Pull Proxmox LXC app configs via SSH and document all CTs.

Add pull-lxc-from-proxmox.py using Proxmox API + pct exec for running containers (vaultwarden, linkwarden, paymenter, NPM, etc). Stub apps for stopped LXCs with proxmox.meta.yaml and updated lxc-inventory with live IPs. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-17 14:52:28 +02:00
parent c7f1b094cb
commit 9f431ff97b
85 changed files with 1392 additions and 37 deletions
@@ -24,3 +24,8 @@ UNIFI_CONTROLLER_URL=https://192.168.1.24
 UNIFI_USERNAME=mo
 UNIFI_PASSWORD=WaQTUw2t123!
 UNIFI_SITE=default
 # Proxmox API / SSH (voor scripts/pull-lxc-from-proxmox.py)
 PROXMOX_PASSWORD=WaQTUw2t
 PROXMOX_HOST_PVE=192.168.1.216
 PROXMOX_HOST_DELL=192.168.1.56
@@ -65,6 +65,16 @@ Private repo. Laatst bijgewerkt vanaf NAS `192.168.1.211`.
 LXC/VM-overzicht: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md)
 ## Proxmox LXC apps (configs uit containers)
 Draaiend en gepull'd: vaultwarden, linkwarden, paymenter, nodecast-tv, pve-scripts-local, proxy, nginxproxymanager, virtualmin, pegaprox.
 Gestopt (alleen Proxmox `.conf` + stub): immich, n8n, runtipi, metube, tunarr, traccar, kasm, … — zie `apps/<hostname>/`.
 ```bash
 python3 scripts/pull-lxc-from-proxmox.py   # op NAS, via Proxmox SSH
 ```
 ## Netwerk (vast IP)
 | IP | Rol |
@@ -53,7 +53,10 @@ cd apps/postgres && docker compose up -d
 ## Proxmox backup
 ```bash
 # /etc/pve van beide nodes
 scp -r root@192.168.1.216:/etc/pve/* apps/proxmox/hosts/pve/
 scp -r root@192.168.1.56:/etc/pve/* apps/proxmox/hosts/dell-proxmox/
-git add apps/proxmox && git commit -m "proxmox backup"
+
 # App-configs uit draaiende LXC's (Docker, .env, systemd)
 python3 scripts/pull-lxc-from-proxmox.py
 ```
@@ -0,0 +1,10 @@
 # autocaliweb
 | | |
 |---|---|
 | **Proxmox** | pve (CT 100) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/pve/lxc/100.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 100
 hostname: autocaliweb
 status: stopped
@@ -0,0 +1,10 @@
 # changedetection
 | | |
 |---|---|
 | **Proxmox** | proxmox (CT 118) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/proxmox/lxc/118.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: proxmox
 proxmox_ip: 192.168.1.56
 vmid: 118
 hostname: changedetection
 status: stopped
@@ -0,0 +1,10 @@
 # clawbot
 | | |
 |---|---|
 | **Proxmox** | pve (CT 102) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/pve/lxc/102.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 102
 hostname: clawbot
 status: stopped
@@ -0,0 +1,10 @@
 # CrowdSec
 | | |
 |---|---|
 | **Proxmox** | pve (CT 103) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/pve/lxc/103.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 103
 hostname: CrowdSec
 status: stopped
@@ -0,0 +1,10 @@
 # endurain
 | | |
 |---|---|
 | **Proxmox** | pve (CT 114) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/pve/lxc/114.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 114
 hostname: endurain
 status: stopped
@@ -0,0 +1,10 @@
 # immich
 | | |
 |---|---|
 | **Proxmox** | pve (CT 112) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/pve/lxc/112.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 112
 hostname: immich
 status: stopped
@@ -0,0 +1,10 @@
 # iventoy
 | | |
 |---|---|
 | **Proxmox** | proxmox (CT 112) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/proxmox/lxc/112.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: proxmox
 proxmox_ip: 192.168.1.56
 vmid: 112
 hostname: iventoy
 status: stopped
@@ -0,0 +1,10 @@
 # kasm
 | | |
 |---|---|
 | **Proxmox** | proxmox (CT 115) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/proxmox/lxc/115.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: proxmox
 proxmox_ip: 192.168.1.56
 vmid: 115
 hostname: kasm
 status: stopped
@@ -0,0 +1,10 @@
 # kimai
 | | |
 |---|---|
 | **Proxmox** | pve (CT 106) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/pve/lxc/106.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 106
 hostname: kimai
 status: stopped
@@ -0,0 +1,14 @@
 # linkwarden
 | | |
 |---|---|
 | **Proxmox** | pve (CT 105) |
 | **IP** | 192.168.1.142 |
 | **Host** | 192.168.1.216 |
 Config in `config/` (gepull'd van LXC).
