add both paperless and overleaf to compose

docker-compose.yml

@@ -9,6 +9,8 @@ include:
       - ${DB_PATH}/adminer/adminer.yml
       - ${DB_PATH}/lldap/lldap.yml
       - ${DB_PATH}/mariadb/mariadb.yml
+      - ${DB_PATH}/mongodb/mongodb.yml
+      - ${DB_PATH}/mongo-express/mongo-express.yml
       - ${DB_PATH}/postgres/postgres.yml
       - ${DB_PATH}/pgadmin/pgadmin.yml
       - ${DB_PATH}/redis/redis.yml
@@ -19,6 +21,7 @@ include:
       - ${INFRA_PATH}/crowdsec/crowdsec.yml
       - ${INFRA_PATH}/homepage/homepage.yml
       - ${INFRA_PATH}/speedtest/speedtest.yml
+      - ${INFRA_PATH}/syncthing/syncthing.yml
       - ${INFRA_PATH}/traefik/traefik.yml
       - ${INFRA_PATH}/uptime-kuma/uptime-kuma.yml
       - ${INFRA_PATH}/watchtower/watchtower.yml
@@ -36,6 +39,12 @@ include:
 
   - path:
       - ${SERVICE_PATH}/gitea/gitea.yml
+      - ${SERVICE_PATH}/it-tools/it-tools.yml
+      - ${SERVICE_PATH}/mealie/mealie.yml
+      - ${SERVICE_PATH}/overleaf/overleaf.yml
+      - ${SERVICE_PATH}/paperless-ngx/paperless-ngx.yml
+      - ${SERVICE_PATH}/shlink/shlink.yml
+      - ${SERVICE_PATH}/stirling-pdf/stirling-pdf.yml
       - ${SERVICE_PATH}/vikunja/vikunja.yml
     env_file: ${SERVICE_PATH}/.env
 

project/db/mongo-express/mongo-express.yml

@@ -0,0 +1,23 @@
+services:
+  mongo-express:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: mongo-express
+    container_name: mongo-express
+    ports:
+      - 8086:8081
+    environment:
+      ME_CONFIG_BASICAUTH_USERNAME: ${MONGO_EXPRESS_USERNAME}
+      ME_CONFIG_BASICAUTH_PASSWORD: ${MONGO_EXPRESS_PASSWORD}
+      ME_CONFIG_MONGODB_ADMINUSERNAME: ${MONGO_EXPRESS_USERNAME}
+      ME_CONFIG_MONGODB_ADMINPASSWORD: ${MONGO_EXPRESS_PASSWORD}
+      ME_CONFIG_MONGODB_URL: mongodb://${MONGO_DB_USERNAME}:${MONGO_DB_ROOT_PASSWORD}@mongodb:27017/
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.mongo-express.rule=Host(`mongo-express.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.mongo-express.entrypoints=https"
+      - "traefik.http.routers.mongo-express.tls=true"

project/db/mongodb/mongodb.yml

@@ -0,0 +1,18 @@
+services:
+  mongodb:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: mongo:latest
+    container_name: mongodb
+    expose:
+      - 27017
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${MONGO_DB_USERNAME}
+      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_DB_ROOT_PASSWORD}
+    volumes:
+      - ${DB_PATH}/mongodb/data:/data/db
+      - ${DB_PATH}/mongodb/init/mongo-init.sh:/docker-entrypoint-initdb.d/mongo-init.sh:ro
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"

project/infrastructure/syncthing/syncthing.yml

@@ -0,0 +1,27 @@
+services:
+  syncthing:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: syncthing/syncthing
+    container_name: syncthing
+    volumes:
+      - ${INFRA_PATH}/syncthing/data:/var/syncthing
+    ports:
+      - 8384:8384 # Web UI
+      - 22000:22000/tcp # TCP file transfers
+      - 22000:22000/udp # QUIC file transfers
+      - 21027:21027/udp # Receive local discovery broadcasts
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.syncthing.rule=Host(`syncthing.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.syncthing.entrypoints=https"
+      - "traefik.http.routers.syncthing.tls.certresolver=myresolver"
+      - "traefik.http.routers.syncthing.tls=true"
+      - "traefik.http.routers.syncthing.service=syncthing-svc"
+      - "traefik.http.services.syncthing-svc.loadbalancer.server.port=8384"
+      # Middlewares
+      - "traefik.http.routers.syncthing.middlewares=crowdsec-bouncer@file"

project/service/it-tools/it-tools.yml

@@ -0,0 +1,19 @@
+services:
+  it-tools:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: corentinth/it-tools:latest
+    container_name: it-tools
+    ports:
+      - '4007:80'
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.it-tools.rule=Host(`it-tools.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.it-tools.entrypoints=https"
+      - "traefik.http.routers.it-tools.tls=true"
+      # Middlewares
+      - "traefik.http.routers.it-tools.middlewares=crowdsec-bouncer@file"

project/service/mealie/mealie.yml

@@ -0,0 +1,44 @@
+services:
+  mealie:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: ghcr.io/mealie-recipes/mealie:latest
+    container_name: mealie
+    ports:
+      - "4006:9000"
+    volumes:
+      - ${SERVICE_PATH}/mealie/data:/app/data/
+    environment:
+      ALLOW_SIGNUP: false
+      BASE_URL: https://mealie.${PUBLIC_DOMAIN}
+      # Database Settings
+      DB_ENGINE: postgres
+      POSTGRES_USER: mealie
+      POSTGRES_PASSWORD: ${MEALIE_DATABASE_PASSWORD}
+      POSTGRES_SERVER: postgres
+      POSTGRES_PORT: 5432
+      POSTGRES_DB: mealie
+      # LDAP Authentication
+      LDAP_AUTH_ENABLED: true
+      LDAP_SERVER_URL: ldap://lldap:3890
+      LDAP_BASE_DN: ou=people,dc=${SECOND_LEVEL_DOMAIN},dc=${TOP_LEVEL_DOMAIN}
+      LDAP_ID_ATTRIBUTE: uid
+      LDAP_NAME_ATTRIBUTE: displayName
+      LDAP_MAIL_ATTRIBUTE: mail
+      LDAP_QUERY_BIND: cn=readonly_user,ou=people,dc=${SECOND_LEVEL_DOMAIN},dc=${TOP_LEVEL_DOMAIN}
+      LDAP_QUERY_PASSWORD: ${LLDAP_READONLY_USER_PASSWORD}
+      # LDAP_USER_FILTER: (memberof=cn=mealie,ou=groups,dc=example,dc=com)
+      # LDAP_ADMIN_FILTER: (memberof=cn=mealie-admin,ou=groups,dc=example,dc=com)
+
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.mealie.rule=Host(`mealie.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.mealie.entrypoints=https"
+      - "traefik.http.routers.mealie.tls.certresolver=myresolver"
+      - "traefik.http.routers.mealie.tls=true"
+      # Middlewares
+      - "traefik.http.routers.mealie.middlewares=crowdsec-bouncer@file"

project/service/overleaf/overleaf.yml

@@ -0,0 +1,68 @@
+services:
+  overleaf:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: sharelatex/sharelatex
+    container_name: overleaf
+    ports:
+      - 4008:80
+    volumes:
+      - ${SERVICE_PATH}/overleaf/config:/configs
+    environment:
+      OVERLEAF_APP_NAME: Overleaf on ${SECOND_LEVEL_DOMAIN}
+      OVERLEAF_NAV_TITLE: Overleaf
+      ENABLED_LINKED_FILE_TYPES: 'project_file,project_output_file'
+      # Enables Thumbnail generation using ImageMagick
+      ENABLE_CONVERSIONS: 'true'
+      # Disables email confirmation requirement
+      EMAIL_CONFIRMATION_DISABLED: 'true'
+      # temporary fix for LuaLaTex compiles, see https://github.com/overleaf/overleaf/issues/695
+      TEXMFVAR: /var/lib/overleaf/tmp/texmf-var
+      OVERLEAF_SITE_URL: https://overleaf.${LOCAL_DOMAIN}
+      # OVERLEAF_HEADER_IMAGE_URL: http://example.com/mylogo.png
+      OVERLEAF_ADMIN_EMAIL: ${EMAIL}
+      # OVERLEAF_LEFT_FOOTER: '[{"text": "Another page I want to link to can be found <a href=\"here\">here</a>"} ]'
+      # OVERLEAF_RIGHT_FOOTER: '[{"text": "Hello I am on the Right"} ]'
+      # OVERLEAF_EMAIL_FROM_ADDRESS: "hello@example.com"
+      # ENABLE_CRON_RESOURCE_DELETION: true
+      # OVERLEAF_TEMPLATES_USER_ID: "578773160210479700917ee5"
+      # OVERLEAF_NEW_PROJECT_TEMPLATE_LINKS: '[ {"name":"All Templates","url":"/templates/all"}]'
+      # OVERLEAF_PROXY_LEARN: "true"
+
+      # DB
+      OVERLEAF_MONGO_URL: mongodb://overleaf:${OVERLEAF_DB_PASSWORD}@mongodb:27017/overleaf
+      # Redis
+      OVERLEAF_REDIS_HOST: redis
+      REDIS_HOST: redis
+      # LDAP
+      LDAP_SERVER_URL: ldap://lldap:3890
+      OVERLEAF_LDAP_SEARCH_BASE: ou=people,dc=${SECOND_LEVEL_DOMAIN},dc=${TOP_LEVEL_DOMAIN}
+      OVERLEAF_LDAP_SEARCH_FILTER: '(uid={{username}})'
+      OVERLEAF_LDAP_BIND_DN: cn=readonly_user,ou=people,dc=${SECOND_LEVEL_DOMAIN},dc=${TOP_LEVEL_DOMAIN}
+      OVERLEAF_LDAP_BIND_CREDENTIALS: ${LLDAP_READONLY_USER_PASSWORD}
+      OVERLEAF_LDAP_EMAIL_ATT: mail
+      OVERLEAF_LDAP_NAME_ATT: firstName
+      OVERLEAF_LDAP_LAST_NAME_ATT: lastName
+      OVERLEAF_LDAP_UPDATE_USER_DETAILS_ON_LOGIN: false
+      ## SMTP
+      # OVERLEAF_EMAIL_SMTP_HOST: smtp.example.com
+      # OVERLEAF_EMAIL_SMTP_PORT: 587
+      # OVERLEAF_EMAIL_SMTP_SECURE: false
+      # OVERLEAF_EMAIL_SMTP_USER:
+      # OVERLEAF_EMAIL_SMTP_PASS:
+      # OVERLEAF_EMAIL_SMTP_TLS_REJECT_UNAUTH: true
+      # OVERLEAF_EMAIL_SMTP_IGNORE_TLS: false
+      # OVERLEAF_EMAIL_SMTP_NAME: '127.0.0.1'
+      # OVERLEAF_EMAIL_SMTP_LOGGER: true
+      # OVERLEAF_CUSTOM_EMAIL_FOOTER: "This system is run by department x"
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.overleaf.rule=Host(`overleaf.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.overleaf.entrypoints=https"
+      - "traefik.http.routers.overleaf.tls=true"
+      # Middlewares
+      - "traefik.http.routers.overleaf.middlewares=crowdsec-bouncer@file"

