From bcaad554a68eb98a7a73615b60a3a5b7ee66e440 Mon Sep 17 00:00:00 2001
From: Thierry Pouplier <thierrypouplier@gmail.com>
Date: Fri, 8 Aug 2025 15:08:10 -0400
Subject: [PATCH] Initial commit

---
 Makefile                    |  45 +++++++++++
 network/compose.yml         | 152 ++++++++++++++++++++++++++++++++++++
 passwordmanager/compose.yml |  44 +++++++++++
 versioncontrol/compose.yml  |  40 ++++++++++
 4 files changed, 281 insertions(+)
 create mode 100644 Makefile
 create mode 100644 network/compose.yml
 create mode 100644 passwordmanager/compose.yml
 create mode 100644 versioncontrol/compose.yml

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..2c25ee3
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,45 @@
+# Base path for docker-compose files
+COMPOSE_PATH=~/Projects/AltNet/docker-compose
+
+# List of services (folder names)
+SERVICES=monitoring ai cloudstorage crm_tp crm_cf mediacenter homeautomation network backup homepage passwordmanager
+
+# Bring up all services
+all_up:
+	@for service in $(SERVICES); do \
+		docker compose -f $(COMPOSE_PATH)/$$service/compose.yml up -d; \
+	done
+
+# Bring down all services
+all_down:
+	@for service in $(SERVICES); do \
+		docker compose -f $(COMPOSE_PATH)/$$service/compose.yml down; \
+	done
+
+# Generic target to deploy a specific service
+%_up:
+	@docker compose -f $(COMPOSE_PATH)/$*/compose.yml up -d
+
+# Generic target to bring down a specific service
+%_down:
+	@docker compose -f $(COMPOSE_PATH)/$*/compose.yml down
+
+all_stack_up:
+	@for service in $(SERVICES); do \
+		docker stack deploy -c $(COMPOSE_PATH)/$$service/compose.yml $$service; \
+	done
+
+all_stack_down:
+	@for service in $(SERVICES); do \
+		docker stack rm $$service; \
+	done
+
+%_stack_up:
+	@docker stack deploy -c $(COMPOSE_PATH)/$*/compose.yml $*
+
+%_stack_down:
+	@docker stack rm $*
+
+stack_ls:
+	@docker node ps workGoat;
+	docker node ps workHorse
diff --git a/network/compose.yml b/network/compose.yml
new file mode 100644
index 0000000..454c483
--- /dev/null
+++ b/network/compose.yml
@@ -0,0 +1,152 @@
+version: "3.8"
+
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    command:
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+
+      - "--certificatesresolvers.njalla.acme.email=thierrypouplier@gmail.com"
+      - "--certificatesresolvers.njalla.acme.storage=/letsencrypt/acme.json"
+      - "--certificatesresolvers.njalla.acme.httpchallenge.entrypoint=web"
+
+      - "--log.level=DEBUG"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedByDefault=false"
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      - NJALLA_TOKEN=${NJALLA_TOKEN}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /mnt/HoardingCow_docker_data/Traefik:/letsencrypt
+    restart: unless-stopped
+    networks:
+      - traefik-net
+
+  ddns-updater:
+    image: qmcgaw/ddns-updater
+    container_name: ddns-updater
+    networks:
+      - traefik-net
+    ports:
+      - 8000:8000/tcp
+    volumes:
+      - /mnt/HoardingCow_docker_data/Ddns_updater:/updater/data
+    environment:
+      # - CONFIG=
+      - PERIOD=5m
+      - UPDATE_COOLDOWN_PERIOD=5m
+      - PUBLICIP_FETCHERS=all
+      - PUBLICIP_HTTP_PROVIDERS=all
+      - PUBLICIPV4_HTTP_PROVIDERS=all
+      - PUBLICIPV6_HTTP_PROVIDERS=all
+      - PUBLICIP_DNS_PROVIDERS=all
+      - PUBLICIP_DNS_TIMEOUT=3s
+      - HTTP_TIMEOUT=10s
+
+      # Web UI
+      - LISTENING_ADDRESS=:8000
+      - ROOT_URL=/
+
+      # Backup
+      - BACKUP_PERIOD=0
+      - BACKUP_DIRECTORY=/updater/data
+
+      # Other
+      - LOG_LEVEL=info
+      - LOG_CALLER=hidden
+      - SHOUTRRR_ADDRESSES=
+    restart: unless-stopped
+
+networks:
+  traefik-net:
+    driver: bridge
+    name: traefik-net
+
+  # duckdns:
+  #   environment:
+  #     - PUID=1000
+  #     - PGID=1000
+  #     - TZ=America/Toronto
+  #     - SUBDOMAINS=aziworkhorse
+  #     - TOKEN=$[DUCKDNS_TOKEN]
+  #   image: lscr.io/linuxserver/duckdns
+  #   labels:
+  #     - "traefik.enable=false"
+  #   deploy:
+  #     placement:
+  #       constraints:
+  #         - node.role == manager
+  #     restart_policy:
+  #       condition: on-failure
+  #   networks:
+  #     - traefik-net
+
+  # whoami:
+  #   image: traefik/whoami
+  #   container_name: whoami
+  #   labels:
+  #     - "traefik.enable=true"
+  #     - "traefik.http.routers.whoami.rule=Host(`test.aziworkhorse.duckdns.org`)"
+  #     - "traefik.http.routers.whoami.entrypoints=websecure"
+  #     - "traefik.http.routers.whoami.tls.certresolver=duckdns"
+  #   networks:
+  #     - traefik-net
+  #   deploy:
+  #     placement:
+  #       constraints:
+  #         - node.role == manager
+  #     restart_policy:
+  #       condition: on-failure
+
+ # nginx:
+ #   environment:
+ #     - TZ=America/Toronto
+ #   image: jc21/nginx-proxy-manager:latest
+ #   ports:
+ #     - 443:443/tcp
+ #     - 80:80/tcp
+ #     - 81:81/tcp
+ #   restart: unless-stopped
+ #   volumes:
+ #     - /mnt/HoardingCow_docker_data/Nginx/letsencrypt:/etc/letsencrypt:rw
+ #     - /mnt/HoardingCow_docker_data/Nginx/data:/data:rw
+ #     - /mnt/HoardingCow_docker_data/Nginx/logs:/var/log/ninx:rw
+ #   deploy:
+ #     placement:
+ #       constraints:
+ #         - node.hostname == workHorse
+
+ # pihole:
+ #   cap_add:
+ #     - NET_ADMIN
+ #   container_name: pihole
+ #   environment:
+ #     - TZ=America/Toronto
+ #   image: pihole/pihole:latest
+ #   ports:
+ #     - 53:53/tcp
+ #     - 53:53/udp
+ #     - 67:67/udp
+ #     - 1010:80/tcp
+ #   restart: unless-stopped
+ #   volumes:
+ #     - /mnt/HoardingCow_docker_data/Pi-Hole/dnsmasq.d:/etc/dnsmasq.d:rw
+ #     - /mnt/HoardingCow_docker_data/Pi-Hole/config:/etc/pihole:rw
+
+#  openvpn:
+#    cap_add:
+#      - NET_ADMIN
+#    container_name: openvpn
+#    environment:
+#      - TZ=America/Toronto
+#    image: kylemanna/openvpn
+#    ports:
+#      - 1194:1194/udp
+#    restart: unless-stopped
+#    volumes:
+#      - /mnt/HoardingCow_docker_data/OpenVPN:/etc/openvpn:rw
diff --git a/passwordmanager/compose.yml b/passwordmanager/compose.yml
new file mode 100644
index 0000000..12602a7
--- /dev/null
+++ b/passwordmanager/compose.yml
@@ -0,0 +1,44 @@
+version: "3.8"
+services:
+  bitwarden:
+    image: vaultwarden/server
+    container_name: bitwarden
+    command:
+      - /start.sh
+    environment:
+      - TZ=America/Montreal
+      - WEBSOCKET_ENABLED=true
+      - SIGNUPS_ALLOWED=false
+      - DOMAIN=https://pass.lazyworkhorse.net
+    volumes:
+      - /mnt/HoardingCow_docker_data/BitWarden/data:/data:rw
+    networks:
+      - traefik-net
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+
+      # Router for HTTP + redirection to HTTPS
+      - "traefik.http.routers.bitwarden-http.rule=Host(`pass.lazyworkhorse.net`)"
+      - "traefik.http.routers.bitwarden-http.entrypoints=web"
+      - "traefik.http.routers.bitwarden-http.middlewares=redirect-to-https"
+
+      # Router for HTTPS with TLS
+      - "traefik.http.routers.bitwarden-https.rule=Host(`pass.lazyworkhorse.net`)"
+      - "traefik.http.routers.bitwarden-https.entrypoints=websecure"
+      - "traefik.http.routers.bitwarden-https.tls=true"
+      - "traefik.http.routers.bitwarden-https.tls.certresolver=njalla"
+
+      # Wildcard
+      # - "traefik.http.routers.bitwarden-https.tls.domains[0].main=lazyworkhorse.net"
+      # - "traefik.http.routers.bitwarden-https.tls.domains[0].sans=*.lazyworkhorse.net"
+
+      # Middleware for redirect HTTP -> HTTPS
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+      # Websocket support (port 80 du container)
+      - "traefik.http.services.bitwarden.loadbalancer.server.port=80"
+
+networks:
+  traefik-net:
+    external: true
diff --git a/versioncontrol/compose.yml b/versioncontrol/compose.yml
new file mode 100644
index 0000000..2efd9b2
--- /dev/null
+++ b/versioncontrol/compose.yml
@@ -0,0 +1,40 @@
+version: "3.9"
+services:
+  gitea:
+    image: gitea/gitea:latest
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__server__ROOT_URL=https://code.lazyworkhorse.net
+    volumes:
+      - /mnt/HoardingCow_docker_data/Gitea:/data
+    networks:
+      - traefik-net
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+
+      # Router for HTTP + redirection to HTTPS
+      - "traefik.http.routers.gitea-http.rule=Host(`code.lazyworkhorse.net`)"
+      - "traefik.http.routers.gitea-http.entrypoints=web"
+      - "traefik.http.routers.gitea-http.middlewares=redirect-to-https"
+
+      # Router for HTTPS with TLS
+      - "traefik.http.routers.gitea-https.rule=Host(`code.lazyworkhorse.net`)"
+      - "traefik.http.routers.gitea-https.entrypoints=websecure"
+      - "traefik.http.routers.gitea-https.tls=true"
+      - "traefik.http.routers.gitea-https.tls.certresolver=njalla"
+
+      # Wildcard
+      # - "traefik.http.routers.gitea-https.tls.domains[0].main=lazyworkhorse.net"
+      # - "traefik.http.routers.gitea-https.tls.domains[0].sans=*.lazyworkhorse.net"
+
+      # Middleware for redirect HTTP -> HTTPS
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+
+networks:
+  traefik-net:
+    external: true