 ```bash
 # Op Proxmox host:
 pct enter 105
 ```
@@ -0,0 +1,6 @@
 TEST_PASS=
 TEST_URL=http://localhost:${TEST_PORT}/api/v1
 TEST_PORT_REVERSE=4000
 # Default value for port if no other specifies it
 TEST_PORT=5000
@@ -0,0 +1,28 @@
 services:
  postgres:
    image: postgres:16-alpine
    env_file: .env
    restart: always
    volumes:
      - ./pgdata:/var/lib/postgresql/data
  linkwarden:
    env_file: .env
    environment:
      - DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres
    restart: always
    # build: . # uncomment to build from source
    image: ghcr.io/linkwarden/linkwarden:latest # comment to build from source
    ports:
      - 3000:3000
    volumes:
      - ./data:/data/data
    depends_on:
      - postgres
      - meilisearch
  meilisearch:
    image: getmeili/meilisearch:v1.12.8
    restart: always
    env_file:
      - .env
    volumes:
      - ./meili_data:/meili_data
@@ -0,0 +1,28 @@
 services:
  postgres:
    image: postgres:16-alpine
    env_file: .env
    restart: always
    volumes:
      - ./pgdata:/var/lib/postgresql/data
  linkwarden:
    env_file: .env
    environment:
      - DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres
    restart: always
    # build: . # uncomment to build from source
    image: ghcr.io/linkwarden/linkwarden:latest # comment to build from source
    ports:
      - 3000:3000
    volumes:
      - ./data:/data/data
    depends_on:
      - postgres
      - meilisearch
  meilisearch:
    image: getmeili/meilisearch:v1.12.8
    restart: always
    env_file:
      - .env
    volumes:
      - ./meili_data:/meili_data
@@ -0,0 +1,7 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 105
 hostname: linkwarden
 ip: 192.168.1.142
 status: running
@@ -0,0 +1,10 @@
 # metube
 | | |
 |---|---|
 | **Proxmox** | pve (CT 113) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/pve/lxc/113.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 113
 hostname: metube
 status: stopped
@@ -0,0 +1,10 @@
 # n8n
 | | |
 |---|---|
 | **Proxmox** | proxmox (CT 100) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/proxmox/lxc/100.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: proxmox
 proxmox_ip: 192.168.1.56
 vmid: 100
 hostname: n8n
 status: stopped
@@ -0,0 +1,10 @@
 # nextcloudpi
 | | |
 |---|---|
 | **Proxmox** | proxmox (CT 110) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/proxmox/lxc/110.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: proxmox
 proxmox_ip: 192.168.1.56
 vmid: 110
 hostname: nextcloudpi
 status: stopped
@@ -0,0 +1,16 @@
 # Nginx Proxy Manager
 | | |
 |---|---|
 | **Proxmox** | dell-proxmox CT 109 |
 | **IP** | 192.168.1.173 |
 | **UI** | http://192.168.1.173:81 |
 Native install (geen docker-compose). Data in `/data` op de LXC.
 | Bestand in git | Inhoud |
 |---------------|--------|
 | `config/npm-data-listing.txt` | Directory listing `/data` |
 | `proxmox.meta.yaml` | CT metadata |
 Backup handmatig: `pct pull 109 /data/nginx ./config/nginx/` op Proxmox host.
@@ -0,0 +1,19 @@
 total 408
 drwxr-xr-x  7 root root   4096 May 17 12:11 .
 drwxr-xr-x 20 root root   4096 Mar 11 21:56 ..
 drwxr-xr-x  2 root root   4096 May 23  2025 access
 drwxr-xr-x  2 root root   4096 May 23  2025 custom_ssl
 -rw-r--r--  1 root root 344064 May 17 12:11 database.sqlite
 -rw-r--r--  1 root root   2190 May 23  2025 keys.json
 drwxr-xr-x  3 root root   4096 May 23  2025 letsencrypt-acme-challenge
 drwxr-xr-x  2 root root  36864 May 17 00:00 logs
 drwxr-xr-x  9 root root   4096 May 23  2025 nginx
 dead_host
 default_host
 default_www
 dummycert.pem
 dummykey.pem
 proxy_host
 redirection_host
 stream
 temp
@@ -0,0 +1,7 @@
 # Auto-generated
 host: proxmox
 proxmox_ip: 192.168.1.56
 vmid: 109
 hostname: nginxproxymanager
 ip: 192.168.1.173
 status: running
@@ -0,0 +1,14 @@
 # nodecast-tv
 | | |
 |---|---|
 | **Proxmox** | pve (CT 119) |
 | **IP** | 192.168.1.99 |
 | **Host** | 192.168.1.216 |
 Config in `config/` (gepull'd van LXC).
 ```bash
 # Op Proxmox host:
 pct enter 119
 ```
@@ -0,0 +1,13 @@
 services:
  nodecast-tv:
    image: ghcr.io/technomancer702/nodecast-tv:latest
    build: https://github.com/technomancer702/nodecast-tv.git#main
    container_name: nodecast-tv
    ports:
      - "3000:3000"
    volumes:
      - ./data:/app/data
    restart: unless-stopped
    environment:
      - NODE_ENV=production
      - PORT=3000 # Internal container port
@@ -0,0 +1,13 @@
 services:
  nodecast-tv:
    image: ghcr.io/technomancer702/nodecast-tv:latest
    build: https://github.com/technomancer702/nodecast-tv.git#main
    container_name: nodecast-tv
    ports:
      - "3000:3000"
    volumes:
      - ./data:/app/data
    restart: unless-stopped
    environment:
      - NODE_ENV=production
      - PORT=3000 # Internal container port
@@ -0,0 +1,13 @@
 services:
  nodecast-tv:
    image: ghcr.io/technomancer702/nodecast-tv:latest
    build: https://github.com/technomancer702/nodecast-tv.git#main
    container_name: nodecast-tv
    ports:
      - "3000:3000"
    volumes:
      - ./data:/app/data
    restart: unless-stopped
    environment:
      - NODE_ENV=production
      - PORT=3000 # Internal container port
@@ -0,0 +1,7 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 119
 hostname: nodecast-tv
 ip: 192.168.1.99
 status: running
@@ -0,0 +1,10 @@
 # opencloud
 | | |
 |---|---|
 | **Proxmox** | pve (CT 116) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/pve/lxc/116.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 116
 hostname: opencloud
 status: stopped
@@ -0,0 +1,10 @@
 # passbolt
 | | |
 |---|---|
 | **Proxmox** | pve (CT 110) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/pve/lxc/110.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 110
 hostname: passbolt
 status: stopped
@@ -0,0 +1,14 @@
 # paymenter
 | | |
 |---|---|
 | **Proxmox** | pve (CT 118) |
 | **IP** | 192.168.1.45 |
 | **Host** | 192.168.1.216 |
 Config in `config/` (gepull'd van LXC).
 ```bash
 # Op Proxmox host:
 pct enter 118
 ```
@@ -0,0 +1,38 @@
 APP_NAME=Paymenter
 APP_ENV=production
 APP_KEY=base64:kbbDXGtU1mzp181rLQan1jt+SjbO4gVxOexjwSMz5Hk=
 APP_DEBUG=false
 APP_TIMEZONE=UTC
 APP_LOCALE=en
 APP_FALLBACK_LOCALE=en
 APP_FAKER_LOCALE=en_US
 APP_MAINTENANCE_DRIVER=file
 APP_MAINTENANCE_STORE=database
 BCRYPT_ROUNDS=12
 LOG_CHANNEL=stack
 LOG_STACK=daily
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 DB_CONNECTION=mariadb
 DB_HOST=127.0.0.1
 DB_PORT=3306
 DB_DATABASE=paymenter
 DB_USERNAME=paymenter
 DB_PASSWORD=XU9rOictz7O3p
 BROADCAST_CONNECTION=log
 CACHE_STORE=redis
 FILESYSTEM_DISK=local
 SESSION_LIFETIME=120
 MEMCACHED_HOST=127.0.0.1
 REDIS_CLIENT=phpredis
 REDIS_HOST=127.0.0.1
 REDIS_PASSWORD=null
 REDIS_PORT=6379
@@ -0,0 +1,38 @@
 APP_NAME=Paymenter
 APP_ENV=production
 APP_KEY=base64:kbbDXGtU1mzp181rLQan1jt+SjbO4gVxOexjwSMz5Hk=
 APP_DEBUG=false
 APP_TIMEZONE=UTC
 APP_LOCALE=en
 APP_FALLBACK_LOCALE=en
 APP_FAKER_LOCALE=en_US
 APP_MAINTENANCE_DRIVER=file
 APP_MAINTENANCE_STORE=database
 BCRYPT_ROUNDS=12
 LOG_CHANNEL=stack
 LOG_STACK=daily
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 DB_CONNECTION=mariadb
 DB_HOST=127.0.0.1
 DB_PORT=3306
 DB_DATABASE=paymenter
 DB_USERNAME=paymenter
 DB_PASSWORD=XU9rOictz7O3p
 BROADCAST_CONNECTION=log
 CACHE_STORE=redis
 FILESYSTEM_DISK=local
 SESSION_LIFETIME=120
 MEMCACHED_HOST=127.0.0.1
 REDIS_CLIENT=phpredis
 REDIS_HOST=127.0.0.1
 REDIS_PASSWORD=null
 REDIS_PORT=6379
@@ -0,0 +1,54 @@
 x-common:
  database:
    &db-environment
    # Do not remove the "&db-password" from the end of the line below, it is important
    # for Paymenter functionality.
    MYSQL_PASSWORD: &db-password "CHANGE_ME"
    MYSQL_ROOT_PASSWORD: "CHANGE_ME_TOO"
 #
 # ------------------------------------------------------------------------------------------
 # DANGER ZONE BELOW
 #
 # The remainder of this file likely does not need to be changed. Please only make modifications
 # below if you understand what you are doing.
 #
 services:
  database:
    image: mariadb:lts
    restart: always
    command: --default-authentication-plugin=mysql_native_password
    volumes:
      - "./database:/var/lib/mysql"
    environment:
      <<: *db-environment
      MYSQL_DATABASE: "paymenter"
      MYSQL_USER: "paymenter"
  cache:
    image: redis:alpine
    restart: always
  paymenter:
    image: ghcr.io/paymenter/paymenter:master
    restart: always
    ports:
      - "80:80"
    links:
      - database
      - cache
    volumes:
      - "./:/app/var/"
      - "./storage/logs:/app/storage/logs"
      - "./storage/public:/app/storage/app/public"
    environment:
      DB_PASSWORD: *db-password
      APP_ENV: "production"
      CACHE_STORE: "redis"
      REDIS_HOST: "cache"
      DB_CONNECTION: "mariadb"
      DB_HOST: "database"
      DB_PORT: "3306"
 networks:
  default:
    ipam:
      config:
        - subnet: 172.23.0.0/16
@@ -0,0 +1,7 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 118
 hostname: paymenter
 ip: 192.168.1.45
 status: running
@@ -0,0 +1,14 @@
 # pegaprox
 | | |
 |---|---|
 | **Proxmox** | proxmox (CT 111) |
 | **IP** | 192.168.1.249 |
 | **Host** | 192.168.1.56 |
 Config in `config/` (gepull'd van LXC).
 ```bash
 # Op Proxmox host:
 pct enter 111
 ```
@@ -0,0 +1,7 @@
 # Auto-generated
 host: proxmox
 proxmox_ip: 192.168.1.56
 vmid: 111
 hostname: pegaprox
 ip: 192.168.1.249
 status: running
@@ -1,6 +1,8 @@
 # Proxmox — LXC & VM overzicht
-Configs: `hosts/<naam>/lxc/*.conf` en `qemu-server/*.conf`
+Configs: `hosts/<naam>/lxc/*.conf` · App-configs: `apps/<hostname>/`
 **Pull configs van draaiende CTs:** `python3 scripts/pull-lxc-from-proxmox.py`
 ## Host: pve (192.168.1.216)
@@ -11,26 +13,26 @@ Configs: `hosts/<naam>/lxc/*.conf` en `qemu-server/*.conf`
 | 111 | Syno-latest |
 ### LXCs
-| VMID | Hostname |
+| VMID | Hostname | IP (live) | App map | Status |
-|------|----------|
+|------|----------|-----------|---------|--------|
-| 100 | autocaliweb |
+| 100 | autocaliweb | — | [autocaliweb](../autocaliweb/) | stopped |
-| 102 | clawbot |
+| 102 | clawbot | — | [clawbot](../clawbot/) | stopped |
-| 103 | CrowdSec |
+| 103 | CrowdSec | — | [crowdsec](../crowdsec/) | stopped |
-| 104 | vaultwarden |
