From 1eb9b8b98a1fb1d37e7dd62710c125accb4c4079 Mon Sep 17 00:00:00 2001
From: micky <gamerah.rb@gmail.com>
Date: Sun, 14 Jan 2024 07:39:28 +0000
Subject: [PATCH 1/2] Add personal vpc

---
 base.yml                                     |  22 +++----
 compose/production/portal/Dockerfile         |   4 +-
 compose/production/traefik/dynamic.toml      |  30 ++++++++-
 extra/duplicati.yml                          |  34 ++++++++++
 extra/jitsi-meet.yml                         |   8 +--
 extra/microbin/compose.yaml                  |  46 ++++++++++++++
 extra/microbin/microbin-data/database.sqlite | Bin 0 -> 8192 bytes
 extra/nextcloud.yml                          |   4 +-
 extra/onlyoffice.yml                         |   2 +-
 extra/wallabag.yml                           |  63 +++++++++++++++++++
 scripts/backup.sh                            |  43 +++++++++++++
 scripts/services/Mistborn-wallabag.sevice    |  23 +++++++
 12 files changed, 258 insertions(+), 21 deletions(-)
 create mode 100644 extra/duplicati.yml
 create mode 100644 extra/microbin/compose.yaml
 create mode 100644 extra/microbin/microbin-data/database.sqlite
 create mode 100644 extra/wallabag.yml
 create mode 100755 scripts/backup.sh
 create mode 100644 scripts/services/Mistborn-wallabag.sevice

diff --git a/base.yml b/base.yml
index 6f317a9..c267d1b 100644
--- a/base.yml
+++ b/base.yml
@@ -51,20 +51,20 @@ services:
     #  context: .
     #  dockerfile: ./compose/production/traefik/Dockerfile
     #image: mistborn_production_traefik
-    image: traefik:v2.4.9
+    image: traefik:v2.8.8
     container_name: mistborn_production_traefik
     depends_on:
       - django
     volumes:
-      #- production_traefik:/etc/traefik/acme
+      #- ./compose/production_traefik:/etc/traefik/acme
       - ./compose/production/traefik/dynamic.toml:/dynamic.toml:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ../mistborn_volumes/base/tls:/tls:ro
     network_mode: host
-      #ports:
+    #ports:
     #  - "0.0.0.0:80:80/tcp"
     #  - "0.0.0.0:443:443/tcp"
-    #  #- "0.0.0.0:8080:8080/tcp" # dashboard
+     # - "0.0.0.0:8082:8080/tcp" # dashboard
     command:
       ## API settings
       #- --api.insecure=true
@@ -76,10 +76,11 @@ services:
       - --providers.docker=true
       - --providers.docker.exposedbydefault=false
       - --providers.file.filename=/dynamic.toml
-      #- --providers.docker.network=default
+     # - --providers.docker.network=default
       ## Entrypoints
       - --entrypoints.web.address=:80
       - --entrypoints.websecure.address=:443
+#      - --entrypoints.dashboard.address=:8082
       ## Certificates
       #- --serversTransport.insecureSkipVerify=true
     restart: unless-stopped
@@ -119,7 +120,7 @@ services:
     restart: unless-stopped
   
   redis:
-    image: redis:5.0
+    image: redis:5-alpine
     container_name: mistborn_production_redis
     restart: unless-stopped
 
@@ -220,9 +221,7 @@ services:
    # Volumes store your data between container upgrades
    volumes:
      - ../mistborn_volumes/base/pihole/etc-pihole:/etc/pihole/
-     - ../mistborn_volumes/base/pihole/etc-dnsmasqd:/etc/dnsmasq.d/
-   dns:
-     - 127.0.0.1
+     - ../mistborn_volumes/base/pihole/etc-dnsmasqd:/etc/dnsmasq.d/ 
    networks:
      default:
      pihole_net:
@@ -236,9 +235,10 @@ services:
     image: cyber5k/dnscrypt-proxy:latest
     environment:
      - DNSCRYPT_LISTEN_PORT=5054
-     # resolvers: https://download.dnscrypt.info/dnscrypt-resolvers/v2/public-resolvers.md
+     ## resolvers: https://download.dnscrypt.info/dnscrypt-resolvers/v2/public-resolvers.md
+     - DNSCRYPT_SERVER_NAMES=['google','cloudflare']
      #- DNSCRYPT_SERVER_NAMES=['scaleway-fr','google','yandex','cloudflare'] 
-     - DNSCRYPT_SERVER_NAMES=['cloudflare','dnswarden-doh1','dnswarden-doh2','dnswarden-doh3','adguard-dns-doh']
+     #- DNSCRYPT_SERVER_NAMES=['cloudflare','dnswarden-doh1','dnswarden-doh2','dnswarden-doh3','adguard-dns-doh']
     networks:
       pihole_net:
         ipv4_address: 10.2.0.2
diff --git a/compose/production/portal/Dockerfile b/compose/production/portal/Dockerfile
index 5f5edeb..fb2abbe 100644
--- a/compose/production/portal/Dockerfile
+++ b/compose/production/portal/Dockerfile
@@ -1,8 +1,8 @@
-FROM nginx:1.21.1-alpine
+FROM nginx:1.25.0-alpine
 
