kenny/cloudhaus-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: kenny:987f42009529253dd275297715937930f3d5d234
Branches Tags
kenny:main
..
compare: kenny:main
Branches Tags
kenny:main

9 Commits
987f420095 ... main

Author SHA1 Message Date
kenny
cf96e76d92 Added quay registry mirror + Invidious 2026-02-21 13:52:32 +02:00
kenny
400ee84300 Updated glance 2026-02-01 01:06:07 +02:00
kenny
ee6061a0a8 One user and password per http auth (to last longer against bf attacks) 2026-01-30 22:27:07 +02:00
kenny
194fee9714 Removed basic auth to office.mycloudhaus.xyz: making it public and listing it officially 2026-01-30 20:31:54 +02:00
kenny
654247cb65 Added basic auth to office.mycloudhaus.xyz 2026-01-30 20:16:29 +02:00
kenny
0ffa050a2b Added cryptpad @ office.mycloudhaus.xyz 2026-01-30 20:14:50 +02:00
kenny
b4edc49908 Replaced web. with msg. for Signal from bigbox (since it works) 2026-01-25 14:34:33 +02:00
kenny
8d82ad89b7 corrected scripts 2026-01-25 13:00:23 +02:00
kenny
d2f8926f43 Cleaned caddyfile + added mullvad browser server on web.mycloudhaus.xyz 2026-01-25 12:59:31 +02:00
9 changed files with 389 additions and 30 deletions
Expand all files Collapse all files

