init commit

.gitignore

@@ -0,0 +1,51 @@
+# Docker
+*.log
+*.tmp
+data/
+volumes/
+postgres/
+photos/
+vw-data/
+config/icons/
+config/custom.css
+
+# Environment files
+.env
+.env.local
+.env.*.local
+# Caddy
+caddy_data/
+caddy_config/
+Caddyfile
+*.key
+*.crt
+
+# Immich
+model-cache/
+db/
+
+# Minecraft  
+minecraft-server/
+
+# Nextcloud
+data/
+config/
+apps/
+themes/
+*.db
+*.sqlite
+
+# Homepage
+config/icons/
+config/*.log
+
+# IDE/Editor
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+

README.md

@@ -0,0 +1,92 @@
+# self-hosted services stack
+
+## dependencies
+- docker + docker-compose 🐳
+- domain with **A records** pointing to server IP:
+  ```
+  example.com → YOUR_SERVER_IP
+  immich.example.com → YOUR_SERVER_IP
+  vaultwarden.example.com → YOUR_SERVER_IP
+  mc.example.com → YOUR_SERVER_IP
+  ```
+- ports **80/443** open (ufw/firewalld)
+## quick start
+### 1. Clone
+```bash
+git clone https://github.com/FoXeNe/SelfHostedDeployment
+cd services
+cp caddy/Caddyfile.example caddy/Caddyfile
+nano caddy/Caddyfile  # replace `yourdomain.ru`
+```
+
+### 2. create network
+```bash
+docker network create proxy_net
+```
+
+### 3. deploy services
+
+#### caddy (proxy)
+```bash
+cd caddy
+docker compose up -d
+```
+
+#### immich (photos)
+```bash
+cd ../immich-app
+cp .env.example .env
+nano .env  # IMMICH_DOMAIN=immich.yourdomain.ru
+docker compose up -d
+```
+
+#### vaultwarden ([download bitwaden apps](https://bitwarden.com/download/))
+```bash
+cd ../vaultwarden
+docker compose up -d
+```
+
+#### homepage (dashboard)
+```bash
+cd ../homepage
+docker compose up -d
+```
+
+#### minecraft (PaperMC)
+first of all you must open 25565 port 
+##### install jdk
+```bash
+sudo pacman -S jdk21-openjdk # Arch linux
+# or
+sudo apt install openjdk-21-jdk # Debian/Ubuntu
+```
+##### install papermc.jar
+[official website](https://papermc.io/downloads/paper)
+##### run server
+```bash
+java -Xms4G -Xmx4G -jar paper.jar --nogui
+```
+##### change server.properties
+I strongly recommend changing this in server.properties:
+```
+enforce-whitelist=true
+white-list=true
+```
+if you plan to play on a non-licensed version (I recommend purchasing the official version):
+```
+online-mode=false
+```
+##### connection
+```
+yourdomain.ru:25565
+```
+## customization
+
+### caddyfile 
+if you edit `caddy/Caddyfile` => reload thid docker container
+
+### Add New Service ➕
+1. create `newservice/docker-compose.yml`
+2. add `networks: - proxy_net`
+3. add block to Caddyfile
+4. `docker compose up -d`

caddy/Caddyfile.example

@@ -0,0 +1,25 @@
+# homepage
+homepage.yourdomain.ru {
+	basicauth {
+		login passwdHash
+	}
+	reverse_proxy homepage:3000
+}
+
+# immich
+immich.yourdomain.ru {
+	reverse_proxy immich_server:2283 {
+		header_up Host {host}
+		header_up X-Real-IP {remote}
+		header_up X-Forwarded-Proto {scheme}
+	}
+}
+
+# vaultwarden
+vaultwarden.yourdomain.ru {
+  reverse_proxy vaultwarden:80 {
+    header_up X-Real-IP {remote_host}
+    header_up X-Forwarded-Proto {scheme}
+  }
+}
+

caddy/docker-compose.yml

@@ -0,0 +1,22 @@
+services:
+   # caddy
+  caddy:
+    image: caddy:latest
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
+    networks:
+      - proxy_net
+
+networks:
+  proxy_net:
+    external: true
+    
+volumes:
+  caddy_data:
+  caddy_config:

homepage/docker-compose.yml

@@ -0,0 +1,20 @@
+services:
+  homepage:
+    image: ghcr.io/gethomepage/homepage:latest
+    container_name: homepage
+    environment:
+      HOMEPAGE_ALLOWED_HOSTS: homepage.foxene.ru # required, may need port. See gethomepage.dev/installation/#homepage_allowed_hosts
+      PUID: 1000 # optional, your user id
+      PGID: 1000 # optional, your group id
+    ports:
+      - 3000:3000
+    volumes:
+      - ./config:/app/config # Make sure your local config directory exists
+      - /var/run/docker.sock:/var/run/docker.sock:ro # optional, for docker integrations
+    restart: unless-stopped
+    networks:
+      - proxy_net
+
+networks:
+  proxy_net:
+    external: true

immich-app/.env.example

@@ -0,0 +1,21 @@
+# You can find documentation for all the supported env variables at https://docs.immich.app/install/environment-variables
+
+# The location where your uploaded files are stored
+UPLOAD_LOCATION=/your/location/to/photos
+# The location where your database files are stored. Network shares are not supported for the database
+DB_DATA_LOCATION=your/location/to/postgres
+
+# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
+# TZ=Etc/UTC
+
+# The Immich version to use. You can pin this to a specific version like "v2.1.0"
+IMMICH_VERSION=v2
+
+# Connection secret for postgres. You should change it to a random password
+# Please use only the characters `A-Za-z0-9`, without special characters or spaces
+DB_PASSWORD=veryStongPasswd
+
+# The values below this line do not need to be changed
+###################################################################################
+DB_USERNAME=postgres
+DB_DATABASE_NAME=immich

immich-app/docker-compose.yml

@@ -0,0 +1,64 @@
+name: immich
+
+services:
+  # IMMICH
+  immich-server:
+    container_name: immich_server
+    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+    volumes:
+      - ${UPLOAD_LOCATION}:/data
+      - /etc/localtime:/etc/localtime:ro
+    env_file:
+      - .env
+    depends_on:
+      - redis
+      - database
+    restart: always
+    healthcheck:
+      disable: false
+    networks:
+      - proxy_net
+
+  immich-machine-learning:
+    container_name: immich_machine_learning
+    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
+    volumes:
+      - model-cache:/cache
+    env_file:
+      - .env
+    restart: always
+    healthcheck:
+      disable: false
+    networks:
+      - proxy_net
+
+  redis:
+    container_name: immich_redis
+    image: docker.io/valkey/valkey:9@sha256:fb8d272e529ea567b9bf1302245796f21a2672b8368ca3fcb938ac334e613c8f
+    healthcheck:
+      test: redis-cli ping || exit 1
+    restart: always
+    networks:
+      - proxy_net 
+
+  database:
+    container_name: immich_postgres
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_INITDB_ARGS: '--data-checksums'
+    volumes:
+      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
+    shm_size: 128mb
+    restart: always
+    networks:
+      - proxy_net
+
+networks:
+  proxy_net:
+    external: true
+
+volumes:
+  model-cache:

minecraft-example/README.md

@@ -0,0 +1,23 @@
+# Minecraft PaperMC Server
+# requires
+- Linux
+- jdk
+- 4GB+ RAM
+## install jdk
+```bash
+sudo pacman -S jdk21-openjdk # Arch linux
+# or
+sudo apt install openjdk-21-jdk # Debian/Ubuntu
+```
+## install papermc.jar
+[official website](https://papermc.io/downloads/paper)
+## run server
+```bash
+java -Xms4G -Xmx4G -jar paper.jar --nogui
+```
+# properties
+I strongly recommend changing this in server.properties:
+enforce-whitelist=true
+white-list=true
+if you plan to play on a non-licensed version (I recommend purchasing the official version):
+online-mode=false

nextcloud/docker-compose.yml

@@ -0,0 +1,30 @@
+services:
+  db:
+    image: mariadb:11
+    container_name: nextcloud-db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    environment:
+      - MYSQL_ROOT_PASSWORD=superrootpass
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_PASSWORD=supersecret
+    volumes:
+      - ./db:/var/lib/mysql
+
+  app:
+    image: nextcloud:stable
+    container_name: nextcloud-app
+    restart: always
+    ports:
+      - "8080:80"
+    links:
+      - db
+    environment:
+      - MYSQL_HOST=db
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_PASSWORD=supersecret
+    volumes:
+      - ./app:/var/www/html
+  

vaultwarden/docker-compose.yml

@@ -0,0 +1,18 @@
+name: vaultwarden
+
+services:
+    # VAULTWARDEN
+  vaultwarden:
+    container_name: vaultwarden
+    image: vaultwarden/server:latest
+    restart: unless-stopped
+    environment:
+      DOMAIN: "https://vaultwarden.foxene.ru"
+      SIGNUPS_ALLOWED: "false"
+    volumes:
+      - ./vw-data:/data
+    networks:
+      - proxy_net
+networks:
+  proxy_net:
+    external: true