Initial configuration

.gitignore

@@ -0,0 +1,2 @@
+secrets/
+.env

README.md

@@ -0,0 +1,44 @@
+# Configuration steps
+
+## 1. Install [NixOS](https://nixos.org/)
+
+Follow the steps from the [NixOS Manual Installation](https://nixos.org/manual/nixos/stable/#sec-installation-manual)
+
+> At the edit configuration.nix step you must:
+>
+> - Add a user to the configuration file and set a password
+> - Enable openssh
+
+## 2. Configuring flake
+
+1. Clone this repository
+2. Copy hardware configuration to host<br>
+   `cp /etc/nixos/hardware-configuration.nix ~/nix/hosts/<host>/hardware-configuration.nix`
+3. Rebuild system
+   `sudo nixos-rebuild switch --flake .#<host>`
+4. Rebuild home-manager
+   `home-manager switch --flake .#<user>@<host>`
+5. Reboot
+
+## 3. Configuring docker containers
+
+1. Create proxy network<br>
+   `docker network create proxy`
+
+2. Configure [Adguard](./adguard/README.md)
+3. Configure [Caddy](./caddy/README.md)
+4. Configure [Authelia](./authelia/README.md)
+5. Configure the rest of the services
+
+# Services
+
+| Name    | Use            | Domain                        | Auth   |
+| ------- | -------------- | ----------------------------- | ------ |
+| Adguard | DNS            | https://adguard.timo.bmrs.nl/ | local  |
+| Caddy   | Reverse proxy  | -                             | -      |
+| Forgejo | Git            | https://git.timo.bmrs.nl/     | Openid |
+| Ldap    | User directory | https://ldap.timo.bmrs.nl/    | -      |
+
+# Services to try out
+
+- [Beszel](https://github.com/henrygd/beszel)

adguard/README.md

@@ -0,0 +1,7 @@
+# Adguard Home
+
+1. Temporaraly edit ports in docker-compose file to setup
+2. Configuration screen<br>
+   1. Change listen interface to port 3000
+3. Add DNS rewrite for *.timo.bmrs.nl
+4. Delete temporaraly port edit in docker-compose

adguard/docker-compose.yml

@@ -0,0 +1,21 @@
+services:
+  adguardhome:
+    image: adguard/adguardhome:latest
+    container_name: adguardhome
+    restart: unless-stopped
+    ports:
+      - 53:53/tcp
+      - 53:53/udp
+      # - 80:3000 # Only use during setup
+    volumes:
+      - work:/opt/adguardhome/work
+      - conf:/opt/adguardhome/conf
+
+volumes:
+  work:
+  conf:
+
+networks:
+  default:
+    name: proxy
+    external: true

authelia/.gitignore

@@ -0,0 +1 @@
+keys/

authelia/README.md

@@ -0,0 +1,13 @@
+# Authelia
+
+1. Edit environment variables.
+   1. For HMAC_SECRET, JWT_SECRET, ADMIN_PASSWORD, SESSION_SECRET, STORAGE_ENCRYPTION_KEY, LLDAP_KEY_SEED use an random alphanumeric string of at least 64 characters
+   2. For CLIENT_SECRET, CLIEND_ID: [Generate client identifier](https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-a-client-identifier-or-client-secret)
+      1. Use single quotes for the client secret
+
+2. Generate PAM file using and save it to the /config/keys directory: [Generating keypair](https://www.authelia.com/reference/guides/generating-secure-values/#generating-an-rsa-keypair)
+   1. Save the random password
+
+3. Configure LLDAP
+   1. Create a user in LLDAP with the group: lldap_password_manager
+   2. Create groups: forgejo

authelia/docker-compose.yml

@@ -0,0 +1,44 @@
+services:
+  authelia:
+    image: authelia/authelia:latest
+    container_name: authelia
+    restart: unless-stopped
+    depends_on:
+      - lldap
+    volumes:
+      - ./config/configuration.yml:/config/configuration.yml
+      - ./config/keys:/keys
+      - data_authelia:/config
+    environment:
+      X_AUTHELIA_CONFIG_FILTERS: template
+      JWT_SECRET: ${AUTHELIA_JWT_SECRET}
+      SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
+      STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+      AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${LLDAP_ADMIN_PASSWORD}
+      HMAC_SECRET: ${AUTHELIA_HMAC_SECRET}
+      CLIENT_SECRET_FORGEJO: ${AUTHELIA_CLIENT_SECRET_FORGEJO}
+      CLIENT_ID_FORGEJO: ${AUTHELIA_CLIENT_ID_FORGEJO}
+      CLIENT_SECRET_PAPERLESS: ${AUTHELIA_CLIENT_SECRET_PAPERLESS}
+      CLIENT_ID_PAPERLESS: ${AUTHELIA_CLIENT_ID_PAPERLESS}
+
+  lldap:
+    image: lldap/lldap:latest
+    container_name: lldap
+    restart: unless-stopped
+    volumes:
+      - data_lldap:/data
+    environment:
+      LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
+      LLDAP_KEY_SEED: ${LLDAP_KEY_SEED}
+      LLDAP_LDAP_BASE_DN: dc=bmrs,dc=nl
+      LLDAP_LDAP_USER_PASS: ${LLDAP_ADMIN_PASSWORD}
+
+volumes:
+  data_lldap:
+  data_authelia:
+
+networks:
+  default:
+    name: proxy
+    external: true
+

caddy/Dockerfile

@@ -0,0 +1,8 @@
+FROM caddy:2.8-builder AS builder
+
+RUN xcaddy build \
+  --with github.com/caddy-dns/cloudflare
+
+FROM caddy:2.8
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy

caddy/README.md

@@ -0,0 +1,4 @@
+# Caddy reverse proxy
+
+1. Obtain cloudflare tokens: [Caddy Cloudflare](https://github.com/caddy-dns/cloudflare)
+2. Set environment variables

caddy/caddyfiles/Caddyfile

@@ -0,0 +1,21 @@
+localhost {
+	respond "Hello world!"
+}
+
+
+*.timo.bmrs.nl timo.bmrs.nl {
+	tls {
+		dns cloudflare {
+			zone_token {env.CF_ZONE_TOKEN}
+			api_token {env.CF_API_TOKEN}
+		}
+		resolvers 1.1.1.1
+	}
+
+	forward_auth authelia:9091 {
+		uri /api/authz/forward-auth
+		copy_headers Remote-User Remote-Groups Remote-Email Remote-Name		
+	}
+
+	import routes/*
+}

caddy/caddyfiles/routes/adguard

@@ -0,0 +1,4 @@
+@adguard host adguard.timo.bmrs.nl
+handle @adguard {
+	reverse_proxy adguardhome:3000
+}

caddy/caddyfiles/routes/authelia

@@ -0,0 +1,9 @@
+@ldap host ldap.timo.bmrs.nl
+handle @ldap {
+	reverse_proxy lldap:17170
+}
+
+@authelia host auth.timo.bmrs.nl
+handle @authelia {
+	reverse_proxy authelia:9091
+}

caddy/caddyfiles/routes/dozzle

@@ -0,0 +1,9 @@
+@dozzle host dozzle.timo.bmrs.nl
+handle @dozzle {
+	forward_auth authelia:9091 {
+		uri /api/authz/forward-auth
+		copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+	}
+
+	reverse_proxy dozzle:8080
+}

caddy/caddyfiles/routes/forgejo

@@ -0,0 +1,4 @@
+@forgejo host git.timo.bmrs.nl
+handle @forgejo {
+	reverse_proxy forgejo:3000
+}

caddy/caddyfiles/routes/homeassistant

@@ -0,0 +1,4 @@
+@homeassistant host homeassistant.timo.bmrs.nl
+handle @homeassistant {
+	reverse_proxy homeassistant:8123
+}

caddy/caddyfiles/routes/homepage

@@ -0,0 +1,4 @@
+@homepage host home.timo.bmrs.nl
+handle @homepage {
+	reverse_proxy homepage:3000
+}

caddy/caddyfiles/routes/immich

@@ -0,0 +1,4 @@
+@immich host immich.timo.bmrs.nl
+handle @immich {
+	reverse_proxy immich:2283
+}

caddy/caddyfiles/routes/nextcloud

@@ -0,0 +1,12 @@
+@nextcloud host cloud.timo.bmrs.nl
+handle @nextcloud {
+	redir /.well-known/carddav /remote.php/dav/ 301
+    redir /.well-known/caldav /remote.php/dav/ 301
+
+	reverse_proxy nextcloud:80
+}
+
+@office host office.timo.bmrs.nl
+handle @office {
+	reverse_proxy nextcloud-office:9980
+}

caddy/caddyfiles/routes/paperless-ngx

@@ -0,0 +1,4 @@
+@paperless-ngx host paperless.timo.bmrs.nl
+handle @paperless-ngx {
+	reverse_proxy paperless-ngx:8000
+}

caddy/caddyfiles/routes/searxng

@@ -0,0 +1,4 @@
+@searxng host search.timo.bmrs.nl
+handle @searxng {
+	reverse_proxy searxng:8080
+}

caddy/caddyfiles/routes/uptime-kuma

@@ -0,0 +1,4 @@
+@uptime-kuma host uptime.timo.bmrs.nl
+handle @uptime-kuma {
+	reverse_proxy uptime-kuma:3001
+}

caddy/caddyfiles/routes/vaultwarden

@@ -0,0 +1,4 @@
+@vaultwarden host bitwarden.timo.bmrs.nl
+handle @vaultwarden {
+	reverse_proxy vaultwarden:80
+}

caddy/docker-compose.yml

@@ -0,0 +1,33 @@
+services:
+  caddy:
+    build: .
+    container_name: caddy
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+    ports:
+      - 80:80
+      - 443:443
+      - 443:443/udp
+    volumes:
+      - data:/data
+      - config:/config
+      - ./caddyfiles:/etc/caddy/
+    environment:
+      CF_ZONE_TOKEN: ${CF_ZONE_TOKEN}
+      CF_API_TOKEN: ${CF_API_TOKEN}
+    networks:
+      proxy:
+        aliases:
+          - auth.timo.bmrs.nl
+          - cloud.timo.bmrs.nl
+          - office.timo.bmrs.nl
+
+volumes:
+  data:
+  config:
+
+networks:
+  proxy:
+    name: proxy
+    external: true

dozzle/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  dozzle:
+    image: amir20/dozzle:latest
+    container_name: dozzle
+    restart: unless-stopped
+    volumes:
+      - /run/user/1000/docker.sock:/var/run/docker.sock:ro
+    environment:
+      DOZZLE_ENABLE_ACTIONS: true
+      DOZZLE_AUTH_PROVIDER: forward-proxy
+
+networks:
+  default:
+    external: true
+    name: proxy

forgejo/docker-compose.yml

@@ -0,0 +1,40 @@
+services:
+  forgejo:
+    image: codeberg.org/forgejo/forgejo:9
+    container_name: forgejo
+    restart: unless-stopped
+    depends_on:
+      - db
+    ports:
+      - 222:22
+    volumes:
+      - data:/data
+      - ./config/app.ini:/etc/forgejo/app.ini
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro 
+    environment:
+      FORGEJO__database__DB_TYPE: postgres
+      FORGEJO__database__HOST: "forgejo-db"
+      FORGEJO__database__NAME: forgejo
+      FORGEJO__database__USER: forgejo
+      FORGEJO__database__PASSWD: ${DB_PASSWORD}
+  
+  db:
+    image: postgres:14
+    container_name: forgejo-db
+    restart: unless-stopped
+    volumes:
+      - data_db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: forgejo
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGES_DB: forgejo
+
+volumes:
+  data:
+  data_db:
+
+networks:
+  default:
+    name: proxy
+    external: true

homeassistant/config/configuration.yaml

@@ -0,0 +1,15 @@
+# Loads default set of integrations. Do not remove.
+default_config:
+
+# Load frontend themes from the themes folder
+frontend:
+  themes: !include_dir_merge_named themes
+
+automation: !include automations.yaml
+script: !include scripts.yaml
+scene: !include scenes.yaml
+
+http:
+  use_x_forwarded_for: true
+  trusted_proxies:
+    - 172.18.0.0/24

homeassistant/docker-compose.yml

@@ -0,0 +1,17 @@
+services:
+  homeassistant:
+    image: ghcr.io/home-assistant/home-assistant:stable
+    container_name: homeassistant
+    restart: unless-stopped
+    volumes:
+      - config:/config
+      - ./config/configuration.yaml:/config/configuration.yaml
+      - /etc/localtime:/etc/localtime:ro
+
+volumes:
+  config:
+
+networks:
+  default:
+    name: proxy
+    external: true

homepage/config/.gitignore

@@ -0,0 +1 @@
+logs/

homepage/config/bookmarks.yaml

@@ -0,0 +1,3 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/configs/bookmarks

homepage/config/docker.yaml

@@ -0,0 +1,10 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/configs/docker/
+
+# my-docker:
+#   host: 127.0.0.1
+#   port: 2375
+
+docker:
+  socket: /var/run/docker.sock

homepage/config/kubernetes.yaml

@@ -0,0 +1,2 @@
+---
+# sample kubernetes config

homepage/config/services.yaml

@@ -0,0 +1,56 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/configs/services
+
+- Primary Services:
+    - Adguard:
+        href: https://adguard.timo.bmrs.nl/
+        description: DNS
+        icon: adguard-home
+        server: docker
+        container: adguardhome
+        widget:
+            type: adguard
+            url: http://adguardhome:3000
+            username: xeovalyte
+            password: {{HOMEPAGE_VAR_ADGUARD_PASSWORD}}
+
+    - Forgejo:
+        href: https://git.timo.bmrs.nl/
+        description: Git
+        icon: forgejo
+        server: docker
+        container: forgejo
+
+    - Uptime Kuma:
+        href: https://uptime.timo.bmrs.nl/
+        description: Uptime monitoring
+        icon: uptime-kuma
+        server: docker
+        container: uptime-kuma
+
+    - Vaultwarden:
+        href: https://bitwarden.timo.bmrs.nl/
+        description: Password manager
+        icon: bitwarden
+        server: docker
+        container: vaultwarden
+
+- Backend Services:
+    - Authelia:
+        description: SSO
+        icon: authelia
+        server: docker
+        container: authelia
+    
+    - Caddy:
+        description: Reverse proxy
+        icon: caddy
+        server: docker
+        container: caddy
+
+    - LLDAP:
+        description: Active directory
+        href: https://ldap.timo.bmrs.nl/
+        server: docker
+        container: lldap

homepage/config/settings.yaml

@@ -0,0 +1,21 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/configs/settings
+
+providers:
+  openweathermap: openweathermapapikey
+  weatherapi: weatherapiapikey
+
+title: Xeovalyte's Dashboard
+color: slate
+
+headerStyle: boxedWidgets
+
+layout:
+  Primary Services:
+    style: row
+    columns: 3
+
+  Backend Services:
+    style: row
+    columns: 4

homepage/config/widgets.yaml

@@ -0,0 +1,12 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/configs/service-widgets
+
+- resources:
+    cpu: true
+    memory: true
+    disk: /
+
+- search:
+    provider: duckduckgo
+    target: _blank

homepage/docker-compose.yml

@@ -0,0 +1,19 @@
+services:
+  homepage:
+    image: ghcr.io/gethomepage/homepage:latest
+    container_name: homepage
+    restart: unless-stopped
+    volumes:
+      - ./config:/app/config
+      - logs:/app/config/logs
+      - /run/user/1000/docker.sock:/var/run/docker.sock
+    environment:
+      HOMEPAGE_VAR_ADGUARD_PASSWORD: $ADGUARD_PASSWORD
+
+volumes:
+  logs:
+
+networks:
+  default:
+    name: proxy
+    external: true

immich/docker-compose.yml

@@ -0,0 +1,78 @@
+services:
+  immich:
+    image: ghcr.io/immich-app/immich-server:release
+    container_name: immich
+    restart: unless-stopped
+    volumes:
+      - data:/usr/src/app/upload
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      DB_HOSTNAME: "immich-db"
+    env_file:
+      - .env
+    depends_on:
+      - redis
+      - db
+
+  immich-machine-learning:
+    image: ghcr.io/immich-app/immich-machine-learning:release
+    container_name: immich-machine-learning
+    restart: unless-stopped
+    volumes:
+      - cache:/cache
+    env_file:
+      - .env
+
+  redis:
+    image: docker.io/redis:6.2-alpine@sha256:2ba50e1ac3a0ea17b736ce9db2b0a9f6f8b85d4c27d5f5accc6a416d8f42c6d5
+    container_name: immich-redis
+    restart: unless-stopped
+    healthcheck:
+      test: redis-cli ping || exit 1
+    volumes:
+      - data_redis:/data
+
+  db:
+    image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
+    container_name: immich-db
+    restart: unless-stopped
+    volumes:
+      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
+      - data_db:/var/lib/postgresql/data
+    healthcheck:
+      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
+      interval: 5m
+      start_interval: 30s
+      start_period: 5m
+    command:
+      [
+        'postgres',
+        '-c',
+        'shared_preload_libraries=vectors.so',
+        '-c',
+        'search_path="$$user", public, vectors',
+        '-c',
+        'logging_collector=on',
+        '-c',
+        'max_wal_size=2GB',
+        '-c',
+        'shared_buffers=512MB',
+        '-c',
+        'wal_compression=on',
+      ]
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_INITDB_ARGS: '--data-checksums'
+
+volumes:
+  data:
+  data_db:
+  data_redis:
+  cache:
+
+networks:
+  default:
+    name: proxy
+    external: true

nextcloud/README.md

@@ -0,0 +1,4 @@
+# Nextcloud
+
+1. Configure environment variables
+2. Update office configuration

nextcloud/docker-compose.yml

@@ -0,0 +1,54 @@
+services:
+  nextcloud:
+    image: nextcloud:apache
+    container_name: nextcloud
+    restart: unless-stopped
+    volumes:
+      - data:/var/www/html
+    environment:
+      POSTGRES_HOST: nextcloud-db
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: nextcloud
+      POSTGRES_USER: nextcloud
+      REDIS_HOST: nextcloud-redis
+      TRUSTED_PROXIES: "172.23.0.0/24"
+    depends_on:
+      - db
+      - redis
+
+  db:
+    image: postgres:16
+    container_name: nextcloud-db
+    restart: unless-stopped
+    volumes:
+      - data_db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: nextcloud
+      POSTGRES_USER: nextcloud
+
+  redis:
+    image: redis:alpine
+    container_name: nextcloud-redis
+    restart: unless-stopped
+    volumes:
+      - data_redis:/data
+
+  office:
+    image: collabora/code
+    container_name: nextcloud-office
+    restart: unless-stopped
+    environment:
+      DOMAIN: "cloud.timo.bmrs.nl"
+      extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
+
+
+volumes:
+  data:
+  data_db:
+  data_redis:
+
+networks:
+  default:
+    name: proxy
+    external: true

paperless-ngx/README.md

@@ -0,0 +1,3 @@
+# Paperless NGX
+- Create super user: `docker compose exec paperless-ngx python3 manage.py createsuperuser`
+- Follow [Paperless wiki](https://www.authelia.com/integration/openid-connect/paperless/) for configuring oauth

