diff --git a/README.md b/README.md
index fd123d3..80604a2 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,11 @@ So, without further ado, here's the current list:
- How to use docker-compose
- Troubleshooting
+# Other self-hosted sources
+- [awesome-selfhosted](https://github.com/awesome-selfhosted/awesome-selfhosted)
+- [r/selfhosted](https://www.reddit.com/r/selfhosted/)
+- [Homelab OS](https://homelabos.com/docs/#available-software)
+
# Ad Blockers & local DNS
- [AdGuard Home](apps/ad-blockers/adguard.md)
@@ -32,8 +37,10 @@ So, without further ado, here's the current list:
- [MalwareMultiScan](https://github.com/mindcollapse/MalwareMultiScan) 🔗
# Backup
-- Duplicati
-- Elkar Backup
+- [Duplicati](apps/backup/duplicati.md)
+- [Elkar Backup](apps/backup/elkar-backup.md)
+- [websync](https://furier.github.io/websync/) 🔗 - an rsync task manager, where tasks can be added, scheduled and maintained in a sane manner
+
# Blogging
- [AnchorCMS](https://github.com/anchorcms/anchor-cms#installation) 🔗
@@ -122,10 +129,19 @@ So, without further ado, here's the current list:
- [DNS Records checker](https://www.digwebinterface.com/) 🔗
- [Domain security checker](https://www.hardenize.com/) 🔗
+# GIT
+- [Gitea](https://docs.gitea.io/en-us/install-with-docker/) 🔗
+- [GitLab](https://about.gitlab.com/) 🔗
+- [Gogs](https://gogs.io/) 🔗
+- [Phabricator](https://secure.phabricator.com/book/phabricator/article/configuration_guide/) 🔗
+
+
# Home Automation
- [HomeAssistant](apps/home-automation/home-assistant.md)
-- [Huginn](https://github.com/huginn/huginn) 🔗
-- [Node-RED](https://nodered.org/) 🔗
+- [Beehive](https://github.com/muesli/beehive) 🔗 - flexible event/agent & automation system
+- [Huginn](https://github.com/huginn/huginn) 🔗 - Create agents that monitor and act on your behalf.
+- [Node-RED](https://nodered.org/) 🔗 - Low-code programming for event-driven applications
+- [Kibitzr](https://kibitzr.github.io/) 🔗 - Personal Web Assistant
# Media Managers
@@ -183,7 +199,11 @@ So, without further ado, here's the current list:
- [pushover](https://pushover.net/) 🔗
- [unifi event monitor](https://github.com/tborychowski/unifi-event-monitor) 🔗
-
+# Other services
+- [bitwarden_rs](apps/other/bitwarden.md)
+- [Cockpit](apps/other/cockpit.md)
+- [Code server](apps/other/code.md)
+- [Firefox sync server](apps/other/firefox-sync.md)
# Photos
- [Comparison table](apps/photos/comparison.md)
diff --git a/apps/backup/duplicati.md b/apps/backup/duplicati.md
new file mode 100644
index 0000000..5f217a1
--- /dev/null
+++ b/apps/backup/duplicati.md
@@ -0,0 +1,36 @@
+# Duplicati
+
+- no notifications!
+- ugly as hell
+- confusing to set-up
+
+
+
+- [Github repo](https://github.com/duplicati/duplicati)
+- [Docker Hub](https://hub.docker.com/r/linuxserver/duplicati)
+- [Homepage](https://www.duplicati.com/)
+
+
+## docker-compose.yml
+```yml
+---
+version: '3.3'
+services:
+ duplicati:
+ image: linuxserver/duplicati
+ container_name: duplicati
+ restart: unless-stopped
+ environment:
+ - PUID=1000
+ - PGID=1000
+ - TZ=Europe/Dublin
+# - CLI_ARGS= #optional
+ ports:
+ - 8200:8200
+ volumes:
+ - ./config:/config
+
+ - /mnt/backups:/backups/backups # backup target
+ - ~:/backups/home:ro # backup source - home
+ - /mnt/docker:/backups/docker:ro # backup source - dockers
+```
diff --git a/apps/backup/elkar-backup.md b/apps/backup/elkar-backup.md
new file mode 100644
index 0000000..d3b23de
--- /dev/null
+++ b/apps/backup/elkar-backup.md
@@ -0,0 +1,55 @@
+# Elkar Backup
+
+Open source backup solution based on RSync/RSnapshot.
+- Decent & clean UI
+- Notification scripts
+- Really easy to use
+
+
+
+
+- [Github repo](https://github.com/elkarbackup/elkarbackup)
+- [Docker Hub](https://hub.docker.com/r/elkarbackup/elkarbackup/)
+- [Docs](https://docs.elkarbackup.org/docs/getting-started.html)
+- [Homepage](https://www.elkarbackup.org/)
+
+
+## docker-compose.yml
+```yml
+version: '3'
+
+services:
+ elkarbackup:
+ image: elkarbackup/elkarbackup
+ restart: unless-stopped
+ environment:
+ EB_CRON: "enabled"
+ TZ: "Europe/Dublin"
+ SYMFONY__DATABASE__PASSWORD: "123123123"
+ SYMFONY__MAILER__TRANSPORT: "smtp"
+ SYMFONY__MAILER__HOST: "mail.example.com"
+ SYMFONY__MAILER__USER: "home@example.com"
+ SYMFONY__MAILER__PASSWORD: "123123123123"
+ SYMFONY__MAILER__FROM: "home@example.com"
+
+ volumes:
+ - ./uploads:/app/uploads
+ - ./sshkeys:/app/.ssh
+ - /mnt/backup:/paths/backups # backup target
+ - /mnt/docker:/paths/docker:ro # backup source
+ - ~:/paths/home:ro # backup source
+ ports:
+ - 3070:80
+
+ db:
+ image: mysql:5.7.22
+ restart: unless-stopped
+ environment:
+ MYSQL_ROOT_PASSWORD: "1NXXQ5U8Uw6611Y70MSWvU0Vw"
+ volumes:
+ - ./db:/var/lib/mysql
+
+ client:
+ image: elkarbackup/client
+ restart: unless-stopped
+```
diff --git a/apps/home-automation/home-assistant.md b/apps/home-automation/home-assistant.md
index 28a8669..bfdcc52 100644
--- a/apps/home-automation/home-assistant.md
+++ b/apps/home-automation/home-assistant.md
@@ -11,6 +11,10 @@
- [Full MDI icons](https://cdn.materialdesignicons.com/5.2.45/)
- [DubhAd/Home-AssistantConfig](https://github.com/DubhAd/Home-AssistantConfig)
- [compatible devices](https://www.hadevices.com/)
+- [presence monitoring](https://community.home-assistant.io/t/monitor-reliable-multi-user-distributed-bluetooth-occupancy-presence-detection/68505)
+- [touch panel](https://singlebox.tv/how-to-all-in-one-home-assistant-and-touch-panel/)
+- [reddit thread guide](https://www.reddit.com/r/homeautomation/comments/ejo7zg/i_built_an_allinone_touch_panel_to_control_my/)
+
## Integrations
- [hacs](https://github.com/hacs/integration)
@@ -139,3 +143,9 @@ media_player.lgtv:
```
## Tips & Tricks
+
+### Nest integration
+- [HA Integration guide](https://www.home-assistant.io/integrations/nest/#device-access-registration)
+- [Acc auth manual](https://developers.google.com/nest/device-access/authorize)
+- [nest console](https://console.nest.google.com/device-access/project-list)
+- [devs console](https://console.developers.google.com/)
diff --git a/apps/other/bitwarden.md b/apps/other/bitwarden.md
new file mode 100644
index 0000000..6ae33ab
--- /dev/null
+++ b/apps/other/bitwarden.md
@@ -0,0 +1,29 @@
+# Bitwarden
+Bitwarden is a password manager & vault.
+
+bitwarden_rs is an unofficial Bitwarden compatible server.
+
+
+
+- [Official Bitwarden Site](https://bitwarden.com/)
+- [bitwarden_rs Github repo](https://github.com/dani-garcia/bitwarden_rs)
+- [bitwarden_rs Docs](https://github.com/dani-garcia/bitwarden_rs/wiki)
+
+
+## docker-compose.yml
+```yml
+---
+version: '3'
+services:
+ bitwarden:
+ image: bitwardenrs/server:latest
+ container_name: bitwarden
+ restart: unless-stopped
+ ports:
+ - "3000:80"
+ volumes:
+ - ./data:/data/
+ environment:
+ - SIGNUPS_ALLOWED=false
+ - ADMIN_TOKEN=123123123123123123123123123123123123123123
+```
diff --git a/apps/other/cockpit.md b/apps/other/cockpit.md
new file mode 100644
index 0000000..c527ee0
--- /dev/null
+++ b/apps/other/cockpit.md
@@ -0,0 +1,20 @@
+# Cockpit
+
+
+- [Github repo](https://github.com/cockpit-project/cockpit)
+- [Docs](https://cockpit-project.org/running.html#ubuntu)
+
+
+## Installation
+```sh
+sudo apt-get install cockpit
+```
+
+Then go to `https://:9090`
+
+
+## Tips & Tricks
+To remove the cockpit's motd (welcome message) automatically added to every ssh login:
+```sh
+sudo rm /etc/motd.d/cockpit
+```
diff --git a/apps/other/code.md b/apps/other/code.md
new file mode 100644
index 0000000..9dd6a82
--- /dev/null
+++ b/apps/other/code.md
@@ -0,0 +1,37 @@
+# Code Server
+
+VSCode in the browser!
+
+
+
+- [Github repo](https://github.com/cdr/code-server)
+- [Docker Hub](https://hub.docker.com/r/linuxserver/code-server)
+
+
+## docker-compose.yml
+```yml
+---
+version: "2.1"
+services:
+ code-server:
+ image: linuxserver/code-server
+ container_name: code-server
+ restart: unless-stopped
+ ports:
+ - 3000:8443
+ environment:
+ - PUID=1000
+ - PGID=1000
+ - TZ=Europe/Dublin
+# - PASSWORD=password #optional
+# - SUDO_PASSWORD=password #optional
+ - PROXY_DOMAIN=code.example.com #optional
+
+ # To get extensions from M$ store - add these:
+ - SERVICE_URL=https://marketplace.visualstudio.com/_apis/public/gallery
+ - ITEM_URL=https://marketplace.visualstudio.com/items
+ volumes:
+ - ./config:/config
+ # folder that will show up in the Code file tree
+ - /var/www/project1:/config/workspace/project1
+```
diff --git a/apps/other/firefox-sync.md b/apps/other/firefox-sync.md
new file mode 100644
index 0000000..36daec7
--- /dev/null
+++ b/apps/other/firefox-sync.md
@@ -0,0 +1,57 @@
+# Firefox Sync Server
+
+ Run-Your-Own Firefox Sync Server.
+ I couldn't make it fully work with MacOS & iOS.
+
+
+
+- [Github repo](https://github.com/mozilla-services/syncserver)
+- [HowTo](https://mozilla-services.readthedocs.io/en/latest/howtos/run-sync-1.5.html)
+
+
+## docker-compose.yml
+```yml
+---
+version: '3'
+services:
+ firefox-sync:
+ image: mozilla/syncserver:latest
+ container_name: firefox-sync
+ restart: unless-stopped
+ environment:
+ - TZ=Europe/Dublin
+ - SYNCSERVER_PUBLIC_URL=http://localhost:5000
+ - SYNCSERVER_SECRET=0123123123123123123123123123123
+ - SYNCSERVER_SQLURI=sqlite:////data/syncserver.db
+ - SYNCSERVER_BATCH_UPLOAD_ENABLED=true
+ - SYNCSERVER_FORCE_WSGI_ENVIRON=false
+ ports:
+ - "3000:5000"
+ volumes:
+ - ./data:/data
+```
+
+## Tips & Tricks
+
+#### Change in Firefox desktop
+in `about:config`, change: `identity.sync.tokenserver.uri` to `https://firefox.example.com/token/1.0/sync/1.5`
+
+(default is `https://token.services.mozilla.com/1.0/sync/1.5`)
+
+#### Change on iOS
+1. In `Settings` - tap 5 times on the version number to get into **Debug Mode**
+2. Go to `Advanced Sync Settings` and enter your sync URL: `https://firefox.example.com/token/1.0/sync/1.5`
+
+#### Generate secret
+```sh
+head -c 20 /dev/urandom | sha1sum
+```
+
+#### Test
+`/usr/local/bin/python -m syncstorage.tests.functional.test_storage --use-token-server http://localhost:5000/token/1.0/sync/1.5`
+
+#### Remove mozilla hosted data
+```sh
+pip install PyFxA
+python ./bin/delete_user_data.py user@example.com
+```
diff --git a/apps/reverse-proxy-sso/traefik.md b/apps/reverse-proxy-sso/traefik.md
index b3abad0..6d8edcc 100644
--- a/apps/reverse-proxy-sso/traefik.md
+++ b/apps/reverse-proxy-sso/traefik.md
@@ -3,17 +3,21 @@ This is one of the best reverse-proxy solutions for self-hosting.
Very easy to run & maintain (once you pass the setup).
Traefik can detect docker services and use docker labels to automatically create routes.
-However, I prefer to keep my docker-compose files clean and explicitly set routers & services myself, so this solution does that exactly.
+However, I prefer to keep my docker-compose files clean and explicitly set routers & services myself, so this solution does exactly that.
Traefik can also be set-up to automatically provide Let's Encrypt certs for your services.
However, there are some services that need cert files (AdGuard Home, Mailcow), and because I want to have a single wildcard certificate for my whole domain (and all subdomains) I prefer to generate it manually (i.e. scripts in cron) and just reference it whenever it's required - so this setup reflects that.
## General overview
-Traefik has 2 types of config: static (requires restart of the container) and dynamic (refreshes live).
-Dynamic config can be provided as a folder, where all `yml` files are parsed and configuration from them is applied to the running server.
-You can create multiple files and split the dynamic config to your preference. I prefer to keep the 2 main layers (routers & services) separate, as it's easy for me to structure the files and it's clear to see what services are defined and the ports that they use. The down-side is that adding/removing a service requires editing 2 files.
-Another approach would be to use 1 yaml file per service (with route & service definition). It would be clearer from the Filesystem (ls -al) to see what services are configured, but e.g. checking all ports would require viewing all config files.
-For that reason it's also good to keep a note somewhere with a table of service-port mapping.
+Traefik has 2 types of config:
+- static - requires restart of the container
+- dynamic - refreshes live.
+
+Dynamic config can be provided as a folder, where all `toml`/`yml` files are parsed and configuration from them is applied to the running server.
+
+You can create multiple files and split the dynamic config to your preference. I prefer to keep 1 main file (for tls/cert settings and global middlewares), and then add 1 config file per service (with route & service definition).
+
+It's also good to keep a note with a table of service-port mapping (to quickly see which ports are used by which service).
