null
@@ -1 +0,0 @@
-touch filebrowser.db
diff --git a/cloud/docker-compose.yml b/cloud/docker-compose.yml
index b359cc6..ab64e9e 100644
--- a/cloud/docker-compose.yml
+++ b/cloud/docker-compose.yml
@@ -1,8 +1,8 @@
 services:
   filebrowser:
-    image: filebrowser/filebrowser:latest
+    image: docker.io/filebrowser/filebrowser:latest
     container_name: filebrowser
-    restart: unless-stopped
+    restart: always
     volumes:
       # Папка с вашими файлами (замените /path/to/your/files на реальный путь)
       - ${SHARED_FOLDER}:/srv
@@ -23,7 +23,7 @@ services:
         filebrowser config set --root /srv --database /database/filebrowser.db
         filebrowser users add ${ADMIN_USER:?} ${ADMIN_PASSWORD:?} --perm.admin --scope "." --database /database/filebrowser.db || \
         filebrowser users update ${ADMIN_USER:?} --password ${ADMIN_PASSWORD:?} --scope "." --database /database/filebrowser.db
-        filebrowser --database /database/filebrowser.db --address 0.0.0.0 --port 80 --root /srv
+        filebrowser --database /database/filebrowser.db --address 0.0.0.0 --port 8080 --root /srv
     deploy:
       resources:
         limits:
diff --git a/gitea/config/.keep b/gitea/config/.keep
deleted file mode 100644
index e69de29..0000000
diff --git a/gitea/data/.keep b/gitea/data/.keep
deleted file mode 100644
index e69de29..0000000
diff --git a/gitea/db/.keep b/gitea/db/.keep
deleted file mode 100644
index e69de29..0000000
diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml
index aaabfb3..a972bdc 100644
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@@ -12,7 +12,6 @@ services:
     volumes:
       - ./data:/var/lib/gitea
       - ./config:/etc/gitea
-      - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     #ports:
     #  - ${GITEA_HTTP_PORT:?}:3000
diff --git a/grafana/.env.example b/grafana/.env.example
index 01d6478..f0b58ed 100644
--- a/grafana/.env.example
+++ b/grafana/.env.example
@@ -1,3 +1 @@
 GRAFANA_PORT=3000
-GRAFANA_USER=user
-GRAFANA_PASSWORD=password
diff --git a/grafana/docker-compose.yml b/grafana/docker-compose.yml
index 65f7884..fe13957 100644
--- a/grafana/docker-compose.yml
+++ b/grafana/docker-compose.yml
@@ -1,8 +1,8 @@
 services:
   prometheus:
-    image: prom/prometheus:latest
+    image: docker.io/prom/prometheus:latest
     container_name: prometheus
-    restart: unless-stopped
+    restart: always
     volumes:
       - ./prometheus.yml:/etc/prometheus/prometheus.yml
       - prometheus_data:/prometheus
@@ -20,17 +20,18 @@ services:
       - grafana_network
 
   grafana:
-    image: grafana/grafana:latest
+    image: docker.io/grafana/grafana:latest
     container_name: grafana
-    restart: unless-stopped
+    restart: always
     ports:
       - ${GRAFANA_PORT:?}:3000
     volumes:
       - ./grafana:/etc/grafana/provisioning
       - grafana_data:/var/lib/grafana
     environment:
-      - GF_SECURITY_ADMIN_USER=${GRAFANA_USER:?} # Ваш логин
-      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD:?} # Ваш пароль
+      - GF_AUTH_ANONYMOUS_ENABLED=true
+      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+      - GF_AUTH_DISABLE_LOGIN_FORM=true
     deploy:
       resources:
         limits:
@@ -42,9 +43,9 @@ services:
       - grafana_network
 
   node-exporter:
-    image: prom/node-exporter:latest
+    image: docker.io/prom/node-exporter:latest
     container_name: node-exporter
-    restart: unless-stopped
+    restart: always
     volumes:
       - /proc:/host/proc:ro
       - /sys:/host/sys:ro
diff --git a/matrix/.env.example b/matrix/.env.example
index 468cdc6..07e7090 100644
--- a/matrix/.env.example
+++ b/matrix/.env.example
@@ -1,3 +1,4 @@
 MATRIX_DB=matrix
 MATRIX_DB_USER=user
 MATRIX_DB_PASSWORD=password
+MATRIX_ELEMENT_PORT=8083
diff --git a/matrix/data/.keep b/matrix/data/.keep
deleted file mode 100644
index e69de29..0000000
diff --git a/matrix/db/.keep b/matrix/db/.keep
deleted file mode 100644
index e69de29..0000000
diff --git a/matrix/docker-compose.yml b/matrix/docker-compose.yml
index 191df26..a07222b 100644
--- a/matrix/docker-compose.yml
+++ b/matrix/docker-compose.yml
@@ -41,9 +41,11 @@ services:
       - matrix_network
 
