Initial Commit

README.md

@@ -0,0 +1,27 @@
+# serversetups
+
+Repository, that lists all servers and services, that are running on a server
+
+
+## RS01
+
+- [x] gitea (Http Port 3000, SSH Port 2222)
+- [x] gitea-act-runners
+- [x] bitwarden (Port 4065)
+- [x] proton mail bridge shenxn
+- [ ] Sonarqube
+- [ ] OpenFaas (Only for testing, if with user without root works)
+
+## RS02
+
+? OpenStack
+? OpenFaas
+
+## OwnNas
+
+-> NextCloud
+
+-> OpenStack
+
+-> Whatever else, that is cool
+

docker-compose-files/ghost-docker-compose.yml

@@ -0,0 +1,34 @@
+version: '3.1'
+
+services:
+
+  ghost:
+    image: ghost:5-alpine
+    restart: always
+    ports:
+      - 8080:2368
+    environment:
+      # see https://ghost.org/docs/config/#configuration-options
+      database__client: mysql
+      database__connection__host: db
+      database__connection__user: root
+      database__connection__password: example
+      database__connection__database: ghost
+      # this url value is just an example, and is likely wrong for your environment!
+      url: http://localhost:8080
+      # contrary to the default mentioned in the linked documentation, this image defaults to NODE_ENV=production (so development mode needs to be explicitly specified if desired)
+      #NODE_ENV: development
+    volumes:
+      - ghost:/var/lib/ghost/content
+
+  db:
+    image: mysql:8.0
+    restart: always
+    environment:
+      MYSQL_ROOT_PASSWORD: example
+    volumes:
+      - db:/var/lib/mysql
+
+volumes:
+  ghost:
+  db:

docker-compose-files/gitea-act-runner-docker-compose.yml

@@ -0,0 +1,14 @@
+version: "3.8"
+services:
+  runner:
+    image: gitea/act_runner:latest
+    environment:
+      CONFIG_FILE: /config.yaml
+      GITEA_INSTANCE_URL: "https://gitea.mikepziegler.com"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "[token from gitea]"
+      GITEA_RUNNER_NAME: "runner-1"
+      GITEA_RUNNER_LABELS: "ubuntu-latest"
+    volumes:
+      - ./config.yaml:/config.yaml
+      - ./data:/data
+      - /var/run/docker.sock:/var/run/docker.sock

docker-compose-files/gitea-docker-compose.yml

@@ -0,0 +1,34 @@
+networks:
+  gitea_net: {}
+
+services:
+  server:
+    image: gitea/gitea:1.21.7
+    container_name: gitea
+    environment:
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=db:5432
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=gitea
+    restart: always
+    volumes:
+      - ./gitea:/data
+      - /home/git/.ssh/:/data/git/.ssh
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "2222:22"
+    depends_on:
+      - db
+
+  db:
+    image: postgres:14
+    restart: always
+    environment:
+      - POSTGRES_USER=gitea
+      - POSTGRES_PASSWORD=gitea
+      - POSTGRES_DB=gitea
+    volumes:
+      - ./postgres:/var/lib/postgresql/data

docker-compose-files/vaultwarden-docker-compose.yml

@@ -0,0 +1,46 @@
+
+networks:
+  vw_net: {}
+
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    restart: unless-stopped
+    volumes:
+      - ./vw-data:/data
+    environment:
+      DOMAIN: "https://pass.mikepziegler.com"
+      DATABASE_URL: "postgresql://vaultwarden:x93tFoDo0JBw9osv3vDZRFn0B8LQncznqCS81Lt3uCC719RspWIyKaOFLNq6PPT@db:5432/vault"
+      ADMIN_TOKEN: "HPxKlwoT4AfxDnVURU0ArnpFCmusaRcuN4pBjKTO"
+      WEBSOCKET_ENABLED: "true"
+      SIGNUPS_ALLOWED: "true" # Turn to false when already registered
+        # SIGNUPS_VERIFY: "true"
+    ports:
+      - "4056:80"
+    depends_on:
+      - db
+    networks:
+      - vw_net
+
+  db:
+    image: postgres:13
+    container_name: vw_postgres
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=vaultwarden
+      - POSTGRES_PASSWORD=x93tFoDo0JBw9osv3vDZRFn0B8LQncznqCS81Lt3uCC719RspWIyKaOFLNq6PPT
+      - POSTGRES_DB=vault
+    volumes:
+      - ./postgres-data:/var/lib/postgresql/data
+    expose:
+      - "5432"  # optional: visible to vaultwarden on vw_net only
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB -h 127.0.0.1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - vw_net
+
+
+  

docker-installation.md

@@ -0,0 +1,27 @@
+## Setup Docker
+
+```shell
+for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done
+```
+
+```shell
+# Add Docker's official GPG key:
+sudo apt-get update
+sudo apt-get install ca-certificates curl gnupg
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+# Add the repository to Apt sources:
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo apt-get update
+
+```
+
+```shell
+sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+sudo docker run hello-world
+```

firewall-setup.md

@@ -0,0 +1,18 @@
+# Setup Firewall
+
+```shell
+sudo apt-get install ufw
+sudo ufw enable
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+
+sudo ufw allow http
+sudo ufw allow https
+sudo ufw allow ssh
+sudo ufw allow 2222/tcp
+
+sudo ufw reload
+```
+
+To check `sudo ufw status`
+

interesting-services/CapRover.md

@@ -0,0 +1,23 @@
+# CapRover:
+[Link to CapRover](https://caprover.com/docs/get-started.html)
+
+!Generated by ChatGPT 4!
+
+CapRover is an open-source platform that simplifies server management and application deployment. It acts as an automation layer on top of Docker, allowing users to easily build, deploy, and scale web applications and services. CapRover provides a user-friendly web interface to manage Docker containers, set up databases, and configure SSL, making it a practical choice for developers looking for a self-hosted PaaS (Platform as a Service) solution.
+
+**Ideal Usage of CapRover:**
+CapRover is ideal for small to medium-sized businesses, developers, and startups that need a straightforward and cost-effective solution for deploying and managing web applications and services. It's especially useful for those who want to:
+
+1. **Automate deployments:** Quick and simple push-to-deploy functionality makes it suitable for continuous integration/continuous deployment (CI/CD) workflows.
+2. **Manage multiple applications:** Easily handle numerous applications on a single server, with the ability to scale and manage resources efficiently.
+3. **Self-host applications:** For organizations preferring to maintain control over their infrastructure and data, it provides a private, self-hosted environment.
+4. **Experiment and develop:** Ideal for development environments where frequent updates and experimental deployments are common.
+
+**When Not to Use CapRover:**
+CapRover might not be the best choice in scenarios such as:
+
+1. **Large-scale enterprise environments:** Enterprises with complex application needs might find CapRover's features limited compared to more robust, enterprise-focused solutions like Kubernetes.
+2. **Highly specialized hosting requirements:** Applications that require specific, advanced configurations or unique scalability requirements might exceed CapRover’s capabilities.
+3. **Complete novice in server management:** While user-friendly, a basic understanding of Docker and server management is beneficial to effectively use CapRover.
+
+Overall, CapRover is excellent for managing a diverse set of applications on a modest scale, but for large-scale, complex deployments, more comprehensive tools might be necessary.

interesting-services/OpenStack.md

@@ -0,0 +1,20 @@
+# OpenStack
+[Link to OpenStack](https://www.openstack.org/)
+
+OpenStack is an open-source cloud computing platform that enables organizations to create and manage large groups of virtual private servers in a data center environment. It offers a flexible solution for handling compute, storage, and networking resources through a dashboard or via the OpenStack API. Primarily used by service providers, enterprises, and government agencies, OpenStack allows users to deploy private or public clouds, helping to drive infrastructure as a service (IaaS) on widely available hardware. It supports scalability and is designed to be modular, so users can tailor their cloud services to meet specific needs.
+
+OpenStack is ideally used in scenarios that demand scalable, flexible, and customizable cloud infrastructure solutions. Its ideal usage contexts include:
+
+1. **Private Clouds:** Organizations looking to build and manage their own cloud infrastructure while maintaining control over privacy, security, and compliance can use OpenStack. It's particularly useful for industries with strict regulatory requirements.
+
+2. **Public Cloud Services:** Service providers can use OpenStack to offer public cloud services that compete with major cloud providers like AWS, Google Cloud, and Microsoft Azure.
+
+3. **Hybrid Clouds:** OpenStack can be integrated with existing public cloud services, providing a hybrid solution that leverages both on-premises resources and the scalability of the public cloud.
+
+4. **Large-scale Data Centers:** It is suitable for managing extensive data centers with high volumes of computing tasks, including big data analytics and high-performance computing.
+
+5. **Research and Academic Projects:** Educational institutions and research projects benefit from OpenStack’s ability to create isolated environments for various projects, facilitating a broad range of research into distributed systems and cloud technologies.
+
+6. **Development and Testing Environments:** Companies can use OpenStack to quickly spin up and tear down environments for application development and testing, ensuring that resources are used efficiently.
+
+OpenStack's versatility makes it particularly valuable for organizations that need a robust, scalable infrastructure without being locked into vendor-specific solutions. However, it requires significant expertise to deploy and manage effectively, making it more suitable for organizations with capable IT departments.

kubectl-installation.md

@@ -0,0 +1 @@
+# 

nginx-configs/default

@@ -0,0 +1,13 @@
+
+server {
+    listen 80;
+    server_name [domain];
+
+    location / {
+        proxy_pass http://localhost:[PORT];
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

nginx-configs/gitea.mikepziegler.com

@@ -0,0 +1,13 @@
+
+server {
+    listen 80;
+    server_name gitea.mikepziegler.com;
+
+    location / {
+        proxy_pass http://localhost:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

nginx-configs/pass.mikepziegler.com

@@ -0,0 +1,33 @@
+server {
+    listen 80;
+    server_name pass.mike-ziegler.com;
+
+    if ($host = pass.mike-ziegler.com) {
+        return 301 https://$server_name$request_uri;
+    } # managed by Certbot
+
+    return 404; # managed by Certbot
+}
+
+
+server {
+    listen 443 ssl; # managed by Certbot
+    server_name pass.mike-ziegler.com;
+
+    location / {
+        proxy_pass http://localhost:4056;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+    }
+
+    ssl_certificate /etc/letsencrypt/live/pass.mike-ziegler.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/pass.mike-ziegler.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}

nginx-mapping.md

@@ -0,0 +1,15 @@
+# nginx mapping
+
+## RS01
+
+trigger.dev
+
+## RS02
+
+gitea.mikepziegler.com -> 3000
+pass.mikepziegler.com -> 4056
+
+
+## VPS01
+
+mail-api.timo.paris -> 3001

nginx-setup.md

@@ -0,0 +1,62 @@
+# Nginx Setups
+
+Sources:
+
+[Nginx Beginners Guide](http://nginx.org/en/docs/beginners_guide.html)
+[Nginx Config Example](https://www.nginx.com/resources/wiki/start/topics/examples/full/)
+
+
+## 1. Installation
+
+If not installed, execute this:
+
+```bash
+sudo apt install nginx certbot python3-certbot-nginx
+```
+
+## 2. create nginx config
+
+To create a config execute:
+
+```bash
+touch /etc/nginx/sites-available/[SUBDOMAIN].[DOMAIN]
+```
+
+Copy from [the default config](./nginx-configs/default)
+And paste it after executing:
+
+```bash
+nano /etc/nginx/sites-available/[SUBDOMAIN].[DOMAIN]
+```
+
+Dont forget to replace `[PLACEHOLDERS]`
+
+Softlink to sites-enabled
+
+```bash
+sudo ln -s /etc/nginx/sites-available/[SUBDOMAIN].[DOMAIN] /etc/nginx/sites-enabled/
+```
+
+## 3. Check and restart nginx
+
+Test the new config with this command:
+
+```bash
+sudo nginx -t
+```
+
+If successful execute 
+
+```bash
+sudo systemctl restart nginx
+```
+
+## 4. Get https certificate
+
+In Cloudflare or another dns manager add an a record to the ip for creating a sub domain.
+
+After that certify the subdomain with this command.
+
+```bash
+sudo certbot --nginx -d [SUBDOMAIN].[DOMAIN]
+```

ngrok-installation.md

@@ -0,0 +1,6 @@
+curl -sSL https://ngrok-agent.s3.amazonaws.com/ngrok.asc \
+  | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null \
+  && echo "deb https://ngrok-agent.s3.amazonaws.com buster main" \
+  | sudo tee /etc/apt/sources.list.d/ngrok.list \
+  && sudo apt update \
+  && sudo apt install ngrok

port-mapping.md

@@ -0,0 +1,13 @@
+# Port Mapping
+
+## RS01
+
+80 > OpenStack
+
+## RS02
+
+Gitea > 3000
+Vaultwarden > 4056
+
+## VPS01
+

reports/OpenStack.md

@@ -0,0 +1,4 @@
+# OpenStack
+
+Wouldnt recommend unless more resources can be provided towards OpenStack.
+Better recommend ProxMox

reports/Openfaas.md

@@ -0,0 +1,3 @@
+# Openfaas
+
+Too complicated to install...

service-setups/bitwarden-setup.md

@@ -0,0 +1,17 @@
+# Setup Bitwarden
+
+
+## 1. Setting up User
+
+```
+sudo adduser vaultwarden
+sudo usermod -aG docker vaultwarden
+```
+
+## 2. Run Proton-Mail-Bridge
+
+[To Proton Mail Setup](./proton-bridge-setup.md)
+
+## Running Docker compose
+
+[](../docker-compose-files/vaultwarden-docker-compose.yml)

service-setups/gitea-setup.md

@@ -0,0 +1,34 @@
+# Setup Gitea
+
+The installation guide is from [Gitea itself](https://docs.gitea.com/installation/install-with-docker)
+
+## 1. Create user for
+
+```
+sudo adduser git
+sudo usermod -aG docker git
+```
+
+## 2. Run Docker containers
+
+As `git` user
+
+```bash
+mkdir gitea-docker && cd gitea-docker
+touch docker-compose.yml
+```
+
+
+## 3. Create nginx config for gitea
+
+[Link to nginx-config](../nginx-configs/gitea.mike-ziegler.com)
+
+```bash
+sudo certbot --nginx -d gitea.mike-ziegler.com
+```
+
+```shell
+sudo nginx -t 
+```
+
+## Setting up Gitea act runner

service-setups/proton-bridge-setup.md

@@ -0,0 +1,32 @@
+# Setup Proton Bridge
+
+This uses the docker container from `shenxn`
+
+[Link to shenxn/protonmail-bridge-docker](https://github.com/shenxn/protonmail-bridge-docker)
+
+## Setting up user
+
+Setup user `protonmail` 
+
+```
+sudo adduser protonmail
+sudo usermod -aG docker protonmail
+```
+
+## Run 
+
+```
+docker run --rm -it -v protonmail:/root shenxn/protonmail-bridge init
+```
+
+If bridge is already in the docker-compose.yml, use this
+
+```
+docker compose run protonmail-bridge init
+```
+
+This command will map the ports, if ufw is allowing requests to port 25/143
+
+```
+docker run -d --name=protonmail-bridge -v protonmail:/root -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
+```

service-setups/trigger.dev.md

@@ -0,0 +1,7 @@
+# Trigger.dev
+
+## Install single server
+
+
+1. Install Docker
+2. Install docker compose

services-list.md

@@ -0,0 +1,76 @@
+# List of Selfhosted Services
+
+Source: 
+
+[CNCF: Landscape List of Services](https://landscape.cncf.io/?group=projects-and-products&view-mode=card#observability-and-analysis--chaos-engineering)
+
+[]
+
+## Authentication Services
+
+[Authentik: OpenSource Identity Provider](https://docs.goauthentik.io/developer-docs/)
+
+[KeyCloak: OpenSource Identity Provider](https://www.keycloak.org/)
+
+[Supertokens: OpenSource User Authentication](https://supertokens.com/)
+
+## Automation Services
+
+[Ansible: IT Automation building](https://www.ansible.com/)
+
+[ChangeWebsite: Service for detecting changes on websites](https://github.com/dgtlmoon/changedetection.io/?utm_source=coolify.io)
+
+[Duplicati: Automated Backup solution](https://docs.duplicati.com/en/latest/)
+
+## Business Services
+
+[ActivePieces: Business Automation Service !Might not be opensource!](https://www.activepieces.com/)
+
+[AppSmith: Lowcode application Platform for building internal tools](https://docs.appsmith.com/)
+
+[Chatwoot: Selfhosted Customers Relationships](https://www.chatwoot.com/)
+
+[Linkmonk: Newsletter & Mailing list manager](https://listmonk.app/)
+
+[N8N: Most popular Business Automation](https://n8n.io/)
+
+[Plane: Self Hosted Project Management Tool !Might not be opensource!](https://plane.so/)
+
+[Twenty: Self Hosted CRM](https://twenty.com/developers?utm_source=coolify.io)
+
+[Trigger.Dev : ](https://trigger.dev)
+
+## CMS
+
+[Ghost: A CMS for Bloggers and News](https://ghost.org/)
+
+## Database as a Service
+
+[Bytebase: Self Hosting Database Service](https://www.bytebase.com/docs/introduction/what-is-bytebase/)
+
+
+## Infrastructure Services
+
+[Appwrite: Backend-as-a-service, like AWS Lambda or Cloudflare Workers](https://appwrite.io/)
+
+
+[OpenStack]()
+
+[Proxmox]()
+
+[SupaBase: Infrastucture-as-a-Service !Might not be TRUE opensource!](https://supabase.com/docs/guides/self-hosting)
+
+## Platform as a Service
+
+[Coolify: Selfhosted Infrastructure-as-a-Service](https://coolify.io/)
+
+
+
+
+## Web Tools
+
+[Metube: Self Hosted Youtube videos downloader](https://github.com/alexta69/metube)
+
+[Trigger: Background Jobs Framework for Typescript](https://trigger.dev/?utm_source=coolify.io)
+
+[Umami: Self Hosted Web Analytics Tool](https://umami.is/docs)

sources.md

@@ -0,0 +1,7 @@
+# Sources
+
+Open Source, Selfhosted BaaS (Backend as a Service)
+[Link to List](https://gist.github.com/PARC6502/ee4db400a05e6eb6d0981bb8cd4e4c1c)
+
+Open Source, Selhosted Faas/Paas
+[Link to List](https://github.com/guettli/open-source-paas)

todos.md

@@ -0,0 +1,7 @@
+# TODOS
+
+- [] Migrate Bitwarden from RS01 to RS02
+- [] Run OpenFAAS either on RS01 or RS02
+
+
+## Maybes