commit f004ce80adc7110f28dcb94eaa0ffc2313d4e18d
Author: shynd <shynd@r-io.lu>
Date:   Sat Mar 29 10:39:25 2025 +0000

    init comit

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e6905a2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.env*
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..3a6edb9
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,100 @@
+ROOT_DIR:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+PYTHON:=$(ROOT_DIR)/.venv/bin/python
+SHELL:=/bin/bash
+
+.PHONY: update
+update: ## update the service(s)
+	docker compose --project-directory "$(ROOT_DIR)" --profile all pull $(APP)
+
+.PHONY: pull
+pull: ## pull the latest image(s)
+	docker compose --project-directory "$(ROOT_DIR)" --profile all pull $(APP)
+
+.PHONY: up
+up: ## starts the service(s)
+	docker compose --project-directory "$(ROOT_DIR)" --profile all up -d $(APP) $(ARGS)
+
+.PHONY: down
+down: ## stop the service(s)
+	docker compose --project-directory "$(ROOT_DIR)" --profile all down $(APP) $(ARGS)
+
+.PHONY: stop
+stop: # stop the service(s)
+	docker compose --project-directory "$(ROOT_DIR)" --profile all stop $(APP) $(ARGS)
+
+.PHONY: logs
+logs: # show the log(s)
+	docker compose --project-directory "$(ROOT_DIR)" --profile all logs $(APP) -ft $(ARGS)
+
+.PHONY: restart
+restart: # restart the service(s)
+	docker compose --project-directory "$(ROOT_DIR)" --profile all restart $(APP) $(ARGS)
+
+.PHONY: ps
+ps: # show the status of the service(s)
+	docker compose --project-directory "$(ROOT_DIR)" --profile all ps --format "table {{.Image}}\t{{.Status}}\t{{.Ports}}\t{{.Name}}"
+
+.PHONY: config
+config: # show the configration of the service(s)
+	docker compose --project-directory "$(ROOT_DIR)" --profile all config $(APP) $(ARGS)
+
+############################################################################################
+# core services
+############################################################################################
+
+.PHONY: core-up
+core-up: ## start just the core services (traefik, auth, etc).
+	docker compose --project-directory "$(ROOT_DIR)" --profile core up -d
+
+.PHONY: core-down
+core-down: ## stop just the core services (traefik, auth, etc).
+	docker compose --project-directory "$(ROOT_DIR)" --profile core down
+
+.PHONY: core-logs
+core-logs: ## stop just the core services (traefik, auth, etc).
+	docker compose --project-directory "$(ROOT_DIR)" --profile core logs -ft
+
+############################################################################################
+# media services
+############################################################################################
+
+# TODO
+# TODO
+# TODO
+
+############################################################################################
+# configuration
+############################################################################################
+
+.PHONY: config-acme
+config-acme: ## initializes the acme.json file
+	mkdir -p appdata/traefik/acme/
+	rm -f appdata/traefik/acme/acme.json
+	touch appdata/traefik/acme/acme.json
+	chmod 600 appdata/traefik/acme/acme.json
+
+############################################################################################
+# backup
+############################################################################################
+
+# TODO
+# TODO
+# TODO
+
+############################################################################################
+# development
+############################################################################################
+
+# TODO
+# TODO
+# TODO
+
+############################################################################################
+# general
+############################################################################################
+
+.PHONY: version
+version: ## show the version of the project
+	@git fetch --unshallow 2>/dev/null || true
+	@git fetch --tags 2>/dev/null || true
+	@echo "homelab $$(git describe --tags --abbrev=0)"
\ No newline at end of file
diff --git a/appdata/traefik/acme/acme.json b/appdata/traefik/acme/acme.json
new file mode 100644
index 0000000..e69de29
diff --git a/apps/socket-proxy.yaml b/apps/socket-proxy.yaml
new file mode 100644
index 0000000..24466f4
--- /dev/null
+++ b/apps/socket-proxy.yaml
@@ -0,0 +1,41 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json
+
+services:
+  socket-proxy:
+    container_name: socket-proxy
+    image: tecnativa/docker-socket-proxy:latest
+    profiles: ["traefik", "core", "all"]
+    privileged: true
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      docker:
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+    environment:
+      - LOG_LEVEL=notice # debug, info, notice, warning, err, crit, alert, emerg
+      - EVENTS=1
+      - PING=1
+      - VERSION=1
+      - AUTH=0
+      - SECRETS=0
+      - POST=1
+      - DELETE=1
+      - BUILD=0
+      - COMMIT=0
+      - CONFIGS=0
+      - CONTAINERS=1
+      - DISTRIBUTION=0
+      - EXEC=0
+      - IMAGES=1
+      - INFO=1
+      - NETWORKS=1
+      - NODES=0
+      - PLUGINS=0
+      - SERVICES=1
+      - SESSION=0
+      - SWARM=0
+      - SYSTEM=0
+      - TASKS=1
+      - VOLUMES=1
\ No newline at end of file
diff --git a/apps/watchtower.yaml b/apps/watchtower.yaml
new file mode 100644
index 0000000..09271b5
--- /dev/null
+++ b/apps/watchtower.yaml
@@ -0,0 +1,24 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json
+#######################################
+# Watchtower - automated image updates
+#######################################
+
+services:
+  watchtower:
+    container_name: watchtower
+    image: containrrr/watchtower:latest
+    profiles: ["utilities", "all"]
+    networks:
+      internal:
+      docker:
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+    environment:
+      TZ: ${TZ}
+      WATCHTOWER_CLEANUP: "true"
+      WATCHTOWER_REMOVE_VOLUMES: "true"
+      WATCHTOWER_INCLUDE_STOPPED: "true"
+      WATCHTOWER_NO_STARTUP_MESSAGE: "false"
+      WATCHTOWER_SCHEDULE: 0 30 12 * * *
+      DOCKER_HOST: tcp://socket-proxy:2375
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..500762c
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,59 @@
+include:
+  ########################################################
+  # TRAEFIK (CORE)
+  ########################################################
+
+  # TODO
+  #- apps/traefik/docker-compose.yaml # traefik (reverse proxy)
+  #- apps/authelia.yaml # Authelia (authentication)
+  - apps/socket-proxy.yaml # docker socket proxy (security)
+
+  ########################################################
+  # MEDIA
+  ########################################################
+
+  # TODO
+  # TODO
+  # TODO
+
+  ########################################################
+  # UTILITIES
+  ########################################################
+
+  - apps/watchtower.yaml  # watchtower (automated container updates)
+  # TODO
+  # TODO
+  # TODO
+
+  ########################################################
+  # MISCELLANEOUS
+  # 
+  # these services are disabled by default
+  ########################################################
+
+  # TODO
+  # TODO
+  # TODO
+
+########################################################
+# NETWORK CONFIGURATION
+########################################################
+
+networks:
+  traefik:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 192.168.90.0/24
+
+  docker:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 192.168.91.0/24
+
+  internal:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 192.168.92.0/24
\ No newline at end of file