   matrix-element:
-    image: vectorim/element-web:latest
+    image: docker.io/vectorim/element-web:latest
     container_name: matrix-element
     restart: unless-stopped
+    environment:
+      - ELEMENT_WEB_PORT=${MATRIX_ELEMENT_PORT:?}
     deploy:
       resources:
         limits:
@@ -54,6 +56,23 @@ services:
     networks:
       - matrix_network
 
+  synapse-admin:
+    container_name: synapse-admin
+    hostname: synapse-admin
+    image: docker.io/awesometechnologies/synapse-admin:latest
+    ports:
+      - "8009:80"
+    restart: always
+    networks:
+      - matrix_network
+    deploy:
+      resources:
+        limits:
+          cpus: '1.0'
+          memory: 256M
+        reservations:
+          memory: 128M
+
 networks:
   matrix_network:
     name: matrix_network
diff --git a/portainer/.env.example b/portainer/.env.example
index 5a30cab..78d47bb 100644
--- a/portainer/.env.example
+++ b/portainer/.env.example
@@ -1 +1,2 @@
 PORTAINER_PORT=9000
+UID=1000
diff --git a/portainer/docker-compose.yml b/portainer/docker-compose.yml
index 602b1a9..20847e0 100644
--- a/portainer/docker-compose.yml
+++ b/portainer/docker-compose.yml
@@ -1,13 +1,13 @@
 services:
   portainer:
-    image: portainer/portainer-ce:latest
+    image: docker.io/portainer/portainer-ce:latest
     container_name: portainer
-    restart: unless-stopped
+    restart: always
     security_opt:
       - no-new-privileges:true
     volumes:
       - /etc/localtime:/etc/localtime:ro
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/run/user/${UID:?}/podman/podman.sock:/var/run/docker.sock
       - portainer_data:/data
     ports:
       - "${PORTAINER_PORT:?}:9000"
diff --git a/proxy/.env.example b/proxy/.env.example
index 955825f..ced3f68 100644
--- a/proxy/.env.example
+++ b/proxy/.env.example
@@ -1,3 +1,2 @@
 REGRU_LOGIN=login
 REGRU_PASSWORD=password
-CROWDSEC_API_KEY=api_key
diff --git a/proxy/crowdsec/config/.keep b/proxy/crowdsec/config/.keep
deleted file mode 100644
index e69de29..0000000
diff --git a/proxy/crowdsec/config/acquis.yaml b/proxy/crowdsec/config/acquis.yaml
deleted file mode 100644
index 2a21b8b..0000000
--- a/proxy/crowdsec/config/acquis.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-filenames:
-  - /var/log/nginx/*.log
-labels:
-  type: nginx
diff --git a/proxy/ddns/domains.txt.example b/proxy/ddns/domains.txt.example
index e2681bb..b188ce2 100644
--- a/proxy/ddns/domains.txt.example
+++ b/proxy/ddns/domains.txt.example
@@ -2,6 +2,6 @@ domain.ru
 @
 www
 git
-disk
+cloud
 matrix
-chat
\ No newline at end of file
+chat
diff --git a/proxy/docker-compose.yml b/proxy/docker-compose.yml
index 28df8a9..dad057e 100644
--- a/proxy/docker-compose.yml
+++ b/proxy/docker-compose.yml
@@ -1,18 +1,16 @@
 services:
   nginx-proxy:
-    image: nginx:alpine
+    image: docker.io/nginx:alpine
     container_name: nginx-proxy
     restart: always
     ports:
-      - 80:80
-      - 443:443
+      - 8080:80
+      - 8443:443
     volumes:
       - ./nginx/conf.d:/etc/nginx/conf.d:ro
       # Папки для SSL сертификатов
       - ./ssl/conf:/etc/letsencrypt:ro
       - ./ssl/www:/var/www/certbot:ro
-      # Логи для канали CrowdSec
-      - ./nginx/logs:/var/log/nginx
     # Подхватываем новые ssl сертификаты
     command: /bin/sh -c "while :; do sleep 24h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
     deploy:
@@ -28,43 +26,10 @@ services:
       - cloud_network
       - matrix_network
 