139
Caddyfile
View File

@@ -22,6 +22,36 @@
}
}
dockerreg.mycloudhaus.xyz {
# Important: These headers are required for Docker Registry
header {
-Server
Docker-Distribution-Api-Version registry/2.0
}
# Reverse proxy with proper Docker Registry support
reverse_proxy 10.0.0.1:4555 {
# Forward all headers without modification
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
# Critical: Ensure chunked transfer encoding works
transport http {
read_buffer 4096
write_buffer 4096
max_response_header 8192
}
}
# Handle blob uploads correctly
handle_errors {
# If registry returns error, pass it through
respond "{http.error.status_code} {http.error.status_text}"
}
}
speed.mycloudhaus.xyz {
route {
crowdsec
@@ -31,6 +61,26 @@ speed.mycloudhaus.xyz {
}
}
tools.mycloudhaus.xyz {
route {
crowdsec
basic_auth {
jawline4392 $2a$14$fFXP3bSAH3w9Kj0t84y1aeYvYwUbYPgV29RpesEFoDTCMpcumm5Bm
}
reverse_proxy 10.0.0.1:8898
}
}
office.mycloudhaus.xyz {
route {
crowdsec
#basic_auth {
# theo $2a$14$mJszfW/9Pay63RdHY7Om1e0VdYaCWwP5QnpzdM7oCbrCnYQzB8.bS
# }
reverse_proxy 10.0.0.1:3033
}
}
docker.mycloudhaus.xyz {
route {
crowdsec
@@ -47,17 +97,25 @@ sync.mycloudhaus.xyz {
}
}
msg.mycloudhaus.xyz {
route {
crowdsec
basic_auth {
scuba8495 $2a$14$dSjT2ZkFg4h9TLDGvnN7XO1hJ/1VbFxgx0EX8UJy2tknKK/MqR1b2
}
reverse_proxy 10.0.0.2:8000
}
}
notes.mycloudhaus.xyz {
route {
crowdsec
basic_auth {
theo $2a$14$mJszfW/9Pay63RdHY7Om1e0VdYaCWwP5QnpzdM7oCbrCnYQzB8.bS
giggly8541 $2a$14$j4eEXQZQdCWquG5lTJCaV.Uefb6D0cWQlC843tCH0cGMxdjf8AS.O
}
reverse_proxy 127.0.0.1:3050 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
}
}
@@ -66,8 +124,7 @@ keybr.mycloudhaus.xyz {
route {
crowdsec
basic_auth {
theo $2a$14$mJszfW/9Pay63RdHY7Om1e0VdYaCWwP5QnpzdM7oCbrCnYQzB8.bS
# Username "Bob", password "hiccup"
sneak2931 $2a$14$dQJs/1Rk8TjgK5YZSIAYU.i4avRMgRZ8uZIR47/mgI3ltYLqgf8XK
}
reverse_proxy 10.0.0.2:3000
}
@@ -77,8 +134,7 @@ torrents.mycloudhaus.xyz {
route {
crowdsec
basic_auth {
theo $2a$14$mJszfW/9Pay63RdHY7Om1e0VdYaCWwP5QnpzdM7oCbrCnYQzB8.bS
# Username "Bob", password "hiccup"
unrevised0817 $2a$14$fGYDsHzx8X/EdXKW59it/ujz8ieD0Ae8q3u.mJt2vaKg4.VYPrs2C
}
reverse_proxy 10.0.0.2:9091
}
@@ -87,10 +143,6 @@ torrents.mycloudhaus.xyz {
searxng.mycloudhaus.xyz {
route {
crowdsec
# basic_auth {
# # Username "Bob", password "hiccup"
# theo $2a$14$mJszfW/9Pay63RdHY7Om1e0VdYaCWwP5QnpzdM7oCbrCnYQzB8.bS
# }
reverse_proxy 127.0.0.1:7001
}
}
@@ -102,6 +154,13 @@ boards.mycloudhaus.xyz {
}
}
ankisync.mycloudhaus.xyz {
route {
crowdsec
reverse_proxy 127.0.0.1:27701
}
}
dns.mycloudhaus.xyz {
route {
crowdsec
@@ -109,19 +168,12 @@ dns.mycloudhaus.xyz {
}
}
#twitch.mycloudhaus.xyz {
# route {
# crowdsec
# reverse_proxy 127.0.0.1:8280
# }
#}
inv.mycloudhaus.xyz {
route {
crowdsec
basic_auth {
# Username "Bob", password "hiccup"
theo $2a$14$mJszfW/9Pay63RdHY7Om1e0VdYaCWwP5QnpzdM7oCbrCnYQzB8.bS
compile6639 $2a$14$AmsLzCKhcncRJEpXCF5XZ.sq/.9RCfKtY8bg89FKkE1fpU9Y.lSUK
miha $2y$05$N1Gr6khpOaZc5YDQp8quGuQk6phsE69GoLSB3d.w7RnRc8zyQn./6
}
reverse_proxy 10.0.0.2:4000
}
@@ -130,6 +182,13 @@ inv.mycloudhaus.xyz {
}
}
wiki.mycloudhaus.xyz {
route {
crowdsec
reverse_proxy 10.0.0.2:8008
}
}
radicale.mycloudhaus.xyz {
route {
crowdsec
@@ -164,8 +223,7 @@ home.mycloudhaus.xyz {
route {
crowdsec
basic_auth {
# Username "Bob", password "hiccup"
theo $2a$14$mJszfW/9Pay63RdHY7Om1e0VdYaCWwP5QnpzdM7oCbrCnYQzB8.bS
mobster5234 $2a$14$mu69PLSK/8iMqV2e/TM2dOsW7ZuLPpjW/Aqltlug6xgQRckXJRqQ2
}
reverse_proxy 127.0.0.1:8099
}
@@ -176,8 +234,7 @@ logs.mycloudhaus.xyz {
route {
crowdsec
basic_auth {
# Username "Bob", password "hiccup"
theo $2a$14$mJszfW/9Pay63RdHY7Om1e0VdYaCWwP5QnpzdM7oCbrCnYQzB8.bS
overvalue8130 $2a$14$RjDA21av6gZynO9BInzUGuErCs9qHSIx0gDBwhyOS9iDd8f6wvQMO
}
reverse_proxy 127.0.0.1:3030
}
@@ -209,6 +266,27 @@ playlists.mycloudhaus.xyz {
}
}
play.mycloudhaus.xyz {
route {
crowdsec
}
reverse_proxy 10.0.0.2:4445
}
email.mycloudhaus.xyz {
route {
crowdsec
}
reverse_proxy 10.0.0.2:8025
}
translate.mycloudhaus.xyz {
route {
crowdsec
reverse_proxy 10.0.0.2:5555
}
}
media.mycloudhaus.xyz {
route {
crowdsec
@@ -233,12 +311,18 @@ radio.mycloudhaus.xyz {
convert.mycloudhaus.xyz {
basic_auth {
# Username "Bob", password "hiccup"
theo $2a$14$mJszfW/9Pay63RdHY7Om1e0VdYaCWwP5QnpzdM7oCbrCnYQzB8.bS
thirstily1920 $2a$14$XAK/BYwOLKIxsPNdTKRng.fS9fIMYqOUWHj5XQriP8Eptpbm.q6Ee
}
reverse_proxy 127.0.0.1:6000
}
learn.mycloudhaus.xyz {
basic_auth {
planky273 $2y$05$te50nAtF7oT1vHht3Qy3qOUC5DBAWodCD4xjwPkrFfHjoWrE1Wa1a
}
reverse_proxy 10.0.0.2:8889
}
#prom.mycloudhaus.xyz {
# basic_auth {
# # Username "Bob", password "hiccup"
@@ -262,8 +346,7 @@ convert.mycloudhaus.xyz {
mycloudhaus.xyz {
basic_auth {
# Username "Bob", password "hiccup"
theo $2a$14$mJszfW/9Pay63RdHY7Om1e0VdYaCWwP5QnpzdM7oCbrCnYQzB8.bS
overwrite7291 $2a$14$ZU0t/ykaEg4CO2hr1PPSK.3K13XEj6SKlnX9/S8/HaO98lh2nN13S
}
metrics /metrics

31
cryptpad/docker-compose.yml Executable file
View File

@@ -0,0 +1,31 @@
services:
cryptpad:
image: "cryptpad/cryptpad:latest"
hostname: cryptpad
environment:
- CPAD_MAIN_DOMAIN=https://office.mycloudhaus.xyz
- CPAD_SANDBOX_DOMAIN=https://office.mycloudhaus.xyz
- CPAD_CONF=/cryptpad/config/config.js
# Read and accept the license before uncommenting the following line:
# https://github.com/ONLYOFFICE/web-apps/blob/master/LICENSE.txt
- CPAD_INSTALL_ONLYOFFICE=yes
volumes:
- ./data/blob:/cryptpad/blob
- ./data/block:/cryptpad/block
- ./customize:/cryptpad/customize
- ./data/data:/cryptpad/data
- ./data/files:/cryptpad/datastore
- ./onlyoffice-dist:/cryptpad/www/common/onlyoffice/dist
- ./onlyoffice-conf:/cryptpad/onlyoffice-conf
ports:
- "10.0.0.1:3033:3000"
#- "10.0.0.1:3034:3003"
ulimits:
nofile:
soft: 1000000
hard: 1000000

1
cryptpad/fix_users.md Normal file
View File

@@ -0,0 +1 @@
User is 4001 inside Docker, and we cannot change that even with a 'user:' statement = owner of folders is 4001

193
glance/config/glance.yml Normal file
View File

@@ -0,0 +1,193 @@
# glance.yml — single file with all pages merged into one page (HomeLAN)
server:
assets-path: /app/assets
theme:
custom-css-file: /assets/user.css
pages:
- name: Quick access
columns:
- size: small
widgets:
- type: search
autofocus: true
search-engine: https://searxng.mycloudhaus.xyz/search?q={QUERY}
placeholder: "SearXNG | @in, @media, @pkg, @git"
new-tab: true
bangs:
- shortcut: "@in"
title: "Invidious"
url: "https://inv.mycloudhaus.xyz/search?q={QUERY}"
- shortcut: "@pkg"
title: "NixOS Packages"
url: "https://search.nixos.org/packages?query={QUERY}"
- shortcut: "@media"
title: "Jellyfin"
url: "http://media.mycloudhaus.xyz/web/#/search.html?query={QUERY}"
- shortcut: "@git"
title: "Github"
url: "https://github.com/search?q={QUERY}&type=repositories"
- type: dns-stats
service: adguard
url: https://dns.mycloudhaus.xyz/
username: ${ADGUARD_USER}
password: ${ADGUARD_PASSWORD}
- type: monitor
title: Apps
style: compact
cache: 1m
sites:
- title: Obsidian
url: "https://notes.mycloudhaus.xyz"
- title: Vikunja
url: "https://boards.mycloudhaus.xyz"
- title: Gitea
url: "https://git.mycloudhaus.xyz"
- title: Cryptpad
url: "https://office.mycloudhaus.xyz"
- title: Vaultwarden
url: "https://vw.mycloudhaus.xyz"
- title: Kiwix
url: "https://wiki.mycloudhaus.xyz"
- title: LibreTranslate
url: "https://translate.mycloudhaus.xyz"
- title: Keybr
url: "https://keybr.mycloudhaus.xyz"
- title: Karakeep
url: "https://bookmarks.mycloudhaus.xyz"
- title: ConvertX
url: "https://convert.mycloudhaus.xyz"
- title: IT-Tools
url: "https://tools.mycloudhaus.xyz"
- title: SearXNG
url: "https://searxng.mycloudhaus.xyz"
- type: monitor
title: Admin
style: compact
cache: 1m
sites:
- title: Grafana
url: "https://logs.mycloudhaus.xyz"
- title: Portainer
url: "https://docker.mycloudhaus.xyz"
- title: FTP online
url: "https://playlists.mycloudhaus.xyz"
- title: Speedtest Tracker
url: "https://speed.mycloudhaus.xyz"
- title: AdGuard Home
url: "https://dns.mycloudhaus.xyz"
- title: Transmission
url: "http://torrents.mycloudhaus.xyz"
- title: Syncthing Cloud
url: "https://sync.mycloudhaus.xyz"
- title: Syncthing Bigbox
url: "192.168.0.131:8384"
- title: Syncthing Puter
url: "127.0.0.1:8384"
- title: Radicale
url: "https://radicale.mycloudhaus.xyz"
- size: full
widgets:
- type: group
widgets:
- type: hacker-news
limit: 40
collapse-after: 5
- type: lobsters
sort-by: hot
tags:
- rust
- networking
- c
- culture
- law
- cryptography
- hardware
- science
- linux
- windows
- nix
- android
- privacy
- security
- virtualization
- editors
- systemd
- vim
- type: monitor
title: Media & Content
style: compact
cache: 1m
sites:
- title: Jellyfin
url: "https://media.mycloudhaus.xyz/web/#/home.html"
- title: Invidious
url: "https://inv.mycloudhaus.xyz"
- title: Azuracast
url: "https://radio.mycloudhaus.xyz/admin/stations"
- title: Slowdown
url: "https://radio.mycloudhaus.xyz/public/teststation"
- title: Absolutely Random
url: "https://radio.mycloudhaus.xyz/public/absolutely_random"
- title: FreshRSS
url: "https://rss.mycloudhaus.xyz"
- type: videos
channels:
- UCwU7Gq3vG5kL1eknXIZvMag
- UChrYe70o7NmDioL02PRVWVg
- UCwU7Gq3vG5kL1eknXIZvMag
- UCNLRcEn78Vc62C3GkMvBgtA
- UC7YOGHUfC1Tb6E4pudI9STA
- UCQVaKQcp4OxSg1eC6SF3NTw
- UCAoUBng0Mfu0qn4lPimS6MA
- UCUMwY9iS8oMyWDYIe6_RmoA
- UCsXVk37bltHxD1rDPwtNM8Q
- name: Dashboards
columns:
- size: full
widgets:
#- type: iframe
# height: 800
# source: "https://sec.mycloudhaus.xyz/goto/cf8n2hknjrnr4e/orgId=1"
- type: iframe
height: 800
source: "https://media.mycloudhaus.xyz/web/#/home.html"
- size: small
widgets:
- type: iframe
height: 800
source: "https://radio.mycloudhaus.xyz/public/absolutely_random"
- name: Today
columns:
- size: full
widgets:
- type: server-stats
name: Box
- type: calendar
first-day-of-week: monday
- type: to-do
- type: releases
cache: 1d
repositories:
- glanceapp/glance
- go-gitea/gitea
- syncthing/syncthing
- iv-org/invidious
- size: small
widgets:
- type: twitch-channels
channels:
- theprimeagen
- j_blow
- giantwaffle
- cohhcarnage
- christitustech
- EJ_SA
- type: weather
location: "Bucharest, Romania"
units: metric
hour-format: "24h"

