Feat: matrix, gitea, ntfy, headscale, collabora

collabora/collabora.container

@@ -0,0 +1,31 @@
+[Unit]
+Description=Collabora Container
+Requires=nginx-proxy.service
+After=nginx-proxy.service
+
+[Container]
+Pod=nginx-proxy.pod
+ContainerName=collabora
+Image=docker.io/collabora/code:latest
+
+# Enable auto-update container
+AutoUpdate=registry
+# pass this to attach it to container
+Environment=extra_params="--o:remote_font_config.url=${CLOUD}/apps/richdocuments/settings/fonts.json --o:ssl.enable=false --o:ssl.termination=true --o:net.post_allow.host[0]=160.202.39.[0-9]{1,3} --o:net.post_allow_host[1]=100.64.0.[0-9]{1,3} --o:per_document.max_concurrency=12 --o:num_prespawn_children=12"
+Environment=aliasgroup1=${CLOUD}:443
+Environment=domain1=${CLOUD}:443
+Environment=DONT_GEN_SSL_CERT=true
+Environment=server_name=${HOST}
+
+# capabilities
+AddCapability=CAP_MKNOD
+
+[Service]
+# pass this to autofill above variables
+EnvironmentFile=%h/.config/containers/systemd/collabora/.env
+Restart=always
+TimeoutStartSec=300
+
+[Install]
+WantedBy=default.target
+

collabora/env.example

@@ -0,0 +1 @@
+CLOUD=https://cloud.example.com

gitea/gitea.container

@@ -0,0 +1,34 @@
+[Unit]
+Description=Gitea Container
+
+[Container]
+ContainerName=gitea
+Image=docker.io/gitea/gitea:latest
+
+# Enable auto-update container
+AutoUpdate=registry
+# pass this to attach it to container
+Environment=DISABLE_REGISTRATION=true
+Environment=USER_UID=1000
+Environment=USER_GID=1000
+
+PublishPort=3001:3000
+PublishPort=2222:22
+
+UIDMap=1000:0:1
+UIDMap=0:1:1000
+
+# capabilities
+AddCapability=CAP_NET_BIND_SERVICE
+
+Volume=%h/podman/gitea:/data
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/etc/localtime:/etc/localtime:ro
+
+[Service]
+Restart=always
+TimeoutStartSec=300
+
+[Install]
+WantedBy=default.target
+

headscale/headscale.container

@@ -0,0 +1,25 @@
+[Unit]
+Description=Headscale Container
+Requires=nginx-proxy.service
+After=nginx-proxy.service
+
+[Container]
+Pod=nginx-proxy.pod
+ContainerName=headscale
+Image=docker.io/headscale/headscale:latest
+Exec=serve
+
+# Enable auto-update container
+AutoUpdate=registry
+
+Volume=%h/podman/headscale/config:/etc/headscale
+Volume=%h/podman/headscale/data:/var/lib/headscale
+Volume=%h/podman/headscale/run:/var/run/headscale
+
+[Service]
+Restart=always
+TimeoutStartSec=300
+
+[Install]
+WantedBy=default.target
+

matrix/element.container

@@ -0,0 +1,21 @@
+[Unit]
+Description=Element Container
+
+[Container]
+ContainerName=element
+Image=docker.io/vectorim/element-web:latest
+
+# Enable auto-update container
+AutoUpdate=registry
+PublishPort=8089:80
+Sysctl=net.ipv4.ip_unprivileged_port_start=80
+
+Volume=./element-config.json:/app/config.json
+
+[Service]
+Restart=always
+TimeoutStartSec=300
+
+[Install]
+WantedBy=default.target
+

matrix/env.example

@@ -0,0 +1,9 @@
+POSTGRES_USER="synapse"
+POSTGRES_DATABASE="synapse"
+POSTGRES_PASSWORD=""
+PUID=1000
+PGID=1000
+DATABASE_DIR="./database"
+ELEMENT_CONFIG_JSON="./element-config.json"
+TZ=etc/UTC
+SYNAPSE_SERVER_NAME=example.com

matrix/synapse.container

@@ -0,0 +1,36 @@
+[Unit]
+Description=Synapse Container
+Requires=nginx-proxy.service synapse_db.service
+After=nginx-proxy.service synapse_db.service
+
+[Container]
+Pod=nginx-proxy.pod
+ContainerName=synapse
+Image=docker.io/matrixdotorg/synapse:latest
+
+# Enable auto-update container
+AutoUpdate=registry
+# pass this to attach it to container
+Environment=SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
+Environment=SYNAPSE_SERVER_NAME=${SYNAPSE_SERVER_NAME}
+Environment=SYNAPSE_REPORT_STATS=yes
+Environment=POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+Environment=POSTGRES_USER=${POSTGRES_USER}
+Environment=POSTGRES_DB=${POSTGRES_DATABASE}
+Environment=POSTGRES_HOST=/tmp/matrix
+Environment=UID=0
+Environment=GID=0
+Environment=TZ=${TZ}
+
+Volume=%h/podman/matrix/synapse:/data
+Volume=%h/podman/matrix/.socket:/tmp/matrix
+
+[Service]
+# pass this to autofill above variables
+EnvironmentFile=%h/.config/containers/systemd/matrix/.env
+Restart=always
+TimeoutStartSec=300
+
+[Install]
+WantedBy=default.target
+

matrix/synapse_db.container

@@ -0,0 +1,28 @@
+[Unit]
+Description=Synapse Database Container
+
+[Container]
+Pod=nginx-proxy.pod
+ContainerName=synapse_db
+Image=docker.io/library/postgres:alpine
+Exec=postgres -c unix_socket_directories='/var/run/postgresql/,/tmp/matrix/' -c unix_socket_permissions=0770
+
+# Enable auto-update container
+AutoUpdate=registry
+# pass this to attach it to container
+Environment=POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+Environment=POSTGRES_USER=${POSTGRES_USER}
+Environment=POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+
+Volume=%h/podman/matrix/database:/var/lib/postgresql/data
+Volume=%h/podman/matrix/.socket:/tmp/matrix
+
+[Service]
+# pass this to autofill above variables
+EnvironmentFile=%h/.config/containers/systemd/matrix/.env
+Restart=always
+TimeoutStartSec=300
+
+[Install]
+WantedBy=default.target
+

nginx-proxy/nginx-proxy.container

@@ -0,0 +1,21 @@
+[Unit]
+Description=Nginx Proxy Container
+
+[Container]
+Pod=nginx-proxy.pod
+ContainerName=nginx-proxy
+Image=docker.io/jc21/nginx-proxy-manager:latest
+
+# Enable auto-update container
+AutoUpdate=registry
+
+Volume=%h/podman/nginx-proxy/data:/data
+Volume=%h/podman/nginx-proxy/letsencrypt:/etc/letsencrypt
+Volume=./server_proxy.conf:/data/nginx/custom/server_proxy.conf
+
+[Service]
+Restart=always
+TimeoutStartSec=300
+
+[Install]
+WantedBy=default.target

nginx-proxy/nginx-proxy.pod

@@ -0,0 +1,11 @@
+[Unit]
+Description=Nginx Proxy Pod
+
+[Pod]
+PodName=nginx-proxy
+Network=host
+#PublishPort=80:80
+#PublishPort=81:81
+#PublishPort=443:443
+#PublishPort=2222:22
+#PublishPort=3478:3478

nginx-proxy/server_proxy.conf

@@ -0,0 +1,8 @@
+gzip on;
+gzip_types text/plain text/css text/javascript text/xml text/calendar text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy application/javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/schema+json application/atom+xml application/xml application/xml+rss application/soap+xml application/font-woff application/font-woff2 application/vnd.ms-fontobject application/pdf application/vnd.ms-excel application/msword application/vnd.ms-powerpoint application/zip application/xslt+xml application/xml-dtd application/vnd.android.package-archive application/vnd.iphone application/vnd.wap.xhtml+xml application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/x-mpegURL application/x-rar-compressed application/x-shockwave-flash application/x-stuffit application/x-tar application/x-web-app-manifest+json application/xhtml+xml application/x-7z-compressed font/eot font/opentype image/bmp image/svg+xml image/vnd.microsoft.icon image/x-icon;
+gzip_min_length 1000;
+gzip_comp_level 9;
+gzip_buffers 32 8k;
+gzip_proxied no-cache no-store private expired auth;
+gunzip on;
+gzip_static on;

ntfy/ntfy.container

@@ -0,0 +1,34 @@
+[Unit]
+Description=Ntfy Container
+Requires=nginx-proxy.service
+After=nginx-proxy.service
+
+[Container]
+Pod=nginx-proxy.pod
+ContainerName=ntfy
+Image=docker.io/binwiederhier/ntfy:latest
+Exec=serve
+
+# Enable auto-update container
+AutoUpdate=registry
+
+# pass this to attach it to container
+Environment=TZ=Asia/Kolkata
+Environment=NTFY_BASE_URL=https://ntfy.coolans.dev
+Environment=NTFY_CACHE_FILE=/var/lib/ntfy/cache.db
+Environment=NTFY_AUTH_FILE=/var/lib/ntfy/auth.db
+Environment=NTFY_AUTH_DEFAULT_ACCESS=deny-all
+Environment=NTFY_LISTEN_HTTP=:7777
+Environment=NTFY_BEHIND_PROXY=true
+Environment=NTFY_ATTACHMENT_CACHE_DIR=/var/lib/ntfy/attachments
+Environment=NTFY_ENABLE_LOGIN=false
+
+Volume=%h/podman/ntfy:/var/lib/ntfy
+
+[Service]
+Restart=always
+TimeoutStartSec=300
+
+[Install]
+WantedBy=default.target
+