From 62dec7f6f76731ec1d9a7ca16bbe0a67f0dbdbc1 Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Sun, 9 Mar 2025 16:54:21 +0000
Subject: [PATCH 01/10] fix (service): add explicit container name - grafana

---
 services/grafana/docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/services/grafana/docker-compose.yml b/services/grafana/docker-compose.yml
index 835cf34..891c632 100644
--- a/services/grafana/docker-compose.yml
+++ b/services/grafana/docker-compose.yml
@@ -33,6 +33,7 @@ services:
 
   grafana:
     image: grafana/grafana:latest
+    container_name: grafana
     restart: unless-stopped
     volumes:
       - grafana_data:/var/lib/grafana

From aa24d2e96ed5f734b5183d4ec444b1ab06bb2358 Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Sun, 9 Mar 2025 18:33:24 +0000
Subject: [PATCH 02/10] feat (service): add 2FA and FIDO support to grafana

---
 services/grafana/docker-compose.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/services/grafana/docker-compose.yml b/services/grafana/docker-compose.yml
index 891c632..8de0c58 100644
--- a/services/grafana/docker-compose.yml
+++ b/services/grafana/docker-compose.yml
@@ -40,6 +40,8 @@ services:
     environment:
       - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
       - GF_USERS_ALLOW_SIGN_UP=false
+      - GF_AUTH_MULTI_FACTOR_AUTHENTICATION_ENABLED=true
+      - GF_AUTH_MULTI_FACTOR_WEBAUTHN_ENABLED=true
     ports:
       - "3000:3000" # For local testing; remove in production with nginx
     networks:

From f7d738cf22e3c18e1ebbf7807277ff2f49581515 Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Sun, 9 Mar 2025 18:47:16 +0000
Subject: [PATCH 03/10] fix (service): rm 2FA grafana as not supported

---
 services/grafana/docker-compose.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/services/grafana/docker-compose.yml b/services/grafana/docker-compose.yml
index 8de0c58..891c632 100644
--- a/services/grafana/docker-compose.yml
+++ b/services/grafana/docker-compose.yml
@@ -40,8 +40,6 @@ services:
     environment:
       - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
       - GF_USERS_ALLOW_SIGN_UP=false
-      - GF_AUTH_MULTI_FACTOR_AUTHENTICATION_ENABLED=true
-      - GF_AUTH_MULTI_FACTOR_WEBAUTHN_ENABLED=true
     ports:
       - "3000:3000" # For local testing; remove in production with nginx
     networks:

From a1746d486416e5b0f59a1cf635ba9e0f3154eb82 Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Fri, 21 Mar 2025 15:21:00 +0000
Subject: [PATCH 04/10] chore (service): update grafana readme

---
 .gitignore                 |  1 +
 services/grafana/README.md | 22 ++++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/.gitignore b/.gitignore
index 665da45..61748a8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 .env
 .env.*
+.docker-compose.yml.kate*
diff --git a/services/grafana/README.md b/services/grafana/README.md
index 68266c4..6b80427 100644
--- a/services/grafana/README.md
+++ b/services/grafana/README.md
@@ -4,6 +4,28 @@
 docker-compose-up -d
 ```
 
+Check which containers are connected to the Docker network:
+
+```sh
+docker network inspect web
+```
+
+List networks:
+
+```sh
+docker network ls
+```
+
+Using new Docker Compose syntax:
+
+```sh
+docker compose up -d
+```
+
+```sh
+docker compose --env-file .env.prd up -d
+```
+
 ### Prometheus
 
 The tool that serves as the data source for the Grafana representation layer.

From 297cecc8846aab204c2d534bae28d13c1bc76b79 Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Fri, 21 Mar 2025 17:04:41 +0000
Subject: [PATCH 05/10] chore (service): rename local docker compose

---
 services/grafana/docker-compose.dev.yml | 54 +++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 services/grafana/docker-compose.dev.yml

diff --git a/services/grafana/docker-compose.dev.yml b/services/grafana/docker-compose.dev.yml
new file mode 100644
index 0000000..b6656bd
--- /dev/null
+++ b/services/grafana/docker-compose.dev.yml
@@ -0,0 +1,54 @@
+services:
+  prometheus:
+    image: prom/prometheus:latest
+    volumes:
+      - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+      - prometheus_data:/prometheus
+    restart: unless-stopped
+
+  node-exporter:
+    image: prom/node-exporter:latest
+    restart: unless-stopped
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+    command:
+      - "--path.procfs=/host/proc"
+      - "--path.rootfs=/rootfs"
+      - "--path.sysfs=/host/sys"
+
+  loki:
+    image: grafana/loki:latest
+    restart: unless-stopped
+    volumes:
+      - loki_data:/loki
+
+  promtail:
+    image: grafana/promtail:latest
+    restart: unless-stopped
+    volumes:
+      - ./promtail/promtail-config.yml:/etc/promtail/config.yml
+      - /var/log:/var/log
+
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    restart: unless-stopped
+    volumes:
+      - grafana_data:/var/lib/grafana
+    environment:
+      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
+      - GF_USERS_ALLOW_SIGN_UP=false
+    ports:
+      - "3000:3000" # For local testing; remove in production with nginx
+    networks:
+      - default
+
+volumes:
+  prometheus_data:
+  loki_data:
+  grafana_data:
+
+networks:
+  default:

From 61df68e16fc3ff451d59f5ee51ae63fdb9880010 Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Fri, 21 Mar 2025 17:05:18 +0000
Subject: [PATCH 06/10] feat (service): add Nextcloud service

---
 proxy/nginx/conf.d/nextcloud.conf         | 38 ++++++++++++++++++++
 services/nextcloud/README.md              |  5 +++
 services/nextcloud/docker-compose.dev.yml | 34 ++++++++++++++++++
 services/nextcloud/docker-compose.yml     | 43 +++++++++++++++++++++++
 4 files changed, 120 insertions(+)
 create mode 100644 proxy/nginx/conf.d/nextcloud.conf
 create mode 100644 services/nextcloud/README.md
 create mode 100644 services/nextcloud/docker-compose.dev.yml
 create mode 100644 services/nextcloud/docker-compose.yml

diff --git a/proxy/nginx/conf.d/nextcloud.conf b/proxy/nginx/conf.d/nextcloud.conf
new file mode 100644
index 0000000..6484344
--- /dev/null
+++ b/proxy/nginx/conf.d/nextcloud.conf
@@ -0,0 +1,38 @@
+# HTTP configuration
+# -- Redirect all HTTP requests to HTTPS port
+
+server {
+	listen 80;
+	server_name nextcloud.systemsobscure.net;
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
+
+# HTTPS configuration
+
+server {
+	listen 443 ssl;
+	server_name nextcloud.systemsobscure.net;
+
+	# SSL configuration
+	ssl_certificate /etc/letsencrypt/live/systemsobscure.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/systemsobscure.net/privkey.pem;
+
+	# Security headers
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+  
+	# Set max upload size
+  client_max_body_size 10G;
+
+
+	# Proxy Configuration
+  location / {
+		proxy_pass http://nextcloud_app_1:80;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_read_timeout 3600;
+  }
+}
diff --git a/services/nextcloud/README.md b/services/nextcloud/README.md
new file mode 100644
index 0000000..a939771
--- /dev/null
+++ b/services/nextcloud/README.md
@@ -0,0 +1,5 @@
+Run local version
+
+```sh
+docker compose -f docker-compose.local.yml up -d
+```
diff --git a/services/nextcloud/docker-compose.dev.yml b/services/nextcloud/docker-compose.dev.yml
new file mode 100644
index 0000000..82f9434
--- /dev/null
+++ b/services/nextcloud/docker-compose.dev.yml
@@ -0,0 +1,34 @@
+version: "3"
+
+services:
+  db:
+    image: mariadb:10.6
+    restart: unless-stopped
+    volumes:
+      - nextcloud-db:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud:latest
