init commit

2019-10-31 09:12:33 +00:00 · 2019-10-31 09:12:33 +00:00 · 8a7e659acf
commit 8a7e659acf
12 changed files with 790 additions and 0 deletions
--- a/freshrss/docker-compose.yml
+++ b/freshrss/docker-compose.yml
@ -0,0 +1,30 @@
+version: "2"
+services:
+  freshrss:
+    image: linuxserver/freshrss
+    container_name: freshrss
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/London
+    volumes:
+      - freshrss:/config
+    ports:
+      - 8006:80
+    restart: unless-stopped
+
+  db:
+    image: mariadb
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    restart: always
+    volumes:
+      - db:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=<replace>
+      - MYSQL_PASSWORD=<replace>
+      - MYSQL_DATABASE=freshrss
+      - MYSQL_USER=freshrss
+
+volumes:
+  freshrss:
+  db:
--- a/gogs/docker-compose.yml
+++ b/gogs/docker-compose.yml
@ -0,0 +1,42 @@
+version: '2'
+services:
+    db:
+      image: mariadb
+      command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+      restart: always
+      volumes:
+        - db:/var/lib/mysql
+      environment:
+        - MYSQL_ROOT_PASSWORD=<replace>
+        - MYSQL_PASSWORD=<replace>
+        - MYSQL_DATABASE=gogs
+        - MYSQL_USER=gogs
+      networks:
+        - gogs
+    gogs:
+      image: gogs/gogs:latest
+      restart: always
+      ports:
+       - "10022:22"
+       - "8007:3000"
+      links:
+       - db
+      environment:
+       - "RUN_CROND=true"
+      networks:
+       - gogs
+      volumes:
+       - "gogs-data:/data"
+      depends_on:
+       - db
+
+networks:
+    gogs:
+      driver: bridge
+
+volumes:
+    db:
+      driver: local
+    gogs-data:
+      driver: local
+
--- a/grav/docker-compose.yml
+++ b/grav/docker-compose.yml
@ -0,0 +1,16 @@
+version: "3"
+# More info at https://github.com/pi-hole/docker-pi-hole/ 
+# and https://docs.pi-hole.net/
+services:
+  grav:
+    container_name: grav
+    image: grav:latest
+    ports:
+      - "8004:80/tcp"
+    environment:
+      TZ: 'Europe/London'
+    volumes:
+      - 'grav:/var/www/html'
+    restart: unless-stopped
+volumes:
+  grav:
--- a/jitsi/.env
+++ b/jitsi/.env
@ -0,0 +1,253 @@
+#
+# Basic configuration options
+#
+
+# Directory where all configuration will be stored.
+CONFIG=~/.jitsi-meet-cfg
+
+# Exposed HTTP port.
+HTTP_PORT=8001
+
+# Exposed HTTPS port.
+HTTPS_PORT=8002
+
+# System time zone.
+TZ=Europe/London
+
+# Public URL for the web service.
+#PUBLIC_URL="https://meet.example.com"
+
+# IP address of the Docker host. See the "Running on a LAN environment" section
+# in the README.
+#DOCKER_HOST_ADDRESS=192.168.1.1
+
+
+#
+# Let's Encrypt configuration
+#
+
+# Enable Let's Encrypt certificate generation.
+#ENABLE_LETSENCRYPT=1
+
+# Domain for which to generate the certificate.
+#LETSENCRYPT_DOMAIN=meet.example.com
+
+# E-Mail for receiving important account notifications (mandatory).
+#LETSENCRYPT_EMAIL=alice@atlanta.net
+
+
+#
+# Etherpad integration (for document sharing)
+#
+
+# Set etherpad-lite URL (uncomment to enable).
+#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
+
+
+#
+# Basic Jigasi configuration options (needed for SIP gateway support)
+#
+
+# SIP URI for incoming / outgoing calls.
+#JIGASI_SIP_URI=test@sip2sip.info
+
+# Password for the specified SIP account as a clear text
+#JIGASI_SIP_PASSWORD=passw0rd
+
+# SIP server (use the SIP account domain if in doubt).
+#JIGASI_SIP_SERVER=sip2sip.info
+
+# SIP server port
+#JIGASI_SIP_PORT=5060
+
+# SIP server transport
+#JIGASI_SIP_TRANSPORT=UDP
+
+#
+# Authentication configuration (see README for details)
+#
+
+# Enable authentication.
+#ENABLE_AUTH=1
+
+# Enable guest access.
+#ENABLE_GUESTS=1
+
+# Select authentication type: internal, jwt or ldap
+#AUTH_TYPE=internal
+
+# JWT auuthentication
+#
+
+# Application identifier.
+#JWT_APP_ID=my_jitsi_app_id
+
+# Application secret known only to your token.
+#JWT_APP_SECRET=my_jitsi_app_secret
+
+# (Optional) Set asap_accepted_issuers as a comma separated list.
+#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
+
+# (Optional) Set asap_accepted_audiences as a comma separated list.
+#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
+
+
+# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
+#
+
+# LDAP url for connection.
+#LDAP_URL=ldaps://ldap.domain.com/
+
+# LDAP base DN. Can be empty
+#LDAP_BASE=DC=example,DC=domain,DC=com
+
+# LDAP user DN. Do not specify this parameter for the anonymous bind.
+#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
+
+# LDAP user password. Do not specify this parameter for the anonymous bind.
+#LDAP_BINDPW=LdapUserPassw0rd
+
+# LDAP filter. Tokens example:
+# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail.
+# %s - %s is replaced by the complete service string.
+# %r - %r is replaced by the complete realm string.
+#LDAP_FILTER=(sAMAccountName=%u)
+
+# LDAP authentication method
+#LDAP_AUTH_METHOD=bind
+
+# LDAP version
+#LDAP_VERSION=3
+
+# LDAP TLS using
+#LDAP_USE_TLS=1
+
+# List of SSL/TLS ciphers to allow.
+#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
+
+# Require and verify server certificate
+#LDAP_TLS_CHECK_PEER=1
+
+# Path to CA cert file. Used when server sertificate verify is enabled.
+#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
+
+# Path to CA certs directory. Used when server sertificate verify is enabled.
+#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
+
+
+#
+# Advanced configuration options (you generally don't need to change these)
+#
+
+# Internal XMPP domain.
+XMPP_DOMAIN=meet.jitsi
+
+# Internal XMPP server
+XMPP_SERVER=xmpp.meet.jitsi
+
+# Internal XMPP server URL
+XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
+
+# Internal XMPP domain for authenticated services.
+XMPP_AUTH_DOMAIN=auth.meet.jitsi
+
+# XMPP domain for the MUC.
+XMPP_MUC_DOMAIN=muc.meet.jitsi
+
+# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools.
+XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
+
+# XMPP domain for unauthenticated users.
+XMPP_GUEST_DOMAIN=guest.meet.jitsi
+
+# Custom Prosody modules for XMPP_DOMAIN (comma separated)
+XMPP_MODULES=
+
+# Custom Prosody modules for MUC component (comma separated)
+XMPP_MUC_MODULES=
+
+# Custom Prosody modules for internal MUC component (comma separated)
+XMPP_INTERNAL_MUC_MODULES=
+
+# MUC for the JVB pool.
+JVB_BREWERY_MUC=jvbbrewery
+
+# XMPP user for JVB client connections.
+JVB_AUTH_USER=jvb
+
+# XMPP password for JVB client connections.
+JVB_AUTH_PASSWORD=passw0rd
+
+# STUN servers used to discover the server's public IP.
+JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
+
+# Media port for the Jitsi Videobridge
+JVB_PORT=10000
+
+# TCP Fallback for Jitsi Videobridge for when UDP isn't available
+JVB_TCP_HARVESTER_DISABLED=true
+JVB_TCP_PORT=4443
+
+# A comma separated list of APIs to enable when the JVB is started. The default is none.
+# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information
+#JVB_ENABLE_APIS=rest,colibri
+
+# XMPP component password for Jicofo.
+JICOFO_COMPONENT_SECRET=s3cr37
+
+# XMPP user for Jicofo client connections. NOTE: this option doesn't currently work due to a bug.
+JICOFO_AUTH_USER=focus
+
+# XMPP password for Jicofo client connections.
+JICOFO_AUTH_PASSWORD=passw0rd
+
+# XMPP user for Jigasi MUC client connections.
+JIGASI_XMPP_USER=jigasi
+
+# XMPP password for Jigasi MUC client connections.
+JIGASI_XMPP_PASSWORD=passw0rd
+
+# MUC name for the Jigasi pool.
+JIGASI_BREWERY_MUC=jigasibrewery
+
+# Minimum port for media used by Jigasi.
+JIGASI_PORT_MIN=20000
+
+# Maximum port for media used by Jigasi.
+JIGASI_PORT_MAX=20050
+
+# Enable SDES srtp
+#JIGASI_ENABLE_SDES_SRTP=1
+
+# Keepalive method
+#JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS
+
+# Health-check extension
+#JIGASI_HEALTH_CHECK_SIP_URI=keepalive
+
+# Health-check interval
+#JIGASI_HEALTH_CHECK_INTERVAL=300000
+#
+# Enable Jigasi transcription.
+#ENABLE_TRANSCRIPTIONS=1
+
+# Jigasi will recordord an audio when transcriber is on. Default false.
+#JIGASI_TRANSCRIBER_RECORD_AUDIO=true
+
+# Jigasi will send transcribed text to the chat when transcriber is on. Default false.
+#JIGASI_TRANSCRIBER_SEND_TXT=true
+
+# Jigasi post to the chat an url with transcription file. Default false.
+#JIGASI_TRANSCRIBER_ADVERTISE_URL=true
+
+# Credentials for connect to Cloud Google API from Jigasi. Path located inside the container.
+# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
+# section "Before you begin" from 1 to 5 paragraph. Copy the key on
+# the docker host to ${CONFIG}/jigasi/key.json and to enable this setting:
+#GOOGLE_APPLICATION_CREDENTIALS=/config/key.json
+
+# Disable HTTPS. This can be useful if TLS connections are going to be handled outside of this setup.
+#DISABLE_HTTPS=1
+
+# Redirects HTTP traffic to HTTPS. Only works with the standard HTTPS port (443).
+#ENABLE_HTTP_REDIRECT=1
--- a/jitsi/docker-compose.yml
+++ b/jitsi/docker-compose.yml
@ -0,0 +1,144 @@
+version: '3'
+
+services:
+    # Frontend
+    web:
+        image: jitsi/web
+        ports:
+            - '${HTTP_PORT}:80'
+            - '${HTTPS_PORT}:443'
+        volumes:
+            - ${CONFIG}/web:/config
+            - ${CONFIG}/web/letsencrypt:/etc/letsencrypt
+            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
+        environment:
+            - ENABLE_AUTH
+            - ENABLE_GUESTS
+            - ENABLE_LETSENCRYPT
+            - ENABLE_HTTP_REDIRECT
+            - ENABLE_TRANSCRIPTIONS
+            - DISABLE_HTTPS
+            - JICOFO_AUTH_USER
+            - LETSENCRYPT_DOMAIN
+            - LETSENCRYPT_EMAIL
+            - PUBLIC_URL
+            - XMPP_DOMAIN
+            - XMPP_AUTH_DOMAIN
+            - XMPP_BOSH_URL_BASE
+            - XMPP_GUEST_DOMAIN
+            - XMPP_MUC_DOMAIN
+            - ETHERPAD_URL_BASE
+            - TZ
+        networks:
+            meet.jitsi:
+
+    # XMPP server
+    prosody:
+        image: jitsi/prosody
+        expose:
+            - '5222'
+            - '5347'
+            - '5280'
+        volumes:
+            - ${CONFIG}/prosody:/config
+        environment:
+            - AUTH_TYPE
+            - ENABLE_AUTH
+            - ENABLE_GUESTS
+            - GLOBAL_MODULES
+            - GLOBAL_CONFIG
+            - LDAP_URL
+            - LDAP_BASE
+            - LDAP_BINDDN
+            - LDAP_BINDPW
+            - LDAP_FILTER
+            - LDAP_AUTH_METHOD
+            - LDAP_VERSION
+            - LDAP_USE_TLS
+            - LDAP_TLS_CIPHERS
+            - LDAP_TLS_CHECK_PEER
+            - LDAP_TLS_CACERT_FILE
+            - LDAP_TLS_CACERT_DIR
+            - XMPP_DOMAIN
+            - XMPP_AUTH_DOMAIN
+            - XMPP_GUEST_DOMAIN
+            - XMPP_MUC_DOMAIN
+            - XMPP_INTERNAL_MUC_DOMAIN
+            - XMPP_MODULES
+            - XMPP_MUC_MODULES
+            - XMPP_INTERNAL_MUC_MODULES
+            - JICOFO_COMPONENT_SECRET
+            - JICOFO_AUTH_USER
+            - JICOFO_AUTH_PASSWORD
+            - JVB_AUTH_USER
+            - JVB_AUTH_PASSWORD
+            - JIGASI_XMPP_USER
+            - JIGASI_XMPP_PASSWORD
+            - JWT_APP_ID
+            - JWT_APP_SECRET
+            - JWT_ACCEPTED_ISSUERS
+            - JWT_ACCEPTED_AUDIENCES
+            - JWT_ASAP_KEYSERVER
+            - JWT_ALLOW_EMPTY
+            - JWT_AUTH_TYPE
+            - JWT_TOKEN_AUTH_MODULE
+            - LOG_LEVEL
+            - TZ
+        networks:
+            meet.jitsi:
+                aliases:
+                    - ${XMPP_SERVER}
+
+    # Focus component
+    jicofo:
+        image: jitsi/jicofo
+        volumes:
+            - ${CONFIG}/jicofo:/config
+        environment:
+            - ENABLE_AUTH
+            - XMPP_DOMAIN
+            - XMPP_AUTH_DOMAIN
+            - XMPP_INTERNAL_MUC_DOMAIN
+            - XMPP_SERVER
+            - JICOFO_COMPONENT_SECRET
+            - JICOFO_AUTH_USER
+            - JICOFO_AUTH_PASSWORD
+            - JVB_BREWERY_MUC
+            - JIGASI_BREWERY_MUC
+            - TZ
+        depends_on:
+            - prosody
+        networks:
+            meet.jitsi:
+
+    # Video bridge
+    jvb:
+        image: jitsi/jvb
+        ports:
+            - '${JVB_PORT}:${JVB_PORT}/udp'
+            - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
+        volumes:
+            - ${CONFIG}/jvb:/config
+        environment:
+            - DOCKER_HOST_ADDRESS
+            - XMPP_AUTH_DOMAIN
+            - XMPP_INTERNAL_MUC_DOMAIN
+            - XMPP_SERVER
+            - JVB_AUTH_USER
+            - JVB_AUTH_PASSWORD
+            - JVB_BREWERY_MUC
+            - JVB_PORT
+            - JVB_TCP_HARVESTER_DISABLED
+            - JVB_TCP_PORT
+            - JVB_STUN_SERVERS
+            - JVB_ENABLE_APIS
+            - JICOFO_AUTH_USER
+            - TZ
+        depends_on:
+            - prosody
+        networks:
+            meet.jitsi:
+
+# Custom network so all services can communicate using a FQDN
+networks:
+    meet.jitsi:
--- a/mysql/docker-compose.yml
+++ b/mysql/docker-compose.yml
@ -0,0 +1,18 @@
+version: '3'
+
+services:
+  mysql:
+    image: mariadb:latest
+    container_name: mariadb
+    volumes:
+      - container-volume:/var/lib/mysql
+      - /home/ash/Docker/Mysql/dump.sql:/docker-entrypoint-initdb.d/dump.sql
+    environment:
+      MYSQL_ROOT_PASSWORD: test
+      MYSQL_PASSWORD: test
+      MYSQL_DATABASE: test
+    ports:
+      - "3306:3306"
+
+volumes:
+  container-volume:
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@ -0,0 +1,30 @@
+version: '2'
+
+volumes:
+  nextcloud:
+  db:
+
+services:
+  db:
+    image: mariadb
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    restart: always
+    volumes:
+      - db:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=<replace>
+      - MYSQL_PASSWORD=<replace>
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - NEXTCLOUD_TRUSTED_DOMAINS=cloud.leece.im
+
+  app:
+    image: nextcloud
+    restart: always
+    ports:
+      - 8001:80
+    links:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    restart: always
--- a/openvpn/docker-compose.yml
+++ b/openvpn/docker-compose.yml
@ -0,0 +1,17 @@
+version: '2'
+
+volumes:
+  ovpn:
+
+services:
+  openvpn:
+    cap_add:
+     - NET_ADMIN
+    image: kylemanna/openvpn
+    container_name: openvpn
+    ports:
+     - "1194:1194/udp"
+    restart: always
+    dns: 127.0.0.1
+    volumes:
+     - ovpn:/etc/openvpn
--- a/openvpn/ernie.ovpn
+++ b/openvpn/ernie.ovpn
@ -0,0 +1,108 @@
+
+client
+nobind
+dev tun
+remote-cert-tls server
+
+remote leece.im 1194 udp
+
+<key>
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0kW9isBIsP4Tp
+W4CKY2m8vS0GyfibdDa7nlNG9XK9WOOP0dbjvskYmyaJz9TFl9KJumsIQLytxZw3
+L5268alqK/op/hzoHdLS731ireEQRltfS0SpGbKL/j66jss3ow1jIfj1wbqNWm+m
+oSaXi3WBK4G9NqF3Yg7unRHYxLOwfl4dc7RJR8ptsKVkyYy800D66/n78exGOfor
+t7M3VVD83cLLJdWL5uHcEPsYNogYICXld9I9YNSQ/VaozmDysoSIJPIOvwkssB/X
+JKcsHY473xkOBKe5Lbg3kz5QvE7NetcuxU4uf9exC03W3ssRqtx7UbkKVvj3Tk0J
+NoQRNlk/AgMBAAECggEAA1j65qp6+8UFssnWfTpQmIYtUoXmDQO/jAToaFVeljIS
+rfTm9fvwgHtH4KAwwqUI6zLAjzucA+C4/7DrTK70RBqinaqvYIJFCVIVUgIFPScA
+xKiBklz+mWfSQ+Un0VU9h0v28J9x1PMLRNyR+ZdFS2rCEf70SWFRA4136jvjVO9K
+zpakeNRfU6t1kA4mWN986mGsDZlSttWukYjIUj3sWTrgP7VWn31TWpc7hkBUz5PF
+20m/aJ8qgDEZ7U9c3U9pr8DUk4dSb/HWkfcZodZFsS2cbQqcMiOl2TqJMA98pJ2R
+pR7IbkSxy3LJclqaySXp+TefAlQEx/Tzp/jdDpJvGQKBgQDtU8WL7QANkDZSqq9z
+xNGXLpfKz/Pr9K+xerzUBoAgmv2NmNxCOFhtYoGjz/Kw511s1y+h7XMN3rbVTELr
+prjruwE92tBJGQ+3XlZzqmjgzswhRvh6UHHHm5CMEux/eoAlAId0MnB+vdOFYEiS
+u7LYX9qoA+HvULco2q7ZQuH4NQKBgQDCxmzT+y41zD7bXNKV6KkA2DcEIcyhrmAP
+H/HXmbWrm/tJgtyS8PW7E6shB9JCqqH5GHqcHNGEQCj7ewj/lalSLpWfeonVFyaD
+534CbUm9xAd2ezAoMcZESH4UF1KBje41uQCh7X7LVHBFzMCKj42WTh5QdNugGGyp
+XCRr7P0CIwKBgQCumJCejm8Zi1zLmFKXotZmmJqHVFGo50xSD2/XtCiS1DNw9mIk
+PXugjXW+Y/+xcaTjq7OZNy0LqSts5DvfTbqBggQ50z6kaFGNn1OOqHGb4cd/O80V
+fxUVujavNkTSy/Z2Qltkeq8ULubsGpeJi5jZYjtkm+advw3genFj2LaReQKBgQCm
+P/32NmisDMj+Lk2lHTDcArF6+mqS+qcNYePodk/lyb8EcQla9weYBeLEz8s9ki2s
+06McC1EehDE27j6xAYrEFfUqacqqMxdx8S7SXXxa2K7SB7YEKPAlqobLGVkYMhBI
+lL+gd3oJjepC+dDCtGNTDxy66fPow9BEAt0nreILZwKBgDKHVZdVTg/Y2R9ueipv
+vMSmoNVJUaw/f/JGrpz07A79Sb8Joc2/YDsQOeYp3aPd5PLZ3/VsCV4eCdJO++6V
+Uj+dEFKmfeRQ0l708lOSuXS+iADe7UwLipSsZpGYZVG879yfYQ/XDAyv2E2amosH
+AuWCoqFtHqoNuGm64VZnCqj
+-----END PRIVATE KEY-----
+</key>
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIDTjCCAjagAwIBAgIRAMou6oMwYr2ufS1BwKSsDKswDQYJKoZIhvcNAQELBQAw
+EzERMA8GA1UEAwwIbGVlY2UuaW0wHhcNMTkxMDI5MTgxMTIwWhcNMjIxMDEzMTgx
+MTIwWjAQMQ4wDAYDVQQDDAVlcm5pZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALSRb2KwEiw/hOlbgIpjaby9LQbJ+Jt0NrueU0b1cr1Y44/R1uO+yRib
+JonP1MWX0om6awhAvK3FnDcvnbrxqWor+in+HOgd0tLvfWKt4RBGW19LRKkZsov+
+PrqOyzejDWMh+PXBuo1ab6ahJpeLdYErgb02oXdiDu6dEdjEs7B+Xh1ztElHym2w
+pWTJjLzTQPrr+fvx7EY5+iu3szdVUPzdwssl1Yvm4dwQ+xg2iBggJeV30j1g1JD9
+VqjOYPKyhIgk8g6/CSywH9ckpywdjjvfGQ4Ep7ktuDeTPlC8Ts161y7FTi5/17EL
+TdbeyxGq3HtRuQpW+PdOTQk2hBE2WT8CAwEAAaOBnzCBnDAJBgNVHRMEAjAAMB0G
+A1UdDgQWBBQe/zGwfZg0TsOkah30bNg+APRCtTBOBgNVHSMERzBFgBQv5V1ue9NH
+flstPUT529YKj/WGQqEXpBUwEzERMA8GA1UEAwwIbGVlY2UuaW2CFDTXfZ3YMjax
+dfDbm7krKeDOw4t2MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAN
+BgkqhkiG9w0BAQsFAAOCAQEAr32nQPbic/IRWyWaE+iU4Kz/xmKtbDJFy2+o7PyQ
+YmGQe0jwC9JdS/P7oqVnFBqBCN9sErjI/NZ4zjpIr848GcXDXVmOAoNqzjK57rS1
+z5ZsyArOYl7qPxRHQmJPqja1eEch6EO4T0sEAuISfuWmyErOJuyuwTA9S1YlPO4e
+USW1aMrR7oigOdu2w3c7EOkp2KC02Q/RkCYCNQ5PJAvD8nwonlbhfAa+ghgI5UAz
+tmBeQpM1CEzia6JWLG+t2t81svp8zybcKDJlZQfNHF1aUAeRPfps6eDs2Q2Z70iQ
+rAsctl+w30+jBdasezdcDItSByr7Q4pZVOfLWbK5tGnBOQ==
+-----END CERTIFICATE-----
+</cert>
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIUNNd9ndgyNrF18NubuSsp4M7Di3YwDQYJKoZIhvcNAQEL
+BQAwEzERMA8GA1UEAwwIbGVlY2UuaW0wHhcNMTkxMDI5MTgxMDM4WhcNMjkxMDI2
+MTgxMDM4WjATMREwDwYDVQQDDAhsZWVjZS5pbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAO2eofgYdTfCkwVoYNz46VtnkxoFKSWEuNanE1U6B5fskc3n
+ueJbqSD++iK/XyAUIY+8n9Ye1b8STaaN+oO5WO4dzYRr6MWP3P7xcS7OPLkx87Cn
+8h5zW7jqrfXJDC4GTYMtZNe7Xdt/kbbgflG0XbQ3PTDWbraBRWIyCOJnsAhgnr7g
+yVGcaAKnY+FmJgBCr7/2/EqHfGt9Pd2TGRpf2StD2B1J+YbmAgL4tmNZtfQH84od
+58nX2aIXFTxUZD/aDjhR24aFQeznnKN0TDt0x8S2ZvYFvrdqFhsVQrjEvM/e15Dd
+Bdg3zYt+5X2ksXWgkua6c5WE+mkAHlRozl1IEbsCAwEAAaOBjTCBijAdBgNVHQ4E
+FgQUL+VdbnvTR35bLT1E+dvWCo/1hkIwTgYDVR0jBEcwRYAUL+VdbnvTR35bLT1E
+dvWCo/1hkKhF6QVMBMxETAPBgNVBAMMCGxlZWNlLmltghQ0132d2DI2sXXw25u5
+KyngzsOLdjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsF
+AAOCAQEAASsNTeWQXflKIg/IZRQdEdKeWNA50oze6tGnccqUNstFKt0P03NpWluB
+/NDRoFcPSdJa8izEDL7lbWHGuhS4Dlfy94U/yxUX8L9dC30Vf9FEFBmtNGgBnSmV
+BvujggK/siY5o8axVYAbUEY0WtOr9Rc7ltkKjRM1+h3WZDGjWYJ0LziqB+Ggf1Hs
+yykOIV3Gfous+WKqZ41WTzbeLYDCsBruLXHqfhYbQGLUk2JpGrucccliUju0AKMN
+23Na6xLV4lpvjRyHK/ER3OmWU9zBMTdz0uifA/yXe2wk3pxHlyg5jXtdmkjl0YW0
+PxFlGxN7PqcgCnrrowEDvzYjLr2jCw==
+-----END CERTIFICATE-----
+</ca>
+key-direction 1
+<tls-auth>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+4829a3b44fc06aa5833d6c13f55d76b4
+3a3b551fb057f7d54f8244ab88ff4900
+63bc5f779940e2f6cb50215e28e12fe5
+68bf545ecf60783339dc45d7f6501065
+26e0e7b9973a980f4136dd627a42522c
+c1557437a452a285b64726497423d10d
+9333104ca613eb987db99a5cc4706824
+9a6e3c8e7da32a8aaa4d87ab953f8a37
+e29b7269a67be660196240f397146563
+7e9b7bb7d2ac8465ad09af1c47bfc7a4
+ce115766a6d4bb7a762a1eb58f128685
+f9a61d2cc53f759846de2121ef8e5c87
+28de9734faf884b05129f9e9b0a37711
+06831f2c6972b05126591ee348bd3e48
+551defffb1abb9e80c580a368252982c
+cf4c8f56533ff8dca3a2117292743c9f
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+redirect-gateway def1
--- a/pi-hole/docker-compose.yml
+++ b/pi-hole/docker-compose.yml
@ -0,0 +1,31 @@
+version: "3"
+# More info at https://github.com/pi-hole/docker-pi-hole/ 
+# and https://docs.pi-hole.net/
+services:
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:latest
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "67:67/udp"
+      - "8001:80/tcp"
+    environment:
+      TZ: 'Europe/London'
+      # WEBPASSWORD: 'set a secure password here or it will 
+      # be random'
+    # Volumes store your data between container upgrades
+    volumes:
+      - pihole:/etc/pihole/
+      - dnsmasq:/etc/dnsmasq.d/
+    dns:
+      - 1.1.1.1
+    # Recommended but not required (DHCP needs NET_ADMIN)
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+    cap_add:
+      - NET_ADMIN
+    restart: unless-stopped
+
+volumes:
+  pihole:
+  dnsmasq:
--- a/rocket.chat/docker-compose.yml
+++ b/rocket.chat/docker-compose.yml
@ -0,0 +1,86 @@
+version: '2'
+
+services:
+  rocketchat:
+    image: rocketchat/rocket.chat:latest
+    command: >
+      bash -c
+        "for i in `seq 1 30`; do
+          node main.js &&
+          s=$$? && break || s=$$?;
+          echo \"Tried $$i times. Waiting 5 secs...\";
+          sleep 5;
+        done; (exit $$s)"
+    restart: unless-stopped
+    volumes:
+      - uploads:/app/uploads
+    environment:
+      - PORT=3000
+      - ROOT_URL=http://localhost:3000
+      - MONGO_URL=mongodb://mongo:27017/rocketchat
+      - MONGO_OPLOG_URL=mongodb://mongo:27017/local
+#      - MAIL_URL=smtp://smtp.email
+#       - HTTP_PROXY=http://proxy.domain.com
+#       - HTTPS_PROXY=http://proxy.domain.com
+    depends_on:
+      - mongo
+    ports:
+      - 3000:3000
+    labels:
+      - "traefik.backend=rocketchat"
+      - "traefik.frontend.rule=Host: your.domain.tld"
+
+  mongo:
+    image: mongo:4.0
+    restart: unless-stopped
+    volumes:
+     - db:/data/db
+     #- ./data/dump:/dump
+    command: mongod --smallfiles --oplogSize 128 --replSet rs0 --storageEngine=mmapv1
+    labels:
+      - "traefik.enable=false"
+
+  # this container's job is just run the command to initialize the replica set.
+  # it will run the command and remove himself (it will not stay running)
+  mongo-init-replica:
+    image: mongo:4.0
+    command: >
+      bash -c
+        "for i in `seq 1 30`; do
+          mongo mongo/rocketchat --eval \"
+            rs.initiate({
+              _id: 'rs0',
+              members: [ { _id: 0, host: 'localhost:27017' } ]})\" &&
+          s=$$? && break || s=$$?;
+          echo \"Tried $$i times. Waiting 5 secs...\";
+          sleep 5;
+        done; (exit $$s)"
+    depends_on:
+      - mongo
+
+  # hubot, the popular chatbot (add the bot user first and change the password before starting this image)
+  hubot:
+    image: rocketchat/hubot-rocketchat:latest
+    restart: unless-stopped
+    environment:
+      - ROCKETCHAT_URL=rocketchat:3000
+      - ROCKETCHAT_ROOM=GENERAL
+      - ROCKETCHAT_USER=bot
+      - ROCKETCHAT_PASSWORD=botpassword
+      - BOT_NAME=bot
+  # you can add more scripts as you'd like here, they need to be installable by npm
+      - EXTERNAL_SCRIPTS=hubot-help,hubot-seen,hubot-links,hubot-diagnostics
+    depends_on:
+      - rocketchat
+    labels:
+      - "traefik.enable=false"
+    volumes:
+      - scripts:/home/hubot/scripts
+  # this is used to expose the hubot port for notifications on the host on port 3001, e.g. for hubot-jenkins-notifier
+    ports:
+      - 3001:8080
+
+volumes:
+  uploads:
+  scripts:
+  db:
--- a/shiori/docker-compose.yml
+++ b/shiori/docker-compose.yml
@ -0,0 +1,15 @@
+version: "3"
+services:
+  shiori:
+    container_name: shiori
+    image: radhifadlillah/shiori:latest
+    ports:
+      - "8003:8080/tcp"
+    environment:
+      TZ: 'Europe/London'
+    volumes:
+      - shiori:/srv/shiori
+    restart: unless-stopped
+
+volumes:
+  shiori: