Merge branch 'main' into codex/enhance-docker-security-configurations
This commit is contained in:
beatz174-bit
@@ -4,20 +4,18 @@ services:
|
||||
image: gotify/server:latest
|
||||
container_name: gotify
|
||||
restart: always
|
||||
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
volumes:
|
||||
- ${PROJECT_ROOT}/monitoring/gotify/data:/app/data
|
||||
|
||||
environment:
|
||||
- TZ=${TZ}
|
||||
- GOTIFY_DEFAULTUSER_NAME=admin
|
||||
- GOTIFY_DEFAULTUSER_PASS=R1m@dmin
|
||||
- GOTIFY_REGISTRATION=false
|
||||
- GOTIFY_DEFAULTUSER_NAME=${GOTIFY_DEFAULTUSER_NAME}
|
||||
- GOTIFY_DEFAULTUSER_PASS=${GOTIFY_DEFAULTUSER_PASS}
|
||||
- GOTIFY_REGISTRATION=${GOTIFY_REGISTRATION}
|
||||
|
||||
networks:
|
||||
# - traefik_reverse_proxy
|
||||
- traefik
|
||||
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=core_traefik"
|
||||
@@ -26,7 +24,3 @@ services:
|
||||
- "traefik.http.routers.gotify.entrypoints=websecure"
|
||||
- "traefik.http.routers.gotify.tls.certresolver=myresolver"
|
||||
- "traefik.http.services.gotify.loadbalancer.server.port=80"
|
||||
|
||||
#networks:
|
||||
# traefik_reverse_proxy:
|
||||
# external: true
|
||||
|
||||
@@ -5,7 +5,7 @@ services:
|
||||
container_name: grafana
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- GF_SERVER_ROOT_URL=https://grafana.lan.ddnsgeek.com/
|
||||
- GF_SERVER_ROOT_URL=${GRAFANA_ROOT_URL}
|
||||
volumes:
|
||||
- ${PROJECT_ROOT}/monitoring/grafana/data:/var/lib/grafana
|
||||
networks:
|
||||
|
||||
@@ -3,4 +3,5 @@ FROM nodered/node-red:latest
|
||||
USER root
|
||||
RUN apk add --no-cache docker-cli docker-cli-compose
|
||||
RUN addgroup -g 131 -S docker && addgroup node-red docker
|
||||
|
||||
USER node-red
|
||||
|
||||
@@ -14,11 +14,14 @@ services:
|
||||
- ALL
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
environment:
|
||||
- TZ=${TZ}
|
||||
# ports:
|
||||
# - "1880:1880"
|
||||
volumes:
|
||||
- ${PROJECT_ROOT}/monitoring/node-red/data:/data
|
||||
- ${PROJECT_ROOT}:/compose
|
||||
- ${PROJECT_ROOT}:/compose/docker:ro
|
||||
- /home/nixos/raspi:/compose/raspi:ro
|
||||
- ${PROJECT_ROOT}/default-environment.env:/usr/src/node-red/default-environment.env:ro
|
||||
- ${PROJECT_ROOT}/default-network.yml:/usr/src/node-red/default-network.yml:ro
|
||||
- ${PROJECT_ROOT}/core/docker-compose.yml:/usr/src/node-red/core/docker-compose.yml:ro
|
||||
|
||||
@@ -24,7 +24,7 @@ services:
|
||||
- traefik.http.services.portainer.loadbalancer.server.port=9000
|
||||
|
||||
environment:
|
||||
- GODEBUG=netdns=cgo
|
||||
- GODEBUG=${PORTAINER_GODEBUG}
|
||||
# healthcheck:
|
||||
# test: ["CMD", "wget", "--spider", "-q", "https://portainer.lan.ddnsgeek.com/api/status"]
|
||||
# interval: 30s
|
||||
|
||||
@@ -31,6 +31,8 @@ services:
|
||||
prometheus:
|
||||
profiles: ["monitoring","all","prometheus"]
|
||||
image: prom/prometheus:latest
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
container_name: prometheus
|
||||
depends_on:
|
||||
# - alertmanager
|
||||
@@ -49,6 +51,7 @@ services:
|
||||
- ${PROJECT_ROOT}/monitoring/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/prometheus/data:/prometheus
|
||||
- ${PROJECT_ROOT}/monitoring/prometheus/rules:/etc/prometheus/rules:ro
|
||||
- ${PROJECT_ROOT}/secrets/prometheus_kuma_basic_auth_password.txt:/run/secrets/prometheus_kuma_basic_auth_password:ro
|
||||
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
@@ -80,7 +83,7 @@ services:
|
||||
# volumes:
|
||||
# - ./alertmanager/alertmanager.yml:/etc/alertmanager/alertmanager.yml:ro
|
||||
# restart: unless-stopped
|
||||
# networks:
|
||||
# secrets:
|
||||
# - edge
|
||||
# - traefik_reverse_proxy
|
||||
# healthcheck:
|
||||
@@ -128,14 +131,18 @@ services:
|
||||
image: influxdb:2.7
|
||||
container_name: influxdb
|
||||
restart: unless-stopped
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
volumes:
|
||||
- ${PROJECT_ROOT}/monitoring/influxdb:/var/lib/influxdb2
|
||||
environment:
|
||||
DOCKER_INFLUXDB_INIT_MODE: setup
|
||||
DOCKER_INFLUXDB_INIT_USERNAME: admin
|
||||
DOCKER_INFLUXDB_INIT_PASSWORD: adminpassword
|
||||
DOCKER_INFLUXDB_INIT_ORG: pbs
|
||||
DOCKER_INFLUXDB_INIT_BUCKET: telemetry
|
||||
DOCKER_INFLUXDB_INIT_MODE: ${INFLUXDB_INIT_MODE}
|
||||
DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_INIT_USERNAME}
|
||||
DOCKER_INFLUXDB_INIT_PASSWORD_FILE: /run/secrets/influxdb_init_password
|
||||
DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_INIT_ORG}
|
||||
DOCKER_INFLUXDB_INIT_BUCKET: ${INFLUXDB_INIT_BUCKET}
|
||||
secrets:
|
||||
- influxdb_init_password
|
||||
networks:
|
||||
# - edge
|
||||
# - traefik_reverse_proxy
|
||||
@@ -199,24 +206,24 @@ services:
|
||||
volumes:
|
||||
- ~/.docker/config.json:/root/.docker/config.json:ro
|
||||
- ${PROJECT_ROOT}/monitoring/docker-exporter/data:/data:rw
|
||||
- ${PROJECT_ROOT}:/compose
|
||||
- ${PROJECT_ROOT}/default-environment.env:/compose/default-environment.env:ro
|
||||
- ${PROJECT_ROOT}/default-network.yml:/compose/default-network.yml:ro
|
||||
- ${PROJECT_ROOT}/core/docker-compose.yml:/compose/core/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/prometheus/docker-compose.yml:/compose/monitoring/prometheus/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/gotify/docker-compose.yml:/compose/monitoring/gotify/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/grafana/docker-compose.yml:/compose/monitoring/grafana/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/portainer/docker-compose.yml:/compose/monitoring/portainer/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/uptime-kuma/docker-compose.yml:/compose/monitoring/uptime-kuma/docker-compose.yml:>
|
||||
- ${PROJECT_ROOT}/apps/gitea/docker-compose.yml:/compose/apps/gitea/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/gramps/docker-compose.yml:/compose/apps/gramps/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/nextcloud/docker-compose.yml:/compose/apps/nextcloud/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/passbolt/docker-compose.yml:/compose/apps/passbolt/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/searxng/docker-compose.yml:/compose/apps/searxng/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/shift-recorder/docker-compose.yml:/compose/apps/shift-recorder/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/apps/stockfill/docker-compose.yml:/compose/apps/stockfill/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/monitoring/node-red/docker-compose.yml:/compose/monitoring/node-red/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}/core/test/docker-compose.yml:/compose/core/test/docker-compose.yml:ro