2
power-all-docker.sh
View File

@@ -2,7 +2,7 @@ set -xeu
for dir in */; do
cd $dir
docker-compose up -d
docker compose up -d
#for dir2 in */; do
# cd $dir2
# ls -d $PWD/*

26
quay_registry/config.yml Normal file
View File

@@ -0,0 +1,26 @@
version: 0.1
log:
level: debug
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
http:
addr: :5000
secret: generate-a-random-secret-here
headers:
X-Content-Type-Options: [nosniff]
validation:
manifests:
oci:
enabled: true
# proxy: # Comment out or remove
# remoteurl: https://quay.io # these lines
compatibility:
schema1:
enabled: true

13
quay_registry/docker-compose.yml Normal file
View File

@@ -0,0 +1,13 @@
services:
quay-mirror:
image: registry:3 # Use v3 instead of v2
container_name: quay-mirror
restart: unless-stopped
ports:
- "10.0.0.1:4555:5000"
environment:
#- REGISTRY_PROXY_REMOTEURL=https://quay.io
- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
- REGISTRY_HTTP_SECRET=generate-a-random-secret-here
volumes:
- ./registry-data:/var/lib/registry

10
quay_registry/tag-invidious.sh Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
docker pull quay.io/invidious/invidious-companion:latest
docker pull quay.io/invidious/invidious-invidious:latest
docker tag quay.io/invidious/invidious-companion:latest dockerreg.mycloudhaus.xyz/invidious/invidious-companion:latest
docker tag quay.io/invidious/invidious:latest dockerreg.mycloudhaus.xyz/invidious/invidious:latest
docker push dockerreg.mycloudhaus.xyz/invidious/invidious-companion:latest
docker push dockerreg.mycloudhaus.xyz/invidious/invidious:latest
#docker rmi quay.io/invidious/invidious-companion:latest dockerreg.mycloudhaus.xyz/invidious/invidious-companion:latest
#docker rmi quay.io/invidious/invidious:latest dockerreg.mycloudhaus.xyz/invidious/invidious:latest

2
update-all-docker.sh
View File

@@ -1,6 +1,8 @@
#!/usr/bin/env bash
set -xeu
cd /home/clouduser/docker
for dir in */; do
cd $dir
docker compose down