this is the default & temporary config file

.gitignore

@@ -1,7 +1,14 @@
-FileBrowser/database.db
-Jellyfin/cache/
-Jellyfin/config/
-Pacoloco/cache/
-qBittorrent/config/
-qBittorrent/qbit-config/
+/Revolt/data
+/OpenWebUI/open-webui
+/uptime-kuma/data
+/FileBrowser/database.db
+/Pacoloco/cache/
 
+/Jellyfin/cache/
+/Jellyfin/config/
+
+/qBittorrent/config/
+/qBittorrent/qbit-config/
+
+/Caddy/tempo-storage
+/Caddy/grafana-storage

Caddy/Caddyfile

@@ -6,7 +6,7 @@
 		metrics
 	}
 
-	servers :80 {
+	servers :3000 {
 		name grafana
 		metrics
 	}

Caddy/docker-compose.yml

@@ -4,26 +4,34 @@ services:
     image: caddy:latest
     restart: unless-stopped
     ports:
-      - '80:80'
-      - '443:443'
+      - 80:80
+      - 443:443
       - '443:443/udp'
     volumes:
-      - './Caddyfile:/etc/caddy/Caddyfile'
+      - ./Caddyfile:/etc/caddy/Caddyfile
 
   # log collector
   prometheus:
     image: prom/prometheus:latest
     volumes:
-      - './prometheus.yaml:/etc/prometheus/prometheus.yml'
+      - ./prometheus.yaml:/etc/prometheus/prometheus.yml
     depends_on:
       - caddy
 
+  # trace collector
+  tempo:
+    image: grafana/tempo:latest
+    command: [ "-config.file=/opt/tempo.yaml" ] 
+    volumes:
+      - ./tempo.yaml:/opt/tempo.yaml
+      - ./tempo-storage/:/var/tempo
+
   # log viewer
   grafana:
     image: grafana/grafana:latest
     volumes:
-      - './grafana.yaml:/etc/grafana/provisioning/datasources/datasources.yaml'
-      - './grafana-storage/:/var/lib/grafana'
+      - ./grafana.yaml:/etc/grafana/provisioning/datasources/datasources.yaml
+      - ./grafana-storage/:/var/lib/grafana
     environment:
       - GF_AUTH_ANONYMOUS_ENABLED=true
       - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
@@ -31,6 +39,5 @@ services:
       - GF_FEATURE_TOGGLES_ENABLE=traceqlEditor
     depends_on:
       - prometheus
+      - tempo
 
-volumes:
-  grafana-storage: {}

Caddy/grafana.yaml

@@ -13,3 +13,17 @@ datasources:
   editable: false
   jsonData:
     httpMethod: GET
+- name: Tempo
+  type: tempo
+  uid: tempo
+  access: proxy
+  orgId: 1
+  url: http://tempo:3200
+  basicAuth: false
+  isDefault: false
+  version: 1
+  editable: false
+  jsonData:
+    httpMethod: GET
+    serviceMap:
+      datasourceUid: 'prometheus'

Caddy/tempo.yaml

@@ -0,0 +1,60 @@
+stream_over_http_enabled: true
+server:
+  http_listen_port: 3200
+  log_level: info
+
+query_frontend:
+  search:
+    duration_slo: 5s
+    throughput_bytes_slo: 1.073741824e+09
+  trace_by_id:
+    duration_slo: 5s
+
+distributor:
+  receivers:                           # this configuration will listen on all ports and protocols that tempo is capable of.
+    jaeger:                            # the receives all come from the OpenTelemetry collector.  more configuration information can
+      protocols:                       # be found there: https://github.com/open-telemetry/opentelemetry-collector/tree/main/receiver
+        thrift_http:                   #
+        grpc:                          # for a production deployment you should only enable the receivers you need!
+        thrift_binary:
+        thrift_compact:
+    zipkin:
+    otlp:
+      protocols:
+        http:
+        grpc:
+    opencensus:
+
+ingester:
+  max_block_duration: 5m               # cut the headblock when this much time passes. this is being set for demo purposes and should probably be left alone normally
+
+compactor:
+  compaction:
+    block_retention: 1h                # overall Tempo trace retention. set for demo purposes
+
+metrics_generator:
+  registry:
+    external_labels:
+      source: tempo
+      cluster: docker-compose
+  storage:
+    path: /var/tempo/generator/wal
+    remote_write:
+      - url: http://prometheus:9090/api/v1/write
+        send_exemplars: true
+  traces_storage:
+    path: /var/tempo/generator/traces
+
+storage:
+  trace:
+    backend: local                     # backend configuration to use
+    wal:
+      path: /var/tempo/wal             # where to store the wal locally
+    local:
+      path: /var/tempo/blocks
+
+overrides:
+  defaults:
+    metrics_generator:
+      processors: [service-graphs, span-metrics, local-blocks] # enables metrics generator
+      generate_native_histograms: both

FileBrowser/README.md

@@ -0,0 +1,4 @@
+
+# Filebrowser
+
+Browser-based file browser. Default creds will be `admin` `admin`. Obviously change this asap

FileBrowser/compose.yml

@@ -1,5 +1,3 @@
----
-version: '3'
 services:
   file-browser:
     image: filebrowser/filebrowser
@@ -9,7 +7,7 @@ services:
     ports:
       - 8080:80
     volumes:
-      - ../../documents/:/srv/
+      - ${ZFS_POOL}/:/srv/
       - ./database.db:/database.db
     security_opt:
       - no-new-privileges:true 

Jellyfin/compose.yml

@@ -1,16 +1,14 @@
----
-version: '3'
 services:
  jellyfin:
-  user: 1000:1000
+   # GID might need to be manuall set (id -g)
+  user: ${UID}:${GID}
   restart: unless-stopped
   image: jellyfin/jellyfin:latest
   container_name: jellyfin
   volumes:
     - ./config:/config
     - ./cache:/cache
-    - ../../documents/media:/media
-  network_mode: 'host'
+    - ${ZFS_POOL}/media:/media
   ports:
     - 8096:9096
   # Requires packages:

OpenWebUI/README.md

@@ -0,0 +1,4 @@
+
+# Open Web UI
+
+Currently this config expects ollama to be running on a different device, the compose.yml has the ip for you to change in it.

OpenWebUI/compose.yml

@@ -0,0 +1,13 @@
+services:
+  open-webui:
+    image: ghcr.io/open-webui/open-webui:main
+    restart: unless-stopped
+    environment:
+      - WEBUI_AUTH=False
+      - OLLAMA_BASE_URL=http://10.0.0.21:11434
+    ports:
+      - 4000:8080
+    volumes:
+      - './open-webui:/app/backend/data'
+
+

Revolt/.env

@@ -0,0 +1,108 @@
+##
+## Quark configuration
+##
+
+# MongoDB
+MONGODB=mongodb://database
+
+# Redis
+REDIS_URI=redis://redis/
+
+# Hostname used for Caddy
+# This should in most cases match REVOLT_APP_URL
+HOSTNAME=http://local.revolt.chat
+
+# URL to where the Revolt app is publicly accessible
+REVOLT_APP_URL=http://local.revolt.chat
+
+# VITE_xxx variables are used in the new frontend https://github.com/revoltchat/frontend
+
+# URL to where the API is publicly accessible
+REVOLT_PUBLIC_URL=http://local.revolt.chat/api
+VITE_API_URL=http://local.revolt.chat/api
+
+# URL to where the WebSocket server is publicly accessible
+REVOLT_EXTERNAL_WS_URL=ws://local.revolt.chat/ws
+VITE_WS_URL=ws://local.revolt.chat/ws
+
+# URL to where Autumn is publicly available
+AUTUMN_PUBLIC_URL=http://local.revolt.chat/autumn
+VITE_MEDIA_URL=http://local.revolt.chat/autumn
+
+# URL to where January is publicly available
+JANUARY_PUBLIC_URL=http://local.revolt.chat/january
+VITE_PROXY_URL=http://local.revolt.chat/january
+
+
+##
+## hCaptcha Settings
+##
+
+# If you are sure that you don't want to use hCaptcha, set to 1.
+REVOLT_UNSAFE_NO_CAPTCHA=1
+
+# hCaptcha API key (This is the "Secret key" from your User Settings page)
+# REVOLT_HCAPTCHA_KEY=0x0000000000000000000000000000000000000000
+
+# hCaptcha site key
+# REVOLT_HCAPTCHA_SITEKEY=10000000-ffff-ffff-ffff-000000000001
+
+
+##
+## Email Settings
+##
+
+# If you are sure that you don't want to use email verification, set to 1.
+REVOLT_UNSAFE_NO_EMAIL=1
+
+# SMTP host
+# REVOLT_SMTP_HOST=smtp.example.com
+
+# SMTP username
+# REVOLT_SMTP_USERNAME=noreply@example.com
+
+# SMTP password
+# REVOLT_SMTP_PASSWORD=CHANGEME
+
+# SMTP From header
+# REVOLT_SMTP_FROM=Revolt <noreply@example.com>
+
+
+##
+## Application Settings
+##
+
+# Whether to only allow users to sign up if they have an invite code
+REVOLT_INVITE_ONLY=0
+
+# Maximum number of people that can be in a group chat
+REVOLT_MAX_GROUP_SIZE=150
+
+# VAPID keys for push notifications
+# Generate using this guide: https://gitlab.insrt.uk/revolt/delta/-/wikis/vapid
+# --> Please replace these keys before going into production! <--
+REVOLT_VAPID_PRIVATE_KEY=LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUJSUWpyTWxLRnBiVWhsUHpUbERvcEliYk1yeVNrNXpKYzVYVzIxSjJDS3hvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFWnkrQkg2TGJQZ2hEa3pEempXOG0rUXVPM3pCajRXT1phdkR6ZU00c0pqbmFwd1psTFE0WAp1ZDh2TzVodU94QWhMQlU3WWRldVovWHlBdFpWZmNyQi9BPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
+REVOLT_VAPID_PUBLIC_KEY=BGcvgR-i2z4IQ5Mw841vJvkLjt8wY-FjmWrw83jOLCY52qcGZS0OF7nfLzuYbjsQISwVO2HXrmf18gLWVX3Kwfw=
+
+
+##
+## Autumn configuration
+##
+
+# S3 Region
+AUTUMN_S3_REGION=minio
+
+# S3 Endpoint
+AUTUMN_S3_ENDPOINT=http://minio:9000
+
+# MinIO Root User
+MINIO_ROOT_USER=minioautumn
+
+# MinIO Root Password
+MINIO_ROOT_PASSWORD=minioautumn
+
+# AWS Access Key ID
+AWS_ACCESS_KEY_ID=minioautumn
+
+# AWS Secret Key
+AWS_SECRET_ACCESS_KEY=minioautumn

Revolt/.env.caddy

@@ -0,0 +1 @@
+HOSTNAME=http://local.revolt.chat

Revolt/Caddyfile

@@ -0,0 +1,42 @@
+{
+	admin :2019
+
+	servers {
+		metrics
+	}
+}
+
+// {$HOSTNAME} {
+:80 {
+	route /api* {
+		uri strip_prefix /api
+		reverse_proxy http://api:8000
+	}
+
+	route /ws {
+		@upgrade {
+			header Connection *Upgrade*
+			header Upgrade websocket
+		}
+
+		uri strip_prefix /ws
+		reverse_proxy @upgrade http://events:9000
+	}
+
+	route /autumn* {
+		uri strip_prefix /autumn
+		reverse_proxy http://autumn:3000
+	}
+
+	route /january* {
+		uri strip_prefix /january
+		reverse_proxy http://january:7000
+	}
+
+	route /stats* {
+		uri strip_prefix /stats
+		reverse_proxy http://grafana:3000
+	}
+
+	reverse_proxy http://web:5000
+}

Revolt/README.md

@@ -0,0 +1,13 @@
+Run a revolt server with fancy monitoring (WIP)
+
+
+# Prep
+
+You may need to run
+```bash
+sudo mount --make-rshared /
+```
+
+# Before Prod
+- [ ] Change .env.grafana file usernames and passwords
+- [ ] Change .env file urls

Revolt/Revolt.toml

@@ -0,0 +1,97 @@
+[database]
+mongodb = "mongodb://database"
+redis = "redis://redis/"
+
+[hosts]
+app = "http://local.revolt.chat"
+api = "http://local.revolt.chat/api"
+events = "ws://local.revolt.chat/ws"
+autumn = "http://local.revolt.chat/autumn"
+january = "http://local.revolt.chat/january"
+voso_legacy = ""
+voso_legacy_ws = ""
+
+[api]
+
+[api.registration]
+invite_only = false
+
+[api.smtp]
+host = ""
+username = ""
+password = ""
+from_address = ""
+
+[api.vapid]
+private_key = "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUJSUWpyTWxLRnBiVWhsUHpUbERvcEliYk1yeVNrNXpKYzVYVzIxSjJDS3hvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFWnkrQkg2TGJQZ2hEa3pEempXOG0rUXVPM3pCajRXT1phdkR6ZU00c0pqbmFwd1psTFE0WAp1ZDh2TzVodU94QWhMQlU3WWRldVovWHlBdFpWZmNyQi9BPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo"
+public_key = "BGcvgR-i2z4IQ5Mw841vJvkLjt8wY-FjmWrw83jOLCY52qcGZS0OF7nfLzuYbjsQISwVO2HXrmf18gLWVX3Kwfw="
+
+[api.fcm]
+api_key = ""
+
+[api.apn]
+pkcs8 = ""
+key_id = ""
+team_id = ""
+
+[api.security]
+authifier_shield_key = ""
+voso_legacy_token = ""
+trust_cloudflare = false
+
+[api.security.captcha]
+hcaptcha_key = ""
+hcaptcha_sitekey = ""
+
+[api.workers]
+max_concurrent_connections = 50
+
+[features]
+webhooks_enabled = false
+
+[features.limits]
+
+[features.limits.global]
+group_size = 100
+message_embeds = 5
+message_replies = 5
+message_reactions = 20
+server_emoji = 100
+server_roles = 200
+server_channels = 200
+
+new_user_days = 3
+
+[features.limits.new_user]
+outgoing_friend_requests = 5
+
+bots = 2
+message_length = 2000
+message_attachments = 5
+servers = 100
+
+attachment_size = 20000000
+avatar_size = 4000000
+background_size = 6000000
+icon_size = 2500000
+banner_size = 6000000
+emoji_size = 500000
+
+[features.limits.default]
+outgoing_friend_requests = 10
+
+bots = 5
+message_length = 2000
+message_attachments = 5
+servers = 100
+
+attachment_size = 20000000
+avatar_size = 4000000
+background_size = 6000000
+icon_size = 2500000
+banner_size = 6000000
+emoji_size = 500000
+
+[sentry]
+api = ""
+events = ""

Revolt/compose.yaml

@@ -0,0 +1,183 @@
+services:
+  # r-proxy, log generator
+  caddy:
+    image: caddy:latest
+    restart: always
+    env_file: .env.caddy
+    ports:
+      - '8880:80'
+      - '4443:443'
+    volumes:
+      - './Caddyfile:/etc/caddy/Caddyfile'
+      - './data/caddy-data:/data'
+      - './data/caddy-config:/config'
+
+  ##########################################
+  #    Monitoring
+  #####
+
+  # log collector
+  prometheus:
+    image: prom/prometheus:latest
+    restart: always
+    volumes:
+      - ./prometheus/:/etc/prometheus/
+      - prometheus_storage:/prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+      - '--web.console.libraries=/usr/share/prometheus/console_libraries'
+      - '--web.console.templates=/usr/share/prometheus/consoles'
+    ports:
+      - 9090:9090
+    # links:
+      # - cadvisor:cadvisor
+    depends_on:
+      - cadvisor
+      - caddy
+
+  # log viewer
+  grafana:
+    image: grafana/grafana:latest
+    user: "472"
+    restart: always
+    ports:
+      - 3000:3000
+    volumes:
+      - './grafana/provisioning/:/etc/grafana/provisioning/'
+      - 'grafana_storage:/var/lib/grafana'
+    env_file:
+      - ./grafana/.env.grafana
+    depends_on:
+      - prometheus
+
+  node-exporter:
+    image: quay.io/prometheus/node-exporter:latest
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+      - /:/host:ro,rslave
+    command: 
+      - '--path.rootfs=/host'
+      - '--path.procfs=/host/proc' 
+      - '--path.sysfs=/host/sys'
+      - --collector.filesystem.mount-points-exclude
+      - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
+    ports:
+      - 9100:9100
+    restart: always
+    deploy:
+      mode: global
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:rw
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+    ports:
+      - 8080:8080
+    restart: always
+    deploy:
+      mode: global
+
+  ##########################################
+  #    Revolt
+  #####
+
+  # MongoDB database
+  database:
+    image: mongo
+    restart: always
+    volumes:
+      - './data/db:/data/db'
+
+  # Redis server
+  redis:
+    image: eqalpha/keydb
+    restart: always
+
+  # S3-compatible storage server
+  minio:
+    image: minio/minio
+    command: server /data
+    env_file: .env
+    volumes:
+      - './data/minio:/data'
+    restart: always
+
+  # API server (delta)
+  api:
+    image: ghcr.io/revoltchat/server:latest
+    env_file: .env
+    depends_on:
+      - database
+      - redis
+      - caddy
+    restart: always
+    volumes:
+      - './Revolt.toml:/Revolt.toml'
+
+  # Events service (quark)
+  events:
+    image: ghcr.io/revoltchat/bonfire:latest
+    env_file: .env
+    depends_on:
+      - database
+      - redis
+      - caddy
+    restart: always
+    volumes:
+      - './Revolt.toml:/Revolt.toml'
+
+  # Web App (revite)
+  web:
+    image: ghcr.io/revoltchat/client:master
+    env_file: .env
+    depends_on:
+      - caddy
+    restart: always
+
+  # File server (autumn)
+  autumn:
+    image: ghcr.io/revoltchat/autumn:latest
+    env_file: .env
+    depends_on:
+      - database
+      - createbuckets
+      - caddy
+    environment:
+      - AUTUMN_MONGO_URI=mongodb://database
+    restart: always
+
+  # Metadata and image proxy (january)
+  january:
+    image: ghcr.io/revoltchat/january:latest
+    depends_on:
+      - caddy
+    restart: always
+
+  # Create buckets for minio.
+  createbuckets:
+    image: minio/mc
+    depends_on:
+      - minio
+    env_file: .env
+    entrypoint: >
+      /bin/sh -c "
+      /usr/bin/mc config host add minio http://minio:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD;
+      while ! /usr/bin/mc ready minio; do echo 'Waiting minio...' && sleep 1; done;
+      /usr/bin/mc mb minio/attachments;
+      /usr/bin/mc mb minio/avatars;
+      /usr/bin/mc mb minio/backgrounds;
+      /usr/bin/mc mb minio/icons;
+      /usr/bin/mc mb minio/banners;
+      /usr/bin/mc mb minio/emojis;
+      exit 0;
+      "
+
+volumes:
+  grafana_storage: {}
+  prometheus_storage: {}

