Merge branch 'feature/dist-teamspeak6' into development

- Added compose.yaml file containg also certs-dumper to extract certificates
- Added traefik.yaml configuration file

dist/convertx/.env.example

@@ -0,0 +1,7 @@
+SERVICE_DOMAIN=convertx.example.com
+
+HTTP_ALLOWED=false
+ALLOW_UNAUTHENTICATED=true
+LANGUAGE=en
+AUTO_DELETE_EVERY_N_HOURS=12
+JWT_SECRET=changeme

dist/convertx/compose.yaml

@@ -0,0 +1,23 @@
+networks:
+    traefik-network:
+        external: true
+services:
+    convertx:
+        container_name: convertx
+        image: ghcr.io/c4illin/convertx
+        restart: unless-stopped
+        environment:
+            - HTTP_ALLOWED=${HTTP_ALLOWED}
+            - ALLOW_UNAUTHENTICATED=${ALLOW_UNAUTHENTICATED}
+            - LANGUAGE=${LANGUAGE}
+            - AUTO_DELETE_EVERY_N_HOURS=${AUTO_DELETE_EVERY_N_HOURS}
+            - JWT_SECRET=${JWT_SECRET}
+        labels:
+            - "traefik.enable=true"
+            - "traefik.http.routers.convertx.rule=Host(`${SERVICE_DOMAIN}`)"
+            - "traefik.http.routers.convertx.entrypoints=https"
+            - "traefik.http.routers.convertx.tls.certresolver=letsencrypt"
+        networks:
+            - traefik-network
+        volumes:
+            - ./data:/app/data

dist/gitea/.env.template

@@ -0,0 +1,5 @@
+SERVICE_DOMAIN=gitea.example.com
+
+POSTGRES_DB=gitea
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=postgres

dist/gitea/compose.yaml

@@ -0,0 +1,52 @@
+networks:
+    gitea:
+        external: false
+    traefik-network:
+        external: true
+
+services:
+    gitea:
+        image: docker.gitea.com/gitea:1.25.3
+        container_name: gitea
+        environment:
+            - USER_UID=1000
+            - USER_GID=1000
+            - GITEA__database__DB_TYPE=postgres
+            - GITEA__database__HOST=db:5432
+            - GITEA__database__NAME=${POSTGRES_DB}
+            - GITEA__database__USER=${POSTGRES_USER}
+            - GITEA__database__PASSWD=${POSTGRES_PASSWORD}
+        networks:
+            - traefik-network
+            - gitea
+        volumes:
+            - ./gitea:/data
+            - /etc/timezone:/etc/timezone:ro
+            - /etc/localtime:/etc/locatltime:ro
+        labels:
+            - "traefik.enable=true"
+            - "traefik.docker.network=traefik-network"
+            - "traefik.http.routers.gitea.rule=Host(`${SERVICE_DOMAIN}`)"
+            - "traefik.http.routers.gitea.entrypoints=https"
+            - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
+            - "traefik.http.routers.gitea.service=gitea-service"
+            - "traefik.http.services.gitea-service.loadbalancer.server.port=3000"
+            - "traefik.tcp.routers.gitea-openssh.rule=HostSNI(`*`)"
+            - "traefik.tcp.routers.gitea-openssh.entrypoints=gitea-openssh"
+            - "traefik.tcp.routers.gitea-openssh.service=gitea-openssh"
+            - "traefik.tcp.services.gitea-openssh-service.loadbalancer.server.port=22"
+        restart: unless-stopped
+        depends_on:
+            - db
+
+    db:
+        image: postgres:14.20-alpine3.23
+        environment:
+            - POSTGRES_USER=${POSTGRES_USER}
+            - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+            - POSTGRES_DB=${POSTGRES_DB}
+        restart: unless-stopped
+        networks:
+            - gitea
+        volumes:
+            - ./postgre:/var/lib/postgresql/data

dist/teamspeak6/.env.template

@@ -0,0 +1,9 @@
+TSSERVER_LICENSE_ACCEPTED=accept
+TSSERVER_DATABASE_PLUGIN=mariadb
+TSSERVER_DATABASE_SQL_CREATE_PATH=create_mariadb
+TSSERVER_DATABASE_PORT=3306
+
+MYSQL_USER=teamspeak
+MYSQL_PASSWORD=YourPasswordHere
+MYSQL_ROOT_PASSWORD=SuperSecretPassword
+MYSQL_DATABASE=teamspeak

dist/teamspeak6/compose.yaml

@@ -0,0 +1,62 @@
+networks:
+    traefik-network:
+        external: true
+    teamspeak6:
+        external: false
+services:
+    teamspeak:
+        image: teamspeaksystems/teamspeak6-server:latest
+        container_name: teamspeak-server
+        restart: unless-stopped
+        labels:
+            - "traefik.enable=true"
+            - "traefik.docker.network=traefik-network"
+            - "traefik.udp.routers.ts6-voice.entrypoints=ts6-voice"
+            - "traefik.udp.routers.ts6-voice.service=ts6-voice-service"
+            - "traefik.udp.services.ts6-voice-service.loadbalancer.server.port=9987"
+            - "traefik.tcp.routers.ts6-filetransfer.rule=HostSNI(`*`)"
+            - "traefik.tcp.routers.ts6-filetransfer.entrypoints=ts6-filetransfer"
+            - "traefik.tcp.routers.ts6-filetransfer.service=ts6-filetransfer-service"
+            - "traefik.tcp.services.ts6-filetransfer-service.loadbalancer.server.port=30033"
+            - "traefik.tcp.routers.ts6-webquery.rule=HostSNI(`*`)"
+            - "traefik.tcp.routers.ts6-webquery.entrypoints=ts6-webquery"
+            - "traefik.tcp.routers.ts6-webquery.service=ts6-webquery-service"
+            - "traefik.tcp.services.ts6-webquery-service.loadbalancer.server.port=10080"
+        networks:
+            - traefik-network
+            - teamspeak6
+        environment:
+            - TSSERVER_LICENSE_ACCEPTED=${TSSERVER_LICENSE_ACCEPTED}
+            # Database settings
+            - TSSERVER_DATABASE_PLUGIN=${TSSERVER_DATABASE_PLUGIN}
+            - TSSERVER_DATABASE_SQL_CREATE_PATH=create_mariadb
+            - TSSERVER_DATABASE_HOST={TSSERVER_DATABASE_SQL_CREATE_PATH}
+            - TSSERVER_DATABASE_PORT=${TSSERVER_DATABASE_PORT}
+            - TSSERVER_DATABASE_NAME=${MYSQL_DATABASE}
+            - TSSERVER_DATABASE_USERNAME=${MYSQL_USER}
+            - TSSERVER_DATABASE_PASSWORD=${MYSQL_PASSWORD}
+        volumes:
+            - ./data:/var/tsserver
+        depends_on:
+            mariadb:
+                condition: service_healthy
+
+    mariadb:
+        image: mariadb:latest
+        container_name: mariadb
+        environment:
+            - MYSQL_ROOT_PASSWORD={MYSQL_ROOT_PASSWORD}
+            - MYSQL_DATABASE=${MYSQL_DATABASE}
+            - MYSQL_USER=${MYSQL_USER}
+            - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+        volumes:
+            - mariadb-data:/var/lib/mysql
+        restart: unless-stopped
+        healthcheck:
+            test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+            start_period: 10s
+            interval: 10s
+            timeout: 5s
+            retries: 3
+        networks:
+            - teamspeak6

dist/traefik/.env.template

@@ -0,0 +1,4 @@
+BASE_DOMAIN=example.com
+SERVICE_DOMAIN=traefik.example.com
+# admin:admin
+DASHBOARD_HTPASSWORD=admin:$2b$10$1DxaLIdVmJVNcQUmMxdfiOjlnp2gDKiMQjpTNxagVJEoTGTUOfVnG

dist/traefik/compose.yaml

@@ -0,0 +1,42 @@
+networks:
+  traefik-network:
+
+services:
+  traefik:
+    image: traefik:v3.6.4
+    container_name: traefik
+    restart: unless-stopped
+    dns:
+      - 1.1.1.1
+      - 8.8.8.8
+    ports:
+      - 80:80
+      - 443:443
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=Host(`${SERVICE_DOMAIN}`)"
+      - "traefik.http.routers.dashboard.entrypoints=https"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.dashboard.middlewares=dashboard-auth"
+      - "traefik.http.middlewares.dashboard-auth.basicauth.users=${DASHBOARD_HTPASSWORD}"
+    command:
+      - "--log.level=DEBUG"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik.yaml:/traefik.yaml:ro
+      - ./acme.json:/acme.json
+      - ./certs:/certs
+    networks:
+      - traefik-network
+
+  traefik-certs-dumper:
+    image: ldez/traefik-certs-dumper:v2.9.3
+    container_name: traefik-certs-dumper
+    restart: unless-stopped
+    volumes:
+      - ./acme.json:/acme.json:ro
+      - ./certs:/output
+    environment:
+      - DOMAIN=${BASE_DOMAIN}
+    command: "file --version v2 --watch --source /acme.json --dest /output"

dist/traefik/traefik.yaml

@@ -0,0 +1,26 @@
+api:
+  insecure: false
+  dashboard: true
+
+entryPoints:
+  http:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: https
+          scheme: https
+  https:
+    address: ":443"
+
+providers:
+  docker:
+    exposedByDefault: false
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: YOUR_EMAIL@example.com
+      storage: /acme.json
+      httpChallenge:
+        entryPoint: web

dist/wg-easy/.env.template

@@ -0,0 +1,5 @@
+BASE_DOMAIN=example.com
+SERVICE_DOMAIN=wg-easy.example.com
+
+WG_NETWORK_SUBNET=10.42.42.0/24
+WG_NETWORK_ADDRESS=10.42.42.42

dist/wg-easy/compose.yaml

@@ -0,0 +1,41 @@
+services:
+  wg-easy:
+
+    image: ghcr.io/wg-easy/wg-easy:15
+    container_name: wg-easy
+    networks:
+      traefik-network: {}
+      wg:
+        ipv4_address: ${WG_NETWORK_ADDRESS}
+    volumes:
+      - ./etc_wireguard:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    environment:
+      - WG_HOST=${SERVICE_DOMAIN}
+    ports:
+      - "51820:51820/udp"
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wg-easy.rule=Host(`${SERVICE_DOMAIN}`)"
+      - "traefik.http.routers.wg-easy.entrypoints=https"
+      - "traefik.http.routers.wg-easy.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.wg-easy-service.service=wg-easy"
+      - "traefik.http.services.wg-easy-service.loadbalancer.server.port=51821"
+
+networks:
+  traefik-network:
+    external: true
+  wg:
+    driver: bridge
+    enable_ipv6: false
+    ipam:
+      driver: default
+      config:
+        - subnet: ${WG_NETWORK_SUBNET}