Update nextcloud docker-compose.yaml with:

- Update network settings
- Set file permissions on start for better migration
- some clean up

.gitignore

@@ -12,3 +12,7 @@ loolwsd.xml
 **/redis/
 **/html/
 **/volumes/
+**/config/
+
+# tar files
+*.tar

firefly/docker-compose.yml

@@ -0,0 +1,47 @@
+networks:
+  default:
+    name: traefik_default
+    external: true
+
+services:
+  firefly-app:
+    image: fireflyiii/core:latest
+    restart: unless-stopped
+    container_name: firefly-app
+    networks:
+      - default
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Routes
+      - "traefik.enable=true"
+      - "traefik.http.routers.firefly.entrypoints=websecure"
+      - "traefik.http.routers.firefly.rule=Host(`firefly.${DOMAIN}`)"
+      - "traefik.http.routers.firefly.tls=true"
+      - "traefik.http.routers.firefly.tls.certresolver=myresolver"
+      # - "traefik.http.services.firefly.loadbalancer.server.port=3000"
+    volumes:
+      - ${FIREFLY_ROOT}/data:/var/www/html/storage/upload
+    env_file: live.env
+    # ports:
+     # - 80:8080
+    depends_on:
+      - firefly-db
+
+  firefly-db:
+    image: mariadb
+    container_name: firefly-db  
+    restart: unless-stopped
+    networks: 
+      - default
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    env_file:
+      - live.env
+    environment:
+      - MYSQL_RANDOM_ROOT_PASSWORD=yes
+      - MYSQL_USER=${DB_USERNAME}
+      - MYSQL_PASSWORD=${DB_PASSWORD}
+      - MYSQL_DATABASE=${DB_DATABASE}
+    volumes:
+      - ${FIREFLY_ROOT}/db:/var/lib/mysql

firefly/live.env.tpl

@@ -0,0 +1,316 @@
+# Custom variables
+FIREFLY_ROOT=/home/compute/services/firefly
+DOMAIN=domain.com
+
+# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
+# Never set it to "testing".
+APP_ENV=local
+
+# Set to true if you want to see debug information in error screens.
+APP_DEBUG=false
+
+# This should be your email address.
+# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE
+SITE_OWNER=porada@posteo.de
+
+# The encryption key for your sessions. Keep this very secure.
+# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it.
+# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE
+APP_KEY=superSecretKeyWith32CharsChangeMe
+
+# Firefly III will launch using this language (for new users and unauthenticated visitors)
+# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang
+#
+# If text is still in English, remember that not everything may have been translated.
+DEFAULT_LANGUAGE=en_US
+
+# The locale defines how numbers are formatted.
+# by default this value is the same as whatever the language is.
+DEFAULT_LOCALE=de_DE
+
+# Change this value to your preferred time zone.
+# Example: Europe/Amsterdam
+# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+TZ=Europe/Amsterdam
+
+# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
+# Set it to ** and reverse proxies work just fine.
+TRUSTED_PROXIES=**
+
+# The log channel defines where your log entries go to.
+# Several other options exist. You can use 'single' for one big fat error log (not recommended).
+# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself.
+# A rotating log option is 'daily', creates 5 files that (surprise) rotate.
+# A cool option is 'papertrail' for cloud logging
+# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time.
+LOG_CHANNEL=stack
+
+#
+# Used when logging to papertrail:
+#
+PAPERTRAIL_HOST=
+PAPERTRAIL_PORT=
+
+# Log level. You can set this from least severe to most severe:
+# debug, info, notice, warning, error, critical, alert, emergency
+# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
+# nothing will get logged, ever.
+APP_LOG_LEVEL=notice
+
+# Audit log level.
+# Set this to "emergency" if you dont want to store audit logs, leave on info otherwise.
+AUDIT_LOG_LEVEL=info
+
+# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
+# For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+# Use "pgsql" for PostgreSQL
+# Use "mysql" for MySQL and MariaDB.
+# Use "sqlite" for SQLite.
+DB_CONNECTION=mysql
+DB_HOST=firefly-db
+DB_PORT=3306
+DB_DATABASE=fireflydb
+DB_USERNAME=fireflyuser
+DB_PASSWORD=passwordChangeMe
+
+# MySQL supports SSL. You can configure it here.
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+MYSQL_USE_SSL=false
+MYSQL_SSL_VERIFY_SERVER_CERT=true
+# You need to set at least of these options
+MYSQL_SSL_CAPATH=/etc/ssl/certs/
+MYSQL_SSL_CA=
+MYSQL_SSL_CERT=
+MYSQL_SSL_KEY=
+MYSQL_SSL_CIPHER=
+
+# PostgreSQL supports SSL. You can configure it here.
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+PGSQL_SSL_MODE=prefer
+PGSQL_SSL_ROOT_CERT=null
+PGSQL_SSL_CERT=null
+PGSQL_SSL_KEY=null
+PGSQL_SSL_CRL_FILE=null
+
+# If you're looking for performance improvements, you could install memcached or redis
+CACHE_DRIVER=file
+SESSION_DRIVER=file
+
+# If you set either of the options above to 'redis', you might want to update these settings too
+# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or
+# REDIS_PORT_FILE to set the value from a file instead of from an environment variable
+
+# can be tcp, unix or http
+REDIS_SCHEME=tcp
+
+# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise.
+REDIS_PATH=
+
+# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise.
+REDIS_HOST=127.0.0.1
+REDIS_PORT=6379
+REDIS_PASSWORD=null
+
+# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly.
+REDIS_DB="0"
+REDIS_CACHE_DB="1"
+
+# Cookie settings. Should not be necessary to change these.
+# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set
+# the value from a file instead of from an environment variable
+# Setting samesite to "strict" may give you trouble logging in.
+COOKIE_PATH="/"
+COOKIE_DOMAIN=
+COOKIE_SECURE=false
+COOKIE_SAMESITE=lax
+
+# If you want Firefly III to email you, update these settings
+# For instructions, see: https://docs.firefly-iii.org/advanced-installation/email
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+MAIL_MAILER=log
+MAIL_HOST=null
+MAIL_PORT=2525
+MAIL_FROM=changeme@example.com
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+
+# Other mail drivers:
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+MAILGUN_DOMAIN=
+MAILGUN_SECRET=
+
+
+# If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net
+# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
+MAILGUN_ENDPOINT=api.mailgun.net
+
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+MANDRILL_SECRET=
+SPARKPOST_SECRET=
+
+# Firefly III can send you the following messages.
+SEND_REGISTRATION_MAIL=true
+SEND_ERROR_MESSAGE=true
+SEND_LOGIN_NEW_IP_WARNING=true
+
+# These messages contain (sensitive) transaction information:
+SEND_REPORT_JOURNALS=true
+
+# Set this value to true if you want to set the location
+# of certain things, like transactions. Since this involves an external service, it's optional
+# and disabled by default.
+ENABLE_EXTERNAL_MAP=false
+
+# The map will default to this location:
+MAP_DEFAULT_LAT=51.983333
+MAP_DEFAULT_LONG=5.916667
+MAP_DEFAULT_ZOOM=6
+
+#
+# Firefly III authentication settings
+#
+
+#
+# Firefly III supports a few authentication methods:
+# - 'web' (default, uses built in DB)
+# - 'ldap'
+# - 'remote_user_guard' for Authelia etc
+# Read more about these settings in the documentation.
+# https://docs.firefly-iii.org/advanced-installation/authentication
+AUTHENTICATION_GUARD=web
+
+#
+# Your LDAP server may speak a dialect. You can choose between 'OpenLDAP' and 'ActiveDirectory'
+# Anything else defaults to 'ActiveDirectory'
+#
+LDAP_DIALECT=OpenLDAP
+
+#
+# LDAP connection settings:
+#
+LDAP_HOST=ldap.yourserver.com
+LDAP_PORT=389
+LDAP_TIMEOUT=5
+LDAP_SSL=false
+LDAP_TLS=false
+
+LDAP_BASE_DN="o=something,dc=site,dc=com"
+LDAP_USERNAME="uid=X,ou=,o=,dc=something,dc=com"
+LDAP_PASSWORD=super_secret
+
+LDAP_AUTH_FIELD=uid
+
+#
+# If you wish to only authenticate users from a specific group, use the base DN above.
+#
+# If you require extra/special filters please use the LDAP_EXTRA_FILTER with a valid DN.
+#
+# The extra filter will only be applied after the user is authenticated.
+#
+LDAP_EXTRA_FILTER=
+
+#
+# Remote user guard settings
+#
+AUTHENTICATION_GUARD_HEADER=REMOTE_USER
+AUTHENTICATION_GUARD_EMAIL=
+
+#
+# Extra authentication settings
+#
+CUSTOM_LOGOUT_URL=
+
+# You can disable the X-Frame-Options header if it interferes with tools like
+# Organizr. This is at your own risk. Applications running in frames run the risk
+# of leaking information to their parent frame.
+DISABLE_FRAME_HEADER=false
+
+# You can disable the Content Security Policy header when you're using an ancient browser
+# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
+# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
+# This is at your own risk.
+DISABLE_CSP_HEADER=false
+
+# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here.
+# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to.
+# Do not prepend the TRACKER_URL with http:// or https://
+# The only tracker supported is Matomo.
+# You can set the following variables from a file by appending them with _FILE:
+TRACKER_SITE_ID=
+TRACKER_URL=
+
+#
+# Firefly III supports webhooks. These are security sensitive and must be enabled manually first.
+#
+ALLOW_WEBHOOKS=false
+
+#
+# The static cron job token can be useful when you use Docker and wish to manage cron jobs.
+# 1. Set this token to any 32-character value (this is important!).
+# 2. Use this token in the cron URL instead of a user's command line token.
+#
+# For more info: https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/
+#
+STATIC_CRON_TOKEN=
+
+# You can fine tune the start-up of a Docker container by editing these environment variables.
+# Use this at your own risk. Disabling certain checks and features may result in lost of inconsistent data.
+# However if you know what you're doing you can significantly speed up container start times.
+# Set each value to true to enable, or false to disable.
+
+# Check if the SQLite database exists. Can be skipped if you're not using SQLite.
+# Won't significantly speed up things.
+DKR_CHECK_SQLITE=true
+
+# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists
+# and is up to date.
+DKR_RUN_MIGRATION=true
+
+# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date
+# with the latest fixes (outside of migrations!)
+DKR_RUN_UPGRADE=true
+
+# Verify database integrity. Includes all data checks and verifications.
+# Disabling this makes Firefly III assume your DB is intact.
+DKR_RUN_VERIFY=true
+
+# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state.
+# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues.
+DKR_RUN_REPORT=true
+
+# Generate OAuth2 keys.
+# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if)
+# you had previously generated keys already and they're stored in your database for restoration.
+DKR_RUN_PASSPORT_INSTALL=true
+
+# Leave the following configuration vars as is.
+# Unless you like to tinker and know what you're doing.
+APP_NAME=FireflyIII
+ADLDAP_CONNECTION=default
+BROADCAST_DRIVER=log
+QUEUE_DRIVER=sync
+CACHE_PREFIX=firefly
+PUSHER_KEY=
+IPINFO_TOKEN=
+PUSHER_SECRET=
+PUSHER_ID=
+DEMO_USERNAME=
+DEMO_PASSWORD=
+IS_HEROKU=false
+FIREFLY_III_LAYOUT=v1
+
+#
+# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable.
+# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking.
+# This configuration value WILL NOT HELP.
+#
+# Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff.
+#
+# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else.
+# So when configuring anything WEB related this variable doesn't do anything. Nothing
+#
+# If you're stuck I understand you get desperate but look SOMEWHERE ELSE.
+#
+APP_URL=http://localhost

