SDGDen/CloudDeploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

in-progress update

Browse Source
This commit is contained in:
SDGDen
2026-03-04 06:40:38 +01:00
parent 49c75768ba
commit c9e37abc63
19 changed files with 356 additions and 456 deletions
Download Patch File Download Diff File Expand all files Collapse all files

483
deploy.sh
View File

@@ -7,6 +7,33 @@ if [[ "$EUID" -ne 0 ]]; then
exit 1 exit 1
fi fi
# recursive replace function
replace_string_recursive() {
local DIRECTORY="$1"
local OLD_STRING="$2"
local NEW_STRING="$3"
if [ ! -d "$DIRECTORY" ]; then
echo "Error: Directory '$DIRECTORY' does not exist."
return 1
fi
echo "Starting replacement of '$OLD_STRING' with '$NEW_STRING' in '$DIRECTORY'..."
find "$DIRECTORY" -type f -exec sed -i "s/$OLD_STRING/$NEW_STRING/g" {} +
if [ $? -eq 0 ]; then
echo "Replacement completed successfully."
return 0
else
echo "An error occurred during replacement."
return 1
fi
}
# example use
# replace_string_recursive "/path/to/directory" "oldstring" "newstring"
# what this script needs to do: # what this script needs to do:
# request all install parameters needed from user # request all install parameters needed from user
@@ -37,19 +64,6 @@ bookstackdbpass="$(rand_hex)"
bookstackdbrootpass="$(rand_hex)" bookstackdbrootpass="$(rand_hex)"
onlyofficeJWT="$(rand_hex)" onlyofficeJWT="$(rand_hex)"
# ---- Debug print (optional — remove in production) ----
echo "Configuration summary:"
printf "%-25s %s\n" \
"Admin email:" "$adminemail" \
"Timezone:" "$timezone" \
"Domain:" "$domain" \
"Public IP:" "$publicip" \
"Local IP:" "$localip"
# install docker # install docker
echo "Updating apt and installing prerequisites..." echo "Updating apt and installing prerequisites..."
apt update apt update
@@ -84,9 +98,6 @@ apt install -y \
echo "Docker installation complete." echo "Docker installation complete."
docker --version docker --version
# install dockge # install dockge
mkdir -p /opt/stacks /opt/dockge mkdir -p /opt/stacks /opt/dockge
cd /opt/dockge cd /opt/dockge
@@ -94,449 +105,9 @@ cd /opt/dockge
# Download your compose.yaml # Download your compose.yaml
curl "https://dockge.kuma.pet/compose.yaml?port=5001&stacksPath=%2Fopt%2Fstacks" --output compose.yaml curl "https://dockge.kuma.pet/compose.yaml?port=5001&stacksPath=%2Fopt%2Fstacks" --output compose.yaml
# Start the Server
# docker compose up -d
# create directories in /opt/stacks for containers
# directories needed: npm,dozzle,kuma,browser,site,owncloud,vaultwarden,wireguard,convertx,it-tools,bookstack,jellyfin,onlyoffice,downloader,dashboard,pihole
cd /opt/stacks
mkdir /opt/stacks/{npm,dozzle,kuma,browser,site,owncloud,vaultwarden,wireguard,convertx,it-tools,bookstack,jellyfin,onlyoffice,downloader,dashboard,pihole}
# write docker setup for each component to correct directories
# Nginx Proxy:
# needed: compose.yml, auto-generated proxy host files
# variables needed: domain, admin email, admin pass
cat > /opt/stacks/npm/compose.yml <<EOF
services:
app:
image: jc21/nginx-proxy-manager:latest
restart: unless-stopped
networks:
- dockge_default
ports:
# These ports are in format <host-port>:<container-port>
- 80:80 # Public HTTP Port
- 443:443 # Public HTTPS Port
- 81:81 # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
environment:
TZ: $timezone
# Uncomment this if you want to change the location of
# the SQLite DB file within the container
# DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
networks:
dockge_default:
external: true
EOF
# Uptime Kuma:
# needed: compose.yml
# variables needed: admin email, admin pass
cat > /opt/stacks/kuma/compose.yml <<EOF
services:
uptime-kuma:
image: louislam/uptime-kuma:2
restart: unless-stopped
volumes:
- ./data:/app/data
networks:
- dockge_default
dns:
- 1.1.1.1
- 8.8.8.8
networks:
dockge_default:
external: true
EOF
# File Browser:
# needed: compose.yml
# variables needed: admin email, admin pass
cat > /opt/stacks/browser/compose.yml <<EOF
services:
browser:
image: filebrowser/filebrowser
privileged: true
container_name: browser
user: root
networks:
- dockge_default
volumes:
- /opt/stacks:/srv/stacks
- ./filebrowser.db:/database.db
restart: unless-stopped
networks:
dockge_default:
external: true
EOF
# Main Site:
# needed: compose.yml
cat > /opt/stacks/site/compose.yml <<EOF
services:
site:
image: lscr.io/linuxserver/nginx:latest
restart: unless-stopped
user: root
networks:
- dockge_default
environment:
TZ: $timezone
volumes:
- ./config:/config
networks:
dockge_default:
external: true
EOF
# owncloud:
# needed: compose.yml, additional config?
# variables needed: admin email, admin pass
cat > /opt/stacks/owncloud/compose.yml <<EOF
services:
owncloud_server:
image: owncloud/server:latest
container_name: owncloud_server
restart: always
networks:
- dockge_default
depends_on:
- owncloud_db
- owncloud_redis
environment:
OWNCLOUD_DOMAIN: https://cloud.$domain
OWNCLOUD_TRUSTED_DOMAINS: localhost, cloud.$domain
OWNCLOUD_DB_TYPE: mysql
OWNCLOUD_DB_NAME: owncloud
OWNCLOUD_DB_USERNAME: owncloud
OWNCLOUD_DB_PASSWORD: $ownclouddbpass
OWNCLOUD_DB_HOST: owncloud_db
OWNCLOUD_ADMIN_USERNAME: $adminemail
OWNCLOUD_ADMIN_PASSWORD: $adminpass
OWNCLOUD_MYSQL_UTF8MB4: true
OWNCLOUD_REDIS_ENABLED: true
OWNCLOUD_REDIS_HOST: owncloud_redis
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- ./data:/mnt/data
owncloud_db:
image: mariadb:10.11 # minimum required ownCloud version is 10.9
container_name: owncloud_db
restart: always
networks:
- dockge_default
environment:
- MYSQL_ROOT_PASSWORD=$ownclouddbrootpass
- MYSQL_USER=owncloud
- MYSQL_PASSWORD=$ownclouddbpass
- MYSQL_DATABASE=owncloud
- MARIADB_AUTO_UPGRADE=1
command: ["--max-allowed-packet=128M", "--innodb-log-file-size=64M"]
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-u", "root", "--password=owncloud"]
interval: 10s
timeout: 5s
retries: 5
volumes:
- ./mysql:/var/lib/mysql
owncloud_redis:
image: redis:6
container_name: owncloud_redis
restart: always
networks:
- dockge_default
command: ["--databases", "1"]
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
volumes:
- ./redis:/data
networks:
dockge_default:
external: true
EOF
# vaultwarden:
# needed: compose.yml
cat > /opt/stacks/vaultwarden/compose.yml <<EOF
services:
vaultwarden:
container_name: vaultwarden
image: vaultwarden/server:latest
restart: unless-stopped
volumes:
- ./data:/data/
networks:
- dockge_default
networks:
dockge_default:
external: true
EOF
# wireguard-easy:
# needed: compose.yml
# variables needed: admin email, admin pass
cat > /opt/stacks/wireguard/compose.yml <<EOF
services:
wireguard:
container_name: wireguard
environment:
WG_HOST: $publicip
PASSWORD: $adminpass
volumes:
- ./wireguard:/etc/wireguard
ports:
-51820/udp
networks:
- dockge_default
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
restart: unless-stopped
image: weejewel/wg-easy
networks:
dockge_default:
external: true
EOF
# convertx:
# needed: compose.yml
cat > /opt/stacks/convertx/compose.yml <<EOF
services:
convertx:
image: ghcr.io/c4illin/convertx
container_name: convertx
restart: unless-stopped
networks:
- dockge_default
environment:
JWT_SECRET: $convertxJWT
HTTP_ALLOWED: true
ALLOW_UNAUTHENTICATED: true
ACCOUNT_REGISTRATION: false
volumes:
- ./data:/app/data
networks:
dockge_default:
external: true
EOF
# it-tools:
# needed: compose.yml
cat > /opt/stacks/it-tools/compose.yml <<EOF
services:
it-tools:
container_name: it-tools
restart: unless-stopped
networks:
- dockge_default
image: corentinth/it-tools:latest
networks:
dockge_default:
external: true
EOF
# bookstack:
# needed: compose.yml
# variables needed: admin email, admin pass
cat > /opt/stacks/bookstack/compose.yml <<EOF
services:
bookstack:
image: lscr.io/linuxserver/bookstack:latest
container_name: bookstack
environment:
TZ: $timezone
APP_URL: https://docs.$domain
APP_KEY: base64:$bookstackkey
DB_HOST: bookstack_db
DB_PORT: 3306
DB_DATABASE: bookstack
DB_USERNAME: bookstack
DB_PASSWORD: $bookstackdbpass
volumes:
- ./config:/config
networks:
- dockge_default
restart: unless-stopped
bookstack_db:
image: lscr.io/linuxserver/mariadb:latest
container_name: bookstack_db
networks:
- dockge_default
environment:
TZ: $timezone
MYSQL_ROOT_PASSWORD: $bookstackdbrootpass
MYSQL_DATABASE: bookstack
MYSQL_USER: bookstack
MYSQL_PASSWORD: $bookstackdbpass
restart: unless-stopped
networks:
dockge_default:
external: true
EOF
# jellyfin:
# needed: compose.yml
# variables needed: admin email, admin pass
cat > /opt/stacks/jellyfin/compose.yml <<EOF
services:
jellyfin:
image: jellyfin/jellyfin
container_name: jellyfin
user: root
networks:
- dockge_default
volumes:
- ./config:/config
- ./cache:/cache
- ./media:/media:ro
- ./fonts:/usr/local/share/fonts/custom:ro
restart: unless-stopped
environment:
JELLYFIN_PublishedServerUrl: https://video.$domain
TZ: $timezone
networks:
dockge_default:
external: true
EOF
# onlyoffice:
# needed: compose.yml
cat > /opt/stacks/onlyoffice/compose.yml <<EOF
services:
documentserver:
stdin_open: true
tty: true
restart: always
networks:
- dockge_default
image: onlyoffice/documentserver
dns:
- 1.1.1.1
- 8.8.8.8
environment:
JWT_SECRET: $onlyofficeJWT
JWT_IN_BODY: true
networks:
dockge_default:
external: true
EOF
# dashboard:
# needed: compose.yml
cat > /opt/stacks/dashboard/compose.yml <<EOF
services:
dashboard:
image: lscr.io/linuxserver/heimdall:latest
container_name: dashboard
environment:
- PUID=1000
- PGID=1000
- TZ=$timezone
- ALLOW_INTERNAL_REQUESTS=false #optional
- APP_NAME=Home
volumes:
- ./Heimdall:/config
networks:
- dockge_default
restart: unless-stopped
networks:
dockge_default:
external: true
EOF
# dozzle
cat >/opt/stacks/dozzle/compose.yml <<EOF
services:
dozzle:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- dockge_default
image: amir20/dozzle:latest
restart: always
networks:
dockge_default:
external: true
EOF
# pihole
cat >/opt/stacks/pihole/compose.yml <<EOF
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
dns:
- 1.1.1.1
ports:
- 53:53/tcp
- 53:53/udp
environment:
TZ: Europe/Amsterdam
FTLCONF_WEBSERVER_API_PASSWORD: z5fGWz2i0q
volumes:
- ./config:/etc/pihole
- ./dns:/etc/dnsmasq.d
cap_add:
- NET_ADMIN
restart: unless-stopped
networks:
- dockge_default
networks:
dockge_default:
external: true
EOF
# install mailcow to /opt/stacks/mailcow so it shows up in dockge # install mailcow to /opt/stacks/mailcow so it shows up in dockge
apt install -y git openssl curl gawk coreutils grep jq apt install -y git openssl curl gawk coreutils grep jq