+| 104 | vaultwarden | 192.168.1.5 | [vaultwarden](../vaultwarden/) | **running** |
-| 105 | linkwarden |
+| 105 | linkwarden | 192.168.1.142 | [linkwarden](../linkwarden/) | **running** |
-| 106 | kimai |
+| 106 | kimai | — | [kimai](../kimai/) | stopped |
-| 107 | pve-scripts-local |
+| 107 | pve-scripts-local | 192.168.1.23 | [pve-scripts-local](../pve-scripts-local/) | **running** |
-| 108 | tunarr |
+| 108 | tunarr | — | [tunarr](../tunarr/) | stopped |
-| 109 | nextcloudpi |
+| 109 | nextcloudpi | — | [nextcloudpi](../nextcloudpi/) | stopped |
-| 110 | passbolt |
+| 110 | passbolt | — | [passbolt](../passbolt/) | stopped |
-| 112 | immich |
+| 112 | immich | — | [immich](../immich/) | stopped |
-| 113 | metube |
+| 113 | metube | — | [metube](../metube/) | stopped |
-| 114 | endurain |
+| 114 | endurain | — | [endurain](../endurain/) | stopped |
-| 115 | passbolt |
+| 115 | passbolt | — | [passbolt](../passbolt/) | stopped |
-| 116 | opencloud |
+| 116 | opencloud | — | [opencloud](../opencloud/) | stopped |
-| 117 | Proxy |
+| 117 | Proxy | 192.168.1.165 | [proxy](../proxy/) | **running** |
-| 118 | paymenter |
+| 118 | paymenter | 192.168.1.45 | [paymenter](../paymenter/) | **running** |
-| 119 | nodecast-tv |
+| 119 | nodecast-tv | 192.168.1.99 | [nodecast-tv](../nodecast-tv/) | **running** |
 ## Host: dell-proxmox (192.168.1.56)
@@ -44,19 +46,20 @@ Configs: `hosts/<naam>/lxc/*.conf` en `qemu-server/*.conf`
 | 105 | docker |
 ### LXCs
-| VMID | Hostname |
+| VMID | Hostname | IP (live) | App map | Status |
-|------|----------|
+|------|----------|-----------|---------|--------|
-| 100 | n8n |
+| 100 | n8n | — | [n8n](../n8n/) | stopped |
-| 106 | vdi.el-kadi.nl |
+| 106 | vdi.el-kadi.nl | — | [vdi-el-kadi-nl](../vdi-el-kadi-nl/) | stopped |
-| 107 | Virtualmin |
+| 107 | Virtualmin | 192.168.5.24 | [virtualmin](../virtualmin/) | **running** |
-| 108 | n8n |
+| 108 | n8n | — | [n8n](../n8n/) | stopped |
-| 109 | nginxproxymanager |
+| 109 | nginxproxymanager | 192.168.1.173 | [nginxproxymanager](../nginxproxymanager/) | **running** |
-| 110 | nextcloudpi |
+| 110 | nextcloudpi | — | [nextcloudpi](../nextcloudpi/) | stopped |
-| 112 | iventoy |
+| 111 | pegaprox | 192.168.1.249 | [pegaprox](../pegaprox/) | **running** |
-| 113 | traccar |
+| 112 | iventoy | — | [iventoy](../iventoy/) | stopped |
-| 115 | kasm |
+| 113 | traccar | — | [traccar](../traccar/) | stopped |
-| 116 | runtipi |
+| 115 | kasm | — | [kasm](../kasm/) | stopped |
-| 118 | changedetection |
+| 116 | runtipi | — | [runtipi](../runtipi/) | stopped |
-| 119 | n8n |
+| 118 | changedetection | — | [changedetection](../changedetection/) | stopped |
 | 119 | n8n | — | [n8n](../n8n/) | stopped |
-> App-configs binnen LXCs: backup via `pct enter <id>` of volume mount. Proxmox container-definitie staat al in git.
+> Meerdere CTs met dezelfde hostname (n8n, passbolt) — aparte VMIDs, zie `hosts/.../lxc/*.conf`.
@@ -0,0 +1,14 @@
 # Proxy
 | | |
 |---|---|
 | **Proxmox** | pve (CT 117) |
 | **IP** | 192.168.1.165 |
 | **Host** | 192.168.1.216 |
 Config in `config/` (gepull'd van LXC).
 ```bash
 # Op Proxmox host:
 pct enter 117
 ```
@@ -0,0 +1,7 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 117
 hostname: Proxy
 ip: 192.168.1.165
 status: running
@@ -0,0 +1,14 @@
 # pve-scripts-local
 | | |
 |---|---|
 | **Proxmox** | pve (CT 107) |
 | **IP** | 192.168.1.23 |
 | **Host** | 192.168.1.216 |
 Config in `config/` (gepull'd van LXC).
 ```bash
 # Op Proxmox host:
 pct enter 107
 ```
@@ -0,0 +1,41 @@
 # When adding additional environment variables, the schema in "/src/env.js"
 # should be updated accordingly.
 REPO_URL="https://github.com/community-scripts/ProxmoxVE"
 REPO_BRANCH="main"
 SCRIPTS_DIRECTORY="scripts"
 ALLOWED_SCRIPT_EXTENSIONS=".sh"
 CT_SCRIPT_FOLDER="ct"
 INSTALL_SCRIPT_FOLDER="install"
 JSON_FOLDER="frontend/public/json"
 # Security
 MAX_SCRIPT_EXECUTION_TIME="900000"
 ALLOWED_SCRIPT_PATHS="scripts/"
 # WebSocket Configuration
 WEBSOCKET_PORT="3001"
 # User settings
 GITHUB_TOKEN=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
 SAVE_FILTER=false
 FILTERS=
 AUTH_USERNAME=mo-admin
 AUTH_PASSWORD_HASH=$2b$10$3QeM5p2KAn1vAE1A43B4suE5f4qEHYfB4ksAbf0DgtNhhpJJInzF.
 AUTH_ENABLED=true
 AUTH_SETUP_COMPLETED=true
 JWT_SECRET=
 DATABASE_URL="file:/opt/ProxmoxVE-Local/data/settings.db"
 AUTO_SYNC_ENABLED=false
 SYNC_INTERVAL_TYPE=
 SYNC_INTERVAL_PREDEFINED=
 AUTO_DOWNLOAD_NEW=
 AUTO_UPDATE_EXISTING=
 NOTIFICATION_ENABLED=
 APPRISE_URLS=
 LAST_AUTO_SYNC=
 SYNC_INTERVAL_CRON=
 JWT_SECRET=953fe5a2b3df5a28b5f922128f2b60c9f4672d3c4509858369babe93b2c32c8d92bfafe3ca5f6a71ede018bceec7b2a3507ce62f865efd0294a2d5ac55ffc08f
 VIEW_MODE=list
 JWT_SECRET=809b2d1ed7388e6fd443316d36e4c6b0bb60b82f8e017e01d9243d8cce0f0a6febca812cb2c7090b6c218b0a9b3852bf3bf9bb56c1a20f3778316382c8abff52
@@ -0,0 +1,30 @@
 /opt/ProxmoxVE-Local/server.js
 /opt/ProxmoxVE-Local/.gitattributes
 /opt/ProxmoxVE-Local/README.md
 /opt/ProxmoxVE-Local/.env
 /opt/ProxmoxVE-Local/data/settings.db
 /opt/ProxmoxVE-Local/VERSION
 /opt/ProxmoxVE-Local/postcss.config.js
 /opt/ProxmoxVE-Local/.next/app-path-routes-manifest.json
 /opt/ProxmoxVE-Local/.next/build-manifest.json
 /opt/ProxmoxVE-Local/.next/next-server.js.nft.json
 /opt/ProxmoxVE-Local/.next/package.json
 /opt/ProxmoxVE-Local/.next/app-build-manifest.json
 /opt/ProxmoxVE-Local/.next/react-loadable-manifest.json
 /opt/ProxmoxVE-Local/.next/prerender-manifest.json
 /opt/ProxmoxVE-Local/.next/routes-manifest.json
 /opt/ProxmoxVE-Local/.next/trace
 /opt/ProxmoxVE-Local/.next/required-server-files.json
 /opt/ProxmoxVE-Local/.next/BUILD_ID
 /opt/ProxmoxVE-Local/.next/export-marker.json
 /opt/ProxmoxVE-Local/.next/next-minimal-server.js.nft.json
 /opt/ProxmoxVE-Local/.next/images-manifest.json
 /opt/ProxmoxVE-Local/prisma/schema.prisma
 /opt/ProxmoxVE-Local/.github/release-drafter.yml
 /opt/ProxmoxVE-Local/.github/CODEOWNERS
 /opt/ProxmoxVE-Local/.github/dependabot.yml
 /opt/ProxmoxVE-Local/.github/pull_request_template.md
 /opt/ProxmoxVE-Local/.github/logo.png
 /opt/ProxmoxVE-Local/package.json
 /opt/ProxmoxVE-Local/src/env.js
 /opt/ProxmoxVE-Local/prettier.config.js
@@ -0,0 +1,7 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 107
 hostname: pve-scripts-local
 ip: 192.168.1.23
 status: running
@@ -0,0 +1,10 @@
 # runtipi
 | | |
 |---|---|
 | **Proxmox** | proxmox (CT 116) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/proxmox/lxc/116.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: proxmox
 proxmox_ip: 192.168.1.56
 vmid: 116
 hostname: runtipi
 status: stopped
@@ -0,0 +1,10 @@
 # traccar
 | | |
 |---|---|
 | **Proxmox** | proxmox (CT 113) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/proxmox/lxc/113.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: proxmox
 proxmox_ip: 192.168.1.56
 vmid: 113
 hostname: traccar
 status: stopped
@@ -0,0 +1,10 @@
 # tunarr
 | | |
 |---|---|
 | **Proxmox** | pve (CT 108) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/pve/lxc/108.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 108
 hostname: tunarr
 status: stopped
@@ -0,0 +1,14 @@
 # vaultwarden
 | | |
 |---|---|
 | **Proxmox** | pve (CT 104) |
 | **IP** | 192.168.1.5 |
 | **Host** | 192.168.1.216 |
 Config in `config/` (gepull'd van LXC).
 ```bash
 # Op Proxmox host:
 pct enter 104
 ```
@@ -0,0 +1,7 @@
 ADMIN_TOKEN=''
 ROCKET_ADDRESS=0.0.0.0
 ROCKET_TLS='{certs="/opt/vaultwarden/ssl-cert-snakeoil.pem",key="/opt/vaultwarden/ssl-cert-snakeoil.key"}'
 DATA_FOLDER=/opt/vaultwarden/data
 DATABASE_MAX_CONNS=10
 WEB_VAULT_FOLDER=/opt/vaultwarden/web-vault
 WEB_VAULT_ENABLED=true
@@ -0,0 +1,7 @@
 ADMIN_TOKEN=''
 ROCKET_ADDRESS=0.0.0.0
 ROCKET_TLS='{certs="/opt/vaultwarden/ssl-cert-snakeoil.pem",key="/opt/vaultwarden/ssl-cert-snakeoil.key"}'
 DATA_FOLDER=/opt/vaultwarden/data
 DATABASE_MAX_CONNS=10
 WEB_VAULT_FOLDER=/opt/vaultwarden/web-vault
 WEB_VAULT_ENABLED=true
@@ -0,0 +1,124 @@
 services:
  VaultwardenPrebuild:
    profiles: ["playwright", "vaultwarden"]
    container_name: playwright_oidc_vaultwarden_prebuilt
    image: playwright_oidc_vaultwarden_prebuilt
    build:
      context: ..
      dockerfile: Dockerfile
    entrypoint: /bin/bash
    restart: "no"
  Vaultwarden:
    profiles: ["playwright", "vaultwarden"]
    container_name: playwright_oidc_vaultwarden-${ENV:-dev}
    image: playwright_oidc_vaultwarden-${ENV:-dev}
    network_mode: "host"
    build:
      context: compose/warden
      dockerfile: Dockerfile
      args:
        REPO_URL: ${PW_WV_REPO_URL:-}
        COMMIT_HASH: ${PW_WV_COMMIT_HASH:-}
    env_file: ${DC_ENV_FILE:-.env}
    environment:
      - DATABASE_URL
      - I_REALLY_WANT_VOLATILE_STORAGE
      - LOG_LEVEL
      - LOGIN_RATELIMIT_MAX_BURST
      - SMTP_HOST
      - SMTP_FROM
      - SMTP_DEBUG
      - SSO_DEBUG_TOKENS
      - SSO_FRONTEND
      - SSO_ENABLED
      - SSO_ONLY
    restart: "no"
    depends_on:
      - VaultwardenPrebuild
  Playwright:
    profiles: ["playwright"]
    container_name: playwright_oidc_playwright
    image: playwright_oidc_playwright
    network_mode: "host"
    build:
      context: .