 ADD run.sh /run.sh
 ADD default.conf /etc/nginx/conf.d/default.conf
 
 RUN chmod +x /run.sh
 
-CMD ["/run.sh"]
\ No newline at end of file
+CMD ["/run.sh"]
diff --git a/compose/production/traefik/dynamic.toml b/compose/production/traefik/dynamic.toml
index a9f26dd..16ad069 100644
--- a/compose/production/traefik/dynamic.toml
+++ b/compose/production/traefik/dynamic.toml
@@ -9,11 +9,39 @@
     minVersion = "VersionTLS12"
 
 [http.services]
+ [http.services.spdf]
+  [http.services.spdf.loadBalancer]
+    [[http.services.spdf.loadBalancer.servers]]
+      url = "http://10.2.3.1:8082"
+ [http.services.kasm]
+  [http.services.kasm.loadBalancer]
+    [[http.services.kasm.loadBalancer.servers]]
+      url = "http://10.2.3.1:8443"
+ [http.services.netdata]
+  [http.services.netdata.loadBalancer]
+    [[http.services.netdata.loadBalancer.servers]]
+      url = "http://10.2.3.1:19999"
+ [http.services.cockpit]
   [http.services.cockpit.loadBalancer]
     [[http.services.cockpit.loadBalancer.servers]]
       url = "http://10.2.3.1:9090"
 
 [http.routers]
+  [http.routers.spdf]
+    rule = "Host(`spdf.mistborn`)"
+    service = "spdf"
+    entrypoints = ["web", "websecure"]
+    middlewares = ["mistborn_auth"]
+  [http.routers.kasm]
+    rule = "Host(`kasm.mistborn`)"
+    service = "kasm"
+    entrypoints = ["websecure"]
+    middlewares = ["mistborn_auth"]
+  [http.routers.netdata]
+    rule = "Host(`netdata.mistborn`)"
+    service = "netdata"
+    entrypoints = ["web", "websecure"]
+    middlewares = ["mistborn_auth"]
   [http.routers.cockpit]
     rule = "Host(`cockpit.mistborn`)"
     service = "cockpit"
@@ -28,4 +56,4 @@
       insecureSkipVerify = true
   
   [http.middlewares.mistborn_headers.headers]
-    hostsProxyHeaders = ['X-CSRFToken']
\ No newline at end of file
+    hostsProxyHeaders = ['X-CSRFToken']
diff --git a/extra/duplicati.yml b/extra/duplicati.yml
new file mode 100644
index 0000000..4562191
--- /dev/null
+++ b/extra/duplicati.yml
@@ -0,0 +1,34 @@
+---
+version: "2.4"
+services:
+  duplicati:
+    image: lscr.io/linuxserver/duplicati:latest
+    container_name: duplicati
+    environment:
+      - PUID=0
+      - PGID=0
+      - TZ=Europe/London
+      - CLI_ARGS= #optional
+    volumes:
+      - /opt/mistborn_volumes/extra/duplicati/appdata/config:/config
+      #- /path/to/backups:/backups
+      - /opt:/source
+      - /opt/sendTelegramNotification:/config/duplicati-notify/sendTelegramNotification
+    #ports:
+      #- 8200:8200
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.duplicati-http.rule=Host(`duplicati.mistborn`)"
+      - "traefik.http.routers.duplicati-http.entrypoints=web"
+      - "traefik.http.routers.duplicati-http.middlewares=mistborn_auth@file"
+      - "traefik.http.routers.duplicati-https.rule=Host(`duplicati.mistborn`)"
+      - "traefik.http.routers.duplicati-https.entrypoints=websecure"
+      - "traefik.http.routers.duplicati-https.middlewares=mistborn_auth@file"
+      - "traefik.http.routers.duplicati-https.tls.certresolver=basic"
+      - "traefik.http.services.duplicati-service.loadbalancer.server.port=8200"
+    restart: unless-stopped
+
+networks:
+  default:
+    external:
+      name: mistborn_default
diff --git a/extra/jitsi-meet.yml b/extra/jitsi-meet.yml
index 4a92b8e..bdc8235 100644
--- a/extra/jitsi-meet.yml
+++ b/extra/jitsi-meet.yml
@@ -3,7 +3,7 @@ version: '3'
 services:
     # Frontend
     jitsi-web:
-        image: jitsi/web:latest
+        image: jitsi/web:stable
         restart: unless-stopped
         #ports:
             #- '${HTTP_PORT}:80'
@@ -111,7 +111,7 @@ services:
 
     # XMPP server
     jitsi-prosody:
-        image: jitsi/prosody:latest
+        image: jitsi/prosody:stable
         restart: unless-stopped
         expose:
             - '5222'
@@ -182,7 +182,7 @@ services:
 
     # Focus component
     jitsi-jicofo:
-        image: jitsi/jicofo:latest
+        image: jitsi/jicofo:stable
         restart: unless-stopped
         volumes:
             - ${CONFIG}/jicofo:/config:Z
@@ -213,7 +213,7 @@ services:
 
     # Video bridge
     jitsi-jvb:
-        image: jitsi/jvb:latest
+        image: jitsi/jvb:stable
         restart: unless-stopped
         ports:
             - "${MISTBORN_BIND_IP}:${JVB_PORT}:${JVB_PORT}/udp"
diff --git a/extra/microbin/compose.yaml b/extra/microbin/compose.yaml
new file mode 100644
index 0000000..60ffb6a
--- /dev/null
+++ b/extra/microbin/compose.yaml
@@ -0,0 +1,46 @@
+services:
+  microbin:
+    image: danielszabo99/microbin:latest
+    restart: always
+    ports:
+     - "${MICROBIN_PORT}:8080"
+    volumes:
+     - ./microbin-data:/app/microbin_data
+    environment:
+      MICROBIN_BASIC_AUTH_USERNAME: ${MICROBIN_BASIC_AUTH_USERNAME}
+      MICROBIN_BASIC_AUTH_PASSWORD: ${MICROBIN_BASIC_AUTH_PASSWORD}
+      MICROBIN_ADMIN_USERNAME: ${MICROBIN_ADMIN_USERNAME}
+      MICROBIN_ADMIN_PASSWORD: ${MICROBIN_ADMIN_PASSWORD}
+      MICROBIN_EDITABLE: ${MICROBIN_EDITABLE}
+      MICROBIN_FOOTER_TEXT: ${MICROBIN_FOOTER_TEXT}
+      MICROBIN_HIDE_FOOTER: ${MICROBIN_HIDE_FOOTER}
+      MICROBIN_HIDE_HEADER: ${MICROBIN_HIDE_HEADER}
+      MICROBIN_HIDE_LOGO: ${MICROBIN_HIDE_LOGO}
+      MICROBIN_NO_LISTING: ${MICROBIN_NO_LISTING}
+      MICROBIN_HIGHLIGHTSYNTAX: ${MICROBIN_HIGHLIGHTSYNTAX}
+      MICROBIN_BIND: ${MICROBIN_BIND}
+      MICROBIN_PRIVATE: ${MICROBIN_PRIVATE}
+      MICROBIN_PURE_HTML: ${MICROBIN_PURE_HTML}
+      MICROBIN_DATA_DIR: ${MICROBIN_DATA_DIR}
+      MICROBIN_JSON_DB: ${MICROBIN_JSON_DB}
+      MICROBIN_PUBLIC_PATH: ${MICROBIN_PUBLIC_PATH}
+      MICROBIN_SHORT_PATH: ${MICROBIN_SHORT_PATH}
+      MICROBIN_READONLY: ${MICROBIN_READONLY}
+      MICROBIN_SHOW_READ_STATS: ${MICROBIN_SHOW_READ_STATS}
+      MICROBIN_TITLE: ${MICROBIN_TITLE}
+      MICROBIN_THREADS: ${MICROBIN_THREADS}
+      MICROBIN_GC_DAYS: ${MICROBIN_GC_DAYS}
+      MICROBIN_ENABLE_BURN_AFTER: ${MICROBIN_ENABLE_BURN_AFTER}
+      MICROBIN_DEFAULT_BURN_AFTER: ${MICROBIN_DEFAULT_BURN_AFTER}
+      MICROBIN_WIDE: ${MICROBIN_WIDE}
+      MICROBIN_QR: ${MICROBIN_QR}
+      MICROBIN_ETERNAL_PASTA: ${MICROBIN_ETERNAL_PASTA}
+      MICROBIN_ENABLE_READONLY: ${MICROBIN_ENABLE_READONLY}
+      MICROBIN_DEFAULT_EXPIRY: ${MICROBIN_DEFAULT_EXPIRY}
+      MICROBIN_NO_FILE_UPLOAD: ${MICROBIN_NO_FILE_UPLOAD}
+      MICROBIN_CUSTOM_CSS: ${MICROBIN_CUSTOM_CSS}
+      MICROBIN_HASH_IDS: ${MICROBIN_HASH_IDS}
+      MICROBIN_ENCRYPTION_CLIENT_SIDE: ${MICROBIN_ENCRYPTION_CLIENT_SIDE}
+      MICROBIN_ENCRYPTION_SERVER_SIDE: ${MICROBIN_ENCRYPTION_SERVER_SIDE}
+      MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB: ${MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB}
+      MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB: ${MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB}
diff --git a/extra/microbin/microbin-data/database.sqlite b/extra/microbin/microbin-data/database.sqlite
new file mode 100644
index 0000000000000000000000000000000000000000..6f4f6e91cdaa3fbe66425afb7c012f750d1b8e0f
GIT binary patch
literal 8192
zcmWFz^vNtqRY=P(%1ta$FlG>7U}R))P*7lCU|?imU|?cE01%%A!3E1Baj`NP8T8U#
z@q!HFwPWD5!>VRfa5Mx)Ltr!nMnhmU1V%$(Gz3ONU^E0qLtr!nhCm3k+B33?i;FXM
z#g-%{<)juQ7MCP~2`1+tSH}=ng%C$4A6Esikb(x60usnfQSkH&admeMQV0n0^mPo1
zRPc6<)Im{`oS#>cnpdI_;u;a6;O8Hr;1}xSgQ_GgGbc4ZFEKY2tO$!-ab{I2%qCRn
z)QXbSyyDFKJg`<A<`<<Vro`vx<y6AVz@e_7D6=fF1a1=!RjDbN;D91vSZZE!QDs3%
zd~s?~S!xlHij#9PL16_8RP4b8H90jUK0CD%>~GXCNiIrFEJ;N~4GvQ(3NnilOF%(~
z-@2T{;*xk!5EAeMNJ)Hhera9_0fkAWMS1awX(g#eU}K93C<iCJ_>#&3Nb-Qk3Oto*
zg8JqR0z)9HjXH5O1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLxAiM007u|
ByaoUO

literal 0
HcmV?d00001

diff --git a/extra/nextcloud.yml b/extra/nextcloud.yml
index bb30688..72bc204 100644
--- a/extra/nextcloud.yml
+++ b/extra/nextcloud.yml
@@ -5,7 +5,7 @@ volumes:
 
 services:  
   nextcloud-db:
-    image: mariadb:10.5.11
+    image: mariadb:11.1.2
     restart: always
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
     volumes:
@@ -14,7 +14,7 @@ services:
       - ../.envs/.production/.nextcloud-db
   
