From f9fdea3a1fa9332f5a9194e13b3bf2e20ea1a5c7 Mon Sep 17 00:00:00 2001 From: nocci Date: Mon, 9 Mar 2026 16:02:18 +0000 Subject: [PATCH] feat: Initial stacks for testing Added first test stacks: - monitoring/prometheus - monitoring/grafana - monitoring/node-exporter - communication/gotify - communication/vaultwarden All stacks: - Use localhost ports only (for Caddy reverse proxy) - Support Komodo Secrets via ${SECRET:secret-name} - Include README with Caddy integration instructions - Ready for Komodo v2 Resource Sync --- README.md | 175 +++++++++++++++++++ stacks/communication/gotify/README.md | 70 ++++++++ stacks/communication/gotify/compose.yml | 27 +++ stacks/communication/vaultwarden/README.md | 67 +++++++ stacks/communication/vaultwarden/compose.yml | 28 +++ stacks/monitoring/grafana/README.md | 74 ++++++++ stacks/monitoring/grafana/compose.yml | 30 ++++ stacks/monitoring/node-exporter/README.md | 63 +++++++ stacks/monitoring/node-exporter/compose.yml | 28 +++ stacks/monitoring/prometheus/README.md | 69 ++++++++ stacks/monitoring/prometheus/compose.yml | 32 ++++ 11 files changed, 663 insertions(+) create mode 100644 README.md create mode 100644 stacks/communication/gotify/README.md create mode 100644 stacks/communication/gotify/compose.yml create mode 100644 stacks/communication/vaultwarden/README.md create mode 100644 stacks/communication/vaultwarden/compose.yml create mode 100644 stacks/monitoring/grafana/README.md create mode 100644 stacks/monitoring/grafana/compose.yml create mode 100644 stacks/monitoring/node-exporter/README.md create mode 100644 stacks/monitoring/node-exporter/compose.yml create mode 100644 stacks/monitoring/prometheus/README.md create mode 100644 stacks/monitoring/prometheus/compose.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..df21f46 --- /dev/null +++ b/README.md @@ -0,0 +1,175 @@ +# Komodo Stacks + +🦎 **Docker Compose Stacks für Komodo Platform** + +Diese Stacks sind für den Einsatz mit **Komodo Core v2** optimiert. + +--- + +## 📁 Struktur + +``` +komodo-stacks/ +├── stacks/ +│ ├── monitoring/ # Prometheus, Grafana, Node Exporter +│ ├── communication/ # Vaultwarden, Gotify, Ntfy +│ ├── collaboration/ # Nextcloud, Forgejo, WordPress +│ ├── media/ # Immich, Jellyfin, Plex +│ ├── infrastructure/ # WireGuard, Portainer +│ ├── security/ # Authentik, Tinyauth +│ ├── social/ # GoToSocial, Sharkey +│ ├── gaming/ # Pterodactyl +│ ├── utilities/ # SearXNG, Plausible +│ └── backup/ # Backrest, Karakeep +└── README.md +``` + +--- + +## 🚀 Verwendung in Komodo + +1. **Settings → Resources → Add Resource** +2. **Git URL:** `https://git.sky-net.it/nocci/komodo-stacks.git` +3. **Path:** `stacks/` +4. **Sync** klicken + +--- + +## 📋 Stacks deployen + +1. **Ressources** im Komodo Dashboard öffnen +2. **Stack auswählen** +3. **Server wählen** (wo Periphery läuft) +4. **Deploy** klicken +5. **Warten** bis Container laufen + +--- + +## 🔧 Caddy Integration + +**WICHTIG:** Stacks hören nur auf `localhost:PORT`! + +Nach dem Deployen, Caddy Config auf dem Server bearbeiten: + +```bash +ssh +sudo nano /etc/caddy/Caddyfile +``` + +Beispiel für Prometheus: +```caddyfile +prometheus.example.com { + reverse_proxy localhost:9090 +} +``` + +Dann: +```bash +sudo systemctl reload caddy +``` + +--- + +## 🔐 Secrets + +Secrets werden über **Komodo Secrets** verwaltet. + +Im `compose.yml`: +```yaml +environment: + - ADMIN_PASSWORD=${SECRET:my-admin-password} +``` + +In Komodo: +1. **Settings → Secrets** +2. **Add Secret** +3. Name: `my-admin-password` +4. Wert: sicheres Passwort + +--- + +## 📦 Verfügbare Stacks + +### Monitoring +- [prometheus](stacks/monitoring/prometheus/) - Prometheus Monitoring +- [grafana](stacks/monitoring/grafana/) - Grafana Dashboards +- [node-exporter](stacks/monitoring/node-exporter/) - System Metrics +- [promtail](stacks/monitoring/promtail/) - Log Collector +- [loki](stacks/monitoring/loki/) - Log Aggregation + +### Communication +- [vaultwarden](stacks/communication/vaultwarden/) - Password Manager +- [gotify](stacks/communication/gotify/) - Push Notifications +- [ntfy](stacks/communication/ntfy/) - Notification Service + +### Collaboration +- [nextcloud-aio](stacks/collaboration/nextcloud-aio/) - Cloud Storage +- [forgejo](stacks/collaboration/forgejo/) - Git Server +- [wordpress](stacks/collaboration/wordpress/) - CMS + +### Media +- [immich](stacks/media/immich/) - Photo Backup +- [jellyfin](stacks/media/jellyfin/) - Media Server + +### Infrastructure +- [wireguard](stacks/infrastructure/wireguard/) - VPN Server +- [portainer](stacks/infrastructure/portainer/) - Docker UI + +### Security +- [authentik](stacks/security/authentik/) - SSO Provider +- [tinyauth](stacks/security/tinyauth/) - Simple Auth + +### Social +- [gotosocial](stacks/social/gotosocial/) - ActivityPub Server +- [sharkey](stacks/social/sharkey/) - Fediverse Server + +### Gaming +- [pterodactyl-panel](stacks/gaming/pterodactyl-panel/) - Game Panel +- [pterodactyl-wings](stacks/gaming/pterodactyl-wings/) - Game Daemon + +### Utilities +- [searxng](stacks/utilities/searxng/) - Meta Search Engine +- [plausible](stacks/utilities/plausible/) - Web Analytics +- [webcheck](stacks/utilities/webcheck/) - Uptime Monitor + +### Backup +- [backrest](stacks/backup/backrest/) - Backup Server +- [karakeep](stacks/backup/karakeep/) - Bookmark Manager + +--- + +## 🛠️ Troubleshooting + +### Stack wird nicht angezeigt + +1. **Resource Sync** im Dashboard manuell ausführen +2. **Git URL prüfen** +3. **Path prüfen** (muss `stacks/` sein) + +### Container starten nicht + +1. **Logs prüfen** im Komodo Dashboard +2. **Secrets konfiguriert?** +3. **Ports belegt?** + +### Caddy Proxy funktioniert nicht + +1. **Caddy Config prüfen:** `sudo caddy validate` +2. **DNS Records** zeigen auf Server-IP? +3. **Firewall** Ports 80/443 offen? + +--- + +## 📝 Eigene Stacks hinzufügen + +1. **Ordner erstellen:** `stacks///` +2. **compose.yml** erstellen +3. **README.md** mit Infos +4. **Commit & Push** + +--- + +**Author:** nocci +**Version:** 1.0.0 +**License:** MIT +**Komodo Version:** v2.0.0-dev-123+ diff --git a/stacks/communication/gotify/README.md b/stacks/communication/gotify/README.md new file mode 100644 index 0000000..76993eb --- /dev/null +++ b/stacks/communication/gotify/README.md @@ -0,0 +1,70 @@ +# Gotify + +📱 **Push-Benachrichtigungen selbst gehostet** + +Gotify ist ein einfacher Server zum Senden und Empfangen von Push-Nachrichten. + +--- + +## 🚀 Quick Start + +1. **In Komodo:** Stack auswählen → Deploy +2. **Server wählen** wo Gotify laufen soll +3. **Warten** bis Container läuft +4. **Caddy Config** hinzufügen (siehe unten) +5. **Öffnen** und Admin-Account erstellen + +--- + +## 🔧 Caddy Integration + +Nach dem Deployen auf dem Server: + +```bash +ssh +sudo nano /etc/caddy/Caddyfile +``` + +Hinzufügen: +```caddyfile +gotify.example.com { + reverse_proxy localhost:9091 +} +``` + +Dann: +```bash +sudo systemctl reload caddy +``` + +--- + +## 🔐 Secrets (Komodo) + +Folgende Secrets in Komodo anlegen **vor** dem Deployen: + +| Secret Name | Beschreibung | Beispiel | +|-------------|--------------|----------| +| `gotify-admin-user` | Admin Username | `admin` | +| `gotify-admin-pass` | Admin Password | `sicheres-passwort` | + +In Komodo: **Settings → Secrets → Add Secret** + +--- + +## 📁 Files + +- `compose.yml` - Docker Compose Konfiguration + +--- + +## 🔄 Updates + +Gotify wird automatisch aktuell gehalten durch Komodo. + +--- + +## 📞 Support + +- **Docs:** https://gotify.net/docs +- **GitHub:** https://github.com/gotify/server diff --git a/stacks/communication/gotify/compose.yml b/stacks/communication/gotify/compose.yml new file mode 100644 index 0000000..b3f6bc6 --- /dev/null +++ b/stacks/communication/gotify/compose.yml @@ -0,0 +1,27 @@ +services: + gotify: + image: gotify/server:latest + container_name: gotify + restart: unless-stopped + ports: + - "127.0.0.1:9091:80" + volumes: + - gotify_data:/app/data + environment: + - GOTIFY_DEFAULTUSER_NAME=${SECRET:gotify-admin-user} + - GOTIFY_DEFAULTUSER_PASS=${SECRET:gotify-admin-pass} + networks: + - gotify-network + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + +volumes: + gotify_data: + +networks: + gotify-network: + driver: bridge diff --git a/stacks/communication/vaultwarden/README.md b/stacks/communication/vaultwarden/README.md new file mode 100644 index 0000000..fc16b4e --- /dev/null +++ b/stacks/communication/vaultwarden/README.md @@ -0,0 +1,67 @@ +# Vaultwarden + +🔐 **Password Manager (Bitwarden-kompatibel)** + +Vaultwarden ist eine inoffizielle Bitwarden API-Implementierung in Rust. + +--- + +## 🚀 Quick Start + +1. **In Komodo:** Stack auswählen → Deploy +2. **Server wählen** +3. **Warten** bis Container läuft +4. **Caddy Config** hinzufügen +5. **Öffnen** und Organization erstellen + +--- + +## 🔧 Caddy Integration + +```bash +ssh +sudo nano /etc/caddy/Caddyfile +``` + +Hinzufügen: +```caddyfile +vault.example.com { + reverse_proxy localhost:8080 +} +``` + +```bash +sudo systemctl reload caddy +``` + +--- + +## 🔐 Secrets (Komodo) + +| Secret Name | Beschreibung | Beispiel | +|-------------|--------------|----------| +| `vaultwarden-admin-token` | Admin API Token | `zufälliger-string` | + +**Wichtig:** Admin-Token generieren mit: +```bash +openssl rand -base64 48 +``` + +--- + +## 📁 Files + +- `compose.yml` - Docker Compose Konfiguration + +--- + +## 🔄 Updates + +Vaultwarden wird automatisch aktuell gehalten durch Komodo. + +--- + +## 📞 Support + +- **Docs:** https://github.com/dani-garcia/vaultwarden +- **Wiki:** https://github.com/dani-garcia/vaultwarden/wiki diff --git a/stacks/communication/vaultwarden/compose.yml b/stacks/communication/vaultwarden/compose.yml new file mode 100644 index 0000000..f77d38c --- /dev/null +++ b/stacks/communication/vaultwarden/compose.yml @@ -0,0 +1,28 @@ +services: + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + restart: unless-stopped + ports: + - "127.0.0.1:8080:80" + volumes: + - vaultwarden_data:/data + environment: + - ADMIN_TOKEN=${SECRET:vaultwarden-admin-token} + - WEBSOCKET_ENABLED=true + - SIGNUPS_ALLOWED=false + networks: + - vaultwarden-network + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/alive"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + +volumes: + vaultwarden_data: + +networks: + vaultwarden-network: + driver: bridge diff --git a/stacks/monitoring/grafana/README.md b/stacks/monitoring/grafana/README.md new file mode 100644 index 0000000..ad68acd --- /dev/null +++ b/stacks/monitoring/grafana/README.md @@ -0,0 +1,74 @@ +# Grafana + +📊 **Dashboards & Visualisierung** + +Grafana ist eine Open-Source-Plattform für Datenvisualisierung. + +--- + +## 🚀 Quick Start + +1. **In Komodo:** Stack auswählen → Deploy +2. **Server wählen** +3. **Warten** bis Container läuft +4. **Caddy Config** hinzufügen +5. **Öffnen** und einloggen (admin/admin) + +--- + +## 🔧 Caddy Integration + +```bash +ssh +sudo nano /etc/caddy/Caddyfile +``` + +Hinzufügen: +```caddyfile +grafana.example.com { + reverse_proxy localhost:3000 +} +``` + +```bash +sudo systemctl reload caddy +``` + +--- + +## 🔐 Secrets (Komodo) + +| Secret Name | Beschreibung | Beispiel | +|-------------|--------------|----------| +| `grafana-admin-user` | Admin Username | `admin` | +| `grafana-admin-pass` | Admin Password | `sicheres-passwort` | + +--- + +## 📁 Files + +- `compose.yml` - Docker Compose Konfiguration + +--- + +## 📊 Datenquellen + +Nach dem ersten Login: +1. **Configuration → Data Sources** +2. **Add data source** +3. **Prometheus** auswählen +4. URL: `http://prometheus:9090` (wenn auf gleichem Server: `http://localhost:9090`) +5. **Save & Test** + +--- + +## 🔄 Updates + +Wird automatisch aktuell gehalten durch Komodo. + +--- + +## 📞 Support + +- **Docs:** https://grafana.com/docs +- **GitHub:** https://github.com/grafana/grafana diff --git a/stacks/monitoring/grafana/compose.yml b/stacks/monitoring/grafana/compose.yml new file mode 100644 index 0000000..95d5cb2 --- /dev/null +++ b/stacks/monitoring/grafana/compose.yml @@ -0,0 +1,30 @@ +services: + grafana: + image: grafana/grafana:latest + container_name: grafana + restart: unless-stopped + ports: + - "127.0.0.1:3000:3000" + volumes: + - grafana_data:/var/lib/grafana + - grafana_config:/etc/grafana + environment: + - GF_SECURITY_ADMIN_USER=${SECRET:grafana-admin-user} + - GF_SECURITY_ADMIN_PASSWORD=${SECRET:grafana-admin-pass} + - GF_USERS_ALLOW_SIGN_UP=false + networks: + - monitoring + healthcheck: + test: ["CMD-SHELL", "wget --spider -q http://localhost:3000/api/health || exit 1"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 30s + +volumes: + grafana_data: + grafana_config: + +networks: + monitoring: + driver: bridge diff --git a/stacks/monitoring/node-exporter/README.md b/stacks/monitoring/node-exporter/README.md new file mode 100644 index 0000000..caf9321 --- /dev/null +++ b/stacks/monitoring/node-exporter/README.md @@ -0,0 +1,63 @@ +# Node Exporter + +📈 **System-Metriken für Prometheus** + +Node Exporter sammelt Hardware- und Betriebssystem-Metriken. + +--- + +## 🚀 Quick Start + +1. **In Komodo:** Stack auswählen → Deploy +2. **Server wählen** (wo Prometheus läuft) +3. **Warten** bis Container läuft +4. **In Prometheus** als Target hinzufügen + +--- + +## 🔧 Prometheus Integration + +In Prometheus Config (`prometheus.yml`): + +```yaml +scrape_configs: + - job_name: 'node-exporter' + static_configs: + - targets: ['localhost:9100'] +``` + +--- + +## 🔐 Secrets + +Keine Secrets erforderlich. + +--- + +## 📁 Files + +- `compose.yml` - Docker Compose Konfiguration + +--- + +## 📊 Metriken + +Node Exporter exposed Metriken auf Port 9100: +- CPU Usage +- Memory Usage +- Disk I/O +- Network I/O +- System Load + +--- + +## 🔄 Updates + +Wird automatisch aktuell gehalten durch Komodo. + +--- + +## 📞 Support + +- **GitHub:** https://github.com/prometheus/node_exporter +- **Docs:** https://prometheus.io/docs/guides/node-exporter/ diff --git a/stacks/monitoring/node-exporter/compose.yml b/stacks/monitoring/node-exporter/compose.yml new file mode 100644 index 0000000..e15f902 --- /dev/null +++ b/stacks/monitoring/node-exporter/compose.yml @@ -0,0 +1,28 @@ +services: + node-exporter: + image: prom/node-exporter:latest + container_name: node-exporter + restart: unless-stopped + ports: + - "127.0.0.1:9100:9100" + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /:/rootfs:ro + command: + - '--path.procfs=/host/proc' + - '--path.sysfs=/host/sys' + - '--path.rootfs=/rootfs' + - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' + networks: + - monitoring + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://localhost:9100/metrics"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + +networks: + monitoring: + driver: bridge diff --git a/stacks/monitoring/prometheus/README.md b/stacks/monitoring/prometheus/README.md new file mode 100644 index 0000000..c454fc5 --- /dev/null +++ b/stacks/monitoring/prometheus/README.md @@ -0,0 +1,69 @@ +# Prometheus + +📊 **Monitoring & Alerting** + +Prometheus ist ein Open-Source-Monitoring- und Alerting-System. + +--- + +## 🚀 Quick Start + +1. **In Komodo:** Stack auswählen → Deploy +2. **Server wählen** +3. **Warten** bis Container läuft +4. **Caddy Config** hinzufügen +5. **Öffnen** unter `prometheus.example.com` + +--- + +## 🔧 Caddy Integration + +```bash +ssh +sudo nano /etc/caddy/Caddyfile +``` + +Hinzufügen: +```caddyfile +prometheus.example.com { + reverse_proxy localhost:9090 +} +``` + +```bash +sudo systemctl reload caddy +``` + +--- + +## 🔐 Secrets (Komodo) + +Keine Secrets erforderlich für Basis-Installation. + +--- + +## 📁 Files + +- `compose.yml` - Docker Compose Konfiguration + +--- + +## 📊 Prometheus UI + +- **URL:** http://localhost:9090 +- **Query Browser:** `/graph` +- **Alerts:** `/alerts` +- **Targets:** `/targets` + +--- + +## 🔄 Updates + +Prometheus wird automatisch aktuell gehalten durch Komodo. + +--- + +## 📞 Support + +- **Docs:** https://prometheus.io/docs +- **GitHub:** https://github.com/prometheus/prometheus diff --git a/stacks/monitoring/prometheus/compose.yml b/stacks/monitoring/prometheus/compose.yml new file mode 100644 index 0000000..9b243a8 --- /dev/null +++ b/stacks/monitoring/prometheus/compose.yml @@ -0,0 +1,32 @@ +services: + prometheus: + image: prom/prometheus:latest + container_name: prometheus + restart: unless-stopped + ports: + - "127.0.0.1:9090:9090" + volumes: + - prometheus_data:/prometheus + - prometheus_config:/etc/prometheus + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--storage.tsdb.retention.time=15d' + - '--web.console.libraries=/etc/prometheus/console_libraries' + - '--web.console.templates=/etc/prometheus/consoles' + networks: + - monitoring + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://localhost:9090/-/healthy"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + +volumes: + prometheus_data: + prometheus_config: + +networks: + monitoring: + driver: bridge