🌛 First commit

stacks/backup/docker-compose.yml

@@ -0,0 +1,20 @@
+services:
+  borgmatic:
+    image: ghcr.io/borgmatic-collective/borgmatic:latest
+    container_name: borgmatic
+    restart: unless-stopped
+    privileged: true
+    environment:
+      - PUID=99
+      - PGID=100
+      - TZ=America/New_York
+      - BORG_PASSPHRASE=${BORG_PASSPHRASE}
+    volumes:
+      - /mnt/user/appdata/borgmatic/config:/etc/borgmatic.d
+      - /mnt/user/appdata/borgmatic/borg_keys:/root/.config/borg
+      - /mnt/user/appdata/borgmatic/state:/root/.local/state/borgmatic
+      - /mnt/user/appdata/borgmatic/ssh_keys:/root/.ssh
+      - /mnt/disks/borg_backup/cache:/root/.cache/borg
+      - /mnt/disks/borg_backup/repo:/mnt/borg-repository
+      - /mnt/user:/mnt/user:ro
+      - /boot:/boot:ro

stacks/backup/stack.env

@@ -0,0 +1 @@
+BORG_PASSPHRASE=Titu@1588

stacks/documents/docker-compose.yml

@@ -0,0 +1,78 @@
+services:
+  paperless:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    container_name: paperless
+    restart: unless-stopped
+    depends_on:
+      - paperless-db
+      - paperless-redis
+      - paperless-tika
+      - paperless-gotenberg
+    ports:
+      - 8777:8000
+    environment:
+      - USERMAP_UID=99
+      - USERMAP_GID=100
+      - PAPERLESS_REDIS=redis://paperless-redis:6379
+      - PAPERLESS_DBHOST=paperless-db
+      - PAPERLESS_TIKA_ENABLED=1
+      - PAPERLESS_TIKA_GOTENBERG_ENDPOINT=http://paperless-gotenberg:3000
+      - PAPERLESS_TIKA_ENDPOINT=http://paperless-tika:9998
+      - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
+      - PAPERLESS_URL=https://paperless.rishighan.com
+      - PAPERLESS_TIME_ZONE=America/Chicago
+      - PAPERLESS_OCR_LANGUAGE=eng
+      - PAPERLESS_ADMIN_USER=${PAPERLESS_ADMIN_USER}
+      - PAPERLESS_ADMIN_PASSWORD=${PAPERLESS_ADMIN_PASSWORD}
+    volumes:
+      - /mnt/user/data/paperless/data:/usr/src/paperless/data
+      - /mnt/user/data/paperless/media:/usr/src/paperless/media
+      - /mnt/user/data/paperless/export:/usr/src/paperless/export
+      - /mnt/user/data/paperless/consume:/usr/src/paperless/consume
+
+  paperless-db:
+    image: postgres:16
+    container_name: paperless-db
+    restart: unless-stopped
+    environment:
+      - POSTGRES_DB=paperless
+      - POSTGRES_USER=paperless
+      - POSTGRES_PASSWORD=${PAPERLESS_DB_PASSWORD}
+    volumes:
+      - /mnt/user/data/paperless/pgdata:/var/lib/postgresql/data
+
+  paperless-redis:
+    image: redis:7
+    container_name: paperless-redis
+    restart: unless-stopped
+    volumes:
+      - /mnt/user/data/paperless/redis:/data
+
+  paperless-tika:
+    image: apache/tika:latest
+    container_name: paperless-tika
+    restart: unless-stopped
+
+  paperless-gotenberg:
+    image: gotenberg/gotenberg:8
+    container_name: paperless-gotenberg
+    restart: unless-stopped
+    command:
+      - "gotenberg"
+      - "--chromium-disable-javascript=true"
+      - "--chromium-allow-list=file:///tmp/.*"
+
+  onlyoffice:
+    image: onlyoffice/documentserver:latest
+    container_name: onlyoffice
+    restart: unless-stopped
+    ports:
+      - 8089:80
+      - 4430:443
+    environment:
+      - TZ=America/Los_Angeles
+      - JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
+    volumes:
+      - /mnt/user/appdata/onlyofficeds/Data:/var/www/onlyoffice/Data
+      - /mnt/user/appdata/onlyofficeds/logs:/var/log/onlyoffice
+      - /mnt/user/appdata/onlyofficeds/fonts:/usr/share/fonts

stacks/documents/stack.env

@@ -0,0 +1,5 @@
+PAPERLESS_SECRET_KEY=FD8w8IuzpQkOsrwMyHz35e5qH4ujRJ5fGQWKghAGQIQ=
+PAPERLESS_ADMIN_USER=frishi
+PAPERLESS_ADMIN_PASSWORD=Titu@1588
+PAPERLESS_DB_PASSWORD=paperless
+ONLYOFFICE_JWT_SECRET=secret123

stacks/outline/README.md

@@ -0,0 +1,68 @@
+# Outline Stack
+
+Outline Wiki with Postgres and Redis.
+
+## Services
+
+| Service | Port | Description |
+|---------|------|-------------|
+| outline | 3000:3000 | Wiki application |
+| outline-postgres | - | PostgreSQL database |
+| outline-redis | - | Redis cache |
+
+## Configuration Files
+
+Copy `redis.conf` to `/mnt/user/appdata/outline/` before deploying.
+
+## Dependencies
+
+- S3 bucket for uploads: `outline-wiki-data-bucket`
+- Slack app for authentication: https://api.slack.com/apps/A041B5BSXD2
+
+## NGINX Proxy Manager
+
+Create HTTPS proxy for `wiki.rishighan.com` pointing to `192.168.1.75:3000`
+
+## Migration from VM
+
+1. Create directories:
+```bash
+mkdir -p /mnt/user/appdata/outline/{postgres-data,redis}
+cp redis.conf /mnt/user/appdata/outline/
+```
+
+2. Export Postgres from VM:
+```bash
+ssh rishi@192.168.1.112
+docker exec outline-postgres-1 pg_dump -U rishi outline > ~/outline_backup.sql
+```
+
+3. Copy backup to Flook:
+```bash
+scp rishi@192.168.1.112:~/outline_backup.sql /mnt/user/appdata/outline/
+```
+
+4. Deploy stack via Portainer (creates empty DB)
+
+5. Stop outline temporarily:
+```bash
+docker stop outline
+```
+
+6. Import data:
+```bash
+docker exec -i outline-postgres psql -U rishi outline < /mnt/user/appdata/outline/outline_backup.sql
+```
+
+7. Start outline:
+```bash
+docker start outline
+```
+
+8. Update NPM proxy to point to 192.168.1.75:3000
+
+9. Stop VM services after verification:
+```bash
+ssh rishi@192.168.1.112
+cd ~/outline && docker compose down
+```

stacks/outline/docker-compose.yml

@@ -0,0 +1,31 @@
+services:
+  outline:
+    image: outlinewiki/outline:latest
+    container_name: outline
+    restart: unless-stopped
+    command: sh -c "yarn db:migrate --env=production-ssl-disabled && yarn start --env=production-ssl-disabled"
+    ports:
+      - 3000:3000
+    env_file:
+      - stack.env
+    depends_on:
+      - outline-redis
+      - outline-postgres
+
+  outline-redis:
+    image: redis:latest
+    container_name: outline-redis
+    restart: unless-stopped
+    volumes:
+      - /mnt/user/appdata/outline/redis.conf:/redis.conf
+      - /mnt/user/appdata/outline/redis:/data
+    command: ["redis-server", "/redis.conf"]
+
+  outline-postgres:
+    image: postgres:15
+    container_name: outline-postgres
+    restart: unless-stopped
+    env_file:
+      - stack.env
+    volumes:
+      - /mnt/user/appdata/outline/postgres-data:/var/lib/postgresql/data

stacks/outline/redis.conf

@@ -0,0 +1,2 @@
+bind 0.0.0.0
+port 6379

stacks/outline/stack.env

@@ -0,0 +1,31 @@
+# –––––––––––––––– REQUIRED ––––––––––––––––
+SECRET_KEY=ce86b161b3e7e8ce75136060afd462673363b1b0d027aff8a2bfc097b20bb39a
+UTILS_SECRET=a9e89560aad956988f53949ab354dbff63bd5c75e08e560b2cbfcee71d2fae30
+POSTGRES_USER=rishi
+POSTGRES_PASSWORD=dexter
+POSTGRES_DB=outline
+DATABASE_URL=postgres://rishi:dexter@outline-postgres:5432/outline
+DATABASE_URL_TEST=postgres://rishi:dexter@outline-postgres:5432/outline-test
+PGSSLMODE=disable
+REDIS_URL=redis://outline-redis:6379
+URL=https://wiki.rishighan.com
+PORT=3000
+AWS_ACCESS_KEY_ID=AKIAQP5UUFQPKWAILLJK
+AWS_SECRET_ACCESS_KEY=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
+AWS_REGION=us-east-1
+AWS_S3_UPLOAD_BUCKET_URL=https://outline-wiki-data-bucket.s3.us-east-1.amazonaws.com
+AWS_S3_UPLOAD_BUCKET_NAME=outline-wiki-data-bucket
+AWS_S3_UPLOAD_MAX_SIZE=26214400
+AWS_S3_FORCE_PATH_STYLE=false
+
+# –––––––––––––– AUTHENTICATION ––––––––––––––
+SLACK_KEY=11934097441.4045181915444
+SLACK_SECRET=740d1d0b375d7609cd1fa18de2b1e8d4
+
+# –––––––––––––––– OPTIONAL ––––––––––––––––
+SLACK_VERIFICATION_TOKEN=StwRrYvcGHCDME4a5x2jU9zq
+SLACK_APP_ID=A041B5BSXD2
+SLACK_MESSAGE_ACTIONS=true
+FORCE_HTTPS=false
+ENABLE_UPDATES=true
+WEB_CONCURRENCY=2

stacks/portainer/docker-compose.yml

@@ -0,0 +1,10 @@
+services:
+  portainer:
+    image: portainer/portainer-ce:latest
+    container_name: portainer
+    restart: unless-stopped
+    ports:
+      - 9000:9000
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /mnt/user/appdata/portainer:/data

stacks/productivity/README.md

@@ -0,0 +1,63 @@
+# Productivity Stack
+
+GitLab, Vaultwarden, Memos, Mortis, and FreshRSS.
+
+## Services
+
+| Service | Port | Description |
+|---------|------|-------------|
+| gitlab | 8929:80, 2222:22 | Git repository |
+| vaultwarden | 4743:80 | Password manager |
+| memos | 5230:5230 | Note-taking |
+| mortis | 5231:5231 | Memos iOS companion |
+| freshrss | 8054:80 | RSS reader |
+
+## GitLab
+
+### Initial Setup
+
+GitLab runs migrations on first start - takes 15-20 minutes. Be patient.
+
+### Get Root Password
+
+```bash
+docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
+```
+
+### NGINX Proxy Manager
+
+Create HTTPS proxy for `git.rishighan.com` pointing to `192.168.1.75:8929`
+
+GitLab recommends SSL, so use HTTPS.
+
+## Vaultwarden
+
+### NGINX Proxy Manager
+
+Create HTTPS proxy for `vault.rishighan.com` pointing to `192.168.1.75:4743`
+
+### Admin Panel
+
+Access at `https://vault.rishighan.com/admin` with the `ADMIN_TOKEN` from stack.env
+
+## Memos + Mortis
+
+Mortis is the iOS companion for Memos. It connects via gRPC to memos:5230.
+
+### NGINX Proxy Manager
+
+Create HTTPS proxy for `memos.rishighan.com` pointing to `192.168.1.75:5230`
+
+## FreshRSS
+
+### NGINX Proxy Manager
+
+Create HTTPS proxy for `rss.rishighan.com` pointing to `192.168.1.75:8054`
+
+### Import Feeds
+
+1. Copy `feeds.opml` to `/mnt/user/appdata/freshrss/`
+2. In FreshRSS: Settings → Import/Export → Import OPML
+3. Enable `af_readability` extension to bypass paywalls
+
+The OPML contains curated feeds for Gaming, Tech, Politics, Weather, and World News - free from paywalled bullshit.

stacks/productivity/docker-compose.yml

@@ -0,0 +1,80 @@
+services:
+  gitlab:
+    image: gitlab/gitlab-ce:latest
+    container_name: gitlab
+    restart: unless-stopped
+    hostname: git.rishighan.com
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'https://git.rishighan.com'
+        nginx['listen_port'] = 80
+        nginx['listen_https'] = false
+        gitlab_rails['time_zone'] = 'America/Chicago'
+    ports:
+      - 8929:80
+      - 2222:22
+    volumes:
+      - /mnt/user/data/gitlab/config:/etc/gitlab
+      - /mnt/user/data/gitlab/logs:/var/log/gitlab
+      - /mnt/user/data/gitlab/data:/var/opt/gitlab
+    shm_size: '256m'
+
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: unless-stopped
+    ports:
+      - 4743:80
+    environment:
+      - TZ=America/Los_Angeles
+      - SIGNUPS_ALLOWED=true
+      - INVITATIONS_ALLOWED=true
+      - WEBSOCKET_ENABLED=false
+      - ADMIN_TOKEN=${VAULTWARDEN_ADMIN_TOKEN}
+    volumes:
+      - /mnt/user/appdata/vaultwarden:/data
+
+  memos:
+    image: neosmemo/memos:stable
+    container_name: memos
+    restart: unless-stopped
+    ports:
+      - 5230:5230
+    environment:
+      - TZ=UTC
+      - MEMOS_MODE=prod
+      - MEMOS_PORT=5230
+    volumes:
+      - /mnt/user/appdata/memos:/var/opt/memos
+    healthcheck:
+      test: wget --quiet --tries=1 --spider http://localhost:5230 || exit 1
+      start_period: 1m
+      start_interval: 10s
+      interval: 1m
+      timeout: 5s
+      retries: 3
+
+  mortis:
+    image: ghcr.io/mudkipme/mortis:0.25.2
+    container_name: mortis
+    restart: unless-stopped
+    ports:
+      - 5231:5231
+    command: ["-grpc-addr=memos:5230"]
+    depends_on:
+      - memos
+
+  freshrss:
+    image: lscr.io/linuxserver/freshrss:latest
+    container_name: freshrss
+    restart: unless-stopped
+    environment:
+      - PUID=99
+      - PGID=100
+      - UMASK=022
+      - TZ=America/Los_Angeles
+      - CRON_MIN=*/30
+    ports:
+      - 8054:80
+    volumes:
+      - /mnt/user/appdata/freshrss:/config

stacks/productivity/feeds.opml

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<opml version="2.0">
+  <head>
+    <title>Rishi's Feeds</title>
+    <dateCreated>2024</dateCreated>
+  </head>
+  <body>
+    <outline text="Tech" title="Tech">
+      <outline type="rss" text="Ars Technica" title="Ars Technica" xmlUrl="http://feeds.arstechnica.com/arstechnica/index" htmlUrl="https://arstechnica.com"/>
+      <outline type="rss" text="The Register" title="The Register" xmlUrl="https://www.theregister.com/headlines.atom" htmlUrl="https://www.theregister.com"/>
+      <outline type="rss" text="Bleeping Computer" title="Bleeping Computer" xmlUrl="https://www.bleepingcomputer.com/feed/" htmlUrl="https://www.bleepingcomputer.com"/>
+      <outline type="rss" text="Tom's Hardware" title="Tom's Hardware" xmlUrl="https://www.tomshardware.com/feeds.xml" htmlUrl="https://www.tomshardware.com"/>
+    </outline>
+    <outline text="Gaming" title="Gaming">
+      <outline type="rss" text="GamingOnLinux" title="GamingOnLinux" xmlUrl="https://www.gamingonlinux.com/article_rss.php" htmlUrl="https://www.gamingonlinux.com"/>
+      <outline type="rss" text="Rock Paper Shotgun" title="Rock Paper Shotgun" xmlUrl="https://www.rockpapershotgun.com/feed" htmlUrl="https://www.rockpapershotgun.com"/>
+      <outline type="rss" text="PC Gamer" title="PC Gamer" xmlUrl="https://www.pcgamer.com/rss/" htmlUrl="https://www.pcgamer.com"/>
+    </outline>
+    <outline text="Weather" title="Weather">
+      <outline type="rss" text="Fox Weather" title="Fox Weather" xmlUrl="https://moxie.foxweather.com/google-publisher/latest.xml" htmlUrl="https://www.foxweather.com"/>
+      <outline type="rss" text="Severe Weather Europe" title="Severe Weather Europe" xmlUrl="https://severe-weather.eu/feed/" htmlUrl="https://severe-weather.eu"/>
+    </outline>
+    <outline text="Politics" title="Politics">
+      <outline type="rss" text="ProPublica" title="ProPublica" xmlUrl="https://www.propublica.org/feeds/propublica/main" htmlUrl="https://www.propublica.org"/>
+      <outline type="rss" text="The Intercept" title="The Intercept" xmlUrl="https://theintercept.com/feed/?lang=en" htmlUrl="https://theintercept.com"/>
+      <outline type="rss" text="NPR Politics" title="NPR Politics" xmlUrl="https://feeds.npr.org/1014/rss.xml" htmlUrl="https://www.npr.org/sections/politics"/>
+      <outline type="rss" text="BBC Politics" title="BBC Politics" xmlUrl="http://feeds.bbci.co.uk/news/politics/rss.xml" htmlUrl="https://www.bbc.com/news/politics"/>
+      <outline type="rss" text="The Guardian Politics" title="The Guardian Politics" xmlUrl="https://www.theguardian.com/politics/rss" htmlUrl="https://www.theguardian.com/politics"/>
+    </outline>
+  </body>
+</opml>

stacks/productivity/stack.env

@@ -0,0 +1 @@
+VAULTWARDEN_ADMIN_TOKEN=emNPS8DJtzKaLDG3i+braZik2xuPYWHIZeyfoI6dRmP++0JyE7NtC3L5dv0w2yM4

stacks/proxy/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  npm:
+    image: jc21/nginx-proxy-manager:latest
+    container_name: npm
+    restart: unless-stopped
+    environment:
+      - TZ=America/Los_Angeles
+      - DB_SQLITE_FILE=/data/database.sqlite
+    ports:
+      - 1880:80
+      - 18443:443
+      - 81:81
+    volumes:
+      - /mnt/user/appdata/Nginx-Proxy-Manager-Official/data:/data
+      - /mnt/user/appdata/Nginx-Proxy-Manager-Official/letsencrypt:/etc/letsencrypt

stacks/seafile/README.md

@@ -0,0 +1,107 @@
+# Seafile Stack
+
+Seafile 13 Pro with SeaDoc, SeaSearch, Notification Server, and Metadata Server.
+
+## Services
+
+| Service | Port | Description |
+|---------|------|-------------|
+| seafile | 8098:80 | Main Seafile server |
+| seadoc | 8888:80 | Document collaboration |
+| notification-server | 8083:8083 | Real-time notifications |
+| seafile-md-server | 8084:8084 | Metadata server |
+| seasearch | 4080:4080 | Full-text search |
+| seafile-mysql | - | MariaDB database |
+| seafile-redis | - | Redis cache |
+
+## Configuration Files
+
+Copy these to `/mnt/user/appdata/seafile/` before deploying:
+
+- `seahub_settings.py` - Seahub configuration
+- `seafile.conf` - Seafile server configuration
+
+## NGINX Proxy Manager Setup
+
+### fileserver.rishighan.com
+
+Create HTTPS proxy with this Advanced config:
+
+```nginx
+location / {
+    proxy_pass http://192.168.1.75:8098;
+    proxy_read_timeout 310s;
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Connection "upgrade";
+    client_max_body_size 0;
+}
+
+rewrite ^/seafdav$ /seafdav/ permanent;
+
+location /sdoc-server/ {
+    proxy_pass http://192.168.1.75:8888/;
+    proxy_redirect off;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $server_name;
+    client_max_body_size 100m;
+}
+
+location /socket.io {
+    proxy_pass http://192.168.1.75:8888;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection 'upgrade';
+    proxy_redirect off;
+    proxy_buffers 8 32k;
+    proxy_buffer_size 64k;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-NginX-Proxy true;
+}
+```
+
+### notification.rishighan.com
+
+Create separate HTTPS proxy pointing to `192.168.1.75:8083`
+
+## Migration from VM
+
+1. Stop Seafile on VM:
+```bash
+ssh rishi@192.168.1.112
+cd /opt/seafile && docker compose down
+```
+
+2. Create directories:
+```bash
+mkdir -p /mnt/user/appdata/seafile/{data,db-data,seadoc-data,seasearch-data}
+```
+
+3. Copy data:
+```bash
+rsync -avP rishi@192.168.1.112:~/seafile/data/ /mnt/user/appdata/seafile/data/
+rsync -avP rishi@192.168.1.112:~/seafile/db-data/ /mnt/user/appdata/seafile/db-data/
+```
+
+4. Copy config files:
+```bash
+cp seahub_settings.py /mnt/user/appdata/seafile/
+cp seafile.conf /mnt/user/appdata/seafile/
+```
+
+5. Update NPM proxies to point to 192.168.1.75 instead of 192.168.1.112
+
+6. Deploy stack via Portainer
+
+## Notes
+
+- Notifications only work for shared library events between users
+- SeaDoc requires the `/sdoc-server/` and `/socket.io` proxy locations
+- WebDAV is enabled on port 8080 at `/seafdav`

stacks/seafile/docker-compose.yml

@@ -0,0 +1,163 @@
+networks:
+  seafile-net:
+    name: seafile-net
+    driver: bridge
+
+services:
+  db:
+    image: mariadb:10.11
+    container_name: seafile-mysql
+    restart: unless-stopped
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_LOG_CONSOLE=true
+      - MARIADB_AUTO_UPGRADE=1
+    volumes:
+      - /mnt/user/appdata/seafile/db-data:/var/lib/mysql
+    networks:
+      - seafile-net
+    healthcheck:
+      test: ["CMD", "sh", "-c", "mysqladmin ping -h localhost -u root -p$$MYSQL_ROOT_PASSWORD"]
+      interval: 20s
+      start_period: 30s
+      timeout: 5s
+      retries: 10
+
+  redis:
+    image: redis:latest
+    container_name: seafile-redis
+    restart: unless-stopped
+    networks:
+      - seafile-net
+
+  seafile:
+    image: seafileltd/seafile-pro-mc:13.0.6-testing
+    container_name: seafile
+    restart: unless-stopped
+    ports:
+      - 8098:80
+    environment:
+      - SEAFILE_MYSQL_DB_HOST=db
+      - SEAFILE_MYSQL_DB_PORT=3306
+      - SEAFILE_MYSQL_DB_USER=seafile
+      - SEAFILE_MYSQL_DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD}
+      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=ccnet_db
+      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=seafile_db
+      - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=seahub_db
+      - TIME_ZONE=Etc/UTC
+      - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME}
+      - SEAFILE_SERVER_PROTOCOL=https
+      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY}
+      - ENABLE_SEADOC=true
+      - SEADOC_SERVER_URL=https://${SEAFILE_SERVER_HOSTNAME}/sdoc-server
+      - CACHE_PROVIDER=redis
+      - REDIS_HOST=redis
+      - REDIS_PORT=6379
+      - INNER_NOTIFICATION_SERVER_URL=http://notification-server:8083
+      - NOTIFICATION_SERVER_URL=${NOTIFICATION_SERVER_URL}
+    volumes:
+      - /mnt/user/appdata/seafile/data:/shared
+      - /mnt/user/appdata/seafile/seahub_settings.py:/shared/seafile/conf/seahub_settings.py
+      - /mnt/user/appdata/seafile/seafile.conf:/shared/seafile/conf/seafile.conf
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_started
+    networks:
+      - seafile-net
+
+  seadoc:
+    image: seafileltd/sdoc-server:2.0.3-testing
+    container_name: seadoc
+    restart: unless-stopped
+    ports:
+      - 8888:80
+    environment:
+      - DB_HOST=db
+      - DB_PORT=3306
+      - DB_USER=seafile
+      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD}
+      - DB_NAME=seahub_db
+      - TIME_ZONE=Etc/UTC
+      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY}
+      - SEAHUB_SERVICE_URL=https://${SEAFILE_SERVER_HOSTNAME}
+    volumes:
+      - /mnt/user/appdata/seafile/seadoc-data:/shared
+    depends_on:
+      db:
+        condition: service_healthy
+    networks:
+      - seafile-net
+
+  notification-server:
+    image: seafileltd/notification-server:13.0.0-testing
+    container_name: notification-server
+    restart: unless-stopped
+    ports:
+      - 8083:8083
+    environment:
+      - SEAFILE_MYSQL_DB_HOST=db
+      - SEAFILE_MYSQL_DB_PORT=3306
+      - SEAFILE_MYSQL_DB_USER=seafile
+      - SEAFILE_MYSQL_DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD}
+      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=ccnet_db
+      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=seafile_db
+      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY}
+      - SEAFILE_LOG_TO_STDOUT=true
+    volumes:
+      - /mnt/user/appdata/seafile/data/seafile/logs:/shared/seafile/logs
+    depends_on:
+      db:
+        condition: service_healthy
+    networks:
+      - seafile-net
+
+  seafile-md-server:
+    image: seafileltd/seafile-md-server:13.0.6-testing
+    container_name: seafile-md-server
+    restart: unless-stopped
+    ports:
+      - 8084:8084
+    environment:
+      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY}
+      - SEAFILE_MYSQL_DB_HOST=db
+      - SEAFILE_MYSQL_DB_PORT=3306
+      - SEAFILE_MYSQL_DB_USER=seafile
+      - SEAFILE_MYSQL_DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD}
+      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=seafile_db
+      - MD_PORT=8084
+      - MD_STORAGE_TYPE=s3
+      - S3_MD_BUCKET=seafile-md
+      - S3_KEY_ID=${S3_KEY_ID}
+      - S3_SECRET_KEY=${S3_SECRET_KEY}
+      - S3_AWS_REGION=us-east-1
+      - S3_HOST=s3.amazonaws.com
+      - S3_USE_HTTPS=true
+      - S3_USE_V4_SIGNATURE=true
+      - CACHE_PROVIDER=redis
+      - REDIS_HOST=redis
+      - REDIS_PORT=6379
+    volumes:
+      - /mnt/user/appdata/seafile/data:/shared
+    depends_on:
+      db:
+        condition: service_healthy
+    networks:
+      - seafile-net
+
+  seasearch:
+    image: seafileltd/seasearch:1.0.1-testing
+    container_name: seafile-seasearch
+    restart: unless-stopped
+    ports:
+      - 4080:4080
+    environment:
+      - SS_MAX_OBJ_CACHE_SIZE=10GB
+      - SS_STORAGE_TYPE=disk
+      - SS_LOG_TO_STDOUT=true
+      - SS_LOG_LEVEL=info
+    volumes:
+      - /mnt/user/appdata/seafile/seasearch-data:/opt/seasearch/data
+    networks:
+      - seafile-net

stacks/seafile/seafile.conf

@@ -0,0 +1,11 @@
+[metadata]
+enabled = true
+metadata_server_url = http://seafile-md-server:8084
+
+[fileserver]
+port=8082
+
+[webdav]
+enabled = true
+port = 8080
+share_name = /seafdav

stacks/seafile/seahub_settings.py

@@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+SECRET_KEY = "4m!e0kb5yabjx50h@)wg^96wt$m^9d(=%zs_y%c@vwtn#vz6ob"
+TIME_ZONE = 'America/Chicago'
+
+# Seafile URLs
+FILE_SERVER_ROOT = 'https://fileserver.rishighan.com/seafhttp'
+CSRF_TRUSTED_ORIGINS = ['https://fileserver.rishighan.com']
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
+# SeaDoc
+DOC_PREVIEW_SERVER = 'https://fileserver.rishighan.com/sdoc-server'
+
+# Notifications
+NOTIFICATION_SERVER_URL = 'https://notification.rishighan.com'
+ENABLE_NOTIFICATIONS = True
+
+# Metadata Server (Extended Properties)
+ENABLE_METADATA_MANAGEMENT = True
+METADATA_SERVER_URL = 'http://seafile-md-server:8084'
+
+# OnlyOffice
+ENABLE_ONLYOFFICE = True
+VERIFY_ONLYOFFICE_CERTIFICATE = True
+ONLYOFFICE_APIJS_URL = 'https://office.rishighan.com/web-apps/apps/api/documents/api.js'
+ONLYOFFICE_JWT_SECRET = 'secret123'
+ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv')
+ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx')
+ONLYOFFICE_FORCE_SAVE = True
+OFFICE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024

stacks/seafile/stack.env

@@ -0,0 +1,7 @@
+MYSQL_ROOT_PASSWORD=dexter
+SEAFILE_MYSQL_DB_PASSWORD=dexter
+SEAFILE_SERVER_HOSTNAME=fileserver.rishighan.com
+JWT_PRIVATE_KEY=Qo4s8XissWnJx6gIORcggOaU69ObAa3W84jC05yv
+NOTIFICATION_SERVER_URL=https://notification.rishighan.com
+S3_KEY_ID=AKIAQP5UUFQPMDXWPW4O
+S3_SECRET_KEY=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