-  crowdsec:
-    image: crowdsecurity/crowdsec:latest
-    container_name: crowdsec
-    restart: always
-    environment:
-      # Какие коллекции правил установить сразу
-      COLLECTIONS: "crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors"
-      # Чтобы не захламлять вывод, можно включить только ошибки
-      # LEVEL_TRACE: "false"
-    volumes:
-      # Читаем логи Nginx
-      - ./nginx/logs:/var/log/nginx:ro
-      # Конфигурация и база данных
-      - ./crowdsec/config:/etc/crowdsec
-      - ./crowdsec/data:/var/lib/crowdsec/data
-    ports:
-      - 8081:8080
-    deploy:
-      resources:
-        limits:
-          cpus: '0.5'
-          memory: 256M
-
-  dashboard:
-    image: crowdsecurity/dashboard
-    container_name: crowdsec-dashboard
-    restart: always
-    environment:
-      - MB_DB_FILE=/data/metabase.db
-    volumes:
-      - ./crowdsec/data:/data
-    ports:
-      - 3001:3000
-
   certbot:
-    image: certbot/certbot
+    image: docker.io/certbot/certbot
     container_name: certbot
+    restart: always
     volumes:
       - ./ssl/conf:/etc/letsencrypt
       - ./ssl/www:/var/www/certbot
diff --git a/proxy/init-compose.yml b/proxy/init-compose.yml
index b3290af..f7363ca 100644
--- a/proxy/init-compose.yml
+++ b/proxy/init-compose.yml
@@ -17,11 +17,11 @@ services:
           memory: 64M
 
   nginx-proxy:
-    image: nginx:alpine
+    image: docker.io/nginx:alpine
     container_name: nginx-proxy
     restart: always
     ports:
-      - 80:80
+      - 8080:80
     volumes:
       - ./nginx/init:/etc/nginx/conf.d:ro
       # Папки для SSL сертификатов
diff --git a/proxy/install-bouncer.sh b/proxy/install-bouncer.sh
deleted file mode 100644
index 92e0042..0000000
--- a/proxy/install-bouncer.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-curl -s https://api.github.com/repos/crowdsecurity/cs-firewall-bouncer/releases/latest | grep browser_download_url | grep linux-amd64 | cut -d '"' -f 4 | wget -qi -
-tar xzvf crowdsec-firewall-bouncer-linux-amd64.tgz
-cd crowdsec-firewall-bouncer-v*/
-sudo ./install.sh
-
-# Получаем API KEY
-sudo docker exec crowdsec cscli bouncers add firewall-bouncer
-
-
-# Прописываем ключ в конфиге
-# Указваем так же API_URL (см docker-compose.yml, по умолчанию меняем на 8081)
-sudo nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
diff --git a/proxy/nginx/conf.d/default.conf.example b/proxy/nginx/conf.d/default.conf.example
index 4821177..ae7d281 100644
--- a/proxy/nginx/conf.d/default.conf.example
+++ b/proxy/nginx/conf.d/default.conf.example
@@ -4,9 +4,6 @@ server {
     listen [::]:80 default_server;
     server_name domain.ru www.domain.ru git.domain.ru cloud.domain.ru m.domain.ru chat.domain.ru;
 
-    access_log /var/log/nginx/http_access.log main;
-    error_log /var/log/nginx/http_error.log;
-
     location /.well-known/acme-challenge/ {
         root /var/www/certbot;
     }
@@ -26,9 +23,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/root_access.log main;
-    error_log /var/log/nginx/root_error.log;
-
     location / {
         charset utf-8;
         default_type text/plain;
@@ -44,9 +38,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/git.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/git.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/git_access.log main;
-    error_log /var/log/nginx/git_error.log;
-
     location / {
         proxy_pass http://gitea:3000;
         proxy_set_header Host $host;
@@ -64,13 +55,10 @@ server {
     ssl_certificate /etc/letsencrypt/live/cloud.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/cloud.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/cloud_access.log main;
-    error_log /var/log/nginx/cloud_error.log;
-
     client_max_body_size 0;
 
     location / {
-        proxy_pass http://filebrowser;
+        proxy_pass http://filebrowser:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -86,9 +74,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/m.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/m.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/matrix_synapse_access.log main;
-    error_log /var/log/nginx/matrix_synapse_error.log;
-
     location / {
         proxy_pass http://matrix-synapse:8008;
         proxy_set_header Host $host;
@@ -98,17 +83,6 @@ server {
 