gitea/docker-compose.yml

@@ -1,13 +1,11 @@
-version: '3.5'
-
 networks:
   default:
-    external:
-      name: traefik_default
+    name: traefik_default
+    external: true
 
 services:
   gitea-db:
-    image: mariadb:10
+    image: mariadb:10.11
     container_name: gitea-db
     restart: unless-stopped
     env_file: live.env

grocy/data/data/config.php

@@ -0,0 +1,211 @@
+<?php
+
+// Settings can also be overwritten in two ways:
+//
+// First priority:
+// A .txt file with the same name as the setting in /data/settingoverrides
+// the content of the file is used as the setting value
+//
+// Second priority:
+// An environment variable with the same name as the setting and prefix "GROCY_"
+// so for example "GROCY_BASE_URL"
+//
+// Third priority:
+// The settings defined here below
+
+// Either "production", "dev", "demo" or "prerelease"
+// When not "production", authentication will be disabled and
+// demo data will be populated during database migrations
+Setting('MODE', 'production');
+
+// The directory name of one of the available localization folders
+// in the "/localization" directory (e.g. "en" or "de")
+Setting('DEFAULT_LOCALE', 'de');
+
+// This is used to define the first day of a week for calendar views,
+// leave empty to use the locale default
+// Needs to be a number where Sunday = 0, Monday = 1 and so forth
+Setting('CALENDAR_FIRST_DAY_OF_WEEK', '');
+
+// If calendars should show week numbers
+Setting('CALENDAR_SHOW_WEEK_OF_YEAR', true);
+
+// Set this if you want to have a different start day for the weekly meal plan view,
+// leave empty to use CALENDAR_FIRST_DAY_OF_WEEK (see above)
+// Needs to be a number where Sunday = 0, Monday = 1 and so forth
+Setting('MEAL_PLAN_FIRST_DAY_OF_WEEK', '');
+
+// To keep it simple: grocy does not handle any currency conversions,
+// this here is used to format all money values,
+// so doesn't really matter, but needs to be the
+// ISO 4217 code of the currency ("USD", "EUR", "GBP", etc.)
+Setting('CURRENCY', 'EUR');
+
+// When running grocy in a subdirectory, this should be set to the relative path, otherwise empty
+// It needs to be set to the part (of the URL) AFTER the document root,
+// if URL rewriting is disabled, including index.php
+// Example with URL Rewriting support:
+//  Root URL = https://example.com/grocy
+//  => BASE_PATH = /grocy
+// Example without URL Rewriting support:
+//  Root URL = https://example.com/grocy/public/index.php/
+//  => BASE_PATH = /grocy/public/index.php
+Setting('BASE_PATH', '');
+
+// The base URL of your installation,
+// should be just "/" when running directly under the root of a (sub)domain
+// or for example "https://example.com/grocy" when using a subdirectory
+Setting('BASE_URL', '/');
+
+// The plugin to use for external barcode lookups,
+// must be the filename (folder /data/plugins) without the .php extension,
+// see /data/plugins/DemoBarcodeLookupPlugin.php for an example implementation
+Setting('STOCK_BARCODE_LOOKUP_PLUGIN', 'DemoBarcodeLookupPlugin');
+
+// If, however, your webserver does not support URL rewriting, set this to true
+Setting('DISABLE_URL_REWRITING', false);
+
+// Specify an custom homepage if desired, by default the homepage will be set to the stock overview page
+// This needs to be one of the following values:
+// stock, shoppinglist, recipes, chores, tasks, batteries, equipment, calendar, mealplan
+Setting('ENTRY_PAGE', 'stock');
+
+// Set this to true if you want to disable authentication / the login screen,
+// places where user context is needed will then use the default (first existing) user
+Setting('DISABLE_AUTH', false);
+
+// Either "Grocy\Middleware\DefaultAuthMiddleware", "Grocy\Middleware\ReverseProxyAuthMiddleware"
+// or any class that implements Grocy\Middleware\AuthMiddleware
+Setting('AUTH_CLASS', 'Grocy\Middleware\DefaultAuthMiddleware');
+
+// Options when using ReverseProxyAuthMiddleware
+Setting('REVERSE_PROXY_AUTH_HEADER', 'REMOTE_USER'); // The name of the HTTP header which your reverse proxy uses to pass the username (on successful authentication)
+Setting('REVERSE_PROXY_AUTH_USE_ENV', false); // Set to true if the username is passed as environment variable
+
+// Options when using LdapAuthMiddleware
+Setting('LDAP_ADDRESS', ''); // Example value "ldap://vm-dc2019.local.berrnd.net"
+Setting('LDAP_BASE_DN', ''); // Example value "DC=local,DC=berrnd,DC=net"
+Setting('LDAP_BIND_DN', ''); // Example value "CN=grocy_bind_account,OU=service_accounts,DC=local,DC=berrnd,DC=net"
+Setting('LDAP_BIND_PW', ''); // Password for the above account
+Setting('LDAP_USER_FILTER', ''); // Example value "(OU=grocy_users)"
+Setting('LDAP_UID_ATTR', ''); // Windows AD: "sAMAccountName", OpenLDAP: "uid", GLAuth: "cn"
+
+// Default permissions for new users
+// the array needs to contain the technical/constant names
+// See the file controllers/Users/User.php for possible values
+Setting('DEFAULT_PERMISSIONS', ['ADMIN']);
+
+// "1D" (=> Code128) or "2D" (=> DataMatrix)
+Setting('GROCYCODE_TYPE', '1D');
+
+
+// Label printer settings
+Setting('LABEL_PRINTER_WEBHOOK', ''); // The URI that grocy will POST to when asked to print a label
+Setting('LABEL_PRINTER_RUN_SERVER', true); // Whether the webhook will be called server- or client-side
+Setting('LABEL_PRINTER_PARAMS', ['font_family' => 'Source Sans Pro (Regular)']); // Additional parameters supplied to the webhook
+Setting('LABEL_PRINTER_HOOK_JSON', false); // TRUE to use JSON or FALSE to use normal POST request variables
+
+
+// Thermal printer options
+// Thermal printers are receipt printers, not regular printers,
+// the printer must support the ESC/POS protocol, see https://github.com/mike42/escpos-php
+Setting('TPRINTER_IS_NETWORK_PRINTER', false); // Set to true if it's a network printer
+Setting('TPRINTER_PRINT_QUANTITY_NAME', true); // Set to false if you do not want to print the quantity names (related to the shopping list)
+Setting('TPRINTER_PRINT_NOTES', true); // Set to false if you do not want to print notes (related to the shopping list)
+Setting('TPRINTER_IP', '127.0.0.1'); // IP of the network printer (does only matter if it's a network printer)
+Setting('TPRINTER_PORT', 9100); // Port of the network printer (does only matter if it's a network printer)
+Setting('TPRINTER_CONNECTOR', '/dev/usb/lp0'); // Printer device (does only matter if you use a locally attached printer)
+// For USB on Linux this is often '/dev/usb/lp0', for serial printers it could be similar to '/dev/ttyS0'
+// Make sure that the user that runs the webserver has permissions to write to the printer - on Linux add your webserver user to the LP group with usermod -a -G lp www-data
+
+
+// Feature flags
+// Here you can disable the parts which you don't need to have a less cluttered UI
+// (set the setting to "false" to disable the corresponding part, which should be self explanatory)
+Setting('FEATURE_FLAG_STOCK', true);
+Setting('FEATURE_FLAG_SHOPPINGLIST', true);
+Setting('FEATURE_FLAG_RECIPES', true);
+Setting('FEATURE_FLAG_CHORES', true);
+Setting('FEATURE_FLAG_TASKS', true);
+Setting('FEATURE_FLAG_BATTERIES', true);
+Setting('FEATURE_FLAG_EQUIPMENT', true);
+Setting('FEATURE_FLAG_CALENDAR', true);
+Setting('FEATURE_FLAG_LABEL_PRINTER', false);
+
+// Sub feature flags
+Setting('FEATURE_FLAG_STOCK_PRICE_TRACKING', true);
+Setting('FEATURE_FLAG_STOCK_LOCATION_TRACKING', true);
+Setting('FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING', true);
+Setting('FEATURE_FLAG_STOCK_PRODUCT_OPENED_TRACKING', true);
+Setting('FEATURE_FLAG_STOCK_PRODUCT_FREEZING', true);
+Setting('FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_FIELD_NUMBER_PAD', true); // Activate the number pad in due date fields on (supported) mobile browsers
+Setting('FEATURE_FLAG_SHOPPINGLIST_MULTIPLE_LISTS', true);
+Setting('FEATURE_FLAG_CHORES_ASSIGNMENTS', true);
+Setting('FEATURE_FLAG_THERMAL_PRINTER', false);
+
+// Feature settings
+Setting('FEATURE_FLAG_DISABLE_BROWSER_BARCODE_CAMERA_SCANNING', false); // Set this to true if you want to disable the ability to scan a barcode via the device camera (Browser API)
+Setting('FEATURE_FLAG_AUTO_TORCH_ON_WITH_CAMERA', true); // Enables the torch automatically (if the device has one)
+
+
+// Default user settings
+// These settings can be changed per user, below here are the defaults
+// which are used when the user has not changed the setting so far
+
+// Night mode related
+DefaultUserSetting('night_mode_enabled', false); // If night mode is enabled always
+DefaultUserSetting('auto_night_mode_enabled', false); // If night mode is enabled automatically when inside a given time range (see the two settings below)
+DefaultUserSetting('auto_night_mode_time_range_from', '20:00'); // Format HH:mm
+DefaultUserSetting('auto_night_mode_time_range_to', '07:00'); // Format HH:mm
+DefaultUserSetting('auto_night_mode_time_range_goes_over_midnight', true); // If the time range above goes over midnight
+
+// Generic settings
+DefaultUserSetting('auto_reload_on_db_change', false); // If the page should be automatically reloaded when there was an external change
+DefaultUserSetting('show_clock_in_header', false); // Show a clock in the header next to the logo or not
+DefaultUserSetting('keep_screen_on', false); // If the screen should always be kept on
+DefaultUserSetting('keep_screen_on_when_fullscreen_card', false); // If the screen should be kept on when a "fullscreen-card" is displayed
+
+// Stock settings
+DefaultUserSetting('product_presets_location_id', -1); // Default location id for new products (-1 means no location is preset)
+DefaultUserSetting('product_presets_product_group_id', -1); // Default product group id for new products (-1 means no product group is preset)
+DefaultUserSetting('product_presets_qu_id', -1); // Default quantity unit id for new products (-1 means no quantity unit is preset)
+DefaultUserSetting('product_presets_default_due_days', 0); // Default due days for new products (-1 means that the product will be never overdue)
+DefaultUserSetting('product_presets_treat_opened_as_out_of_stock', true); // Default "Treat opened as out of stock" option for new products
+DefaultUserSetting('stock_decimal_places_amounts', 4); // Default decimal places allowed for amounts
+DefaultUserSetting('stock_decimal_places_prices', 2); // Default decimal places allowed for prices
+DefaultUserSetting('stock_auto_decimal_separator_prices', false);  // If the decimal separator should be set automatically for amount inputs
+DefaultUserSetting('stock_due_soon_days', 5); // The "expiring soon" days
+DefaultUserSetting('stock_default_purchase_amount', 0); // The default amount prefilled on the purchase page
+DefaultUserSetting('stock_default_consume_amount', 1); // The default amount prefilled on the consume page
+DefaultUserSetting('stock_default_consume_amount_use_quick_consume_amount', false); // If the products quick consume amount should be prefilled on the consume page
+DefaultUserSetting('scan_mode_consume_enabled', false); // If scan mode on the consume page is enabled
+DefaultUserSetting('scan_mode_purchase_enabled', false); // If scan mode on the purchase page is enabled
+DefaultUserSetting('show_icon_on_stock_overview_page_when_product_is_on_shopping_list', true); // When enabled, an icon is shown on the stock overview page (next to the product name) when the prodcut is currently on a shopping list
+DefaultUserSetting('show_purchased_date_on_purchase', false); // Whether the purchased date should be editable on purchase (defaults to today otherwise)
+DefaultUserSetting('show_warning_on_purchase_when_due_date_is_earlier_than_next', true); // Show a warning on purchase when the due date of the purchased product is earlier than the next due date in stock
+
+// Shopping list settings
+DefaultUserSetting('shopping_list_to_stock_workflow_auto_submit_when_prefilled', false); // Automatically do the booking using the last price and the amount of the shopping list item, if the product has "Default due days" set
+DefaultUserSetting('shopping_list_show_calendar', false); // When enabled, a small (month view) calendar will be shown on the shopping list page
+
+// Recipe settings
+DefaultUserSetting('recipe_ingredients_group_by_product_group', false); // Group recipe ingredients by their product group
+DefaultUserSetting('recipes_show_list_side_by_side', true); // If the recipe should be displayed next to recipe list on the recipes page
+
+// Chores settings
+DefaultUserSetting('chores_due_soon_days', 5); // The "due soon" days
+
+// Batteries settings
+DefaultUserSetting('batteries_due_soon_days', 5); // The "due soon" days
+
+// Tasks settings
+DefaultUserSetting('tasks_due_soon_days', 5); // The "due soon" days
+
+// Component configuration for Quagga2 - read https://github.com/ericblade/quagga2#configobject for details
+// Below is a generic good configuration,
+// for an iPhone 7 Plus, halfsample = true, patchsize = small, frequency = 5 yields very good results
+DefaultUserSetting('quagga2_numofworkers', 4);
+DefaultUserSetting('quagga2_halfsample', false);
+DefaultUserSetting('quagga2_patchsize', 'medium');
+DefaultUserSetting('quagga2_frequency', 10);
+DefaultUserSetting('quagga2_debug', true);

grocy/docker-compose.yml

@@ -0,0 +1,33 @@
+networks:
+  default:
+    name: traefik_default
+    external: true
+
+services:
+  grocy-frontend:
+    image: lscr.io/linuxserver/grocy:latest
+    container_name: grocy-app
+    restart: unless-stopped
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+      - ${GROCY_ROOT}/data:/config
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - TZ=CET
+    env_file: live.env
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Routes
+      - "traefik.enable=true"
+      - "traefik.http.routers.grocy.entrypoints=websecure"
+      - "traefik.http.routers.grocy.rule=Host(`grocy.${DOMAIN}`)"
+      - "traefik.http.routers.grocy.tls=true"
+      - "traefik.http.routers.grocy.tls.certresolver=myresolver"
+    networks:
+      - default
+    ports:
+      - 9283:80
+    

grocy/live.env.tpl

@@ -0,0 +1,50 @@
+# Grocy Environment Variables
+
+# These environment variables affect PHP and the grocy application
+# For a full list of grocy settings, see config-dist.php in the main grocy repo:
+#
+#       https://github.com/grocy/grocy/blob/master/config-dist.php
+#
+# Grocy application settings must be prefixed with 'GROCY_'.
+#
+# For example, if we'd like to configure grocy to use Euros (EUR):
+#
+#       Setting('CURRENCY', 'USD');
+#
+# Then we would set GROCY_CURRENCY=EUR 
+
+
+## User-supplied Variables
+
+# These are environment variables that may be supplied by the user
+# No values are supplied for these as part of this distribution
+
+# When you're ready to deploy grocy in production, set GROCY_MODE=production
+# to enable user authentication
+GROCY_MODE=production
+
+
+## Distribution-supplied Variables
+
+# These are 'sensible defaults' provided as part of the grocy-docker
+# distribution.
+
+# GROCY_CULTURE configures localization of the grocy application
+# Supported locales: https://github.com/grocy/grocy/tree/master/localization
+GROCY_CULTURE=de
+GROCY_CURRENCY=EUR
+GROCY_DEFAULT_LOCALE=de
+
+# Grocy Mode
+GROCY_MODE=production
+
+
+# PHP Environment variables
+MAX_UPLOAD=50M
+PHP_MAX_FILE_UPLOAD=200
+PHP_MAX_POST=100M
+PHP_MEMORY_LIMIT=512M
+
+#Custom Settings
+GROCY_ROOT=/home/compute/services/grocy
+DOMAIN=domain.com

nextcloud/collabora/loolwsd.xml.tpl

@@ -1,183 +0,0 @@
-<config>
-
-    <!-- Note: 'default' attributes are used to document a setting's default value as well as to use as fallback. -->
-    <!-- Note: When adding a new entry, a default must be set in WSD in case the entry is missing upon deployment. -->
-
-    <allowed_languages desc="List of supported languages of Writing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this instance. Allowing too many has negative effect on startup performance." default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</allowed_languages>
-
-    <sys_template_path desc="Path to a template tree with shared libraries etc to be used as source for chroot jails for child processes." type="path" relative="true" default="systemplate"></sys_template_path>
-    <child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
-    <mount_jail_tree desc="Controls whether the systemplate and lotemplate contents are mounted or not, which is much faster than the default of linking/copying each file." type="bool" default="true"></mount_jail_tree>
-
-    <server_name desc="External hostname:port of the server running loolwsd. If empty, it's derived from the request (please set it if this doesn't work). Must be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">collabora.domain.com</server_name>
-    <file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing loleaflet." type="path" relative="true" default="loleaflet/../"></file_server_root_path>
-
-    <memproportion desc="The maximum percentage of system memory consumed by all of the Collabora Online Development Edition, after which we start cleaning up idle documents" type="double" default="80.0"></memproportion>
-    <num_prespawn_children desc="Number of child processes to keep started in advance and waiting for new clients." type="uint" default="1">1</num_prespawn_children>
-    <per_document desc="Document-specific settings, including LO Core settings.">
-        <max_concurrency desc="The maximum number of threads to use while processing a document." type="uint" default="4">4</max_concurrency>
-        <batch_priority desc="A (lower) priority for use by batch eg. convert-to processes to avoid starving interactive ones" type="uint" default="5">5</batch_priority>
-        <document_signing_url desc="The endpoint URL of signing server, if empty the document signing is disabled" type="string" default=""></document_signing_url>
-        <redlining_as_comments desc="If true show red-lines as comments" type="bool" default="false">false</redlining_as_comments>
-        <idle_timeout_secs desc="The maximum number of seconds before unloading an idle document. Defaults to 1 hour." type="uint" default="3600">3600</idle_timeout_secs>
-        <!-- Idle save and auto save are checked every 30 seconds -->
-        <!-- They are disabled when the value is zero or negative. -->
-        <idlesave_duration_secs desc="The number of idle seconds after which document, if modified, should be saved. Defaults to 30 seconds." type="int" default="30">30</idlesave_duration_secs>
-        <autosave_duration_secs desc="The number of seconds after which document, if modified, should be saved. Defaults to 5 minutes." type="int" default="300">300</autosave_duration_secs>
-        <always_save_on_exit desc="On exiting the last editor, always perform the save, even if the document is not modified." type="bool" default="false">false</always_save_on_exit>
-        <limit_virt_mem_mb desc="The maximum virtual memory allowed to each document process. 0 for unlimited." type="uint">0</limit_virt_mem_mb>
-        <limit_stack_mem_kb desc="The maximum stack size allowed to each document process. 0 for unlimited." type="uint">8000</limit_stack_mem_kb>
-        <limit_file_size_mb desc="The maximum file size allowed to each document process to write. 0 for unlimited." type="uint">0</limit_file_size_mb>
-        <limit_num_open_files desc="The maximum number of files allowed to each document process to open. 0 for unlimited." type="uint">0</limit_num_open_files>
-        <limit_load_secs desc="Maximum number of seconds to wait for a document load to succeed. 0 for unlimited." type="uint" default="100">100</limit_load_secs>
-        <limit_convert_secs desc="Maximum number of seconds to wait for a document conversion to succeed. 0 for unlimited." type="uint" default="100">100</limit_convert_secs>
-        <cleanup desc="Checks for resource consuming (bad) documents and kills associated kit process. A document is considered resource consuming (bad) if is in idle state for idle_time_secs period and memory usage passed limit_dirty_mem_mb or CPU usage passed limit_cpu_per" enable="false">
-            <cleanup_interval_ms desc="Interval between two checks" type="uint" default="10000">10000</cleanup_interval_ms>
-            <bad_behavior_period_secs desc="Minimum time period for a document to be in bad state before associated kit process is killed. If in this period the condition for bad document is not met once then this period is reset" type="uint" default="60">60</bad_behavior_period_secs>
-            <idle_time_secs desc="Minimum idle time for a document to be candidate for bad state" type="uint" default="300">300</idle_time_secs>
-            <limit_dirty_mem_mb desc="Minimum memory usage for a document to be candidate for bad state" type="uint" default="3072">3072</limit_dirty_mem_mb>
-            <limit_cpu_per desc="Minimum CPU usage for a document to be candidate for bad state" type="uint" default="85">85</limit_cpu_per>
-        </cleanup>
-    </per_document>
-
-    <per_view desc="View-specific settings.">
-        <out_of_focus_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus. Defaults to 120 seconds." type="uint" default="120">120</out_of_focus_timeout_secs>
-        <idle_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus). Defaults to 15 minutes." type="uint" default="900">900</idle_timeout_secs>
-    </per_view>
-
-    <loleaflet_html desc="Allows UI customization by replacing the single endpoint of loleaflet.html" type="string" default="loleaflet.html">loleaflet.html</loleaflet_html>
-
-    <logging>
-        <color type="bool">true</color>
-        <level type="string" desc="Can be 0-8, or none (turns off logging), fatal, critical, error, warning, notice, information, debug, trace" default="warning">warning</level>
-        <protocol type="bool" desc="Enable minimal client-site JS protocol logging from the start">false</protocol>
-        <!-- lokit_sal_log example: Log WebDAV-related messages, that is interesting for debugging Insert - Image operation: "+TIMESTAMP+INFO.ucb.ucp.webdav+WARN.ucb.ucp.webdav"
-             See also: https://docs.libreoffice.org/sal/html/sal_log.html -->
-        <lokit_sal_log type="string" desc="Fine tune log messages from LOKit. Default is to suppress log messages from LOKit." default="-INFO-WARN">-INFO-WARN</lokit_sal_log>
-        <file enable="false">
-            <!-- If you use other path than /var/log and you run loolwsd from systemd, make sure that you enable that path in loolwsd.service (ReadWritePaths). -->
-            <property name="path" desc="Log file path.">/var/log/loolwsd.log</property>
-            <property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
-            <property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
-            <property name="compress" desc="Enable/disable log file compression.">true</property>
-            <property name="purgeAge" desc="The maximum age of log files to preserve. See Poco FileChannel.">10 days</property>
-            <property name="purgeCount" desc="The maximum number of log archives to preserve. Use 'none' to disable purging. See Poco FileChannel.">10</property>
-            <property name="rotateOnOpen" desc="Enable/disable log file rotation on opening.">true</property>
-            <property name="flush" desc="Enable/disable flushing after logging each line. May harm performance. Note that without flushing after each line, the log lines from the different processes will not appear in chronological order.">false</property>
-        </file>
-        <anonymize>
-            <anonymize_user_data type="bool" desc="Enable to anonymize/obfuscate of user-data in logs. If default is true, it was forced at compile-time and cannot be disabled." default="false">false</anonymize_user_data>
-            <anonymization_salt type="uint" desc="The salt used to anonymize/obfuscate user-data in logs. Use a secret 64-bit random number." default="82589933">82589933</anonymization_salt>
-        </anonymize>
-    </logging>
-
-    <loleaflet_logging desc="Logging in the browser console" default="false">false</loleaflet_logging>
-
-    <trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false">
-        <path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/looltrace-%.gz" compress="true" snapshot="false"></path>
-        <filter>
-            <message desc="Regex pattern of messages to exclude"></message>
-        </filter>
-        <outgoing>
-            <record desc="Whether or not to record outgoing messages" default="false">false</record>
-        </outgoing>
-    </trace>
-
-    <net desc="Network settings">
-      <!-- On systems where localhost resolves to IPv6 [::1] address first, when net.proto is all and net.listen is loopback, loolwsd unexpectedly listens on [::1] only.
-           You need to change net.proto to IPv4, if you want to use 127.0.0.1. -->
-      <proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
-      <listen type="string" default="any" desc="Listen address that loolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
-      <service_root type="path" default="" desc="Prefix all the pages, websockets, etc. with this path."></service_root>
-      <proxy_prefix type="bool" default="false" desc="Enable a ProxyPrefix to be passed int through which to redirect requests"></proxy_prefix>
-      <post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
-        <host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
-        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
-        <host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>
-        <host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
-        <host desc="The IPv6 loopback (localhost) address.">::1</host>
-        <host desc="The IPv4 private 172.17.0.0/16 subnet (Docker).">172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
-        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
-      </post_allow>
-      <frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
-      <connection_timeout_secs desc="Specifies the connection, send, recv timeout in seconds for connections initiated by loolwsd (such as WOPI connections)." type="int" default="30"></connection_timeout_secs>
-    </net>
-
-    <ssl desc="SSL settings">
-        <enable type="bool" desc="Controls whether SSL encryption between browser and loolwsd is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">true</enable>
-        <termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
-        <cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
-        <key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
-        <ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
-        <cipher_list desc="List of OpenSSL ciphers to accept" default="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"></cipher_list>
-        <hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
-            <max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
-            <report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
-            <pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
-            <pin></pin>
-            </pins>
-        </hpkp>
-    </ssl>
-
-    <security desc="Altering these defaults potentially opens you to significant risk">
-      <seccomp desc="Should we use the seccomp system call filtering." type="bool" default="true">true</seccomp>
-      <capabilities desc="Should we require capabilities to isolate processes into chroot jails" type="bool" default="true">true</capabilities>
-    </security>
-
-    <watermark>
-      <opacity desc="Opacity of on-screen watermark from 0.0 to 1.0" type="double" default="0.2"></opacity>
-      <text desc="Watermark text to be displayed on the document if entered" type="string"></text>
-    </watermark>
-
-    <welcome>
-      <enable type="bool" desc="Controls whether the welcome screen should be shown to the users on new install and updates." default="true">true</enable>
-      <enable_button type="bool" desc="Controls whether the welcome screen should have an explanatory button instead of an X button to close the dialog." default="false">false</enable_button>
-      <path desc="Path to 'welcome-$lang.html' files served on first start or when the version changes. When empty, defaults to the Release notes." type="path" relative="true" default="loleaflet/welcome"></path>
-    </welcome>
-
-    <user_interface>
-      <mode type="string" desc="Controls the user interface style (classic|notebookbar)" default="classic">classic</mode>
-    </user_interface>
-
-    <storage desc="Backend storage">
-        <filesystem allow="false" />
-        <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
-            <host desc="Regex pattern of hostname to allow or deny." allow="true">nextcloud\\.domain\\.com</host>
-            <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
-            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
-            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
-            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
-            <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
-            <host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
-            <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
-            <reuse_cookies desc="When enabled, cookies from the browser will be captured and set on WOPI requests." type="bool" default="false">false</reuse_cookies>
-            <locking desc="Locking settings">
-                <refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
-            </locking>
-        </wopi>
-        <webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false">
-            <host desc="Hostname to allow" allow="false">nextcloud.domain.com</host>
-        </webdav>
-        <ssl desc="SSL settings">
-	    <as_scheme type="bool" default="true" desc="When set we exclusively use the WOPI URI's scheme to enable SSL for storage">true</as_scheme>
-            <enable type="bool" desc="If as_scheme is false or not set, this can be set to force SSL encryption between storage and loolwsd. When empty this defaults to following the ssl.enable setting"></enable>
-            <cert_file_path desc="Path to the cert file" relative="false"></cert_file_path>
-            <key_file_path desc="Path to the key file" relative="false"></key_file_path>
-            <ca_file_path desc="Path to the ca file. If this is not empty, then SSL verification will be strict, otherwise cert of storage (WOPI-like host) will not be verified." relative="false"></ca_file_path>
-            <cipher_list desc="List of OpenSSL ciphers to accept. If empty the defaults are used. These can be overriden only if absolutely needed."></cipher_list>
-        </ssl>
-    </storage>
-
-    <tile_cache_persistent desc="Should the tiles persist between two editing sessions of the given document?" type="bool" default="true">true</tile_cache_persistent>
-
-    <admin_console desc="Web admin console settings.">
-        <enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
-        <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
-        <username desc="The username of the admin console. Ignored if PAM is enabled.">username</username>
-        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">test</password>
-    </admin_console>
-
-    <monitors desc="Addresses of servers we connect to on start for monitoring">
-    </monitors>
-
-</config>