      dockerfile: compose/playwright/Dockerfile
    environment:
      - PW_WV_REPO_URL
      - PW_WV_COMMIT_HASH
    restart: "no"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ..:/project
  Mariadb:
    profiles: ["playwright"]
    container_name: playwright_mariadb
    image: mariadb:11.2.4
    env_file: test.env
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
      start_period: 10s
      interval: 10s
    ports:
      - ${MARIADB_PORT}:3306
  Mysql:
    profiles: ["playwright"]
    container_name: playwright_mysql
    image: mysql:8.4.1
    env_file: test.env
    healthcheck:
      test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
      start_period: 10s
      interval: 10s
    ports:
      - ${MYSQL_PORT}:3306
  Postgres:
    profiles: ["playwright"]
    container_name: playwright_postgres
    image: postgres:16.3
    env_file: test.env
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
    ports:
      - ${POSTGRES_PORT}:5432
  Maildev:
    profiles: ["vaultwarden", "maildev"]
    container_name: maildev
    image: timshel/maildev:3.0.4
    ports:
      - ${SMTP_PORT}:1025
      - 1080:1080
  Keycloak:
    profiles: ["keycloak", "vaultwarden"]
    container_name: keycloak-${ENV:-dev}
    image: quay.io/keycloak/keycloak:25.0.4
    network_mode: "host"
    command:
      - start-dev
    env_file: ${DC_ENV_FILE:-.env}
  KeycloakSetup:
    profiles: ["keycloak", "vaultwarden"]
    container_name: keycloakSetup-${ENV:-dev}
    image: keycloak_setup-${ENV:-dev}
    build:
      context: compose/keycloak
      dockerfile: Dockerfile
      args:
        KEYCLOAK_VERSION: 25.0.4
        JAVA_URL: https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_linux-x64_bin.tar.gz
        JAVA_VERSION: 21.0.2
    network_mode: "host"
    depends_on:
      - Keycloak
    restart: "no"
    env_file: ${DC_ENV_FILE:-.env}
@@ -0,0 +1,124 @@
 services:
  VaultwardenPrebuild:
    profiles: ["playwright", "vaultwarden"]
    container_name: playwright_oidc_vaultwarden_prebuilt
    image: playwright_oidc_vaultwarden_prebuilt
    build:
      context: ..
      dockerfile: Dockerfile
    entrypoint: /bin/bash
    restart: "no"
  Vaultwarden:
    profiles: ["playwright", "vaultwarden"]
    container_name: playwright_oidc_vaultwarden-${ENV:-dev}
    image: playwright_oidc_vaultwarden-${ENV:-dev}
    network_mode: "host"
    build:
      context: compose/warden
      dockerfile: Dockerfile
      args:
        REPO_URL: ${PW_WV_REPO_URL:-}
        COMMIT_HASH: ${PW_WV_COMMIT_HASH:-}
    env_file: ${DC_ENV_FILE:-.env}
    environment:
      - DATABASE_URL
      - I_REALLY_WANT_VOLATILE_STORAGE
      - LOG_LEVEL
      - LOGIN_RATELIMIT_MAX_BURST
      - SMTP_HOST
      - SMTP_FROM
      - SMTP_DEBUG
      - SSO_DEBUG_TOKENS
      - SSO_FRONTEND
      - SSO_ENABLED
      - SSO_ONLY
    restart: "no"
    depends_on:
      - VaultwardenPrebuild
  Playwright:
    profiles: ["playwright"]
    container_name: playwright_oidc_playwright
    image: playwright_oidc_playwright
    network_mode: "host"
    build:
      context: .
      dockerfile: compose/playwright/Dockerfile
    environment:
      - PW_WV_REPO_URL
      - PW_WV_COMMIT_HASH
    restart: "no"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ..:/project
  Mariadb:
    profiles: ["playwright"]
    container_name: playwright_mariadb
    image: mariadb:11.2.4
    env_file: test.env
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
      start_period: 10s
      interval: 10s
    ports:
      - ${MARIADB_PORT}:3306
  Mysql:
    profiles: ["playwright"]
    container_name: playwright_mysql
    image: mysql:8.4.1
    env_file: test.env
    healthcheck:
      test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
      start_period: 10s
      interval: 10s
    ports:
      - ${MYSQL_PORT}:3306
  Postgres:
    profiles: ["playwright"]
    container_name: playwright_postgres
    image: postgres:16.3
    env_file: test.env
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
    ports:
      - ${POSTGRES_PORT}:5432
  Maildev:
    profiles: ["vaultwarden", "maildev"]
    container_name: maildev
    image: timshel/maildev:3.0.4
    ports:
      - ${SMTP_PORT}:1025
      - 1080:1080
  Keycloak:
    profiles: ["keycloak", "vaultwarden"]
    container_name: keycloak-${ENV:-dev}
    image: quay.io/keycloak/keycloak:25.0.4
    network_mode: "host"
    command:
      - start-dev
    env_file: ${DC_ENV_FILE:-.env}
  KeycloakSetup:
    profiles: ["keycloak", "vaultwarden"]
    container_name: keycloakSetup-${ENV:-dev}
    image: keycloak_setup-${ENV:-dev}
    build:
      context: compose/keycloak
      dockerfile: Dockerfile
      args:
        KEYCLOAK_VERSION: 25.0.4
        JAVA_URL: https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_linux-x64_bin.tar.gz
        JAVA_VERSION: 21.0.2
    network_mode: "host"
    depends_on:
      - Keycloak
    restart: "no"
    env_file: ${DC_ENV_FILE:-.env}
@@ -0,0 +1,13 @@
 bake_env.sh
 bake.sh
 docker-bake.hcl
 Dockerfile.alpine
 Dockerfile.debian
 Dockerfile.j2
 DockerSettings.yaml
 healthcheck.sh
 Makefile
 podman-bake.sh
 README.md
 render_template
 start.sh
@@ -0,0 +1,29 @@
 Warning: Permanently added '192.168.1.216' (ED25519) to the list of known hosts.