         client_max_body_size 50M;
     }
-
-    #location /.well-known/matrix/server {
-    #    return 200 '{"m.server": "matrix.domain.ru:443"}';
-    #    add_header Content-Type application/json;
-    #}
-
-    #location /.well-known/matrix/client {
-    #    return 200 '{"m.homeserver": {"base_url": "https://matrix.domain.ru"}}';
-    #    add_header Content-Type application/json;
-    #    add_header Access-Control-Allow-Origin *;
-    #}
 }
 server {
     listen 443 ssl;
@@ -117,11 +91,8 @@ server {
     ssl_certificate /etc/letsencrypt/live/chat.domain.ru/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/chat.domain.ru/privkey.pem;
 
-    access_log /var/log/nginx/matrix_element_access.log main;
-    error_log /var/log/nginx/matrix_element_error.log;
-
     location / {
-        proxy_pass http://matrix-element;
+        proxy_pass http://matrix-element:8083;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/proxy/nginx/logs/.keep b/proxy/nginx/logs/.keep
deleted file mode 100644
index e69de29..0000000
diff --git a/samba/.env.example b/samba/.env.example
index b9c8af4..c86be4a 100644
--- a/samba/.env.example
+++ b/samba/.env.example
@@ -4,7 +4,7 @@ OWNER_USERID=1000
 OWNER_GROUPID=1000
 
 SMB_USER=user
-SMD_PASSWORD=password
+SMB_PASSWORD=password
 
 NET_NAME=Storage
 READONLY_NET_NAME=ReadonlyStorage
diff --git a/samba/docker-compose.yml b/samba/docker-compose.yml
index 08f22ba..b98dd80 100644
--- a/samba/docker-compose.yml
+++ b/samba/docker-compose.yml
@@ -1,11 +1,11 @@
 services:
   samba:
-    image: dperson/samba
+    image: docker.io/dperson/samba
     container_name: samba
-    restart: unless-stopped
+    restart: always
     ports:
-      - "139:139"
-      - "445:445"
+      - "1139:139"
+      - "1445:445"
     volumes:
       - ${SHARED_FOLDER:?}:/mnt/shared
     environment:
diff --git a/syncthing/config/.keep b/syncthing/config/.keep
deleted file mode 100644
index e69de29..0000000
diff --git a/syncthing/docker-compose.yml b/syncthing/docker-compose.yml
index a327a5d..34a6a4b 100644
--- a/syncthing/docker-compose.yml
+++ b/syncthing/docker-compose.yml
@@ -1,15 +1,15 @@
 services:
   syncthing:
-    image: syncthing/syncthing:latest
+    image: docker.io/syncthing/syncthing:latest
     container_name: syncthing
     hostname: ${SYNCTHING_HOSTNAME:?} # Имя устройства в сети Syncthing
-    restart: unless-stopped
+    restart: always
     environment:
       - PUID=${OWNER_USERID:?} # ID пользователя в системе (можно узнать командой id)
       - PGID=${OWNER_GROUPID:?} # ID группы в системе
     volumes:
-      - ./config:/var/syncthing/config # Конфигурация и база данных
-      - ${SYNCTHING_FOLDER:?}:/var/syncthing/Sync # Папка с данными (путь на хосте:путь в контейнере)
+      - ./config:/var/syncthing/config:Z
+      - ${SYNCTHING_FOLDER:?}:/var/syncthing/Sync:Z # Папка с данными (путь на хосте:путь в контейнере)
     ports:
       - ${SYNCTHING_WEB_UI_PORT:?}:8384 # Web GUI (управление через браузер)
       - 22000:22000/tcp # Передача данных
diff --git a/transmission/docker-compose.yml b/transmission/docker-compose.yml
index bc122c6..8339c7d 100644
--- a/transmission/docker-compose.yml
+++ b/transmission/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   transmission:
-    image: lscr.io/linuxserver/transmission:latest
+    image: docker.io/linuxserver/transmission:latest
     container_name: transmission
     environment:
       - PUID=${OWNER_USERID:?}
@@ -17,7 +17,7 @@ services:
       - ${TRANSMISSION_WEB_UI_PORT:?}:9091 # Веб-интерфейс
       - 51413:51413 # Порт для входящих соединений (TCP)
       - 51413:51413/udp # Порт для входящих соединений (UDP)
-    restart: unless-stopped
+    restart: always
     deploy:
       resources:
         limits: