Divers/mkdocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Màj 06-04-2024

Browse Source
This commit is contained in:
Bruno21
2024-04-06 09:54:09 +02:00
parent cd8cebe7cb
commit 259b9c6a24
76 changed files with 5126 additions and 229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
docs/Synology/Docker/Wireguard.md Normal file
View File

@@ -0,0 +1,151 @@
# Wireguard
### Installer wireguard sur le NAS:
| Model | CPU Model | Cores (each) | Threads (each) | FPU | Package Arch | RAM |
| :----- | :------------------ | :----------- | :------------- | :--- | :----------- | :------------------ |
| DS923+ | AMD Ryzen R1600 | 2 | 4 | ✓ | R1000 | DDR4 ECC SODIMM 4GB |
| DS916+ | Intel Pentium N3710 | 4 | 4 | ✓ | Braswell | DDR3 2GB/8GB |
```bash
sudo docker run --rm --privileged --env PACKAGE_ARCH=r1000 --env DSM_VER=7.2 -v $(pwd):/result_spk synobuild
```
**ne compile pas**
```bash
docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71
docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71
```
### wg-easy
https://github.com/wg-easy/wg-easy
| Création | Portainer (/portainer/compose/29) |
| ----------- | ------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 51820:51821 |
| Volume | /volume1/docker/wgeasy:/etc/wireguard |
```yaml
version: "3.5"
services:
wgeasy:
image: ghcr.io/wg-easy/wg-easy:latest
network_mode: "bridge"
container_name: wgeasy
ports:
- "51820:51820/udp"
- "51821:51821"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/wgeasy:/etc/wireguard
environment:
- WG_HOST=photos-nas.ovh
- WG_DEFAULT_DNS=192.168.2.216
restart: always
```
Variable d'enrironnement (dans stack.env)
```yaml
PASSWORD=xxxxxxxxxx
```
##### wg0.conf
```
# Note: Do not edit this file directly.
# Your changes will be overwritten!
# Server
[Interface]
PrivateKey = I5wPTHTxgF[5YyJ@4'Mgwipl+.m=aUB6i[bGAF;p:I|l
Address = 10.8.0.1/24
ListenPort = 51820
PreUp =
PostUp = iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
PreDown =
PostDown =
# Client: ungoutdepomme (557cb02f-6418-465c-8063-866333011ea0)
[Peer]
PublicKey = )RGRG/Aha{XD{sC)YDg(6[kPOF.yaUO1[)QaFlJZg+-P
PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8
AllowedIPs = 10.8.0.2/32
# Client: airbook (f75ed225-6a8b-4179-a11a-368aec6d2545)
[Peer]
PublicKey = 4!oI:!t9-V:;TxZ{gfJFXuPkS\v2A6+Ka[36.tP=;ao[
PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB
AllowedIPs = 10.8.0.3/32
```
##### airbook.conf
```
[Interface]
PrivateKey = -dPlB6Glr9IKBo-q(.5X)7Ad+}YuAe9S3):dBPbFLrWX
Address = 10.8.0.3/24
DNS = 192.168.2.216
[Peer]
PublicKey = wXbLtH/'#-;*6"j1ZQgl?.)VMRqMG@g!U38jvw}3(=Yw
PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = photos-nas.ovh:51820
```
##### ungoutdepomme.conf
```
[Interface]
PrivateKey = #Udj:SC,kA0h}MTa7\|as69PV.sS@lpL!'4y34uj?.Z{
Address = 10.8.0.2/24
DNS = 192.168.2.216
[Peer]
PublicKey = ukj!q\:v-70L/Rlr,TJ9];,19,=Uu-1a+O/V|B@OCULq
PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = photos-nas.ovh:51820
```
# `#Token modifié`

41
docs/Synology/Docker/docker-compose/Pi.Alert.md Normal file
View File

@@ -0,0 +1,41 @@
# Pi.Alert
| Création | Portainer |
| ----------- | ---------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 17811 |
| Lien | [Github](https://github.com/pucherot/Pi.Alert) |
```yaml
version: "3.9"
services:
pi.alert:
container_name: Pi.Alert
healthcheck:
test: curl -f http://localhost:17811/ || exit 1
mem_limit: 2g
cpu_shares: 768
security_opt:
- no-new-privileges:true
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/pialert/config:/home/pi/pialert/config:rw
- /volume1/docker/pialert/db:/home/pi/pialert/db:rw
- /volume1/docker/pialert/logs:/home/pi/pialert/front/log:rw
environment:
TZ: Europe/Paris
PORT: 17811
HOST_USER_ID: 1026
HOST_USER_GID: 100
network_mode: host
restart: on-failure:5
image: jokobsk/pi.alert:latest
```

26
docs/Synology/Docker/docker-compose/_network.md Normal file
View File

@@ -0,0 +1,26 @@
# network
| | |
| -------------- | ------------------- |
| 172.16.57.0/24 | changeDetection |
| 172.16.58.0/24 | docspell |
| 172.16.59.0/24 | diun / paperlessngx |
| 172.16.60.0/24 | send |
| 172.16.61.0/24 | chibisafe |
| 172.16.62.0/24 | psitransfer |
| 172.16.63.0/24 | pingvin |
| 172.16.64.0/24 | gokapi |
| 172.16.65.0/24 | snippetbox |
| 172.16.66.0/24 | materialious |
| 172.16.67.0/24 | snapdrop |
| 172.16.69.0/24 | seafile |
| 172.16.70.0/24 | kavita |
| | |
| 172.16.72.0/24 | invidious |
| 172.16.73.0/24 | nextcloud |
| 172.16.77.0/24 | maptiler |
| 172.16.78.0/24 | mapserver |
| | |

38
docs/Synology/Docker/docker-compose/changeDetection.md Normal file
View File

@@ -0,0 +1,38 @@
# changeDetection
| Création | dockge |
| ----------- | -------------------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 5075 |
| Liens | [Github](https://github.com/dgtlmoon/changedetection.io) |
```yaml
version: '3.2'
services:
changedetection:
image: ghcr.io/dgtlmoon/changedetection.io
container_name: changedetection
hostname: changedetection
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- changedetection-data:/datastore
ports:
- 5075:5000
volumes:
changedetection-data:
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.57.0/24
```

38
docs/Synology/Docker/docker-compose/chibisafe.md Normal file
View File

@@ -0,0 +1,38 @@
# chibisafe
| Création | dockge |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 24424 |
| Liens | [Github](https://github.com/chibisafe/chibisafe) |
```yaml
version: "3.7"
services:
chibisafe:
image: chibisafe/chibisafe:latest
container_name: chibisafe
volumes:
- /volume1/docker/dockge/stacks/chibisafe/database:/home/node/chibisafe/database:rw
- /volume1/docker/dockge/stacks/chibisafe/uploads:/home/node/chibisafe/uploads:rw
- /volume1/docker/dockge/stacks/chibisafe/logs:/home/node/chibisafe/logs:rw
ports:
- 24424:8000
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: always
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.61.0/24
```

37
docs/Synology/Docker/docker-compose/dockge.md Normal file
View File

@@ -0,0 +1,37 @@
# dockge
| Création | Container Manager (projet) |
| ----------- | -------------------------------------------- |
| Mise-à-jour | - |
| Ports | 5011 |
| Liens | [Github](https://github.com/louislam/dockge) |
```yaml
version: "3.8"
services:
dockge:
image: louislam/dockge:1
restart: unless-stopped
ports:
# Host Port : Container Port
- 5011:5001
volumes:
- /var/run/docker.sock:/var/run/docker.sock
… environment:
# Tell Dockge where is your stacks directory
- DOCKGE_STACKS_DIR=/volume1/docker/dockge/stacks
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.58.0/24
```

125
docs/Synology/Docker/docker-compose/docspell.md Normal file
View File

@@ -0,0 +1,125 @@
# docspell
| Création | Portainer |
| ----------- | --------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 8486 |
| Liens | [Docspell](https://docspell.org/) |
```yaml
version: '3.9'
services:
docspell-db:
image: postgres
container_name: Docspell-DB
hostname: docspell-db
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "pg_isready", "-q", "-d", "docspell", "-U", "docspelluser"]
timeout: 45s
interval: 10s
retries: 10
user: 1026:100
volumes:
- /volume1/docker/docspell/db:/var/lib/postgresql/data
environment:
- POSTGRES_DB=docspell
- POSTGRES_USER=docspelluser
- POSTGRES_PASSWORD=docspellpass
restart: always
docspell-solr:
image: solr
command:
- solr-precreate
- docspell
container_name: Docspell-SOLR
hostname: docspell-solr
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8983/solr/docspell/admin/ping"]
interval: 45s
timeout: 10s
retries: 2
start_period: 30s
user: 1026:100
volumes:
- /volume1/docker/docspell/solr:/var/solr
restart: always
restserver:
image: docspell/restserver:latest
container_name: Docspell-RESTSERVER
hostname: docspell-restserver
security_opt:
- no-new-privileges:true
user: 1026:100
ports:
- 8486:7880
environment:
- TZ=Europe/Paris
- DOCSPELL_SERVER_INTERNAL__URL=http://docspell-restserver:7880
- DOCSPELL_SERVER_ADMIN__ENDPOINT_SECRET=superdupersecretyeah
- DOCSPELL_SERVER_AUTH_SERVER__SECRET=evenmoresuperdupersecret
- DOCSPELL_SERVER_BACKEND_JDBC_PASSWORD=docspellpass
- DOCSPELL_SERVER_BACKEND_JDBC_URL=jdbc:postgresql://docspell-db:5432/docspell
- DOCSPELL_SERVER_BACKEND_JDBC_USER=docspelluser
- DOCSPELL_SERVER_BIND_ADDRESS=0.0.0.0
- DOCSPELL_SERVER_FULL__TEXT__SEARCH_ENABLED=true
- DOCSPELL_SERVER_FULL__TEXT__SEARCH_SOLR_URL=http://docspell-solr:8983/solr/docspell
- DOCSPELL_SERVER_INTEGRATION__ENDPOINT_ENABLED=true
- DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__HEADER_ENABLED=true
- DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__HEADER_HEADER__VALUE=superduperpassword123
- DOCSPELL_SERVER_BACKEND_SIGNUP_MODE=open
- DOCSPELL_SERVER_BACKEND_SIGNUP_NEW__INVITE__PASSWORD=
- DOCSPELL_SERVER_BACKEND_ADDONS_ENABLED=false
restart: always
depends_on:
docspell-db:
condition: service_started
docspell-solr:
condition: service_healthy
joex:
image: docspell/joex:latest
container_name: Docspell-JOEX
hostname: docspell-joex
security_opt:
- no-new-privileges:true
user: 1026:100
environment:
- TZ=Europe/Paris
- DOCSPELL_JOEX_APP__ID=joex1
- DOCSPELL_JOEX_PERIODIC__SCHEDULER_NAME=joex1
- DOCSPELL_JOEX_SCHEDULER_NAME=joex1
- DOCSPELL_JOEX_BASE__URL=http://docspell-joex:7878
- DOCSPELL_JOEX_BIND_ADDRESS=0.0.0.0
- DOCSPELL_JOEX_FULL__TEXT__SEARCH_ENABLED=true
- DOCSPELL_JOEX_FULL__TEXT__SEARCH_SOLR_URL=http://docspell-solr:8983/solr/docspell
- DOCSPELL_JOEX_JDBC_PASSWORD=docspellpass
- DOCSPELL_JOEX_JDBC_URL=jdbc:postgresql://docspell-db:5432/docspell
- DOCSPELL_JOEX_JDBC_USER=docspelluser
- DOCSPELL_JOEX_ADDONS_EXECUTOR__CONFIG_RUNNER=docker,trivial
- DOCSPELL_JOEX_CONVERT_HTML__CONVERTER=weasyprint
restart: always
depends_on:
docspell-db:
condition: service_started
docspell-solr:
condition: service_healthy
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.58.0/24
```

36
docs/Synology/Docker/docker-compose/dozzle.md Normal file
View File

@@ -0,0 +1,36 @@
# dozzle
| Création | Portainer |
| ----------- | ------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 9999 |
| Liens | [Github](https://github.com/amir20/dozzle) |
```yaml
name: dozzle
services:
dozzle:
container_name: dozzle
ports:
- 9999:8080
environment:
- PUID=1026
- PGID=100
- TZ=Europe/Paris
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
image: amir20/dozzle:latest
```

30
docs/Synology/Docker/docker-compose/freegeoip.md Normal file
View File

@@ -0,0 +1,30 @@
# freegeoip
| Création | dockge |
| ----------- | -------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 8080 / 8888 |
| Liens | [Github](https://github.com/t0mer/freegeoip) |
```yaml
version: "2.1"
services:
freegeoip:
image: techblog/freegeoip
container_name: freegeoip
ports:
- 8080:8080
- 8888:8888
labels:
- com.centurylinklabs.watchtower.enable=true
restart: always
networks: {}
```

65
docs/Synology/Docker/docker-compose/glances.md Normal file
View File

@@ -0,0 +1,65 @@
# glances
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 61208 |
| Liens | [Github](https://github.com/nicolargo/glances)<br />[Docker](https://github.com/nicolargo/glances/blob/develop/docs/docker.rst) |
```yaml
version: "3.9"
services:
glances:
container_name: Glances
image: nicolargo/glances:latest-full
healthcheck:
test: curl -f http://localhost:61208/ || exit 1
mem_limit: 4g
cpu_shares: 768
security_opt:
- no-new-privileges:true
pid: host
privileged: true
network_mode: host
restart: on-failure:5
ports:
- 61208:61208
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
GLANCES_OPT: -w
```
By default, the /etc/glances/glances.conf file is used (based on docker-compose/glances.conf).
Additionally, if you want to use your own glances.conf file, you can create your own Dockerfile:
```
FROM nicolargo/glances:latest
COPY glances.conf /root/.config/glances/glances.conf
CMD python -m glances -C /root/.config/glances/glances.conf $GLANCES_OPT
```
Alternatively, you can specify something along the same lines with docker run options (notice the GLANCES_OPT environment variable setting parameters for the glances startup command):
```
docker run -e TZ="${TZ}" -v `pwd`/glances.conf:/root/.config/glances/glances.conf -v /var/run/docker.sock:/var/run/docker.sock:ro -v /run/user/1000/podman/podman.sock:/run/user/1000/podman/podman.sock:ro --pid host -e GLANCES_OPT="-C /root/.config/glances/glances.conf" -it nicolargo/glances:latest-full
```
Where `pwd`/glances.conf is a local directory containing your glances.conf file.
glances.conf
https://github.com/nicolargo/glances/blob/develop/conf/glances.conf

37
docs/Synology/Docker/docker-compose/gokapi.md Normal file
View File

@@ -0,0 +1,37 @@
# gokapi
| Création | dockge |
| ----------- | ------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 53842 |
| Liens | [Github](https://github.com/Forceu/Gokapi) |
```yaml
version: "3.7"
services:
gokapi:
container_name: gokapi
volumes:
- /volume1/docker/dockge/stacks/gokapi/data:/app/data
- /volume1/docker/dockge/stacks/gokapi/config:/app/config
ports:
- 53842:53842
labels:
- "com.centurylinklabs.watchtower.enable=true"
image: f0rc3/gokapi:latest
restart: always
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.64.0/24
```

36
docs/Synology/Docker/docker-compose/heimdall.md Normal file
View File

@@ -0,0 +1,36 @@
# Heimdall
| Création | dockge |
| ----------- | ---------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 8056 |
| Liens | [Heimdall](https://heimdall.site/) |
```yaml
name: heimdall
services:
heimdall:
container_name: heimdall
ports:
- 8056:80
- 7543:443
environment:
- PUID=1026
- PGID=100
- TZ=Europe/Paris
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/heimdall:/config
restart: always
image: ghcr.io/linuxserver/heimdall
networks: {}
```

68
docs/Synology/Docker/docker-compose/igotify.md Normal file
View File

@@ -0,0 +1,68 @@
# igotify
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 8680 |
| Liens | [Github](https://github.com/androidseb25/iGotify-Notification-Assistent)<br />[Gotify](https://gotify.net) |
```yaml
version: '3.8'
services:
gotify:
container_name: gotify
hostname: gotify
image: ghcr.io/gotify/server:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- net
ports:
- "8680:80"
volumes:
- igotify-data:/app/data
labels:
- "com.centurylinklabs.watchtower.enable=true"
environment:
TZ: Europe/Paris
GOTIFY_DEFAULTUSER_NAME: bruno
GOTIFY_DEFAULTUSER_PASS: 3l.+-OGj8feS*C7b
igotify:
container_name: igotify
hostname: igotify
image: ghcr.io/androidseb25/igotify-notification-assist:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
pull_policy: always
networks:
- net
ports:
- "8681:8080"
volumes:
- igotify-api-data:/app/data
labels:
- "com.centurylinklabs.watchtower.enable=true"
environment:
IGOTIFY_CLIENT_TOKEN: 'Zm1BPb.iqe,!r=\' # create a client in gotify an add here the client token
GOTIFY_SERVER_URL: 'http://gotify' # default container name from gotify server
networks:
net:
volumes:
igotify-data:
igotify-api-data:
# tokens modifiés
```

86
docs/Synology/Docker/docker-compose/invidious.md Normal file
View File

@@ -0,0 +1,86 @@
# invidious
| Création | Portainer |
| ----------- | --------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 7601 |
| Liens | [Github](https://github.com/iv-org/invidious) |
```yaml
version: "3.9"
services:
invidious-db:
image: postgres
container_name: Invidious-DB
hostname: invidious-db
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "pg_isready", "-q", "-d", "invidious", "-U", "kemal"]
timeout: 45s
interval: 10s
retries: 10
user: 1026:100
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/invidiousdb:/var/lib/postgresql/data
environment:
POSTGRES_DB: invidious
POSTGRES_USER: kemal
POSTGRES_PASSWORD: kemalpw
restart: always
invidious:
image: quay.io/invidious/invidious:latest
container_name: Invidious
hostname: invidious
user: 1026:100
security_opt:
- no-new-privileges:true
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s
timeout: 5s
retries: 2
ports:
- 7601:3000
labels:
- com.centurylinklabs.watchtower.enable=true
environment:
INVIDIOUS_CONFIG: |
db:
dbname: invidious
user: kemal
password: kemalpw
host: invidious-db
port: 5432
check_tables: true
captcha_enabled: false
default_user_preferences:
locale: fr
region: FR
external_port: 443
domain: invidious.photos-nas.ovh
hmac_key: Kh9d0h2tV1wIVbqUHTCR5EOxcrc6iB9zLu4UGqIpfXKHjGlksKUWsMyOUw0YVJdC
https_only: true
restart: always
depends_on:
invidious-db:
condition: service_started
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.72.0/24
# token modifié
```

70
docs/Synology/Docker/docker-compose/maptiler.md Normal file
View File

@@ -0,0 +1,70 @@
# maptiler
```yaml
version: "2"
services:
tileserver:
restart: always
image: maptiler/tileserver-gl
container_name: maptiler
privileged: false
ports:
- 8580:8080
volumes:
- /volume1/docker/dockge/stacks/maptiler/data/map:/data
command:
- --verbose
- --mbtiles
- maptiler-osm-2020-02-10-v3.11-europe.mbtiles
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.77.0/24
```
https://tileserver.readthedocs.io/en/latest/index.html
https://blog.tmlmt.com/create-style-and-render-self-hosted-vector-maps/
https://download.geofabrik.de
```
command: ["-p", "80", "-c", "/data/config.json"]
docker run --rm -it -v $(pwd):/data -p 8188:8080 maptiler/tileserver-gl:v3.1.1 -c config.json --verbose
```
```
version: '3.4'
services:
openmaptiles:
image: klokantech/tileserver-gl
ports:
- 8080:80
volumes:
- "./data:/data"
command: "--verbose -c config.json"
```
## Reloading the configuration
It is possible to reload the configuration file without restarting the whole process by sending a SIGHUP signal to the node process.
- The docker kill -s HUP tileserver-gl command can be used when running the tileserver-gl docker container.
- The docker-compose kill -s HUP tileserver-gl-service-name can be used when tileserver-gl is run as a docker-compose service.

82
docs/Synology/Docker/docker-compose/navidrome.md Normal file
View File

@@ -0,0 +1,82 @@
# navidrome -maloja
| Création | Portainer |
| -------------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port navidrome | 4533 |
| Port maloja | 42010 |
| Liens | [Navidrome](https://www.navidrome.org/)<br />[Github](https://github.com/krateng/maloja) |
```yaml
version: "3"
services:
navidrome:
image: deluan/navidrome
container_name: navidrome
user: 1028:65536 # à modifier par votre propre PGID et PUID
ports:
- "4533:4533" # modifier votre IP donnant vers l'exterieur
environment:
# Optional: put your config options customization here. Examples:
ND_SCANSCHEDULE: 1h
ND_SESSIONTIMEOUT: "24h"
ND_LOGLEVEL: debug
ND_BASEURL: ""
ND_DEFAULTLANGUAGE: fr
ND_ENABLEEXTERNALSERVICES: true
ND_ENABLELOGREDACTING: true
ND_ENABLECOVERANIMATION: false
ND_AUTHREQUESTLIMIT: 10
ND_LISTENBRAINZ_ENABLED: true
ND_LISTENBRAINZ_BASEURL: "http://maloja:42010/apis/listenbrainz/1/"
#ND_LISTENBRAINZ_BASEURL: "https://maloja.photos-nas.ovh/apis/mlj_1/newscrobble"
ND_LASTFM_ENABLED: true
ND_LASTFM_LANGUAGE: fr
ND_ENABLEFAVOURITES: true
ND_ENABLESTARRATING: true
ND_ENABLEUSEREDITING: true
#ND_ENABLEDOWNSAMPLING: "true"
#ND_MAXBITRATE: 128 # can be anything less then your Ogg files bitrate
#ND_DOWNSAMPLECOMMAND: "ffmpeg -i %s -map 0:0 -b:a %bk -v 0 -c:a libopus -f opus -"
ND_PORT: 4533
env_file:
- stack.env
volumes:
- "/volume1/docker/navidrome:/data"
- "/volume1/music:/music:ro"
labels:
- "com.centurylinklabs.watchtower.enable=true"
#- com.centurylinklabs.watchtower.depends-on=
#- "diun.enable=true"
restart: unless-stopped
maloja:
# from dockerhub
image: "krateng/maloja:latest"
container_name: maloja
ports:
- "42010:42010"
restart: unless-stopped
# different directories for configuration, state and logs
volumes:
- "/volume1/docker/maloja/data:/data"
environment:
- "MALOJA_DATA_DIRECTORY=/data"
- "PUID=1028"
- "PGID=65536"
- "MALOJA_LOGGING=true"
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
#- com.centurylinklabs.watchtower.depends-on=
#- "diun.enable=true"
```

39
docs/Synology/Docker/docker-compose/openstreetmap.md Normal file
View File

@@ -0,0 +1,39 @@
# openstreetmap-tile-server
https://github.com/Overv/openstreetmap-tile-server
Créez un volume Docker pour contenir la base de données PostgreSQL qui contiendra les données OpenStreetMap :
```bash
docker volume create osm-data
```
Téléchargez un `.osm.pbf`extrait de geofabrik.de pour la région qui vous intéresse:
```bash
cd /volume1/docker/dockge/stacks/
mkdir mapserver
cd mapserver
mkdir data
```
```bash
wget http://download.geofabrik.de/france-latest.osm.pbf
wget http://download.geofabrik.de/france.poly
```
L'importer dans PostgreSQL en exécutant un conteneur et en montant le fichier en tant que `/data/region.osm.pbf`.
```bash
docker run \
-v /volume1/docker/dockge/stacks/mapserver/data/france-latest.osm.pbf:/data/region.osm.pbf \
-v osm-data:/data/database/ \
overv/openstreetmap-tile-server \
import
```

145
docs/Synology/Docker/docker-compose/paperlessngx.md Normal file
View File

@@ -0,0 +1,145 @@
# paperlessngx
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8777 |
| Liens | [Paperless-ngx](https://docs.paperless-ngx.com/)<br />[Github](https://github.com/paperless-ngx/paperless-ngx) |
```yaml
version: "3.9"
services:
redis:
image: redis:7
command:
- /bin/sh
- -c
- redis-server --requirepass redispass
container_name: PaperlessNGX-REDIS
hostname: paper-redis
mem_limit: 512m
mem_reservation: 256m
cpu_shares: 768
security_opt:
- no-new-privileges:true
read_only: true
user: 1026:100
healthcheck:
test: ["CMD-SHELL", "redis-cli ping || exit 1"]
volumes:
- /volume1/docker/paperlessngx/redis:/data:rw
environment:
TZ: Europe/Paris
restart: on-failure:5
db:
image: postgres:16
container_name: PaperlessNGX-DB
hostname: paper-db
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "pg_isready", "-q", "-d", "paperless", "-U", "paperlessuser"]
timeout: 45s
interval: 10s
retries: 10
volumes:
- /volume1/docker/paperlessngx/db:/var/lib/postgresql/data:rw
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperlessuser
POSTGRES_PASSWORD: paperlesspass
restart: on-failure:5
gotenberg:
image: gotenberg/gotenberg:latest
container_name: PaperlessNGX-GOTENBERG
hostname: gotenberg
security_opt:
- no-new-privileges:true
user: 1026:100
command:
- "gotenberg"
- "--chromium-disable-javascript=true"
- "--chromium-allow-list=file:///tmp/.*"
restart: on-failure:5
tika:
image: ghcr.io/paperless-ngx/tika:latest
container_name: PaperlessNGX-TIKA
hostname: tika
security_opt:
- no-new-privileges:true
user: 1026:100
restart: on-failure:5
paperless:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
container_name: PaperlessNGX
hostname: paperless-ngx
mem_limit: 6g
cpu_shares: 1024
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"]
interval: 30s
timeout: 10s
retries: 5
ports:
- 8777:8000
volumes:
- /volume1/docker/paperlessngx/data:/usr/src/paperless/data:rw
- /volume1/docker/paperlessngx/media:/usr/src/paperless/media:rw
- /volume1/docker/paperlessngx/export:/usr/src/paperless/export:rw
- /volume1/docker/paperlessngx/consume:/usr/src/paperless/consume:rw
- /volume1/docker/paperlessngx/trash:/usr/src/paperless/trash:rw
environment:
PAPERLESS_REDIS: redis://:redispass@paper-redis:6379
PAPERLESS_DBENGINE: postgresql
PAPERLESS_DBHOST: paper-db
PAPERLESS_DBNAME: paperless
PAPERLESS_DBUSER: paperlessuser
PAPERLESS_DBPASS: paperlesspass
PAPERLESS_TRASH_DIR: ../trash
PAPERLESS_FILENAME_FORMAT: '{created_year}/{correspondent}/{document_type}/{title}'
PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD: 6
PAPERLESS_TASK_WORKERS: 1
USERMAP_UID: 1026
USERMAP_GID: 100
PAPERLESS_TIME_ZONE: Europe/Paris
PAPERLESS_URL: https://paperlessngx.photos-nas.ovh
PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperlessngx.photos-nas.ovh
PAPERLESS_OCR_LANGUAGE: deu+eng
PAPERLESS_TIKA_ENABLED: 1
PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
PAPERLESS_TIKA_ENDPOINT: http://tika:9998
env_file:
- stack.env
restart: on-failure:5
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
tika:
condition: service_started
gotenberg:
condition: service_started
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.59.0/24
```

37
docs/Synology/Docker/docker-compose/pingvin.md Normal file
View File

@@ -0,0 +1,37 @@
# pingvin
| Création | dockge |
| ----------- | ----------------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 6090 |
| Liens | [Github](https://github.com/stonith404/pingvin-share) |
```yaml
version: "3.7"
services:
pingvin-share:
container_name: Pingvin-Share
ports:
- 6090:3000
volumes:
- /volume1/docker/dockge/stacks/pingvin:/opt/app/backend/data
- /volume1/docker/dockge/stacks/pingvin/public:/opt/app/frontend/public/img
restart: always
image: stonith404/pingvin-share
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.63.0/24
```

41
docs/Synology/Docker/docker-compose/privatebin.md Normal file
View File

@@ -0,0 +1,41 @@
# PrivateBin
| Création | dockge |
| ----------- | -------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 8380 |
| Liens | [PrivateBin](https://privatebin.info/) |
```yaml
name: privatebin
services:
nginx-fpm-alpine:
restart: always
read_only: true
environment:
TZ: Europe/Paris
ports:
- 8380:8080
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/privatebin/conf.php:/srv/cfg/conf.php:ro
- /volume1/docker/dockge/stacks/privatebin/data:/srv/data
- /volume1/docker/dockge/stacks/privatebin:/tmp
- /volume1/docker/dockge/stacks/privatebin:/run
image: privatebin/nginx-fpm-alpine
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.66.0/24
```