@@ -70,114 +74,111 @@ providers:
## Dynamic config
-### config/middlewares.yml
-```yml
-http:
- middlewares:
- authelia:
- forwardAuth:
- address: http://:9091/api/verify?rd=https://login.example.com/
- trustForwardHeader: true
+### config/_main.toml
+```toml
+[[tls.certificates]]
+certFile = "/certs-com/fullchain.cer"
+keyFile = "/certs-com/example.com.key"
+stores = [ "default" ]
- redirect-to-https:
- redirectScheme:
- scheme: https
- permanent: true
+[[tls.certificates]]
+certFile = "/certs-org/fullchain.cer"
+keyFile = "/certs-org/example.org.key"
+stores = [ "default" ]
- security-headers:
- headers:
- referrerPolicy: "same-origin"
- contentTypeNosniff: true
- frameDeny: false
- forceSTSHeader: true
- stsIncludeSubdomains: true
- stsPreload: true
- stsSeconds: 15552000
+[tls.stores.default.defaultCertificate]
+certFile = "/certs-com/fullchain.cer"
+keyFile = "/certs-com/example.com.key"
- nextcloud-redirectregex:
- redirectRegex:
- permanent: true
- regex: 'https://(.*)/.well-known/(card|cal)dav'
- replacement: 'https://${1}/remote.php/dav/'
+[http.middlewares.redirect-to-https.redirectScheme]
+scheme = "https"
+permanent = true
- some-redirect:
- redirectRegex:
- regex: "https://subdomain1.example.com/"
- replacement: "https://subdomain2.example.com?query=123"
- permanent: true
+[http.middlewares.security-headers.headers]
+referrerPolicy = "same-origin"
+contentTypeNosniff = true
+frameDeny = false
+forceSTSHeader = true
+stsIncludeSubdomains = true
+stsPreload = true
+stsSeconds = 15_552_000
-```
+[[http.services.noop.loadBalancer.servers]]
+url = "http://192.168.0.1:666" # this is a fake url
-### config/tls.yml
-```yml
-tls:
- certificates:
- - certFile: /example1-com/fullchain.cer
- keyFile: /example1-com/example1.com.key
- stores:
- - default
- - certFile: /example2-com/fullchain.cer
- keyFile: /example2-com/example2.com.key
- stores:
- - default
-
- stores:
- default:
- defaultCertificate:
- certFile: /example1-com/fullchain.cer
- keyFile: /example1-com/example1.com.key
-```
-
-### config/routers.yml
-```yml
-http:
- routers:
- authelia:
- rule: "Host(`login.example.com`)"
- service: authelia
- tls: {}
- middlewares:
- - security-headers
-
- nextcloud:
- rule: "Host(`cloud.example.com`)"
- service: nextcloud
- tls: {}
- middlewares:
- - security-headers
- - nextcloud-redirectregex
-
- sonarr:
- rule: "Host(`sonarr.example.com`)"
- service: sonarr
- tls: {}
- middlewares:
- - security-headers
- - authelia
+[http.routers.http-catchall]
+rule = "HostRegexp(`{host:(www\\.)?.+}`)"
+entryPoints = [ "http" ]
+middlewares = [ "redirect-to-https" ]
+service = "noop"
```
-### config/services.yml
-```yml
-http:
- services:
+### config/service-authelia.toml
+```toml
+[http.middlewares.authelia.forwardAuth]
+address = "http://:9091/api/verify?rd=https://login.example.com/"
+trustForwardHeader = true
- authelia:
- loadBalancer:
- servers:
- - url: "http://:9091"
+[[http.services.authelia.loadBalancer.servers]]
+url = "http://:9091"
- nextcloud:
- loadBalancer:
- servers:
- - url: "http://:3100"
-
- sonarr:
- loadBalancer:
- servers:
- - url: "http://:8989/"
+[http.routers.authelia]
+rule ="Host(`login.example.com`)"
+service = "authelia"
+tls = { }
+middlewares = [ "security-headers" ]
```
+### config/service-nextcloud.toml
+```toml
+[http.middlewares.nextcloud-redirectregex.redirectRegex]
+permanent = true
+regex = "https://(.*)/.well-known/(card|cal)dav"
+replacement = "https://${1}/remote.php/dav/"
+
+[[http.services.nextcloud.loadBalancer.servers]]
+url = "http://