Revolt/grafana/.env.grafana

@@ -0,0 +1,4 @@
+GF_AUTH_ANONYMOUS_ENABLED=true
+GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+GF_AUTH_DISABLE_LOGIN_FORM=true
+GF_FEATURE_TOGGLES_ENABLE=traceqlEditor

Revolt/grafana/provisioning/datasources/datasources.yaml

@@ -0,0 +1,15 @@
+apiVersion: 1
+
+datasources:
+- name: Prometheus
+  type: prometheus
+  uid: prometheus
+  access: proxy
+  orgId: 1
+  url: http://prometheus:9090
+  basicAuth: false
+  isDefault: false
+  version: 1
+  editable: false
+  jsonData:
+    httpMethod: GET

Revolt/prometheus/prometheus.yml

@@ -0,0 +1,24 @@
+global:
+  scrape_interval: 15s
+  external_labels:
+      monitor: 'Revolt'
+
+scrape_configs:
+  - job_name: caddy
+    static_configs:
+      # docker networking
+      - targets: ['caddy:2019']
+
+  - job_name: 'prometheus'
+    static_configs:
+      - targets: ['localhost:9090']
+
+  - job_name: 'cadvisor'
+    static_configs:
+      - targets: ['cadvisor:8080']
+
+  - job_name: 'node-exporter'
+    static_configs:
+      - targets: ['node-exporter:9100']
+
+

Vaultwarden/docker-compose.yml

@@ -0,0 +1,9 @@
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    restart: unless-stopped
+    ports:
+      - 1025:80
+    volumes:
+      - ./vw-data/:/data/
+

qBittorrent/compose.yml

@@ -1,5 +1,3 @@
----
-version: '3'
 services:
   qbittorrent:
     image: qbittorrentofficial/qbittorrent-nox:latest
@@ -11,10 +9,11 @@ services:
       - QBT_EULA=true
     volumes:
       - ./qbit-config:/config
-      - ../../documents/downloads:/downloads
-    network_mode: host
+      - ${ZFS_POOL}/downloads:/downloads
     depends_on:
       - vpn
+    ports:
+      - 6882:6882
   vpn:
     image: lscr.io/linuxserver/wireguard:latest
     container_name: wireguard
@@ -22,13 +21,12 @@ services:
     cap_add:
       - NET_ADMIN
     environment:
-      - PUID=1000
-      - PGID=1000
+      - PUID=${UID}
+      - PGID=${GID}
       - TZ=America/Denver
       - SERVERPORT=51820 #optional
       - LOG_CONFS=true #optional
     volumes:
       - ./config:/config
-    network_mode: host
-    # sysctls:
-    #  - net.ipv4.conf.all.src_valid_mark=1
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1

uptime-kuma/compose.yaml

@@ -0,0 +1,9 @@
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:1
+    volumes:
+      - ./data:/app/data
+    ports:
+      # <Host Port>:<Container Port>
+      - 3001:3001
+    restart: unless-stopped