|
||||
- ${PROJECT_ROOT}:/compose:ro
|
||||
# - ${PROJECT_ROOT}/default-environment.env:/compose/default-environment.env:ro
|
||||
# - ${PROJECT_ROOT}/default-network.yml:/compose/default-network.yml:ro
|
||||
# - ${PROJECT_ROOT}/core/docker-compose.yml:/compose/core/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/prometheus/docker-compose.yml:/compose/monitoring/prometheus/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/gotify/docker-compose.yml:/compose/monitoring/gotify/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/grafana/docker-compose.yml:/compose/monitoring/grafana/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/portainer/docker-compose.yml:/compose/monitoring/portainer/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/uptime-kuma/docker-compose.yml:/compose/monitoring/uptime-kuma/docker-compose.yml:>
|
||||
# - ${PROJECT_ROOT}/apps/gitea/docker-compose.yml:/compose/apps/gitea/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/gramps/docker-compose.yml:/compose/apps/gramps/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/nextcloud/docker-compose.yml:/compose/apps/nextcloud/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/passbolt/docker-compose.yml:/compose/apps/passbolt/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/searxng/docker-compose.yml:/compose/apps/searxng/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/shift-recorder/docker-compose.yml:/compose/apps/shift-recorder/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/apps/stockfill/docker-compose.yml:/compose/apps/stockfill/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/monitoring/node-red/docker-compose.yml:/compose/monitoring/node-red/docker-compose.yml:ro
|
||||
# - ${PROJECT_ROOT}/core/test/docker-compose.yml:/compose/core/test/docker-compose.yml:ro
|
||||
|
||||
|
||||
# ports:
|
||||
@@ -240,12 +247,14 @@ services:
|
||||
profiles: ["monitoring","all","prometheus-exporters"]
|
||||
image: ekofr/pihole-exporter:latest
|
||||
container_name: pihole-exporter
|
||||
# env_file:
|
||||
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
||||
environment:
|
||||
PIHOLE_HOSTNAME: pihole.sweet.home
|
||||
PIHOLE_PASSWORD: ""
|
||||
PORT: 9617
|
||||
PIHOLE_HOSTNAME: ${PIHOLE_HOSTNAME}
|
||||
PIHOLE_PASSWORD: ${PIHOLE_PASSWORD}
|
||||
PORT: ${PIHOLE_EXPORTER_PORT}
|
||||
ports:
|
||||
- "9617:9617"
|
||||
- "${PIHOLE_EXPORTER_PORT}:${PIHOLE_EXPORTER_PORT}"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
# - edge
|
||||
@@ -262,3 +271,9 @@ services:
|
||||
# traefik_reverse_proxy:
|
||||
# external: true
|
||||
|
||||
|
||||
|
||||
|
||||
secrets:
|
||||
influxdb_init_password:
|
||||
file: ${PROJECT_ROOT}/secrets/influxdb_init_password.txt
|
||||
|
||||
@@ -63,6 +63,7 @@ scrape_configs:
|
||||
static_configs:
|
||||
- targets:
|
||||
- telegraf:9273
|
||||
- raspberrypi.tail13f623.ts.net:9273
|
||||
labels:
|
||||
role: docker
|
||||
|
||||
@@ -96,8 +97,8 @@ scrape_configs:
|
||||
|
||||
basic_auth:
|
||||
username: wayne.bennett@live.com
|
||||
password: '4vjCco?[%{=+,t`):C'
|
||||
|
||||
password_file: /run/secrets/prometheus_kuma_basic_auth_password
|
||||
# password: '4vjCco?[%{=+,t`):C'
|
||||
static_configs:
|
||||
- targets:
|
||||
- monitor-kuma:3001
|
||||
|
||||
Reference in New Issue
Block a user