feat: Increased timeout length to allow for registry container pushses

Merge conflict as added executable flag to spin scripts

.gitignore

@@ -0,0 +1,12 @@
+# Ignore all files
+**
+
+# Allow docker-compose.yml
+!**/docker-compose.yml
+!/*
+
+# Allow assets folder
+!assets/**
+
+# Don't allow .env files, just env-exmaple files
+!.env-example

Bitwarden/docker-compose.yml

@@ -8,4 +8,22 @@ services:
     container_name: vaultwarden
     volumes:
       - ./bitwarden/:/data/
+    networks:
+      - proxy
+    labels:
+      ## Expose Bitwarden Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.bitwarden-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.bitwarden-insecure.rule=Host(`bitwarden.luke-else.co.uk`)"
+      - "traefik.http.routers.bitwarden-insecure.entrypoints=web"
+
+      - "traefik.http.routers.bitwarden.rule=Host(`bitwarden.luke-else.co.uk`)"
+      - "traefik.http.routers.bitwarden.entrypoints=websecure"
+      - "traefik.http.routers.bitwarden.tls.certresolver=myresolver"
     restart: unless-stopped
+
+networks:
+  proxy:
+    external: true

Database/docker-compose.yml

@@ -6,33 +6,21 @@ services:
   mongodb:
     image: "mongo:latest"
     container_name: mongoDB
+    volumes:
+      - ./mongo/:/data/db
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.tcp.routers.mongodb.rule=HostSNI(`*`)"
+      - "traefik.tcp.routers.mongodb.entrypoints=mongo"
+      - "traefik.tcp.routers.mongodb.service=mongodb"
+      - "traefik.tcp.services.mongodb.loadbalancer.server.port=27017"
     environment:
       MONGO_INITDB_ROOT_USERNAME: root
       MONGO_INITDB_ROOT_PASSWORD: rootpassword
-    ports:
-      - "27017:27017"
-    volumes:
-      - ./mongo/:/data/db
     restart: unless-stopped
 
-#MySQL (3306) + phpMyAdmin ()
-  mysql:
-    image: "mysql"
-    container_name: MySQL
-    environment:
-      MYSQL_ROOT_PASSWORD: rootpassword
-      MYSQL_DATABASE: test_db
-    ports:
-      - "3306:3306"
-    volumes: 
-      - ./mysql/:/var/lib/mysql
-    restart: unless-stopped
-
-  phpMyAdmin:
-    image: "phpmyadmin/phpmyadmin:latest"
-    container_name: phpMyAdmin
-    environment:
-      PMA_HOST: mysql
-    restart: unless-stopped
-    depends_on:
-      - mysql
+networks:
+  proxy:
+    external: true

Development/Gitea/docker-compose.yml

@@ -0,0 +1,56 @@
+version: '3.8'
+
+services:
+  #gitea (222)
+  gitea:
+    image: gitea/gitea:latest
+    container_name: gitea
+    volumes:
+      - ./gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - proxy
+    ports:
+      - "222:22"
+    environment:
+      - APP_NAME="gitea"
+      - USER_UID=1000
+      - USER_GID=1000
+      - USER=git
+      - RUN_MODE=prod
+      - DOMAIN=git.luke-else.co.uk
+      - SSH_DOMAIN=git.luke-else.co.uk
+      - HTTP_PORT=3000
+      - ROOT_URL=https://git.luke-else.co.uk
+      - SSH_PORT=222
+      - SSH_LISTEN_PORT=22
+      - DB_TYPE=sqlite3
+      - GITEA_service_DISABLE_REGISTRATION=true
+      - GITEA_server_LANDING_PAGE=/luke-else
+    labels:
+      ## Expose Gitea Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      
+      - "traefik.http.middlewares.cors-gitea.headers.accesscontrolallowmethods=*"
+      - "traefik.http.middlewares.cors-gitea.headers.accesscontrolalloworiginlist=*"
+      - "traefik.http.middlewares.cors-gitea.headers.addvaryheader=true"
+      - "traefik.http.middlewares.cors-gitea.headers.accesscontrolallowcredentials=true"
+      - "traefik.http.middlewares.cors-gitea.headers.accesscontrolallowheaders=Content-Type,Authorization"
+      - "traefik.http.middlewares.cors-gitea.headers.accesscontrolmaxage=100"
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.gitea-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.gitea-insecure.rule=Host(`git.luke-else.co.uk`)"
+      - "traefik.http.routers.gitea-insecure.entrypoints=web"
+
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+      - "traefik.http.routers.gitea.rule=Host(`git.luke-else.co.uk`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls.certresolver=myresolver"
+      - "traefik.http.routers.gitea.middlewares=cors-gitea"
+    restart: unless-stopped
+
+networks:
+  proxy:
+    external: true

Development/Runners/docker-compose.yml

@@ -0,0 +1,34 @@
+version: "3.8"
+services:
+  # Runner
+  runner:
+    image: gitea/act_runner:latest
+    container_name: gitea_runner
+    volumes:
+      - ./config.yaml:/config.yaml
+      - ./gitea_runner:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - proxy
+    environment:
+      CONFIG_FILE: /config.yaml
+      GITEA_INSTANCE_URL: "https://git.luke-else.co.uk"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "INSERT REGISTRATION TOKEN"
+      GITEA_RUNNER_NAME: "CICD"
+    labels:
+      ## Expose cicd Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.cicd-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.cicd-insecure.rule=Host(`cicd.luke-else.co.uk`)"
+      - "traefik.http.routers.cicd-insecure.entrypoints=web"
+
+      - "traefik.http.routers.cicd.rule=Host(`cicd.luke-else.co.uk`)"
+      - "traefik.http.routers.cicd.entrypoints=websecure"
+      - "traefik.http.routers.cicd.tls.certresolver=myresolver"
+    restart: unless-stopped
+
+networks:
+  proxy:
+    external: true

Gitea/docker-compose.yml

@@ -1,28 +0,0 @@
-version: '3.8'
-
-services:
-
-#gitea (222)
-  gitea:
-    image: gitea/gitea:latest
-    container_name: gitea
-    environment:
-      - APP_NAME="gitea"
-      - USER_UID=1000
-      - USER_GID=1000
-      - USER=git
-      - RUN_MODE=prod
-      - DOMAIN=git.luke-else.co.uk
-      - SSH_DOMAIN=git.luke-else.co.uk
-      - HTTP_PORT=3000
-      - ROOT_URL=https://git.luke-else.co.uk
-      - SSH_PORT=222
-      - SSH_LISTEN_PORT=22
-      - DB_TYPE=sqlite3
-    ports:
-      - "222:22"
-    volumes:
-      - ./gitea:/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-    restart: unless-stopped

Misc/docker-compose.yml

@@ -0,0 +1,53 @@
+version: '3.8'
+
+services:
+  status:
+    image: louislam/uptime-kuma:latest
+    container_name: status
+    volumes:
+      - ./uptime-kuma/data:/app/data
+    networks:
+      - proxy
+    labels:
+      ## Expose uptime-kuma Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.status-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.status-insecure.rule=Host(`status.luke-else.co.uk`)"
+      - "traefik.http.routers.status-insecure.entrypoints=web"
+
+      - "traefik.http.routers.status.rule=Host(`status.luke-else.co.uk`)"
+      - "traefik.http.routers.status.entrypoints=websecure"
+      - "traefik.http.routers.status.tls.certresolver=myresolver"
+    restart: unless-stopped
+
+  portainer:
+      image: portainer/portainer-ce:latest
+      container_name: portainer
+      security_opt:
+        - no-new-privileges:true
+      volumes:
+        - /etc/localtime:/etc/localtime:ro
+        - /var/run/docker.sock:/var/run/docker.sock:ro
+        - ./portainer-data:/data
+      networks:
+        - proxy
+      labels:
+        ## Expose portainer Through Trefik ##
+        - "traefik.enable=true" # <== Enable traefik to proxy this container
+        
+        - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+        - "traefik.http.routers.portainer-insecure.middlewares=redirect-web-secure"
+        - "traefik.http.routers.portainer-insecure.rule=Host(`portainer.luke-else.co.uk`)"
+        - "traefik.http.routers.portainer-insecure.entrypoints=web"
+
+        - "traefik.http.routers.portainer.rule=Host(`portainer.luke-else.co.uk`)"
+        - "traefik.http.services.portainer.loadbalancer.server.port=9000"
+        - "traefik.http.routers.portainer.entrypoints=websecure"
+        - "traefik.http.routers.portainer.tls.certresolver=myresolver"
+      restart: unless-stopped
+
+networks:
+  proxy:
+    external: true

NextCloud/docker-compose.yml

@@ -1,29 +0,0 @@
-version: '3.8'
-
-services:
-  db:
-    image: mariadb
-    container_name: nextclouddb
-    restart: always
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    volumes:
-      - ./db:/var/lib/mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=
-      - MYSQL_PASSWORD=
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-
-  nextcloud:
-    image: nextcloud
-    container_name: nextcloud
-    restart: always
-    links:
-      - db
-    volumes:
-      - ./nextcloud:/var/www/html
-    environment:
-      - MYSQL_PASSWORD=
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-      - MYSQL_HOST=db

ReverseProxy/docker-compose.yml

@@ -1,46 +0,0 @@
-version: '3.8'
-
-services:
-
-  #nginx (80, 443, 8080)
-  nginx:
-    image: 'jc21/nginx-proxy-manager:latest'
-    container_name: nginx
-    ports:
-      # These ports are in format <host-port>:<container-port>
-      - '80:80' # Public HTTP Port
-      - '443:443' # Public HTTPS Port
-      - '8080:81' # Admin Web Port
-      # Add any other Stream port you want to expose
-      # - '21:21' # FTP
-    # Uncomment the next line if you uncomment anything in the section
-    # environment:
-      # Uncomment this if you want to change the location of 
-      # the SQLite DB file within the container
-      # DB_SQLITE_FILE: "/data/database.sqlite"
-
-      # Uncomment this if IPv6 is not enabled on your host
-      # DISABLE_IPV6: 'true'
-    volumes:
-      - ./nginx/data:/data
-      - ./nginx/letsencrypt:/etc/letsencrypt
-    restart: unless-stopped
-
-    networks:
-      - websites
-      - gitea
-      - databases
-      - bitwarden
-      - nextcloud
-
-networks:
-  websites:
-    name: websites_default
-  gitea:
-    name: gitea_default
-  databases:
-    name: database_default
-  bitwarden:
-    name: bitwarden_default
-  nextcloud:
-    name: nextcloud_default

Tracking/docker-compose.yml

@@ -0,0 +1,54 @@
+version: '3.8'
+
+services:
+  ackee:
+    image: electerious/ackee
+    container_name: ackee
+    environment:
+      - WAIT_HOSTS=mongo:27017
+      - ACKEE_MONGODB=mongodb://mongo-ackee:27017/ackee
+    env_file:
+      - .env
+    expose:
+      - 3000
+    networks:
+      - tracking
+      - proxy
+    labels:
+      ## Expose Ackee Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      
+      # Enable CORS headers
+      - "traefik.http.middlewares.cors-tracking.headers.accesscontrolallowmethods=*"
+      - "traefik.http.middlewares.cors-tracking.headers.accesscontrolalloworiginlist=https://luke-else.co.uk"
+      - "traefik.http.middlewares.cors-tracking.headers.accesscontrolallowcredentials=true"
+      - "traefik.http.middlewares.cors-tracking.headers.accesscontrolallowheaders=Content-Type,Authorization"
+      - "traefik.http.middlewares.cors-tracking.headers.addvaryheader=true"
+      - "traefik.http.middlewares.cors-tracking.headers.accesscontrolmaxage=100"
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.ackee-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.ackee-insecure.rule=Host(`tracking.luke-else.co.uk`)"
+      - "traefik.http.routers.ackee-insecure.entrypoints=web"
+
+      - "traefik.http.routers.ackee.rule=Host(`tracking.luke-else.co.uk`)"
+      - "traefik.http.routers.ackee.entrypoints=websecure"
+      - "traefik.http.routers.ackee.tls.certresolver=myresolver"
+      - "traefik.http.routers.ackee.middlewares=cors-tracking"
+    depends_on:
+      - mongo
+    restart: unless-stopped
+
+  mongo:
+    image: mongo
+    container_name: mongo-ackee
+    volumes:
+      - ./data:/data/db
+    networks:
+      - tracking
+    restart: unless-stopped
+
+networks:
+  proxy:
+    external: true
+  tracking:

Traefik/docker-compose.yml

@@ -0,0 +1,47 @@
+version: "3.8"
+services:
+  traefik:
+    image: "traefik:latest"
+    container_name: "traefik"
+    command:
+      - "--api.dashboard=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--entrypoints.mongo.address=:27017"
+      - "--entrypoints.web.transport.respondingTimeouts.readTimeout=120s"
+      - "--entrypoints.websecure.transport.respondingTimeouts.readTimeout=120s"
+      - "--entrypoints.web.transport.respondingTimeouts.writeTimeout=120s"
+      - "--entrypoints.websecure.transport.respondingTimeouts.writeTimeout=120s"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "27017:27017"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.traefik-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.traefik-insecure.rule=Host(`traefik.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik-insecure.entrypoints=web"
+
+      - "traefik.http.routers.traefik.rule=Host(`traefik.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.tls.certresolver=myresolver" 
+      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS"
+    restart: unless-stopped
+
+networks:
+  proxy:
+    name: proxy

TraefikRunner/docker-compose.yml

@@ -0,0 +1,41 @@
+version: "3.8"
+services:
+  traefik:
+    image: "traefik:latest"
+    container_name: "traefik"
+    command:
+      - "--api.dashboard=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.traefik-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.traefik-insecure.rule=Host(`traefik.cicd.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik-insecure.entrypoints=web"
+
+      - "traefik.http.routers.traefik.rule=Host(`traefik.cicd.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.tls.certresolver=myresolver" 
+      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS"
+    restart: unless-stopped
+
+networks:
+  proxy:
+    name: proxy

TraefikVPN/docker-compose.yml

@@ -0,0 +1,41 @@
+version: "3.8"
+services:
+  traefik:
+    image: "traefik:latest"
+    container_name: "traefik"
+    command:
+      - "--api.dashboard=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.traefik-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.traefik-insecure.rule=Host(`traefik.vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik-insecure.entrypoints=web"
+
+      - "traefik.http.routers.traefik.rule=Host(`traefik.vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.tls.certresolver=myresolver" 
+      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS"
+    restart: unless-stopped
+
+networks:
+  proxy:
+    name: proxy

VPN/docker-compose.yml

@@ -0,0 +1,25 @@
+version: "3.8"
+services:
+  dockovpn:
+    image: alekslitvinenk/openvpn
+    cap_add:
+        - NET_ADMIN
+    ports:
+        - 1194:1194/udp # Expose tcp if you defined HOST_TUN_PROTOCOL=tcp
+    environment:
+        HOST_ADDR: vpn.luke-else.co.uk # Your VPN server address 
+    volumes:
+        - ./openvpn_conf:/opt/Dockovpn_data
+    labels:
+      ## Expose vpn Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.vpn-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.vpn-insecure.rule=Host(`vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.vpn-insecure.entrypoints=web"
+
+      - "traefik.http.routers.vpn.rule=Host(`vpn.luke-else.co.uk`)"
+      - "traefik.http.routers.vpn.entrypoints=websecure"
+      - "traefik.http.routers.vpn.tls.certresolver=myresolver"
+    restart: always

Watchtower/docker-compose.yml

@@ -0,0 +1,9 @@
+version: "3.8"
+services:
+  watchtower:
+    image: containrrr/watchtower
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - WATCHTOWER_CLEANUP=true
+      - WATCHTOWER_POLL_INTERVAL=60

Websites/docker-compose.yml

@@ -2,17 +2,104 @@ version: '3.8'
 
 services:
 
-#Websites luke-else.co.uk (8000) snexo.co.uk (8001)
-  luke-else.co.uk:
-    image: "php:apache"
-    container_name: luke-else.co.uk
-    volumes:
-      - ./luke-else.co.uk/:/var/www/html
+#Websites luke-else.co.uk (8000) snexo.co.uk (8001) divine-couture.co.uk (80) wmgzon.luke-else.co.uk (8080)
+  luke-else:
+    image: git.luke-else.co.uk/luke-else/luke-else.co.uk
+    container_name: luke-else
+    networks:
+      - proxy
+    labels:
+      ## Expose luke-else Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.personal-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.personal-insecure.rule=Host(`luke-else.co.uk`)"
+      - "traefik.http.routers.personal-insecure.entrypoints=web"
+
+      - "traefik.http.routers.personal.rule=Host(`luke-else.co.uk`)"
+      - "traefik.http.routers.personal.entrypoints=websecure"
+      - "traefik.http.routers.personal.tls.certresolver=myresolver"
     restart: unless-stopped
 
-  snexo.co.uk:
+  luke-else-dev:
+    image: git.luke-else.co.uk/luke-else/luke-else.co.uk:dev
+    container_name: luke-else-dev
+    networks:
+      - proxy
+    labels:
+      ## Expose luke-else Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.personal-dev-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.personal-dev-insecure.rule=Host(`dev.luke-else.co.uk`)"
+      - "traefik.http.routers.personal-dev-insecure.entrypoints=web"
+
+      - "traefik.http.routers.personal-dev.rule=Host(`dev.luke-else.co.uk`)"
+      - "traefik.http.routers.personal-dev.entrypoints=websecure"
+      - "traefik.http.routers.personal-dev.tls.certresolver=myresolver"
+    restart: unless-stopped
+
+  metarius:
+    image: git.luke-else.co.uk/luke-else/metarius:latest
+    container_name: metarius
+    networks:
+      - proxy
+    labels:
+      ## Expose metarius Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.metarius-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.metarius-insecure.rule=Host(`metarius.luke-else.co.uk`)"
+      - "traefik.http.routers.metarius-insecure.entrypoints=web"
+
+      - "traefik.http.routers.metarius.rule=Host(`metarius.luke-else.co.uk`)"
+      - "traefik.http.routers.metarius.entrypoints=websecure"
+      - "traefik.http.routers.metarius.tls.certresolver=myresolver"
+    restart: unless-stopped
+
+  divine-couture:
+    image: git.luke-else.co.uk/luke-else/divine-couture.co.uk:latest
+    container_name: divine-couture
+    networks:
+      - proxy
+    labels:
+      ## Expose divine-couture Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+      
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.divine-couture-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.divine-couture-insecure.rule=Host(`www.divine-couture.co.uk`)"
+      - "traefik.http.routers.divine-couture-insecure.entrypoints=web"
+
+      - "traefik.http.routers.divine-couture.rule=Host(`www.divine-couture.co.uk`)"
+      - "traefik.http.routers.divine-couture.entrypoints=websecure"
+      - "traefik.http.routers.divine-couture.tls.certresolver=myresolver"
+    restart: unless-stopped
+
+  snexo:
     image: "php:apache"
-    container_name: snexo.co.uk
+    container_name: snexo
     volumes:
       - ./snexo.co.uk/:/var/www/html
+    networks:
+      - proxy
+    labels:
+      ## Expose Snexo Through Trefik ##
+      - "traefik.enable=true" # <== Enable traefik to proxy this container
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.snexo-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.snexo-insecure.rule=Host(`snexo.co.uk`)"
+      - "traefik.http.routers.snexo-insecure.entrypoints=web"
+
+      - "traefik.http.routers.snexo.rule=Host(`snexo.co.uk`)"
+      - "traefik.http.routers.snexo.entrypoints=websecure"
+      - "traefik.http.routers.snexo.tls.certresolver=myresolver"
     restart: unless-stopped
+
+networks:
+  proxy:
+    external: true

cicd-spindown.sh

@@ -0,0 +1,12 @@
+#Script file for spinning down all CICD relevant docker-containers
+    cd ./Development/Runners/
+    docker compose down
+    cd ../..
+
+cd ./TraefikRunner/
+docker compose down
+cd ..
+
+docker rmi $(docker images -q)
+docker system prune -f
+docker volume prune -f

cicd-spinup.sh

@@ -0,0 +1,9 @@
+#Script file for spinning up all docker-containers
+
+cd ./TraefikRunner/
+docker compose pull && docker compose up -d
+cd ..
+
+    cd ./Development/Runners/
+    docker compose pull && docker compose up -d
+    cd ../..

main-spindown.sh

@@ -0,0 +1,38 @@
+#Script file for spinning down all docker-containers
+
+cd ./Websites/
+docker-compose down
+cd ..
+
+cd ./Tracking/
+docker-compose down
+cd ..
+
+
+    cd ./Development/Gitea/
+    docker-compose down
+    cd ../..
+
+cd ./Database/
+docker-compose down
+cd ..
+
+cd ./Bitwarden/
+docker-compose down
+cd ..
+
+cd ./Misc/
+docker-compose down
+cd ..
+
+cd ./Watchtower/
+docker-compose down
+cd ..
+
+cd ./Traefik/
+docker-compose down
+cd ..
+
+docker rmi $(docker images -q)
+docker system prune -f
+docker volume prune -f

main-spinup.sh

@@ -0,0 +1,35 @@
+#Script file for spinning up all docker-containers
+
+cd ./Traefik/
+docker-compose pull && docker-compose up -d
+cd ..
+
+    cd ./Development/Gitea/
+    docker-compose pull && docker-compose up -d
+    cd ../..
+
+sleep 20 # Allow Gitea + registry to start up before starting the rest of the services
+
+cd ./Watchtower/
+docker-compose pull && docker-compose up -d
+cd ..
+
+cd ./Tracking/
+docker-compose pull && docker-compose up -d
+cd ..
+
+cd ./Websites/
+docker-compose pull && docker-compose up -d
+cd ..
+
+cd ./Database/
+docker-compose pull && docker-compose up -d
+cd ..
+
+cd ./Bitwarden/
+docker-compose pull && docker-compose up -d
+cd ..
+
+cd ./Misc/
+docker-compose pull && docker-compose up -d
+cd ..

readme.md

@@ -0,0 +1,48 @@
+# Server Repository
+
+This repository contains various scripts and configurations for managing Docker containers and services.
+
+<p align="center">
+  <img src="assets/images/main.png" width="70%">
+</p>
+
+## Scripts
+
+- `cicd-spindown.sh`: Spins down all CICD relevant Docker containers.
+- `cicd-spinup.sh`: Spins up all CICD relevant Docker containers.
+- `main-spindown.sh`: Spins down all Docker containers.
+- `main-spinup.sh`: Spins up all Docker containers.
+
+## Services
+
+### Bitwarden
+
+Configuration for Bitwarden is located in [Bitwarden/docker-compose.yml](Bitwarden/docker-compose.yml).
+
+### Database
+
+Configuration for MongoDB is located in [Database/docker-compose.yml](Database/docker-compose.yml).
+
+### Misc
+
+Configuration for miscellaneous services is located in [Misc/docker-compose.yml](Misc/docker-compose.yml).
+
+### Tracking
+
+Configuration for tracking services is located in [Tracking/docker-compose.yml](Tracking/docker-compose.yml).
+
+### Traefik
+
+Configuration for Traefik is located in [Traefik/docker-compose.yml](Traefik/docker-compose.yml).
+
+### TraefikRunner
+
+Configuration for TraefikRunner is located in [TraefikRunner/docker-compose.yml](TraefikRunner/docker-compose.yml).
+
+### Websites
+
+Configuration for websites is located in [Websites/docker-compose.yml](Websites/docker-compose.yml).
+
+## ToDo
+
+See [todo.md](todo.md) for a list of tasks and configurations that need to be completed.

todo.md

@@ -0,0 +1,54 @@
+# ToDo Items
+
+## General
+
+- Setup non root user
+- UFW should be setup to keep VPS secure and only allow for:
+
+   - https
+   - http
+   - ssh
+   - ftp
+   - 27017
+
+- Install SSH keys
+- Setup unattended upgrades
+- Install docker, docker-compose and apache utils.
+
+## Traefik + TraefikRunner + Traefik VPN
+
+- Setup htaccess -> `echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g`
+- Ensure email address is correct
+
+## Gitea
+
+- Ensure that ports are assigned correctly for the system
+
+# Gitea Runner
+
+- Ensure that a registration token has been setup before continuing
+
+## Tracking
+
+Create a .env file with the following content:
+
+```sh
+ACKEE_USERNAME=luke-else
+ACKEE_PASSWORD=XXX
+```
+
+## Websites
+
+- Ensure website files are copied over
+- Ensure that ports are assigned correctly for the system
+
+## Bitwarden
+
+- Ensure that all data is fully encrypted during transfer.
+- Ensure that ports are assigned correctly for the system
+
+## Database
+
+- Ensure that mysql root password, user and default database are updated.
+- Ensure that mongo root password, and user are updated.
+- Ensure database ports are correctly assigned and do not have to pass through traefik.

vpn-spindown.sh

@@ -0,0 +1,13 @@
+#Script file for spinning down all CICD relevant docker-containers
+
+cd ./VPN/
+docker compose down
+cd ..
+
+cd ./TraefikVPN/
+docker compose down
+cd ..
+
+docker rmi $(docker images -q)
+docker system prune -f
+docker volume prune -f

vpn-spinup.sh

@@ -0,0 +1,9 @@
+#Script file for spinning up all docker-containers
+
+cd ./TraefikRunner/
+docker compose pull && docker compose up -d
+cd ..
+
+cd ./VPN/
+docker compose pull && docker compose up -d
+cd ..