nextcloud/docker-compose.yml

@@ -1,14 +1,12 @@
-version: '3.5'
-
 networks:
   default:
-    external:
-      name: traefik_default
+    name: traefik_default
+    external: true
 
 services:
   nextcloud-db:
     env_file: live.env
-    image: mariadb:10
+    image: mariadb:10.11
     container_name: nextcloud-db
     command: --transaction-isolation=READ-COMMITTED --log-bin=ROW
     labels:
@@ -37,20 +35,22 @@ services:
       - ${NEXTCLOUD_ROOT}/redis:/data
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
-      
 
   nextcloud-app:
     depends_on:
       - nextcloud-db
       - nextcloud-redis
     container_name: nextcloud-app
+    command: >
+      bash -c 'chown -R www-data:www-data ${NEXTCLOUD_DATA_DIR} && chown -R www-data:www-data /var/www/html && chmod 755 ${NEXTCLOUD_DATA_DIR}/.ocdata && /entrypoint.sh apache2-foreground'
     env_file: live.env
     environment:
       - NEXTCLOUD_TRUSTED_DOMAINS='${NEXTCLOUD_FQDN}'
+      - NEXTCLOUD_DATA_DIR='${NEXTCLOUD_DATA_DIR}'
     extra_hosts:
       - "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}"
       - "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}"
-    image: nextcloud:21
+    image: nextcloud:28
     labels:
       # Watchtower
       - "com.centurylinklabs.watchtower.enable=true"
@@ -78,17 +78,19 @@ services:
     restart: unless-stopped
     volumes:
       - ${NEXTCLOUD_ROOT}/html:/var/www/html
-      - ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data
+      - ${NEXTCLOUD_ROOT}/data:${NEXTCLOUD_DATA_DIR}
 
   nextcloud-cron:
-    image: nextcloud:21
+    image: nextcloud:28
     container_name: nextcloud-cron
+    command: >
+      bash -c 'chown -R www-data:www-data ${NEXTCLOUD_DATA_DIR} && chown -R www-data:www-data /var/www/html && chmod 755 ${NEXTCLOUD_DATA_DIR}/.ocdata && /entrypoint.sh apache2-foreground'
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
     restart: unless-stopped
     volumes:
       - ${NEXTCLOUD_ROOT}/html:/var/www/html
-      - ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data
+      - ${NEXTCLOUD_ROOT}/data:${NEXTCLOUD_DATA_DIR}
     entrypoint: /cron.sh
     depends_on:
       - nextcloud-db
@@ -96,7 +98,7 @@ services:
       - nextcloud-collabora
 