+    restart: unless-stopped
+    ports:
+      - "8080:80" # Expose port 8080 locally for direct access
+    depends_on:
+      - db
+    volumes:
+      - nextcloud-config:/var/www/html/config
+      - nextcloud-data:/var/www/html/data
+    environment:
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+
+volumes:
+  nextcloud-db:
+  nextcloud-config:
+  nextcloud-data:
diff --git a/services/nextcloud/docker-compose.yml b/services/nextcloud/docker-compose.yml
new file mode 100644
index 0000000..f4f71b9
--- /dev/null
+++ b/services/nextcloud/docker-compose.yml
@@ -0,0 +1,43 @@
+services:
+  db:
+    image: mariadb:10.6
+    restart: unless-stopped
+    volumes:
+      - nextcloud-db:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+    networks:
+      - default
+
+  app:
+    image: nextcloud:latest
+    restart: unless-stopped
+    depends_on:
+      - db
+    volumes:
+      - nextcloud-config:/var/www/html/config
+      - nextcloud-data:/var/www/html/data
+    environment:
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+      - TRUSTED_PROXIES=nginx
+      - OVERWRITEPROTOCOL=https
+      - OVERWRITEHOST=${NEXTCLOUD_DOMAIN}
+    networks:
+      - default
+      - web
+
+volumes:
+  nextcloud-db:
+  nextcloud-config:
+  nextcloud-data:
+
+networks:
+  default:
+  web:
+    external: true

From 99350f82703107b4b92d281cee44e1f92f6d52fb Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Sun, 23 Mar 2025 09:39:57 +0000
Subject: [PATCH 07/10] chore (proxy): ignore hidden files

---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 61748a8..94b1016 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 .env
 .env.*
 .docker-compose.yml.kate*
+proxy/nginx/vim
+proxy/nginx/.*

From 056d5c35668936f9e73eb5ff26001811bfd03d67 Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Sun, 23 Mar 2025 09:46:03 +0000
Subject: [PATCH 08/10] chore (service): add Docker network alias nextcloud

---
 services/nextcloud/docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/nextcloud/docker-compose.yml b/services/nextcloud/docker-compose.yml
index f4f71b9..99f2747 100644
--- a/services/nextcloud/docker-compose.yml
+++ b/services/nextcloud/docker-compose.yml
@@ -25,7 +25,7 @@ services:
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
       - MYSQL_HOST=db
-      - TRUSTED_PROXIES=nginx
+      - TRUSTED_PROXIES=nginx,172.18.0.0/16
       - OVERWRITEPROTOCOL=https
       - OVERWRITEHOST=${NEXTCLOUD_DOMAIN}
     networks:

From dea97914bf840a062b1d628fdebd48f1f2f71673 Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Sun, 23 Mar 2025 09:46:41 +0000
Subject: [PATCH 09/10] fix (proxy): use correct nextcloud local address

---
 proxy/nginx/conf.d/nextcloud.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proxy/nginx/conf.d/nextcloud.conf b/proxy/nginx/conf.d/nextcloud.conf
index 6484344..eb93b89 100644
--- a/proxy/nginx/conf.d/nextcloud.conf
+++ b/proxy/nginx/conf.d/nextcloud.conf
@@ -28,7 +28,7 @@ server {
 
 	# Proxy Configuration
   location / {
-		proxy_pass http://nextcloud_app_1:80;
+		proxy_pass http://nextcloud-app-1:80;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

From ebe4d9c2f9e3735538de42d95df45e7242edb685 Mon Sep 17 00:00:00 2001
From: thomasabishop <tactonbishop@gmail.com>
Date: Sun, 30 Mar 2025 12:39:39 +0100
Subject: [PATCH 10/10] chore: archive unused containers

---
 README.md                                                | 1 +
 proxy/nginx/conf.d/{ => inactive}/nextcloud.conf         | 0
 services/{ => inactive}/nextcloud/README.md              | 0
 services/{ => inactive}/nextcloud/docker-compose.dev.yml | 0
 services/{ => inactive}/nextcloud/docker-compose.yml     | 0
 5 files changed, 1 insertion(+)
 create mode 100644 README.md
 rename proxy/nginx/conf.d/{ => inactive}/nextcloud.conf (100%)
 rename services/{ => inactive}/nextcloud/README.md (100%)
 rename services/{ => inactive}/nextcloud/docker-compose.dev.yml (100%)
 rename services/{ => inactive}/nextcloud/docker-compose.yml (100%)

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+
diff --git a/proxy/nginx/conf.d/nextcloud.conf b/proxy/nginx/conf.d/inactive/nextcloud.conf
similarity index 100%
rename from proxy/nginx/conf.d/nextcloud.conf
rename to proxy/nginx/conf.d/inactive/nextcloud.conf
diff --git a/services/nextcloud/README.md b/services/inactive/nextcloud/README.md
similarity index 100%
rename from services/nextcloud/README.md
rename to services/inactive/nextcloud/README.md
diff --git a/services/nextcloud/docker-compose.dev.yml b/services/inactive/nextcloud/docker-compose.dev.yml
similarity index 100%
rename from services/nextcloud/docker-compose.dev.yml
rename to services/inactive/nextcloud/docker-compose.dev.yml
diff --git a/services/nextcloud/docker-compose.yml b/services/inactive/nextcloud/docker-compose.yml
similarity index 100%
rename from services/nextcloud/docker-compose.yml
rename to services/inactive/nextcloud/docker-compose.yml