buffer size

.editorconfig

@@ -0,0 +1,12 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+charset = utf-8
+
+[*.{yml,yaml}]
+indent_size = 2

booklore/compose.yaml

@@ -0,0 +1,63 @@
+services:
+  booklore:
+    image: ghcr.io/booklore-app/booklore:latest
+    container_name: booklore
+    environment:
+      USER_ID: 1000
+      GROUP_ID: 1000
+      TZ: Europe/Amsterdam
+      DATABASE_URL: jdbc:mariadb://mariadb:3306/booklore
+      DATABASE_USERNAME: booklore
+      DATABASE_PASSWORD: ${DB_PASSWORD}
+      BOOKLORE_PORT: 6060
+    depends_on:
+      mariadb:
+        condition: service_healthy
+    volumes:
+      - /srv/booklore/data:/app/data
+      - /srv/booklore/books:/books
+      - /srv/booklore/bookdrop:/bookdrop
+    restart: unless-stopped
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.booklore.rule=Host(`booklore.marijndoeve.nl`)
+      - traefik.http.routers.booklore.entrypoints=websecure
+      - traefik.http.routers.booklore.tls.certresolver=marijndoeve
+      - traefik.http.services.booklore.loadbalancer.server.port=6060
+
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=200000000"
+    networks:
+      - internal
+      - web
+
+  mariadb:
+    image: ghcr.io/linuxserver/mariadb:11.4.8
+    container_name: mariadb
+    environment:
+      PUID: 1000
+      PGID: 1000
+      TZ: Europe/Amsterdam
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+      MYSQL_DATABASE: booklore
+      MYSQL_USER: booklore
+      MYSQL_PASSWORD: ${DB_PASSWORD}
+    volumes:
+      - db-data:/config
+    restart: unless-stopped
+    healthcheck:
+      test: [ "CMD", "mariadb-admin", "ping", "-h", "localhost" ]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+    networks:
+      - internal
+
+volumes:
+  db-data:
+
+
+networks:
+  web:
+    external: true
+  internal:
+    external: false

nextcloud/compose.yaml

@@ -0,0 +1,50 @@
+name: nextcloud-aio # Add the container to the same compose project like all the sibling containers are added to automatically.
+services:
+  nextcloud-aio-mastercontainer:
+    image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
+    init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://docs.docker.com/reference/compose-file/services/#init
+    restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-file/services/#restart
+    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
+    volumes:
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
+    networks: ["nextcloud-aio"]
+    ports:
+      - 8080:8080 # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
+    environment: # Is needed when using any of the options below
+      # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
+      APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      APACHE_ADDITIONAL_NETWORK: web # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
+      # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # DOCKER_API_VERSION: 1.44 # You can adjust the internally used docker api version with this variable. ⚠️⚠️⚠️ Warning: please note that only the default api version (unset this variable) is supported and tested by the maintainers of Nextcloud AIO. So use this on your own risk and things might break without warning. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version
+      # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options
+      # NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+      # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+      # NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
+      # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+      # NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
+      # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
+      # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
+      # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
+      # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
+      # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
+      # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
+      # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
+      # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
+
+volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
+  nextcloud_aio_mastercontainer:
+    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
+
+# Adjust the MTU size of the docker network. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-mtu-size-of-the-docker-network
+networks:
+  web:
+    external: true
+  nextcloud-aio:
+    name: nextcloud-aio
+    driver_opts:
+      com.docker.network.driver.mtu: 1440

planka/compose.yaml

@@ -1,7 +1,7 @@
 services:
   planka:
-    image: ghcr.io/plankanban/planka:2.0.0-rc.3
-    restart: on-failure
+    image: ghcr.io/plankanban/planka:2.0.0-rc.4
+    restart: unless-stopped
     volumes:
       - favicons:/app/public/favicons
       - user-avatars:/app/public/user-avatars
@@ -9,7 +9,7 @@ services:
       - attachments:/app/private/attachments
 
     environment:
-      BASE_URL: http://localhost:3000
+      BASE_URL: https://planka.marijndoeve.nl
       DATABASE_URL: postgresql://postgres:${POSTGRES_PASSWORD}@postgres/planka
 
       SECRET_KEY: ${SECRET_KEY}
@@ -48,15 +48,15 @@ services:
       # - SHOW_DETAILED_AUTH_ERRORS=false
 
       # Email Notifications (https://nodemailer.com/smtp/)
-      # - SMTP_HOST=
-      # - SMTP_PORT=587
-      # - SMTP_NAME=
-      # - SMTP_SECURE=true
+      SMTP_HOST: 10.0.0.20
+      SMTP_PORT: 25
+      SMTP_NAME: marijndoeve.nl
+      SMTP_SECURE: "false"
       # - SMTP_USER=
       # - SMTP_PASSWORD=
       # Optionally store in secrets - then SMTP_PASSWORD should not be set
       # - SMTP_PASSWORD__FILE=/run/secrets/smtp_password
-      # - SMTP_FROM="Demo Demo" <demo@demo.demo>
+      SMTP_FROM: '"Planka" <planka@marijndoeve.nl>'
       # - SMTP_TLS_REJECT_UNAUTHORIZED=false
     depends_on:
       postgres:
@@ -66,9 +66,13 @@ services:
       - traefik.http.routers.planka.rule=Host(`planka.marijndoeve.nl`)
       - traefik.http.routers.planka.entrypoints=websecure
       - traefik.http.routers.planka.tls.certresolver=marijndoeve
+    networks:
+      - internal
+      - web
+
   postgres:
-    image: postgres:16-alpine
-    restart: on-failure
+    image: postgres:16
+    restart: unless-stopped
     volumes:
       - db-data:/var/lib/postgresql/data
     environment:
@@ -76,14 +80,23 @@ services:
       POSTGRES_HOST_AUTH_METHOD: trust
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U postgres -d planka"]
+      test: [ "CMD-SHELL", "pg_isready -U postgres -d planka" ]
       interval: 10s
       timeout: 5s
       retries: 5
+    networks:
+      - internal
 
 volumes:
   favicons:
   user-avatars:
   background-images:
   attachments:
-  db-data:
+  db-data:
+
+
+networks:
+  web:
+    external: true
+  internal:
+    external: false

pocketid/compose.yaml

@@ -0,0 +1,38 @@
+services:
+  pocket-id:
+    image: ghcr.io/pocket-id/pocket-id:v2
+    restart: unless-stopped
+    environment:
+      APP_URL: https://idp.marijndoeve.nl
+      ENCRYPTION_KEY: ${ENCRYPTION_KEY}
+      TRUST_PROXY: true
+      SMTP_HOST: ${SMTP_HOST}
+      SMTP_PORT: 587
+      SMTP_FROM: "pocketid@marijndoeve.nl"
+      SMTP_USER: ${SMTP_USER}
+      SMTP_PASSWORD: ${SMTP_PASSWORD}
+      SMTP_TLS: starttls
+      MAXMIND_LICENSE_KEY: ${MAXMIND_LICENSE_KEY}
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.pocketid.rule=Host(`idp.marijndoeve.nl`)
+      - traefik.http.routers.pocketid.entrypoints=websecure
+      - traefik.http.routers.pocketid.tls.certresolver=marijndoeve
+    volumes:
+      - "data:/app/data"
+    healthcheck:
+      test: [ "CMD", "/app/pocket-id", "healthcheck" ]
+      interval: 1m30s
+      timeout: 5s
+      retries: 2
+      start_period: 10s
+
+    networks:
+      - web
+
+volumes:
+  data:
+
+networks:
+  web:
+    external: true

privatebin/compose.yaml

@@ -9,13 +9,18 @@ services:
       - traefik.http.routers.privatebin.rule=Host(`secrets.marijndoeve.nl`)
       - traefik.http.routers.privatebin.entrypoints=websecure
       - traefik.http.routers.privatebin.tls.certresolver=marijndoeve
+      - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=204857600"
+
     networks:
       - web
     environment:
       TZ: Europe/Amsterdam
     restart: unless-stopped
+
 volumes:
   data:
+
+
 networks:
   web:
-    external: true
+    external: true

privatebin/conf.php

@@ -40,7 +40,8 @@ defaultformatter = "plaintext"
 ; syntaxhighlightingtheme = "sons-of-obsidian"
 
 ; size limit per paste or comment in bytes, defaults to 10 Mebibytes
-sizelimit = 10485760
+;sizelimit = 10485760
+sizelimit = 104857600
 
 ; by default PrivateBin use "bootstrap" template (tpl/bootstrap.php).
 ; Optionally you can enable the template selection menu, which uses
@@ -48,14 +49,13 @@ sizelimit = 10485760
 templateselection = true
 
 ; List of available for selection templates when "templateselection" option is enabled
+availabletemplates[] = "bootstrap5"
 availabletemplates[] = "bootstrap"
 availabletemplates[] = "bootstrap-page"
 availabletemplates[] = "bootstrap-dark"
 availabletemplates[] = "bootstrap-dark-page"
 availabletemplates[] = "bootstrap-compact"
 availabletemplates[] = "bootstrap-compact-page"
-availabletemplates[] = "bootstrap5"
-availabletemplates[] = "page"
 
 ; set the template your installs defaults to, defaults to "bootstrap" (tpl/bootstrap.php), also
 ; available are "page" (tpl/page.php), the classic ZeroBin style and several
@@ -221,4 +221,4 @@ dir = PATH "data"
 ; Subresource integrity (SRI) hashes used in template files. Uncomment and set
 ; these for all js files used. See:
 ; https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files
-;js/privatebin.js = "sha512-[…]"
+;js/privatebin.js = "sha512-[…]"