   nextcloud-coturn:
-      image: instrumentisto/coturn
+      image: coturn/coturn:4
       container_name: nextcloud-coturn
       restart: unless-stopped
       ports:
@@ -114,7 +116,7 @@ services:
         - --static-auth-secret=${COTURN_SECRET}
 
   nextcloud-collabora:
-    image: collabora/code:6.4.2.2
+    image: collabora/code:23.05.9.1.1
     container_name: nextcloud-collabora
     env_file: live.env
     extra_hosts:
@@ -141,11 +143,11 @@ services:
       - username=${COLLABORA_USERNAME}
       - password=${COLLABORA_PASSWORD}
       - extra_params=--o:ssl.enable=false --o:ssl.termination=true
+      - VIRTUAL_PROTO=https
+      - VIRTUAL_PORT=9980
+      - VIRTUAL_HOST=${COLLABORA_FQDN}
     cap_add:
       - MKNOD
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
-      - ./collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml
-  
-  

nextcloud/live.env.tpl

@@ -14,14 +14,13 @@ REDIS_HOST_PASSWORD=password_redis
 NEXTCLOUD_ROOT=/home/compute/services/nextcloud
 NEXTCLOUD_DATA_DIR=/srv/nextcloud/data
 NEXTCLOUD_FQDN=your_nextcloud_sub_domain.domain.com
-# This is the IP of the Trafik container. This changes if the traefik container restarts. If it is not the current traefik container IP collabora does not work. Check the current traefik container IP with: docker inspect traefik and get the IP from the Networks -> traefik_default -> IPAddress section
-TRAEFIK_CONTAINER_IP=172.27.0.16
+TRAEFIK_CONTAINER_IP=172.27.0.100
 PHP_MEMORY_LIMIT=2048M
 PHP_UPLOAD_LIMIT=8G
 
 # Collabora
 COLLABORA_FQDN=collabora.domain.com
-COLLABORA_DOMAIN=nextcloud_sub_domain\\.domain\\.com # This is the domain which the collabora server is requests accepting from.
+COLLABORA_DOMAIN=nextcloud_sub_domain\.domain\.com # This is the domain which the collabora server is requests accepting from.
 COLLABORA_USERNAME=username
 COLLABORA_PASSWORD=password_collabora
 

nginx-rtmp/README.md

@@ -1 +0,0 @@
-Not Traefik ready!

nginx-rtmp/docker-compose.yml

@@ -1,8 +0,0 @@
-version: "3.7"
-services:
-  streaming:
-    image: tiangolo/nginx-rtmp
-    container_name: nginx-rtmp
-    ports:
-      - "1935:1935"
-    restart: unless-stopped

osp/README.md

@@ -0,0 +1,5 @@
+https://openstreamingplatform.com/
+
+Open Streaming Platform (OSP) is an open-source, RTMP streamer software front-end for Arut's Nginx-RTMP Module. OSP was designed as a self-hosted alternative to services such as Twitch.tv, Ustream.tv, Mixer, and Youtube Live. 
+
+This service is based on an older software version beta6d and not on the current version 0.8.8 because an docker image ist not available for it right now.

osp/docker-compose.yml

@@ -0,0 +1,70 @@
+networks:
+  default:
+    name: traefik_default
+    external: true
+
+services:
+  osp-app:
+    depends_on:
+      - osp-db
+      - osp-redis
+    container_name: osp-app
+    entrypoint: ["/opt/osp/setup/docker/wait-for-it.sh", "osp-db:3306", "--strict", "-t", "60", "--", "/opt/osp/setup/docker/entrypoint.sh"]
+    env_file: live.env
+    environment:
+      - DB_URL=mysql+pymysql://${MYSQL_USER}:${MYSQL_PASSWORD}@${MYSQL_HOST}:3306/${MYSQL_DATABASE}
+    image: deamos/openstreamingplatform:latest
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Routes
+      - "traefik.enable=true"
+      - "traefik.http.routers.osp.entrypoints=websecure"
+      - "traefik.http.routers.osp.rule=Host(`osp.${DOMAIN}`)"
+      - "traefik.http.routers.osp.tls=true"
+      - "traefik.http.routers.osp.tls.certresolver=myresolver"
+      - "traefik.http.services.osp.loadbalancer.server.port=80"
+      # RTMP specific
+      - "traefik.tcp.routers.rtmpcast.entrypoints=rtmp"
+      - "traefik.tcp.routers.rtmpcast.rule=HostSNI(`osp.${DOMAIN}`)"
+      - "traefik.tcp.routers.rtmpcast.service=rtmpcast"
+      - "traefik.tcp.routers.rtmpcast.tls=true"
+      - "traefik.tcp.routers.rtmpcast.tls.certresolver=myresolver"
+      - "traefik.tcp.services.rtmpcast.loadbalancer.server.port=1935"
+    networks:
+      - default
+    restart: unless-stopped
+    volumes:
+      - ${OSP_ROOT}/data:/var/www
+      - ${OSP_ROOT}/data/nginx/conf:/usr/local/nginx/conf
+
+  osp-db:
+    image: mariadb:10
+    container_name: osp-db
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    restart: unless-stopped
+    env_file: live.env
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+    networks:
+      - default
+    volumes:
+      - /etc/localtime:/etc/localtime:ro  
+      - /etc/timezone:/etc/timezone:ro
+      - ${OSP_ROOT}/db:/var/lib/mysql
+
+  osp-redis:
+    image: redis:6-alpine
+    container_name: osp-redis
+    command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    networks:
+      - default
+    restart: unless-stopped
+    volumes:
+      - ${OSP_ROOT}/redis:/data
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+

osp/live.env.tpl

@@ -0,0 +1,21 @@
+# MariaDB settings
+MYSQL_ROOT_PASSWORD=password_db_root
+MYSQL_DATABASE=osp
+MYSQL_USER=osp
+MYSQL_PASSWORD=password_db
+MYSQL_HOST=osp-db
+
+# Redis
+REDIS_HOST=osp-redis
+REDIS_HOST_PASSWORD=password_redis
+
+# osp
+OSP_ROOT=/home/compute/services/osp
+FLASK_SECRET=very_secret_key_change_me
+FLASK_SALT=very_secret_salt_key_change_me
+REDIS_PASSWORD=password_redis
+OSP_ALLOWREGISTRATION=False
+OSP_REQUIREVERIFICATION=False
+
+# Traefik
+DOMAIN=domain.com

traefik/docker-compose.yml

@@ -1,12 +1,11 @@
-version: '3.5'
-
 networks:
   default:
     driver: bridge
+    ipam:
+      config:
+        - subnet: 172.27.0.0/24
   socket_proxy:
-    external:
       name: socket_proxy
-  
 