paperless-ngx/docker-compose.yml

@@ -0,0 +1,50 @@
+services:
+  paperless-ngx:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    container_name: paperless-ngx
+    restart: unless-stopped
+    depends_on:
+      - broker
+      - db
+    volumes:
+      - data:/usr/src/paperless/data
+      - media:/usr/src/paperless/media
+    environment:
+      PAPERLESS_REDIS: redis://paperless-ngx-broker:6379
+      PAPERLESS_DBHOST: paperless-ngx-db
+      PAPERLESS_DBPASS: ${POSTGRES_PASSWORD}
+      PAPERLESS_URL: https://paperless.timo.bmrs.nl
+
+      PAPERLESS_DISABLE_REGULAR_LOGIN: true
+      PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: ${PAPERLESS_SOCIALACCOUNT_PROVIDERS}
+
+  broker:
+    image: docker.io/library/redis:7
+    container_name: paperless-ngx-broker
+    restart: unless-stopped
+    volumes:
+      - data_redis:/data
+
+  db:
+    image: docker.io/library/postgres:16
+    container_name: paperless-ngx-db
+    restart: unless-stopped
+    volumes:
+      - data_db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: paperless
+      POSTGRES_USER: paperless
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+
+
+volumes:
+  data:
+  data_db:
+  data_redis:
+  media:
+
+networks:
+  default:
+    name: proxy
+    external: true

searxng/config/uwsgi.ini

@@ -0,0 +1,54 @@
+[uwsgi]
+# Who will run the code
+uid = searxng
+gid = searxng
+
+# Number of workers (usually CPU count)
+# default value: %k (= number of CPU core, see Dockerfile)
+workers = %k
+
+# Number of threads per worker
+# default value: 4 (see Dockerfile)
+threads = 4
+
+# The right granted on the created socket
+chmod-socket = 666
+
+# Plugin to use and interpreter config
+single-interpreter = true
+master = true
+plugin = python3
+lazy-apps = true
+enable-threads = 4
+
+# Module to import
+module = searx.webapp
+
+# Virtualenv and python path
+pythonpath = /usr/local/searxng/
+chdir = /usr/local/searxng/searx/
+
+# automatically set processes name to something meaningful
+auto-procname = true
+
+# Disable request logging for privacy
+disable-logging = true
+log-5xx = true
+
+# Set the max size of a request (request-body excluded)
+buffer-size = 8192
+
+# No keep alive
+# See https://github.com/searx/searx-docker/issues/24
+add-header = Connection: close
+
+# Follow SIGTERM convention
+# See https://github.com/searxng/searxng/issues/3427
+die-on-term
+
+# uwsgi serves the static files
+static-map = /static=/usr/local/searxng/searx/static
+# expires set to one day
+static-expires = /* 86400
+static-gzip-all = True
+offload-threads = 4

searxng/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  searxng:
+    image: searxng/searxng
+    container_name: searxng
+    restart: unless-stopped
+    volumes:
+      - ./config:/etc/searxng
+    environment:
+      BASE_URL: "https://search.timo.bmrs.nl/"
+      SEARXNG_SECRET: "PO8rO5ZW7K67sroemisMS8wpiq5pXEHecvXzGs4CdAgTQIQvAI09m65vFKGVVkZW"
+
+networks:
+  default:
+    external: true
+    name: proxy

uptime-kuma/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:1
+    container_name: uptime-kuma
+    restart: unless-stopped
+    volumes:
+      - data:/app/data
+
+volumes:
+  data:
+
+networks:
+  default:
+    name: proxy
+    external: true

vaultwarden/docker-compose.yml

@@ -0,0 +1,17 @@
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: unless-stopped
+    volumes:
+      - data:/data
+    environment:
+      SIGNUPS_ALLOWED: "true"
+
+volumes:
+  data:
+
+networks:
+  default:
+    name: proxy
+    external: true