project/service/paperless-ngx/paperless-ngx.yml

@@ -0,0 +1,40 @@
+services:
+  paperless-ngx:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    container_name: paperless-ngx
+    ports:
+      - "4009:8000"
+    volumes:
+      - ${EXTERNAL_STORAGE}/paperless-ngx/data:/usr/src/paperless/data
+      - ${EXTERNAL_STORAGE}/paperless-ngx/media:/usr/src/paperless/media
+      - ${SERVICE_PATH}/paperless-ngx/export:/usr/src/paperless/export
+      - ${SERVICE_PATH}/paperless-ngx/consume:/usr/src/paperless/consume
+    environment:
+      # REDIS
+      PAPERLESS_REDIS: redis://redis:6379
+      # DB
+      PAPERLESS_DBHOST: postgres
+      PAPERLESS_DBNAME: paperless
+      PAPERLESS_DBUSER: paperless
+      PAPERLESS_DBPASS: ${PAPERLESS_DB_PASSWORD}
+      # Paperless var
+      PAPERLESS_URL: https://paperless.${LOCAL_DOMAIN}
+      PAPERLESS_ALLOWED_HOSTS: ${LOCAL_DOMAIN}
+      PAPERLESS_OCR_LANGUAGE: fra+eng+deu
+      # OIDC
+      PAPERLESS_ENABLE_HTTP_REMOTE_USER: true
+      PAPERLESS_ACCOUNT_ALLOW_SIGNUPS: false
+      PAPERLESS_LOGOUT_REDIRECT_URL: https://auth.${PUBLIC_DOMAIN}
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.paperless.rule=Host(`paperless.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.paperless.entrypoints=https"
+      - "traefik.http.routers.paperless.tls=true"
+      # Middlewares
+      - "traefik.http.routers.paperless.middlewares=authelia@file"

project/service/shlink/shlink.yml

@@ -0,0 +1,50 @@
+services:
+  shlink-backend:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: shlinkio/shlink:latest
+    container_name: shlink-backend
+    ports:
+      - '4004:8080'
+    volumes:
+      - ${SERVICE_PATH}/shlink/data:/usr/share/tesseract-ocr/4.00/tessdata #Required for extra OCR languages
+      - ${SERVICE_PATH}/shlink/config:/configs
+    environment:
+      DEFAULT_DOMAIN: ${PUBLIC_DOMAIN}
+      IS_HTTPS_ENABLED: true
+#      GEOLITE_LICENSE_KEY: # optional, to geolocate visit, see https://shlink.io/documentation/geolite-license-key/
+      # DB
+      DB_DRIVER: postgres
+      DB_USER: shlink
+      DB_PASSWORD: ${SHLINK_DATABASE_PASSWORD}
+      DB_HOST: postgres
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.shlink-backend.rule=Host(`shlink-backend.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.shlink-backend.entrypoints=https"
+      - "traefik.http.routers.shlink-backend.tls=true"
+
+  shlink-frontend:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: shlinkio/shlink-web-client:latest
+    container_name: shlink-frontend
+    ports:
+      - '4005:8080'
+    environment:
+      SHLINK_SERVER_URL: https://shlink-backend.${LOCAL_DOMAIN}
+      SHLINK_SERVER_API_KEY: ${SHLINK_SERVER_API_KEY}
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.shlink-frontend.rule=Host(`shlink.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.shlink-frontend.entrypoints=https"
+      - "traefik.http.routers.shlink-frontend.tls=true"
+  

project/service/stirling-pdf/stirling-pdf.yml

@@ -0,0 +1,24 @@
+services:
+  stirling-pdf:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: frooodle/s-pdf:latest
+    container_name: stirling-pdf
+    ports:
+      - '4003:8080'
+    volumes:
+      - ${SERVICE_PATH}/stirling-pdf/data:/usr/share/tesseract-ocr/4.00/tessdata #Required for extra OCR languages
+      - ${SERVICE_PATH}/stirling-pdf/config:/configs
+#      - /location/of/customFiles:/customFiles/
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.stirling-pdf.rule=Host(`stirling-pdf.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.stirling-pdf.entrypoints=https"
+      - "traefik.http.routers.stirling-pdf.tls.certresolver=myresolver"
+      - "traefik.http.routers.stirling-pdf.tls=true"
+      # Middlewares
+      - "traefik.http.routers.stirling-pdf.middlewares=crowdsec-bouncer@file,authelia@file"