diff --git a/docs/diagrams/docker-compose.dot b/docs/diagrams/docker-compose.dot
index 4eff403..d378433 100644
--- a/docs/diagrams/docker-compose.dot
+++ b/docs/diagrams/docker-compose.dot
@@ -1,4 +1,75 @@
digraph Compose {
rankdir=LR;
node [fontname=Helvetica];
+ "svc:authelia" [label="authelia", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:crowdsec" [label="crowdsec", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:docker-socket-proxy" [label="docker-socket-proxy", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:docker-update-exporter" [label="docker-update-exporter", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:error-pages" [label="error-pages", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:gitea" [label="gitea", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:gitea-runner" [label="gitea-runner", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:gotify" [label="gotify", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:grafana" [label="grafana", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:gramps-redis" [label="gramps-redis", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:grampsweb" [label="grampsweb", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:grampsweb_celery" [label="grampsweb_celery", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:influxdb" [label="influxdb", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:monitor-kuma" [label="monitor-kuma", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:mtls-bridge" [label="mtls-bridge", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:nextcloud-db" [label="nextcloud-db", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:nextcloud-redis" [label="nextcloud-redis", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:nextcloud-webapp" [label="nextcloud-webapp", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:node-exporter" [label="node-exporter", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:node-red" [label="node-red", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:passbolt-db" [label="passbolt-db", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:passbolt-webapp" [label="passbolt-webapp", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:pihole-exporter" [label="pihole-exporter", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:portainer" [label="portainer", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:prometheus" [label="prometheus", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:searxng-webapp" [label="searxng-webapp", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:telegraf" [label="telegraf", shape=box, style=filled, fillcolor="#dfefff"];
+ "svc:traefik" [label="traefik", shape=box, style=filled, fillcolor="#dfefff"];
+ "net:gramps" [label="gramps", shape=ellipse, style=filled, fillcolor="#f4f4f4"];
+ "net:monitor" [label="monitor", shape=ellipse, style=filled, fillcolor="#f4f4f4"];
+ "net:nextcloud" [label="nextcloud", shape=ellipse, style=filled, fillcolor="#f4f4f4"];
+ "net:passbolt" [label="passbolt", shape=ellipse, style=filled, fillcolor="#f4f4f4"];
+ "net:traefik" [label="traefik", shape=ellipse, style=filled, fillcolor="#f4f4f4"];
+ "svc:authelia" -> "net:traefik";
+ "svc:crowdsec" -> "net:traefik";
+ "svc:docker-socket-proxy" -> "net:monitor";
+ "svc:docker-socket-proxy" -> "net:traefik";
+ "svc:docker-update-exporter" -> "net:monitor";
+ "svc:error-pages" -> "net:traefik";
+ "svc:gitea" -> "net:traefik";
+ "svc:gitea-runner" -> "net:traefik";
+ "svc:gotify" -> "net:traefik";
+ "svc:grafana" -> "net:monitor";
+ "svc:grafana" -> "net:traefik";
+ "svc:gramps-redis" -> "net:gramps";
+ "svc:grampsweb" -> "net:gramps";
+ "svc:grampsweb" -> "net:traefik";
+ "svc:grampsweb_celery" -> "net:gramps";
+ "svc:influxdb" -> "net:monitor";
+ "svc:influxdb" -> "net:traefik";
+ "svc:monitor-kuma" -> "net:monitor";
+ "svc:monitor-kuma" -> "net:traefik";
+ "svc:mtls-bridge" -> "net:monitor";
+ "svc:mtls-bridge" -> "net:traefik";
+ "svc:nextcloud-db" -> "net:nextcloud";
+ "svc:nextcloud-redis" -> "net:nextcloud";
+ "svc:nextcloud-webapp" -> "net:nextcloud";
+ "svc:nextcloud-webapp" -> "net:traefik";
+ "svc:node-exporter" -> "net:monitor";
+ "svc:node-red" -> "net:monitor";
+ "svc:node-red" -> "net:traefik";
+ "svc:passbolt-db" -> "net:passbolt";
+ "svc:passbolt-webapp" -> "net:passbolt";
+ "svc:passbolt-webapp" -> "net:traefik";
+ "svc:pihole-exporter" -> "net:monitor";
+ "svc:portainer" -> "net:traefik";
+ "svc:prometheus" -> "net:monitor";
+ "svc:prometheus" -> "net:traefik";
+ "svc:searxng-webapp" -> "net:traefik";
+ "svc:telegraf" -> "net:monitor";
+ "svc:traefik" -> "net:traefik";
}
diff --git a/docs/diagrams/docker-compose.svg b/docs/diagrams/docker-compose.svg
index 23e03bc..cd8a7c6 100644
--- a/docs/diagrams/docker-compose.svg
+++ b/docs/diagrams/docker-compose.svg
@@ -1,13 +1 @@
-
-
-
-
-
+
diff --git a/docs/generated/compose-inventory.md b/docs/generated/compose-inventory.md
index c079bfa..f94b77c 100644
--- a/docs/generated/compose-inventory.md
+++ b/docs/generated/compose-inventory.md
@@ -1,24 +1,57 @@
# Docker Compose Inventory
-Source fingerprint: `d6aa78e3317a`
+Source fingerprint: `aadce80b9c30`
## Summary
| Item | Count |
|---|---:|
-| Services | 0 |
-| Networks | 0 |
+| Services | 28 |
+| Networks | 5 |
| Volumes | 0 |
## Services
| Service | Container | Image | Build | Profiles | Networks | Ports | Restart |
|---|---|---|---|---|---|---|---|
+| authelia | authelia | authelia/authelia | /home/nixos/docker/core/authelia | core, all, authelia, traefik | traefik | | always |
+| crowdsec | crowdsec | | /home/nixos/docker/core/crowdsec | core, all, crowdsec, traefik | traefik | | always |
+| docker-socket-proxy | docker-socket-proxy | tecnativa/docker-socket-proxy:latest | | monitoring, all, docker-socket-proxy, core, traefik, prometheus | monitor, traefik | | unless-stopped |
+| docker-update-exporter | docker-update-exporter | | /home/nixos/docker/monitoring/docker-exporter | monitoring, all, docker-exporter, prometheus | monitor | | unless-stopped |
+| error-pages | error-pages | tarampampam/error-pages:3 | | core, all, error-pages, traefik | traefik | | always |
+| gitea | gitea | gitea/gitea:latest | | apps, all, gitea | traefik | | always |
+| gitea-runner | gitea-runner | gitea/act_runner:latest | | apps, all, gitea, ci | traefik | | always |
+| gotify | gotify | gotify/server:latest | | monitoring, all, gotify | traefik | | always |
+| grafana | grafana | grafana/grafana:latest | | monitoring, all, grafana | monitor, traefik | | unless-stopped |
+| gramps-redis | gramps-redis | valkey/valkey:8-alpine | | apps, all, gramps | gramps | | always |
+| grampsweb | gramps-web | ghcr.io/gramps-project/grampsweb:latest | | apps, all, gramps | gramps, traefik | | always |
+| grampsweb_celery | gramps-web-celery | ghcr.io/gramps-project/grampsweb:latest | | apps, all, gramps | gramps | | always |
+| influxdb | influxdb | influxdb:2.7 | | monitoring, all, influxdb, prometheus | monitor, traefik | | unless-stopped |
+| monitor-kuma | monitor-kuma | louislam/uptime-kuma:2.1.1 | | monitoring, all, uptime-kuma | monitor, traefik | | always |
+| mtls-bridge | mtls-bridge | | /home/nixos/docker/monitoring/mtls-bridge | monitoring, all, mtls-bridge | monitor, traefik | | unless-stopped |
+| nextcloud-db | nextcloud-db | mariadb:11.4 | | apps, all, nextcloud | nextcloud | | always |
+| nextcloud-redis | nextcloud-redis | redis | | apps, all, nextcloud | nextcloud | | always |
+| nextcloud-webapp | nextcloud-webapp | | /home/nixos/docker/apps/nextcloud | apps, all, nextcloud | nextcloud, traefik | | always |
+| node-exporter | node-exporter | prom/node-exporter:latest | | monitoring, all, node-exporter, prometheus | monitor | | unless-stopped |
+| node-red | node-red | | /home/nixos/docker/monitoring/node-red | monitoring, all, node-red | monitor, traefik | | unless-stopped |
+| passbolt-db | passbolt-db | mariadb:12 | | apps, all, passbolt | passbolt | | always |
+| passbolt-webapp | passbolt-webapp | passbolt/passbolt:latest-ce | | apps, all, passbolt | passbolt, traefik | | always |
+| pihole-exporter | pihole-exporter | ekofr/pihole-exporter:latest | | monitoring, all, pihole-exporter, prometheus | monitor | {'mode': 'ingress', 'target': 9617, 'published': '9617', 'protocol': 'tcp'} | unless-stopped |
+| portainer | portainer | portainer/portainer-ce:latest | | monitoring, all, portainer | traefik | | unless-stopped |
+| prometheus | prometheus | prom/prometheus:latest | | monitoring, all, prometheus | monitor, traefik | | unless-stopped |
+| searxng-webapp | searxng-webapp | searxng/searxng | | apps, all, searxng | traefik | | always |
+| telegraf | telegraf | telegraf:latest | | monitoring, all, telegraf, prometheus | monitor | | unless-stopped |
+| traefik | traefik | traefik:3 | /home/nixos/docker/core | core, all, traefik | traefik | {'mode': 'ingress', 'target': 80, 'published': '80', 'protocol': 'tcp'}, {'mode': 'ingress', 'target': 443, 'published': '443', 'protocol': 'tcp'} | always |
## Networks
| Network | Driver | External |
|---|---|---|
+| gramps | | False |
+| monitor | | False |
+| nextcloud | | False |
+| passbolt | | False |
+| traefik | bridge | False |
## Volumes
diff --git a/docs/generated/docker-compose.resolved.yml b/docs/generated/docker-compose.resolved.yml
index 2a4d71d..ba3fb36 100644
--- a/docs/generated/docker-compose.resolved.yml
+++ b/docs/generated/docker-compose.resolved.yml
@@ -1,2 +1,1354 @@
name: core
-services: {}
+services:
+ authelia:
+ profiles:
+ - core
+ - all
+ - authelia
+ - traefik
+ build:
+ context: /home/nixos/docker/core/authelia
+ dockerfile: Dockerfile
+ container_name: authelia
+ image: authelia/authelia
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.enable: "true"
+ traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/
+ traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups
+ traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize: "2097152"
+ traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: "true"
+ traefik.http.routers.authelia.entrypoints: websecure
+ traefik.http.routers.authelia.rule: Host(`auth.lan.ddnsgeek.com`)
+ traefik.http.routers.authelia.tls: "true"
+ traefik.http.routers.authelia.tls.certresolver: myresolver
+ networks:
+ traefik: null
+ restart: always
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/core/authelia
+ target: /config
+ bind:
+ create_host_path: true
+ crowdsec:
+ profiles:
+ - core
+ - all
+ - crowdsec
+ - traefik
+ build:
+ context: /home/nixos/docker/core/crowdsec
+ dockerfile: Dockerfile
+ container_name: crowdsec
+ environment:
+ COLLECTIONS: crowdsecurity/traefik
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - cscli metrics || exit 1
+ timeout: 10s
+ interval: 30s
+ retries: 3
+ start_period: 15s
+ networks:
+ traefik: null
+ restart: always
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/core/crowdsec/logs
+ target: /logs
+ read_only: true
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/core/crowdsec/data
+ target: /var/lib/crowdsec/data
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/core/crowdsec/config
+ target: /etc/crowdsec
+ bind:
+ create_host_path: true
+ docker-socket-proxy:
+ profiles:
+ - monitoring
+ - all
+ - docker-socket-proxy
+ - core
+ - traefik
+ - prometheus
+ cap_drop:
+ - ALL
+ container_name: docker-socket-proxy
+ environment:
+ ALLOW_RESTARTS: "1"
+ ALLOW_START: "1"
+ ALLOW_STOP: "1"
+ AUTH: "1"
+ BUILD: "0"
+ COMMIT: "0"
+ CONFIGS: "0"
+ CONTAINERS: "1"
+ DELETE: "1"
+ DISABLE_IPV6: "0"
+ DISTRIBUTION: "1"
+ EVENTS: "1"
+ EXEC: "1"
+ IMAGES: "1"
+ INFO: "1"
+ LOG_LEVEL: info
+ NETWORKS: "1"
+ NODES: "1"
+ PING: "1"
+ PLUGINS: "0"
+ POST: "1"
+ SECRETS: "1"
+ SERVICES: "1"
+ SESSION: "0"