2
scripts/filebrowser-config.sh Normal file
View File

@@ -0,0 +1,2 @@
# todo: create admin user in filebrowser
# https://filebrowser.org/cli/filebrowser-users-update.html

33
stacks/bookstack/compose.yml
View File

@@ -0,0 +1,33 @@
services:
bookstack:
image: lscr.io/linuxserver/bookstack:latest
container_name: bookstack
environment:
TZ: %timezone%
APP_URL: https://docs.%domain%
APP_KEY: base64:%bookstackkey%
DB_HOST: bookstack_db
DB_PORT: 3306
DB_DATABASE: bookstack
DB_USERNAME: bookstack
DB_PASSWORD: %bookstackdbpass%
volumes:
- ./config:/config
networks:
- dockge_default
restart: unless-stopped
bookstack_db:
image: lscr.io/linuxserver/mariadb:latest
container_name: bookstack_db
networks:
- dockge_default
environment:
TZ: %timezone%
MYSQL_ROOT_PASSWORD: %bookstackdbrootpass%
MYSQL_DATABASE: bookstack
MYSQL_USER: bookstack
MYSQL_PASSWORD: %bookstackdbpass%
restart: unless-stopped
networks:
dockge_default:
external: true

15
stacks/browser/compose.yml
View File

@@ -0,0 +1,15 @@
services:
browser:
image: filebrowser/filebrowser
privileged: true
container_name: browser
user: root
networks:
- dockge_default
volumes:
- /opt/stacks:/srv/stacks
- ./filebrowser.db:/database.db
restart: unless-stopped
networks:
dockge_default:
external: true

17
stacks/convertx/compose.yml
View File

@@ -0,0 +1,17 @@
services:
convertx:
image: ghcr.io/c4illin/convertx
container_name: convertx
restart: unless-stopped
networks:
- dockge_default
environment:
JWT_SECRET: ?convertxJWT?
HTTP_ALLOWED: true
ALLOW_UNAUTHENTICATED: true
ACCOUNT_REGISTRATION: false
volumes:
- ./data:/app/data
networks:
dockge_default:
external: true

18
stacks/dashboard/compose.yml
View File

@@ -0,0 +1,18 @@
services:
dashboard:
image: lscr.io/linuxserver/heimdall:latest
container_name: dashboard
environment:
- PUID=1000
- PGID=1000
- TZ=$timezone
- ALLOW_INTERNAL_REQUESTS=false #optional
- APP_NAME=Home
volumes:
- ./config:/config
networks:
- dockge_default
restart: unless-stopped
networks:
dockge_default:
external: true

3
stacks/dashboard/heimdall-config.sh Normal file
View File

@@ -0,0 +1,3 @@
# todo: include pre-made app.sqlite under dashboard/www/app.sqlite
# create version of this database with placeholders
# use sql commands to replace the placeholders

BIN
stacks/dashboard/www/app.sqlite Normal file
View File

Binary file not shown.

11
stacks/dozzle/compose.yml
View File

@@ -0,0 +1,11 @@
services:
dozzle:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- dockge_default
image: amir20/dozzle:latest
restart: always
networks:
dockge_default:
external: true

10
stacks/it-tools/compose.yml
View File

@@ -0,0 +1,10 @@
services:
it-tools:
container_name: it-tools
restart: unless-stopped
networks:
- dockge_default
image: corentinth/it-tools:latest
networks:
dockge_default:
external: true

19
stacks/jellyfin/compose.yml
View File

@@ -0,0 +1,19 @@
services:
jellyfin:
image: jellyfin/jellyfin
container_name: jellyfin
user: root
networks:
- dockge_default
volumes:
- ./config:/config
- ./cache:/cache
- ./media:/media:ro
- ./fonts:/usr/local/share/fonts/custom:ro
restart: unless-stopped
environment:
JELLYFIN_PublishedServerUrl: https://video.$domain
TZ: $timezone
networks:
dockge_default:
external: true

14
stacks/kuma/compose.yml
View File

@@ -0,0 +1,14 @@
services:
uptime-kuma:
image: louislam/uptime-kuma:2
restart: unless-stopped
volumes:
- ./data:/app/data
networks:
- dockge_default
dns:
- 1.1.1.1
- 8.8.8.8
networks:
dockge_default:
external: true

29
stacks/npm/compose.yml
View File

@@ -0,0 +1,29 @@
services:
app:
image: jc21/nginx-proxy-manager:latest
restart: unless-stopped
networks:
- dockge_default
ports:
# These ports are in format <host-port>:<container-port>
- 80:80 # Public HTTP Port
- 443:443 # Public HTTPS Port
- 81:81 # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
environment:
TZ: $timezone
# Uncomment this if you want to change the location of
# the SQLite DB file within the container
# DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
networks:
dockge_default:
external: true

17
stacks/onlyoffice/compose.yml
View File

@@ -0,0 +1,17 @@
services:
documentserver:
stdin_open: true
tty: true
restart: always
networks:
- dockge_default
image: onlyoffice/documentserver
dns:
- 1.1.1.1
- 8.8.8.8
environment:
JWT_SECRET: $onlyofficeJWT
JWT_IN_BODY: true
networks:
dockge_default:
external: true

69
stacks/owncloud/compose.yml
View File

@@ -0,0 +1,69 @@
services:
owncloud_server:
image: owncloud/server:latest
container_name: owncloud_server
restart: always
networks:
- dockge_default
depends_on:
- owncloud_db
- owncloud_redis
environment:
OWNCLOUD_DOMAIN: https://cloud.$domain
OWNCLOUD_TRUSTED_DOMAINS: localhost, cloud.$domain
OWNCLOUD_DB_TYPE: mysql
OWNCLOUD_DB_NAME: owncloud
OWNCLOUD_DB_USERNAME: owncloud
OWNCLOUD_DB_PASSWORD: $ownclouddbpass
OWNCLOUD_DB_HOST: owncloud_db
OWNCLOUD_ADMIN_USERNAME: $adminemail
OWNCLOUD_ADMIN_PASSWORD: $adminpass
OWNCLOUD_MYSQL_UTF8MB4: true
OWNCLOUD_REDIS_ENABLED: true
OWNCLOUD_REDIS_HOST: owncloud_redis
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- ./data:/mnt/data
owncloud_db:
image: mariadb:10.11 # minimum required ownCloud version is 10.9
container_name: owncloud_db
restart: always
networks:
- dockge_default
environment:
- MYSQL_ROOT_PASSWORD=$ownclouddbrootpass
- MYSQL_USER=owncloud
- MYSQL_PASSWORD=$ownclouddbpass
- MYSQL_DATABASE=owncloud
- MARIADB_AUTO_UPGRADE=1
command: ["--max-allowed-packet=128M", "--innodb-log-file-size=64M"]
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-u", "root", "--password=owncloud"]
interval: 10s
timeout: 5s
retries: 5
volumes:
- ./mysql:/var/lib/mysql
owncloud_redis:
image: redis:6
container_name: owncloud_redis
restart: always
networks:
- dockge_default
command: ["--databases", "1"]
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
volumes:
- ./redis:/data
networks:
dockge_default:
external: true

23
stacks/pihole/compose.yml
View File

@@ -0,0 +1,23 @@
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
dns:
- 1.1.1.1
ports:
- 53:53/tcp
- 53:53/udp
environment:
TZ: Europe/Amsterdam
FTLCONF_WEBSERVER_API_PASSWORD: z5fGWz2i0q
volumes:
- ./config:/etc/pihole
- ./dns:/etc/dnsmasq.d
cap_add:
- NET_ADMIN
restart: unless-stopped
networks:
- dockge_default
networks:
dockge_default:
external: true

14
stacks/site/compose.yml
View File

@@ -0,0 +1,14 @@
services:
site:
image: lscr.io/linuxserver/nginx:latest
restart: unless-stopped
user: root
networks:
- dockge_default
environment:
TZ: $timezone
volumes:
- ./config:/config
networks:
dockge_default:
external: true

12
stacks/vaultwarden/compose.yml
View File

@@ -0,0 +1,12 @@
services:
vaultwarden:
container_name: vaultwarden
image: vaultwarden/server:latest
restart: unless-stopped
volumes:
- ./data:/data/
networks:
- dockge_default
networks:
dockge_default:
external: true

23
stacks/wireguard/compose.yml
View File

@@ -0,0 +1,23 @@
services:
wireguard:
container_name: wireguard
environment:
WG_HOST: $publicip
PASSWORD: $adminpass
volumes:
- ./wireguard:/etc/wireguard
ports:
- 51820:51820/udp
networks:
- dockge_default
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
restart: unless-stopped
image: weejewel/wg-easy
networks:
dockge_default:
external: true