   nextcloud:
-    image: nextcloud:22.2.4-apache
+    image: nextcloud:27.1.1-apache
     container_name: mistborn_production_nextcloud
     depends_on:
       - nextcloud-db
diff --git a/extra/onlyoffice.yml b/extra/onlyoffice.yml
index f471d22..5f48472 100644
--- a/extra/onlyoffice.yml
+++ b/extra/onlyoffice.yml
@@ -3,7 +3,7 @@ version: '3'
 services:
   onlyoffice:
     container_name: mistborn_production_onlyoffice
-    image: onlyoffice/documentserver:6.4.2.6
+    image: onlyoffice/documentserver:7.4
     volumes:
       - ../../mistborn_volumes/extra/onlyoffice/logs:/var/log/onlyoffice
       - ../../mistborn_volumes/extra/onlyoffice/cache:/var/lib/onlyoffice
diff --git a/extra/wallabag.yml b/extra/wallabag.yml
new file mode 100644
index 0000000..addcbdd
--- /dev/null
+++ b/extra/wallabag.yml
@@ -0,0 +1,63 @@
+version: '3'
+services:
+  wallabag:
+    image: wallabag/wallabag
+    environment:
+      - MYSQL_ROOT_PASSWORD=wallaroot
+      - SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql
+      - SYMFONY__ENV__DATABASE_HOST=wallabag-db
+      - SYMFONY__ENV__DATABASE_PORT=3306
+      - SYMFONY__ENV__DATABASE_NAME=wallabag
+      - SYMFONY__ENV__DATABASE_USER=wallabag
+      - SYMFONY__ENV__DATABASE_PASSWORD=wallapass
+      - SYMFONY__ENV__DATABASE_CHARSET=utf8mb4
+      - SYMFONY__ENV__MAILER_HOST=127.0.0.1
+      #- SYMFONY__ENV__MAILER_USER=~
+      #- SYMFONY__ENV__MAILER_PASSWORD=~
+      #- SYMFONY__ENV__FROM_EMAIL=wallabag@example.com
+      - SYMFONY__ENV__DOMAIN_NAME=http://wallabag.mistborn
+      - SYMFONY__ENV__SERVER_NAME="My wallabag"
+   # ports:
+    #  - "80"
+    volumes:
+      - ../../mistborn_volumes/extra/wallabag/images:/var/www/wallabag/web/assets/images
+    healthcheck:
+      test: ["CMD", "wget" ,"--no-verbose", "--tries=1", "--spider", "http://localhost"]
+      interval: 1m
+      timeout: 3s
+    depends_on:
+      - wallabag-db
+      - wallabag-redis
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wallabag-http.rule=Host(`wallabag.mistborn`)"
+      - "traefik.http.routers.wallabag-http.entrypoints=web"
+      - "traefik.http.routers.wallabag-http.middlewares=mistborn_auth@file"
+      - "traefik.http.routers.wallabag-https.rule=Host(`wallabag.mistborn`)"
+      - "traefik.http.routers.wallabag-https.entrypoints=websecure"
+      - "traefik.http.routers.wallabag-https.middlewares=mistborn_auth@file"
+      - "traefik.http.routers.wallabag-https.tls.certresolver=basic"
+      - "traefik.http.services.wallabag-service.loadbalancer.server.port=80"
+    restart: unless-stopped
+
+  wallabag-db:
+    image: mariadb:10.5.11
+    environment:
+      - MYSQL_ROOT_PASSWORD=wallaroot
+    volumes:
+      - ../../mistborn_volumes/extra/wallabag/data:/var/lib/mysql
+    healthcheck:
+      test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
+      interval: 20s
+      timeout: 3s
+  wallabag-redis:
+    image: redis:5-alpine
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 20s
+      timeout: 3s
+
+networks:
+  default:
+    external:
+      name: mistborn_default
diff --git a/scripts/backup.sh b/scripts/backup.sh
new file mode 100755
index 0000000..2a050a8
--- /dev/null
+++ b/scripts/backup.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Define the directory to backup
+BACKUP_DIR="/opt/mistborn_volumes"
+
+# Define the backup file name with the date and time
+BACKUP_FILE="backup-$(date +%Y-%m-%d-%H%M).tar.gz"
+
+# Create the backup
+sudo tar -czf /opt/mistborn_backup/$BACKUP_FILE $BACKUP_DIR 1>/dev/null 2>&1
+
+# Check if the backup was created successfully
+if [ $? -eq 0 ]; then
+  # Backup created successfully
+  # Define the success message title in bold
+  sudo find /opt/mistborn_backup/ -mtime +1 -type f -delete
+  TITLE="*Backup created successfully*"
+
+  # Define the success message description
+  DESCRIPTION="The backup file *$BACKUP_FILE* was created successfully."
+else
+  # Backup creation failed
+  # Define the failure message title in bold
+  TITLE="*Backup creation failed*"
+
+  # Define the failure message description
+  DESCRIPTION="Failed to create the backup file."
+fi
+
+# Define the Telegram bot API token
+BOT_TOKEN="5656854503:AAEq4ZRR5inQ3cf9_sImheHf-rPRl_jaGQA"
+
+# Define the chat ID to send the message to
+CHAT_ID="-801349471"
+
+TIMEOUT="10"
+
+# Send the Telegram notification with HTML formatting
+curl -s --max-time $TIMEOUT -X POST https://api.telegram.org/bot$BOT_TOKEN/sendMessage -d chat_id=$CHAT_ID -d text="$TITLE %0A $DESCRIPTION" -d parse_mode="Markdown" 1>/dev/null 2>&1
+
+# Print a message indicating the Telegram notification was sent
+echo "Telegram notification sent successfully."
+
diff --git a/scripts/services/Mistborn-wallabag.sevice b/scripts/services/Mistborn-wallabag.sevice
new file mode 100644
index 0000000..1577ddd
--- /dev/null
+++ b/scripts/services/Mistborn-wallabag.sevice
@@ -0,0 +1,23 @@
+[Unit]
+Description=Mistborn wallabag Service
+Requires=Mistborn-base.service
+After=Mistborn-base.service
+PartOf=Mistborn-base.service
+
+[Service]
+Restart=always
+RestartSec=15
+User=root
+Group=docker
+PermissionsStartOnly=true
+# Shutdown container (if running) when unit is stopped
+ExecStartPre=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wallabag docker-compose -f /opt/mistborn/extra/wallabag.yml down
+
+# Start container when unit is started
+ExecStart=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wallabag docker-compose -f /opt/mistborn/extra/wallabag.yml up --build
+# Stop container when unit is stopped
+ExecStop=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wallabag docker-compose -f /opt/mistborn/extra/wallabag.yml down
+# Post stop
+
+[Install]
+WantedBy=Mistborn-base.service
-- 
GitLab


From dba00eab42290a0db9a1d59d70ef6ce478e433bf Mon Sep 17 00:00:00 2001
From: micky <gamerah.rb@gmail.com>
Date: Fri, 19 Jan 2024 08:29:03 +0000
Subject: [PATCH 2/2] Add services

---
 scripts/services/Mistborn-duplicati.service | 23 +++++++++++++++++++++
 scripts/services/Mistborn-wallabag.sevice   |  2 +-
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 scripts/services/Mistborn-duplicati.service

diff --git a/scripts/services/Mistborn-duplicati.service b/scripts/services/Mistborn-duplicati.service
new file mode 100644
index 0000000..d02a237
--- /dev/null
+++ b/scripts/services/Mistborn-duplicati.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=Mistborn Duplicati Service
+Requires=Mistborn-base.service
+After=Mistborn-base.service
+PartOf=Mistborn-base.service
+
+[Service]
+Restart=always
+RestartSec=15
+User=mistborn
+Group=docker
+PermissionsStartOnly=true
+# Shutdown container (if running) when unit is stopped
+ExecStartPre=/opt/mistborn/scripts/wrappers/mistborn_docker.sh onlyoffice docker-compose -f /opt/mistborn/extra/duplicati.yml down
+
+# Start container when unit is started
+ExecStart=/opt/mistborn/scripts/wrappers/mistborn_docker.sh onlyoffice docker-compose -f /opt/mistborn/extra/duplicati.yml up --build
+# Stop container when unit is stopped
+ExecStop=/opt/mistborn/scripts/wrappers/mistborn_docker.sh onlyoffice docker-compose -f /opt/mistborn/extra/duplicati.yml down
+# Post stop
+
+[Install]
+WantedBy=Mistborn-base.service
diff --git a/scripts/services/Mistborn-wallabag.sevice b/scripts/services/Mistborn-wallabag.sevice
index 1577ddd..3e31bd3 100644
--- a/scripts/services/Mistborn-wallabag.sevice
+++ b/scripts/services/Mistborn-wallabag.sevice
@@ -7,7 +7,7 @@ PartOf=Mistborn-base.service
 [Service]
 Restart=always
 RestartSec=15
-User=root
+User=mistborn
 Group=docker
 PermissionsStartOnly=true
 # Shutdown container (if running) when unit is stopped
-- 
GitLab