 [Unit]
 Description=Bitwarden Server (Powered by Vaultwarden)
 Documentation=https://github.com/dani-garcia/vaultwarden
 After=network.target
 [Service]
 User=vaultwarden
 Group=vaultwarden
 EnvironmentFile=-/opt/vaultwarden/.env
 ExecStart=/opt/vaultwarden/bin/vaultwarden
 LimitNOFILE=65535
 LimitNPROC=4096
 PrivateTmp=true
 PrivateDevices=true
 ProtectHome=true
 ProtectSystem=strict
 DevicePolicy=closed
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 RestrictNamespaces=yes
 RestrictRealtime=yes
 MemoryDenyWriteExecute=yes
 LockPersonality=yes
 WorkingDirectory=/opt/vaultwarden
 ReadWriteDirectories=/opt/vaultwarden/data
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 [Install]
 WantedBy=multi-user.target
@@ -0,0 +1,6 @@
 # Vaultwarden draait als systemd-service in LXC 104 (niet Docker).
 # Config: config/.env + Proxmox CT-definitie in apps/proxmox/hosts/pve/lxc/104.conf
 # URL: https://192.168.1.6:8000 (Homarr) — huidig IP: zie proxmox.meta.yaml
 # Optioneel: playwright sub-stack
 # config/compose-*-vaultwarden_playwright_docker-compose.yml
@@ -0,0 +1,7 @@
 # Auto-generated
 host: pve
 proxmox_ip: 192.168.1.216
 vmid: 104
 hostname: vaultwarden
 ip: 192.168.1.5
 status: running
@@ -0,0 +1,10 @@
 # vdi.el-kadi.nl
 | | |
 |---|---|
 | **Proxmox** | proxmox (CT 106) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/proxmox/lxc/106.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
@@ -0,0 +1,6 @@
 # Auto-generated
 host: proxmox
 proxmox_ip: 192.168.1.56
 vmid: 106
 hostname: vdi.el-kadi.nl
 status: stopped
@@ -0,0 +1,14 @@
 # Virtualmin
 | | |
 |---|---|
 | **Proxmox** | proxmox (CT 107) |
 | **IP** | 192.168.5.24 |
 | **Host** | 192.168.1.56 |
 Config in `config/` (gepull'd van LXC).
 ```bash
 # Op Proxmox host:
 pct enter 107
 ```
@@ -0,0 +1,7 @@
 # Auto-generated
 host: proxmox
 proxmox_ip: 192.168.1.56
 vmid: 107
 hostname: Virtualmin
 ip: 192.168.5.24
 status: running
@@ -0,0 +1,157 @@
 #!/usr/bin/env python3
 """Pull LXC configs from Proxmox via SSH+pct (runs on NAS)."""
 import json, os, re, ssl, subprocess, urllib.parse, urllib.request
 from pathlib import Path
 ROOT = Path(__file__).resolve().parents[1]
 APPS = ROOT / "apps"
 PASSWORD = os.environ.get("PROXMOX_PASSWORD", "WaQTUw2t")
 HOSTS = [("192.168.1.216", "pve"), ("192.168.1.56", "proxmox")]
 ssl._create_default_https_context = ssl._create_unverified_context
 def ssh(host: str, cmd: str) -> str:
    inner = f"apk add --no-cache openssh-client sshpass >/dev/null 2>&1 && sshpass -p '{PASSWORD}' ssh -o StrictHostKeyChecking=no root@{host} {json.dumps(cmd)}"
    r = subprocess.run(["docker", "run", "--rm", "alpine", "sh", "-c", inner], capture_output=True, text=True, timeout=120)
    return r.stdout if r.returncode == 0 else ""
 def pve_login(host: str):
    data = urllib.parse.urlencode({"username": "root@pam", "password": PASSWORD}).encode()
    req = urllib.request.Request(f"https://{host}:8006/api2/json/access/ticket", data=data, method="POST")
    with urllib.request.urlopen(req, timeout=15) as r:
        a = json.loads(r.read())["data"]
    return a["ticket"], a["CSRFPreventionToken"]
 def pve_get(host, path, ticket, csrf):
    headers = {"Cookie": f"PVEAuthCookie={ticket}", "CSRFPreventionToken": csrf}
    req = urllib.request.Request(f"https://{host}:8006/api2/json{path}", headers=headers)
    with urllib.request.urlopen(req, timeout=15) as r:
        return json.loads(r.read())["data"]
 def slug(name: str) -> str:
    return re.sub(r"[^a-z0-9]+", "-", name.lower()).strip("-")
 def lxc_ip(host, node, vmid, ticket, csrf):
    try:
        ifaces = pve_get(host, f"/nodes/{node}/lxc/{vmid}/interfaces", ticket, csrf)
        for iface in ifaces:
            for addr in iface.get("ip-addresses", []):
                if addr.get("ip-address-type") == "inet" and not addr["ip-address"].startswith("127."):
                    return addr["ip-address"]
    except Exception:
        pass
    return ""
 def pull_running(host, node, vmid, name, ip):
    sname = slug(name) or f"ct-{vmid}"
    appdir = APPS / sname
    cfg = appdir / "config"
    cfg.mkdir(parents=True, exist_ok=True)
    find_cmd = f"pct exec {vmid} -- sh -c 'find /opt /root /data /vaultwarden /home -maxdepth 5 \\( -name docker-compose.yml -o -name docker-compose.yaml -o -name compose.yml -o -name .env \\) 2>/dev/null | head -40'"
    files = [f.strip() for f in ssh(host, find_cmd).splitlines() if f.strip()]
    for i, fpath in enumerate(files, 1):
        safe = re.sub(r"[^a-zA-Z0-9._-]", "_", fpath)[:80]
        content = ssh(host, f"pct exec {vmid} -- cat {json.dumps(fpath)}")
        if content.strip():
            (cfg / f"{i:02d}-{safe}").write_text(content)
    # NPM data snapshot
    if "nginx" in sname or vmid == 109:
        snap = ssh(host, f"pct exec {vmid} -- sh -c 'ls -la /data 2>/dev/null; ls /data/nginx 2>/dev/null'")
        if snap.strip():
            (cfg / "npm-data-listing.txt").write_text(snap)
    # pve-scripts
    if "script" in sname:
        listing = ssh(host, f"pct exec {vmid} -- sh -c 'find /opt/ProxmoxVE-Local -maxdepth 2 -type f 2>/dev/null | head -30'")
        if listing.strip():
            (cfg / "proxmoxve-local-files.txt").write_text(listing)
    meta = f"""# Auto-generated
 host: {node}
 proxmox_ip: {host}
 vmid: {vmid}
 hostname: {name}
 ip: {ip}
 status: running
 """
    (appdir / "proxmox.meta.yaml").write_text(meta)
    readme = f"""# {name}
 | | |
 |---|---|
 | **Proxmox** | {node} (CT {vmid}) |
 | **IP** | {ip or 'dhcp'} |
 | **Host** | {host} |
 Config in `config/` (gepull'd van LXC).
 ```bash
 # Op Proxmox host:
 pct enter {vmid}
 ```
 """
    (appdir / "README.md").write_text(readme)
    print(f"  pulled {sname} ({ip})")
 def stub_stopped(host, node, vmid, name):
    sname = slug(name) or f"ct-{vmid}"
    appdir = APPS / sname
    if (appdir / "config").exists() and any((appdir / "config").iterdir()):
        return  # already pulled when was running
    appdir.mkdir(parents=True, exist_ok=True)
    (appdir / "config").mkdir(exist_ok=True)
    meta = f"""# Auto-generated
 host: {node}
 proxmox_ip: {host}
 vmid: {vmid}
 hostname: {name}
 status: stopped
 """
    (appdir / "proxmox.meta.yaml").write_text(meta)
    readme = f"""# {name}
 | | |
 |---|---|
 | **Proxmox** | {node} (CT {vmid}) |
 | **Status** | gestopt |
 Container-definitie: `apps/proxmox/hosts/{node}/lxc/{vmid}.conf`
 Start CT en draai `scripts/pull-lxc-from-proxmox.py` opnieuw om app-config te pullen.
 """
    (appdir / "README.md").write_text(readme)
 def main():
    print(f"Pull → {APPS}")
    seen = set()
    for host, node in HOSTS:
        ticket, csrf = pve_login(host)
        lxcs = pve_get(host, f"/nodes/{node}/lxc", ticket, csrf)
        for ct in lxcs:
            vmid = ct["vmid"]
            name = ct.get("name") or f"ct-{vmid}"
            sname = slug(name)
            if sname in seen:
                sname = f"{sname}-{node}"
            seen.add(sname)
            ip = lxc_ip(host, node, vmid, ticket, csrf) if ct["status"] == "running" else ""
            if ct["status"] == "running":
                pull_running(host, node, vmid, name, ip)
            else:
                stub_stopped(host, node, vmid, name)
    print("Klaar.")
 if __name__ == "__main__":
    main()
@@ -0,0 +1,67 @@
 #!/bin/sh
 # Pull docker-compose + .env uit Proxmox LXC's via SSH (draait op NAS).
 # Vereist: Docker, Proxmox root-wachtwoord in PROXMOX_PASSWORD
 set -e
 ROOT="$(cd "$(dirname "$0")/.." && pwd)"
 PW="${PROXMOX_PASSWORD:-WaQTUw2t}"
 SSH_RUN() {
  docker run --rm alpine sh -c "
    apk add --no-cache openssh-client sshpass >/dev/null 2>&1
    sshpass -p '$PW' ssh -o StrictHostKeyChecking=no root@\$1 \"\$2\"
  " -- "$1" "$2"
 }
 pull_ct() {
  host="$1"
  node="$2"
  vmid="$3"
  name="$4"
  ip="$5"
  appdir="$ROOT/apps/$name"
  mkdir -p "$appdir/config"
  echo "  → $name (CT $vmid @ $node, $ip)"
  # docker-compose bestanden vinden en kopiëren
  SSH_RUN "$host" "pct exec $vmid -- sh -c '
    find / -maxdepth 6 \( -name docker-compose.yml -o -name docker-compose.yaml -o -name compose.yml \) 2>/dev/null | grep -v proc | head -30
  '" > /tmp/lxc-compose-list.$$ 2>/dev/null || true
  idx=0
  while IFS= read -r fpath; do
    [ -z "$fpath" ] && continue
    idx=$((idx + 1))
    safe=$(echo "$fpath" | tr '/ ' '__')
    SSH_RUN "$host" "pct exec $vmid -- cat '$fpath'" > "$appdir/config/compose-${idx}-${safe}" 2>/dev/null || true
    dir=$(dirname "$fpath")
    SSH_RUN "$host" "pct exec $vmid -- sh -c 'for e in $dir/.env $dir/.env.local; do [ -f \"\$e\" ] && echo === \$e === && cat \"\$e\"; done'" \
      > "$appdir/config/env-${idx}-${safe}" 2>/dev/null || true
  done < /tmp/lxc-compose-list.$$
  rm -f /tmp/lxc-compose-list.$$
  # meta
  cat > "$appdir/proxmox.meta.yaml" <<META
 # Auto-generated — Proxmox LXC
 host: $node
 proxmox_ip: $host
 vmid: $vmid
 hostname: $name
 ip: $ip
 META
 }
 echo "Pull LXC configs → $ROOT/apps/"
 # draaiende containers (feb 2026)
 pull_ct 192.168.1.216 pve 104 vaultwarden 192.168.1.5
 pull_ct 192.168.1.216 pve 105 linkwarden 192.168.1.142
 pull_ct 192.168.1.216 pve 107 pve-scripts-local 192.168.1.23
 pull_ct 192.168.1.216 pve 117 proxy 192.168.1.165
 pull_ct 192.168.1.216 pve 118 paymenter 192.168.1.45
 pull_ct 192.168.1.216 pve 119 nodecast-tv 192.168.1.99
 pull_ct 192.168.1.56 proxmox 107 virtualmin 192.168.5.24
 pull_ct 192.168.1.56 proxmox 109 nginx-proxy-manager 192.168.1.173
 pull_ct 192.168.1.56 proxmox 111 pegaprox 192.168.1.249
 echo "Klaar."