35
docs/Synology/Docker/docker-compose/psitransfer.md Normal file
View File

@@ -0,0 +1,35 @@
# psitransfer
| Création | dockge |
| ----------- | -------------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 3005 |
| Liens | [Github](https://github.com/psi-4ward/psitransfer) |
```yaml
version: "3.7"
services:
psitransfer:
container_name: psitransfer
volumes:
- /volume1/docker/dockge/stacks/psitransfer/data:/data
ports:
- 3005:3000
labels:
- com.centurylinklabs.watchtower.enable=true
image: psitrax/psitransfer
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.62.0/24
```

49
docs/Synology/Docker/docker-compose/scrutiny.md Normal file
View File

@@ -0,0 +1,49 @@
# Scrutiny
| Création | Container Manager (projet) |
| ----------- | --------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 6070 |
| Liens | [Github](https://github.com/AnalogJ/scrutiny) |
```yaml
services:
scrutiny:
container_name: scrutiny
image: ghcr.io/analogj/scrutiny:master-omnibus
cap_add:
- SYS_RAWIO
- SYS_ADMIN
ports:
- "6070:8080" # webapp
- "8086:8086" # influxDB administration
volumes:
- /run/udev:/run/udev:ro
- /volume1/docker/scrutiny:/opt/scrutiny/config
- /volume1/docker/scrutiny/influxdb:/opt/scrutiny/influxdb
devices:
# - /dev/nvme0n1:/dev/nvme0n1
# - /dev/nvme1n1:/dev/nvme1n1
- /dev/sata1:/dev/sata1
- /dev/sata2:/dev/sata2
- /dev/sata3:/dev/sata3
- /dev/sata4:/dev/sata4
# - /dev/sata5:/dev/sata5
# - /dev/sata6:/dev/sata6
# - /dev/sata7:/dev/sata7
# - /dev/sata8:/dev/sata8
environment:
- SCRUTINY_WEB_INFLUXDB_TOKEN='eo5Kc?t9T/Yrl054Edh6bJYNbhOH3blnWHqDcLHc4ml2ur/IF6?pR1v4BHd!bfB01Qu4pQyPs!?AiBa-8WGoSrkpjdQ'
- SCRUTINY_WEB_INFLUXDB_INIT_USERNAME='bruno'
- SCRUTINY_WEB_INFLUXDB_INIT_PASSWORD='j8s!hJVWCuu*z*LU'
- TIMEZONE=Europe/Paris
restart: unless-stopped
```

82
docs/Synology/Docker/docker-compose/seafile.md Normal file
View File

@@ -0,0 +1,82 @@
# seafile
| Création | dockge |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8611 |
| Liens | [Manuel](https://manual.seafile.com/)<br />[Seafile](https://www.seafile.com/en/home/)<br />https://mariushosting.com/how-to-install-seafile-on-your-synology-nas/ |
```yaml
version: "3.9"
services:
db:
image: mariadb:11.3-jammy
container_name: Seafile-DB
hostname: seafile-db
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges:true
user: 1026:100
volumes:
- /volume1/docker/dockge/stacks/seafile/db:/var/lib/mysql:rw
environment:
MYSQL_ROOT_PASSWORD: rootpass
TZ: Europe/Paris
restart: on-failure:5
cache:
image: memcached:1.6.22
entrypoint: memcached -m 256
container_name: Seafile-CACHE
hostname: memcached
mem_limit: 512m
cpu_shares: 768
security_opt:
- no-new-privileges:true
read_only: true
user: 1026:100
restart: on-failure:5
seafile:
image: seafileltd/seafile-mc:latest
container_name: Seafile
hostname: seafile
mem_limit: 2g
cpu_shares: 768
security_opt:
- no-new-privileges:true
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost
volumes:
- /volume1/docker/dockge/stacks/seafile/data:/shared:rw
ports:
- 8611:80
environment:
DB_HOST: seafile-db
DB_ROOT_PASSWD: rootpass
TIME_ZONE: Europe/Paris
SEAFILE_ADMIN_EMAIL: liste@clicclac.info
SEAFILE_ADMIN_PASSWORD: mariushosting
SEAFILE_SERVER_LETSENCRYPT: false
SEAFILE_SERVER_HOSTNAME: seafile.photos-nas.ovh
FORCE_HTTPS_IN_CONF: true
restart: on-failure:5
depends_on:
db:
condition: service_started
cache:
condition: service_started
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.69.0/24
```

33
docs/Synology/Docker/docker-compose/searXNG.md Normal file
View File

@@ -0,0 +1,33 @@
# searXNG
| Création | dockge |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 5147 |
| Liens | [Docs](https://docs.searxng.org)<br />[Github](https://github.com/searxng/searxng) |
```yaml
version: '3.9'
services:
searxng:
image: searxng/searxng
container_name: SearXNG
mem_limit: 8g
cpu_shares: 2048
security_opt:
- no-new-privileges:true
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/searxng:/etc/searxng:rw
restart: on-failure:5
ports:
- 5147:8080
```

59
docs/Synology/Docker/docker-compose/send.md Normal file
View File

@@ -0,0 +1,59 @@
# send
| Création | dockge |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 1234 |
| Liens | [Github](https://github.com/timvisee/send)<br />[Docker](https://github.com/timvisee/send-docker-compose/tree/master) |
```yaml
version: "3"
services:
send:
image: registry.gitlab.com/timvisee/send:latest
restart: always
ports:
- 1234:1234
volumes:
- /volume1/docker/dockge/stacks/send/uploads:/uploads
labels:
- com.centurylinklabs.watchtower.enable=true
environment:
- VIRTUAL_HOST=send.photos-nas.ovh
- VIRTUAL_PORT=1234
- DHPARAM_GENERATION=false
- NODE_ENV=production
- BASE_URL=https://send.photos-nas.ovh
- PORT=1234
- REDIS_HOST=redis
- FILE_DIR=/uploads
# To customize upload limits
# - EXPIRE_TIMES_SECONDS=3600,86400,604800,2592000,31536000
# - DEFAULT_EXPIRE_SECONDS=3600
# - MAX_EXPIRE_SECONDS=31536000
# - DOWNLOAD_COUNTS=1,2,5,10,15,25,50,100,1000
# - MAX_DOWNLOADS=1000
# - MAX_FILE_SIZE=2684354560
redis:
image: redis:alpine
restart: always
volumes:
- send-redis:/data
volumes:
send-redis: null
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.60.0/24
```

47
docs/Synology/Docker/docker-compose/snapdrop.md Normal file
View File

@@ -0,0 +1,47 @@
# snapdrop
| Création | dockge |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 7653 |
| Liens | [Github](https://github.com/RobinLinus/snapdrop) |
```yaml
version: "3.9"
services:
snapdrop:
image: ghcr.io/linuxserver/snapdrop:latest
container_name: Snapdrop
hostname: snapdrop
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges:true
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:80
ports:
- 7653:443
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/snapdrop:/config:rw
environment:
TZ: Europe/Paris
PUID: 1026
PGID: 100
restart: on-failure:5
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.67.0/24
```

36
docs/Synology/Docker/docker-compose/snippet-box.md Normal file
View File

@@ -0,0 +1,36 @@
# snippet-box
| Création | dockge |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 5010 |
| Liens | [Github](https://github.com/RobinLinus/snapdrop) |
```yaml
version: "3"
services:
snippet-box:
image: pawelmalak/snippet-box:latest
container_name: snippet-box
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/snippetbox/data:/app/data
ports:
- 5010:5000
restart: unless-stopped
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.65.0/24
```

57
docs/Synology/Docker/docker-compose/tautulli.md Normal file
View File

@@ -0,0 +1,57 @@
# Tautulli
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8181 |
| Liens | [Github](https://github.com/Tautulli/Tautulli)<br />[Tautulli](https://tautulli.com/) |
```bash
services:
tautulli:
image: linuxserver/tautulli:latest
container_name: tautulli
environment:
- PUID=1026 #CHANGE_TO_YOUR_UID
- PGID=100 #CHANGE_TO_YOUR_GID
- TZ=Europe/Paris #CHANGE_TO_YOUR_TZ
- UMASK=022
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/tautulli:/config
ports:
- 8181:8181/tcp
network_mode: synobridge
security_opt:
- no-new-privileges:true
restart: always
```
#### Portail de connexion -> Avancé -> Proxy inversé
Entête personnalisé:
| Nom de l'entête | Valeur |
| ----------------- | --------------------------- |
| Host | $host; |
| X-Real-IP | $remote_addr; |
| X-Forwarded-Host | $server_name; |
| X-Forwarded-For | $proxy_add_x_forwarded_for; |
| X-Forwarded-Proto | $scheme; |
| X-Forwarded-Ssl | on; |
https://github.com/Tautulli/Tautulli/wiki/Installation#synology
https://github.com/Tautulli/Tautulli/wiki/Frequently-Asked-Questions#general-q9

43
docs/Synology/Docker/docker-compose/watchtower.md Normal file
View File

@@ -0,0 +1,43 @@
# Watchtower
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | - |
| Liens | [Watchtower](https://containrrr.dev/watchtower/)<br />[Github](https://github.com/containrrr/watchtower/) |
```yaml
version: '2.1'
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
hostname: watchtower-nas
network_mode: bridge
environment:
- WATCHTOWER_NOTIFICATIONS=email
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_DEBUG=true
- WATCHTOWER_LABEL_ENABLE=true
- WATCHTOWER_TIMEOUT=30s
#- WATCHTOWER_POLL_INTERVAL=300
- WATCHTOWER_SCHEDULE=0 0 5 * * *
- TZ=Europe/Paris
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /volume1/docker/watchtower/config.json:/root/.docker/config.json
restart: unless-stopped
```

44
docs/Synology/Docker/docker-compose/wgeasy.md Normal file
View File

@@ -0,0 +1,44 @@
# wg-easy
| Création | Portainer |
| ----------- | -------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 51821 |
| Liens | [Github](https://github.com/wg-easy/wg-easy) |
```yaml
version: "3.5"
services:
wgeasy:
image: ghcr.io/wg-easy/wg-easy:latest
network_mode: "bridge"
container_name: wgeasy
ports:
- "51820:51820/udp"
- "51821:51821"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/wgeasy:/etc/wireguard
environment:
- WG_HOST=photos-nas.ovh
- WG_DEFAULT_DNS=192.168.2.216
restart: always
```

35
docs/Synology/Docker/docker-compose/yacy.md Normal file
View File

@@ -0,0 +1,35 @@
# yacy
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8490 |
| Liens | [Yacy](https://yacy.net)<br />[Github](https://github.com/yacy/yacy_search_server) |
```yaml
services:
yacy:
image: yacy/yacy_search_server:latest
container_name: yacy
network_mode: bridge
dns:
- 192.168.2.116
- 192.168.2.216
user: 1028:65536
labels:
- com.centurylinklabs.watchtower.enable=true
ports:
- 8490:8090
- 8443:8443
volumes:
- /volume1/docker/yacy/data:/opt/yacy_search_server/DATA:rw
restart: unless-stopped
```

25
docs/Synology/Docker/docker-compose/yatch.md Normal file
View File

@@ -0,0 +1,25 @@
# yatch
```yaml
version: "3"
services:
yacht:
container_name: yacht
restart: unless-stopped
ports:
- 8001:8000
environment:
ADMIN_EMAIL: liste@clicclac.info
SECRET_KEY: 7dJuLowm7E5fuXtdEiG1aZ5XwpV8DMOePr5TxwETXTDvM9MgqYulzlb75OscYF4Yvto63jESprC02ZjegOKxDuQhz
volumes:
- yacht:/config
- /var/run/docker.sock:/var/run/docker.sock
image: selfhostedpro/yacht
volumes:
yacht:
# tokens modifiés
```

133
docs/Synology/Docker/grafana.md Normal file
View File

@@ -0,0 +1,133 @@
# Grafana
```yaml
version: "3.9"
services:
grafana:
image: grafana/grafana:latest
container_name: Grafana
hostname: grafana
networks:
- grafana-net
mem_limit: 512m
cpu_shares: 512
security_opt:
- no-new-privileges:true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:3000/api/health
ports:
- 3340:3000
volumes:
- /volume1/docker/grafana/data:/var/lib/grafana:rw
environment:
TZ: Europe/Paris
GF_INSTALL_PLUGINS: grafana-clock-panel,grafana-simple-json-datasource,natel-discrete-panel,grafana-piechart-panel
restart: on-failure:5
prometheus:
image: prom/prometheus
command:
- '--storage.tsdb.retention.time=60d'
- '--config.file=/etc/prometheus/prometheus.yml'
container_name: Prometheus
hostname: prometheus-server
networks:
- grafana-net
- prometheus-net
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges=true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:9090/ || exit 1
volumes:
- /volume1/docker/grafana/prometheus:/prometheus:rw
- /volume1/docker/grafana/prometheus.yml:/etc/prometheus/prometheus.yml:ro
restart: on-failure:5
node-exporter:
image: prom/node-exporter:latest
command:
- --collector.disable-defaults
- --collector.stat
- --collector.time
- --collector.cpu
- --collector.loadavg
- --collector.hwmon
- --collector.meminfo
- --collector.diskstats
container_name: Prometheus-Node
hostname: prometheus-node
networks:
- prometheus-net
mem_limit: 256m
mem_reservation: 64m
cpu_shares: 512
security_opt:
- no-new-privileges=true
read_only: true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:9100/
restart: on-failure:5
snmp-exporter:
image: prom/snmp-exporter:latest
command:
- '--config.file=/etc/snmp_exporter/snmp.yml'
container_name: Prometheus-SNMP
hostname: prometheus-snmp
networks:
- prometheus-net
mem_limit: 256m
mem_reservation: 64m
cpu_shares: 512
security_opt:
- no-new-privileges:true
read_only: true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:9116/ || exit 1
volumes:
- /volume1/docker/grafana/snmp:/etc/snmp_exporter/:ro
restart: on-failure:5
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
command:
- '--docker_only=true'
container_name: Prometheus-cAdvisor
hostname: prometheus-cadvisor
networks:
- prometheus-net
mem_limit: 256m
mem_reservation: 64m
cpu_shares: 512
security_opt:
- no-new-privileges=true
read_only: true
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: on-failure:5
networks:
grafana-net:
name: grafana-net
ipam:
config:
- subnet: 192.168.50.0/24
prometheus-net:
name: prometheus-net
ipam:
config:
- subnet: 192.168.51.0/24
```

102
docs/Synology/Docker/index.md Normal file
View File

@@ -0,0 +1,102 @@
# Docker
### Installation
Installer le paquet Container Manager dans DSM
[DockerHub](https://hub.docker.com/search?q=)
##### Redémarrer Container Manager
```bash
$ systemctl list-units --type=service --all | grep -i docker
pkg-ContainerManager-dockerd.service loaded active running Docker Application Container Engine
pkg-ContainerManager-event-watcherd.service loaded active running Docker event watch service
```
```bash
$ sudo systemctl restart pkg-ContainerManager-dockerd
```
### Utilisation
[Mise-à-jour des containers](updates.md) (Container Manager - WatchTower)
[Ports](ports.md)
```bash
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network
```
Ajouter à `/etc/docker/daemon.json` (ou le créer)
```json
{
"default-address-pools" : [
{
"base" : "172.17.0.0/12",
"size" : 20
},
{
"base" : "192.168.0.0/16",
"size" : 24
}
]
}
```
Autre solution:
```yaml
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.57.0/24
```
https://straz.to/2021-09-08-docker-address-pools/
https://jareklipski.medium.com/docker-can-only-create-31-default-networks-e7f98f778626
https://serverfault.com/questions/916941/configuring-docker-to-not-use-the-172-17-0-0-range
https://stackoverflow.com/questions/43720339/docker-error-could-not-find-an-available-non-overlapping-ipv4-address-pool-am
### Containers
- [iGotify](docker-compose/igotify.md)
- [Pi.Alert](docker-compose/Pi.Alert.md)
- [searXNG](docker-compose/searXNG.md)
- [WireGuard](Wireguard.md)
### Login
```bash
$ sudo docker login --username=foo
# WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
```
```bash
$ cat ~/my_password.txt | docker login --username foo --password-stdin
```
### Backups
https://mariushosting.com/synology-how-to-back-up-docker-containers/

148
docs/Synology/Docker/iperf3.md Normal file
View File

@@ -0,0 +1,148 @@
# iperf3
### Sur le NAS:
Installation d'iPerf sur le NAS:
```bash
$ sudo docker run -it --rm -p 5201:5201 networkstatic/iperf3 --help
```
Le serveur est lancé:
```bash
$ sudo docker run -it --rm --name=iperf3-server -p 5201:5201 networkstatic/iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
```
### Sur le mac:
```bash
$ brew install iperf3
```
On lance le client:
```bash
$ iperf3 -c 192.168.2.57
Connecting to host 192.168.2.57, port 5201
[ 5] local 192.168.2.240 port 60430 connected to 192.168.2.57 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 14.2 MBytes 119 Mbits/sec
[ 5] 1.00-2.00 sec 12.9 MBytes 108 Mbits/sec
[ 5] 2.00-3.01 sec 13.0 MBytes 109 Mbits/sec
[ 5] 3.01-4.01 sec 12.0 MBytes 101 Mbits/sec
[ 5] 4.01-5.00 sec 12.5 MBytes 105 Mbits/sec
[ 5] 5.00-6.00 sec 14.0 MBytes 118 Mbits/sec
[ 5] 6.00-7.00 sec 13.4 MBytes 112 Mbits/sec
[ 5] 7.00-8.00 sec 13.0 MBytes 109 Mbits/sec
[ 5] 8.00-9.00 sec 10.0 MBytes 83.7 Mbits/sec
[ 5] 9.00-10.01 sec 10.5 MBytes 88.1 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 126 MBytes 105 Mbits/sec sender
[ 5] 0.00-10.09 sec 125 MBytes 104 Mbits/sec receiver
iperf Done.
```
### Test externe:
```bash
iperf3 -c scaleway.testdebit.info -p 9215 -R -P 4
Connecting to host scaleway.testdebit.info, port 9215
Reverse mode, remote host scaleway.testdebit.info is sending
[ 7] local 192.168.2.240 port 60728 connected to 62.210.156.7 port 9215
[ 9] local 192.168.2.240 port 60729 connected to 62.210.156.7 port 9215
[ 11] local 192.168.2.240 port 60730 connected to 62.210.156.7 port 9215
[ 13] local 192.168.2.240 port 60731 connected to 62.210.156.7 port 9215
[ ID] Interval Transfer Bitrate
[ 7] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec
[ 9] 0.00-1.00 sec 256 KBytes 2.09 Mbits/sec
[ 11] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec
[ 13] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec
[SUM] 0.00-1.00 sec 1.38 MBytes 11.5 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 1.00-2.00 sec 1.88 MBytes 15.8 Mbits/sec
[ 9] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec
[ 11] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec
[ 13] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec
[SUM] 1.00-2.00 sec 5.62 MBytes 47.3 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 2.00-3.00 sec 3.50 MBytes 29.3 Mbits/sec
[ 9] 2.00-3.00 sec 1.88 MBytes 15.7 Mbits/sec
[ 11] 2.00-3.00 sec 2.75 MBytes 23.0 Mbits/sec
[ 13] 2.00-3.00 sec 2.00 MBytes 16.8 Mbits/sec
[SUM] 2.00-3.00 sec 10.1 MBytes 84.8 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 3.00-4.00 sec 3.12 MBytes 26.2 Mbits/sec
[ 9] 3.00-4.00 sec 1.62 MBytes 13.6 Mbits/sec
[ 11] 3.00-4.00 sec 2.62 MBytes 22.0 Mbits/sec
[ 13] 3.00-4.00 sec 1.75 MBytes 14.7 Mbits/sec
[SUM] 3.00-4.00 sec 9.12 MBytes 76.5 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 4.00-5.00 sec 5.25 MBytes 43.9 Mbits/sec
[ 9] 4.00-5.01 sec 3.00 MBytes 25.1 Mbits/sec
[ 11] 4.00-5.01 sec 4.38 MBytes 36.6 Mbits/sec
[ 13] 4.00-5.01 sec 2.88 MBytes 24.1 Mbits/sec
[SUM] 4.00-5.00 sec 15.5 MBytes 130 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 5.00-6.00 sec 5.62 MBytes 47.4 Mbits/sec
[ 9] 5.01-6.00 sec 2.88 MBytes 24.2 Mbits/sec
[ 11] 5.01-6.00 sec 4.25 MBytes 35.8 Mbits/sec
[ 13] 5.01-6.00 sec 3.25 MBytes 27.4 Mbits/sec
[SUM] 5.00-6.00 sec 16.0 MBytes 135 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 6.00-7.00 sec 6.12 MBytes 51.3 Mbits/sec
[ 9] 6.00-7.00 sec 3.38 MBytes 28.3 Mbits/sec
[ 11] 6.00-7.00 sec 4.62 MBytes 38.7 Mbits/sec
[ 13] 6.00-7.00 sec 3.75 MBytes 31.4 Mbits/sec
[SUM] 6.00-7.00 sec 17.9 MBytes 150 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 7.00-8.00 sec 5.62 MBytes 47.3 Mbits/sec
[ 9] 7.00-8.00 sec 3.00 MBytes 25.2 Mbits/sec
[ 11] 7.00-8.00 sec 4.25 MBytes 35.7 Mbits/sec
[ 13] 7.00-8.00 sec 3.75 MBytes 31.5 Mbits/sec
[SUM] 7.00-8.00 sec 16.6 MBytes 140 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 8.00-9.00 sec 4.75 MBytes 39.8 Mbits/sec
[ 9] 8.00-9.00 sec 2.50 MBytes 20.9 Mbits/sec
[ 11] 8.00-9.00 sec 3.75 MBytes 31.4 Mbits/sec
[ 13] 8.00-9.00 sec 3.25 MBytes 27.2 Mbits/sec
[SUM] 8.00-9.00 sec 14.2 MBytes 119 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 9.00-10.00 sec 4.88 MBytes 40.8 Mbits/sec
[ 9] 9.00-10.00 sec 2.75 MBytes 23.0 Mbits/sec
[ 11] 9.00-10.00 sec 4.12 MBytes 34.6 Mbits/sec
[ 13] 9.00-10.00 sec 3.88 MBytes 32.5 Mbits/sec
[SUM] 9.00-10.00 sec 15.6 MBytes 131 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 7] 0.00-10.05 sec 46.7 MBytes 39.0 Mbits/sec 0 sender
[ 7] 0.00-10.00 sec 41.1 MBytes 34.5 Mbits/sec receiver
[ 9] 0.00-10.05 sec 24.9 MBytes 20.8 Mbits/sec 0 sender
[ 9] 0.00-10.00 sec 22.5 MBytes 18.9 Mbits/sec receiver
[ 11] 0.00-10.05 sec 36.0 MBytes 30.1 Mbits/sec 0 sender
[ 11] 0.00-10.00 sec 32.4 MBytes 27.1 Mbits/sec receiver
[ 13] 0.00-10.05 sec 30.0 MBytes 25.1 Mbits/sec 0 sender
[ 13] 0.00-10.00 sec 26.1 MBytes 21.9 Mbits/sec receiver
[SUM] 0.00-10.05 sec 138 MBytes 115 Mbits/sec 0 sender
[SUM] 0.00-10.00 sec 122 MBytes 102 Mbits/sec receiver
iperf Done.
```
https://aradaff.com/tester-son-reseau/

34
docs/Synology/Docker/portainer.md Normal file
View File

@@ -0,0 +1,34 @@
# Portainer
| Création | docker-run |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | manuelle |
| Port | 9000 |
| Liens | [Github](https://github.com/portainer/portainer) |
### Installation
https://mariushosting.com/synology-30-second-portainer-install-using-task-scheduler-docker/
### Mise-à-jour du container Portainer
https://mariushosting.com/synology-how-to-update-portainer/
Dans Container Manager:
- Onglet Image -> Mise-à-jour disponible -> Mettre à jour
- Onglet Container -> Action -> Démarrer
### Backup configuration
Portainer -> Settings -> Backup up Portainer -> Download backup

52
docs/Synology/Docker/ports.md
View File

@@ -2,21 +2,51 @@
| | | |
| ------------------------------------------------------------ | --------------------------- | ------ |
| mymediaforalexa | 52050 - 52051 | Docker |
| homebridge | Bridge: 51534<br />UI: 8581 | Docker |
| Hoobs | Bridge: 51826<br />UI: 8181 | Docker |
| [PiHole](https://mariushosting.com/how-to-install-pi-hole-on-your-synology-nas/) | 8090 | Docker |
| Lychee | 90 | |
| | | |
| | | |
| | | |
| | | |
| | | Passerelle | Adresse IP | |
| ------------------------------------------------------------ | --------------- | ----------- | ------------ | ------------------ |
| | | | | |
| portainer | **8000** / 9000 | 172.17.0.1 | 172.17.0.3 | |
| geoipupdate | | 172.19.0.1 | 172.19.0.2 | |
| [PiHole](https://mariushosting.com/how-to-install-pi-hole-on-your-synology-nas/) | 8090 | 192.168.2.1 | 192.168.2.68 | 192.168.2.68 |
| freegeoip | **8080** / 8888 | 172.18.0.1 | 172.18.0.2 | |
| Acme | | 172.17.0.1 | 172.17.0.2 | |
| | | | | |
| wireguard | | 172.20.0.1 | 172.20.0.2 | 192.168.2.68:51820 |
| | | | | |
#### Redémarrer Container Manager:
```bash
systemctl restart pkg-ContainerManager-dockerd
```
#### Pare-feu:
- IP: 172.16.0.0
- Masque: 255.248.0.0
De 172.16.0.0 à 172.23.255.255
https://cric.grenoble.cnrs.fr/Administrateurs/Outils/CalculMasque/
https://www.it-connect.fr/adresses-ipv4-et-le-calcul-des-masques-de-sous-reseaux/#VII_Comment_trouver_le_bon_masque_pour_un_nombre_dhotes_specifique
#### Liens:
Créer un utilisateur restreint pour docker:
https://drfrankenstein.co.uk/step-2-setting-up-a-restricted-docker-user-and-obtaining-ids/
https://mariushosting.com/synology-how-to-update-docker-image/
https://www.timmertech.io/manage-docker-without-sudo-on-synology/
https://stackoverflow.com/questions/43720339/docker-error-could-not-find-an-available-non-overlapping-ipv4-address-pool-am

116
docs/Synology/Docker/updates.md Normal file
View File

@@ -0,0 +1,116 @@
# Mise-à-jour des containers
### Container manager
##### Onglet Image:
Notifications pour les images dont:
- source: hub.docker.com
- tag: Latest ou Nightly
Cliquer sur 'Update available': l'image est téléchargé et le container mis-à-jour/
##### Onglet Projet:
Si il y a plusieurs containers dans le Projet:
- sélectionner le Projet -> Action -> Arrêt
- mettre à jour les images
- sélectionner le Projet -> Action -> Créer
### Watchtower
| Création | Portainer |
| ----------- | ---------- |
| Mise-à-jour | Watchtower |
| Ports | 8000/9000 |
https://drfrankenstein.co.uk/watchtower-automated-updates-in-container-manager-on-a-synology-nas/
```yaml
version: '2.1'
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
hostname: watchtower-nas
network_mode: bridge
environment:
- WATCHTOWER_NOTIFICATIONS=email
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_DEBUG=true
- WATCHTOWER_LABEL_ENABLE=true
- WATCHTOWER_TIMEOUT=30s
- WATCHTOWER_POLL_INTERVAL=300
- TZ=Europe/Paris
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /volume1/docker/watchtower/config.json:/root/.docker/config.json
restart: unless-stopped
```
##### Mettre-à-jour seulement les containers spécifiés:
A ajouter dans le compose de watchtower:
```yaml
environment:
- WATCHTOWER_LABEL_ENABLE=true
```
A ajouter aux containers que l'on souhaite mettre-à-jour:
```yaml
labels:
- "com.centurylinklabs.watchtower.enable=true"
```
##### Uniquement monitorer certains containers:
A ajouter aux containers que l'on souhaite suivre:
```yaml
labels:
- "com.centurylinklabs.watchtower.monitor-only=true"
```
##### Monitorer et mettre-à-jour seulement certains containers:
A ajouter dans le compose de watchtower:
```yaml
environment:
- WATCHTOWER_DISABLE_CONTAINERS=container1,container2
```
https://www.smarthomebeginner.com/watchtower-docker-compose-2024/
#### Lancer Watchtower manuellement:
```bash
$ docker run -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --run-once
```
#### Notifications:
https://containrrr.dev/watchtower/notifications/