 services:
   # Only accept needed incoming docker API calls
@@ -52,7 +51,7 @@ services:
         # DELETE Options
         - CONTAINERS_DELETE=1 # WatchTower
         - IMAGES_DELETE=1 # WatchTower
-      image: fluencelabs/docker-socket-proxy
+      image: tecnativa/docker-socket-proxy:latest
       labels:
         - "com.centurylinklabs.watchtower.enable=true"
       networks:
@@ -76,7 +75,7 @@ services:
         WATCHTOWER_NO_STARTUP_MESSAGE: "false"
         WATCHTOWER_SCHEDULE: "0 30 12 * * *" # Everyday at 12:30
         DOCKER_HOST: tcp://socket-proxy:2375
-      image: containrrr/watchtower
+      image: containrrr/watchtower:latest
       labels:
         - "com.centurylinklabs.watchtower.enable=true"
       networks:
@@ -89,21 +88,22 @@ services:
       - watchtower
     # Always restart also at boot unless manually stopped
     restart: unless-stopped
-    # The official v2 Traefik docker image
-    image: traefik:v2.3
+    # The official v3 Traefik docker image
+    image: traefik:3.0
     networks:
-      - socket_proxy
-      - default
+      default:
+        ipv4_address: 172.27.0.100
+      socket_proxy: null
     env_file: live.env
     container_name: "traefik"
-    # Enables the web UI and tells Traefik to listen to docker
     command:
-      # logging
-      - "--log.filePath=/logs/traefik.log"
-      - "--log.level=DEBUG"
-      # API and Dashboard
+      # logging settings
+      # - "--log.filePath=/logs/traefik.log"
+      # - "--log.format=json"
+      - "--log.level=ERROR"
+      # Enable API and Dashboard access
       #- "--api.insecure=true"
-      - "--api=true"      
+      - "--api=true"
       - "--api.dashboard=true"
       # Docker as provider
       - "--providers.docker=true"
@@ -117,6 +117,7 @@ services:
       - "--entrypoints.ts-tcp.address=:30033"
       # Use this CA server for testing
       # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      # production Lets encrypt settings
       - "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
       - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
       - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
@@ -126,7 +127,7 @@ services:
     labels:
       # enable watchtower for traefik
       - "com.centurylinklabs.watchtower.enable=true"
-      # Dashboard stuff
+      # Dashboard basic auth and routing
       - "traefik.enable=true"
       - "traefik.http.routers.traefik-https.rule=Host(`traefik.${DOMAIN}`)"
       - "traefik.http.routers.traefik-https.entrypoints=websecure"
@@ -135,7 +136,7 @@ services:
       - "traefik.http.routers.traefik-https.tls=true"
       - "traefik.http.routers.traefik-https.tls.certresolver=myresolver"
       - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_USER}:${TRAEFIK_PASSWORD_HASH}"
-      # http to https redirect
+      # http to https redirect for all incoming http requests
       - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
       - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
       - "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)"
@@ -150,10 +151,21 @@ services:
       #- "8080:8080"
       # TS3 ports
       - "9987:9987/udp"
-      - "10011:10011"
       - "30033:30033"
     volumes:
       # For certificate
-      - "./volumes/letsencrypt/acme.json:/letsencrypt/acme.json"
+      - "./data/letsencrypt:/letsencrypt"
       # For logging
-      - "./volumes/logs/traefik.log:/logs/traefik.log"
+      - "./data/logs:/logs"
+      # Docker socket
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+  # Test container
+  whoami:
+      image: "traefik/whoami"
+      container_name: "simple-service"
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
+        - "traefik.http.routers.whoami.entrypoints=websecure"
+        - "traefik.http.routers.whoami.tls.certresolver=myresolver"

ts3/README.md

@@ -1,2 +1,2 @@
-This is now routed via traefik. 
-Still checking performance if working it is.
+This is now routed via traefik.
+Still checking performance if there is no package loss.

ts3/docker-compose.yml

@@ -1,9 +1,7 @@
-version: '3.5'
-
 networks:
   default:
-    external:
-      name: traefik_default
+    name: traefik_default
+    external: true
 
 services:
   teamspeak-app:
@@ -26,7 +24,9 @@ services:
       - "traefik.tcp.routers.teamspeak-tcp.entrypoints=ts-tcp"
       - "traefik.tcp.routers.teamspeak-tcp.service=teamspeak-tcp"
       - "traefik.tcp.routers.teamspeak-tcp.rule=HostSNI(`ts3.${DOMAIN}`)"
-      - "traefik.tcp.services.teamspeak-tcp.loadbalancer.server.port=30033"      
+      - "traefik.tcp.routers.teamspeak-tcp.tls=true"
+      - "traefik.tcp.routers.teamspeak-tcp.tls.certresolver=myresolver"
+      - "traefik.tcp.services.teamspeak-tcp.loadbalancer.server.port=30033"
       # udp
       - "traefik.udp.routers.teamspeak-udp.entrypoints=ts-udp"
       - "traefik.udp.routers.teamspeak-udp.service=teamspeak-udp"
@@ -35,9 +35,9 @@ services:
   teamspeak-db:
     networks:
       - default
-    image: mariadb:10
+    image: mariadb:10.11
     env_file: live.env
     container_name: ts3-db
     restart: unless-stopped
     volumes:
-      - ./db:/var/lib/mysql
+    - ./db:/var/lib/mysql

valheim-server/docker-compose.yaml

@@ -0,0 +1,15 @@
+services: 
+  valheim: 
+    image: clarkent86/valheim-server
+    cap_add:
+      - sys_nice
+    volumes: 
+      - ./config:/config
+      - ./data:/opt/valheim
+    ports: 
+      - "2456-2458:2456-2458/udp"
+      - "9001:9001/tcp"
+    env_file:
+      - ./valheim.env
+    restart: always
+    stop_grace_period: 2m

valheim-server/valheim.env.tpl

@@ -0,0 +1,6 @@
+SERVER_NAME=YOUR_SERVER_NAME
+WORLD_NAME=Dedicated
+SERVER_PASS=YOUR_PASSWORD
+SERVER_PUBLIC=true
+VALHEIM_PLUS=false
+BEPINEX=true

wordpress/docker-compose.yml

@@ -1,14 +1,12 @@
-version: '3.5'
-
 networks:
   default:
-    external:
-      name: traefik_default
+    name: traefik_default
+    external: true
 
 services:
   wordpress:
     env_file: live.env
-    image: wordpress
+    image: wordpress:6.4.3
     container_name: wordpress-app
     restart: unless-stopped
     labels:
@@ -23,6 +21,9 @@ services:
       - "traefik.http.routers.wordpress.tls.certresolver=myresolver"
       #- "traefik.http.routers.wordpress.tls.options=intermediate@file"
       ### </https> ###
+    # multi wordpress instances useage
+    links:
+      - db:db_s1
     networks:
       - default
     volumes:
@@ -33,7 +34,7 @@ services:
 
   db:
     env_file: live.env
-    image: mysql:5.7
+    image: mariadb:10.11
     restart: unless-stopped
     container_name: wordpress-db
     labels:

wordpress/live.env.tpl

@@ -12,4 +12,4 @@ WORDPRESS_DB_NAME=wordpress
 MYSQL_DATABASE=wordpress
 MYSQL_USER=username
 MYSQL_PASSWORD=password_db
-MYSQL_RANDOM_ROOT_PASSWORD=password_db_root
+MYSQL_RANDOM_ROOT_PASSWORD=yes