+ SWARM: "1"
+ SYSTEM: "1"
+ TASKS: "1"
+ VERSION: "1"
+ VOLUMES: "1"
+ hostname: docker-socket-proxy
+ image: tecnativa/docker-socket-proxy:latest
+ networks:
+ monitor: null
+ traefik: null
+ restart: unless-stopped
+ security_opt:
+ - no-new-privileges:true
+ volumes:
+ - type: bind
+ source: /var/run/docker.sock
+ target: /var/run/docker.sock
+ read_only: true
+ bind:
+ create_host_path: true
+ docker-update-exporter:
+ profiles:
+ - monitoring
+ - all
+ - docker-exporter
+ - prometheus
+ build:
+ context: /home/nixos/docker/monitoring/docker-exporter
+ dockerfile: Dockerfile
+ cap_drop:
+ - ALL
+ container_name: docker-update-exporter
+ depends_on:
+ docker-socket-proxy:
+ condition: service_started
+ required: true
+ environment:
+ DOCKER_HOST: tcp://docker-socket-proxy:2375
+ LOG_LEVEL: INFO
+ healthcheck:
+ test:
+ - CMD
+ - python
+ - -c
+ - import urllib.request; urllib.request.urlopen('http://localhost:9105/metrics')
+ timeout: 5s
+ interval: 30s
+ retries: 3
+ start_period: 10s
+ networks:
+ monitor: null
+ restart: unless-stopped
+ security_opt:
+ - no-new-privileges:true
+ volumes:
+ - type: bind
+ source: /root/.docker/config.json
+ target: /root/.docker/config.json
+ read_only: true
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/monitoring/docker-exporter/data
+ target: /data
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker
+ target: /compose
+ read_only: true
+ bind:
+ create_host_path: true
+ error-pages:
+ profiles:
+ - core
+ - all
+ - error-pages
+ - traefik
+ container_name: error-pages
+ environment:
+ TEMPLATE_NAME: app-down
+ hostname: error-pages
+ image: tarampampam/error-pages:3
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.enable: "true"
+ traefik.http.middlewares.error-pages-middleware.errors.query: /{status}.html
+ traefik.http.middlewares.error-pages-middleware.errors.service: error-pages-service
+ traefik.http.middlewares.error-pages-middleware.errors.status: 400-599
+ traefik.http.routers.error-pages-router.entrypoints: web
+ traefik.http.routers.error-pages-router.middlewares: error-pages-middleware
+ traefik.http.routers.error-pages-router.rule: HostRegexp(`{host:.+}`)
+ traefik.http.services.error-pages-service.loadbalancer.server.port: "8080"
+ networks:
+ traefik: null
+ read_only: true
+ restart: always
+ gitea:
+ profiles:
+ - apps
+ - all
+ - gitea
+ container_name: gitea
+ environment:
+ GITEA__actions__ENABLED: "true"
+ GITEA__database__DB_TYPE: sqlite3
+ GITEA__server__ROOT_URL: https://gitea.lan.ddnsgeek.com/
+ USER_GID: "1000"
+ USER_UID: "1000"
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - curl -fsS http://localhost:3000/api/healthz >/dev/null
+ timeout: 5s
+ interval: 30s
+ retries: 6
+ start_period: 2m0s
+ image: gitea/gitea:latest
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.routers.gitea.entrypoints: websecure
+ traefik.http.routers.gitea.rule: Host(`gitea.lan.ddnsgeek.com`)
+ traefik.http.routers.gitea.tls: "true"
+ traefik.http.routers.gitea.tls.certresolver: myresolver
+ traefik.http.services.gitea.loadbalancer.server.port: "3000"
+ networks:
+ traefik: null
+ restart: always
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/apps/gitea/data
+ target: /data
+ bind:
+ create_host_path: true
+ gitea-runner:
+ profiles:
+ - apps
+ - all
+ - gitea
+ - ci
+ container_name: gitea-runner
+ depends_on:
+ docker-socket-proxy:
+ condition: service_started
+ required: true
+ gitea:
+ condition: service_started
+ required: true
+ environment:
+ DOCKER_HOST: tcp://docker-socket-proxy:2375
+ GITEA_INSTANCE_URL: https://gitea.lan.ddnsgeek.com/
+ GITEA_RUNNER_LABELS: ubuntu-latest:docker://node:20-bookworm,ubuntu-22.04:docker://node:20-bookworm,linux:docker://node:20-bookworm,docker:docker://docker:cli
+ GITEA_RUNNER_NAME: docker-runner-01
+ GITEA_RUNNER_REGISTRATION_TOKEN: vYDNxzMvayREkXoaAR3x3UREkxQB2PU4eORzmkZ9
+ image: gitea/act_runner:latest
+ networks:
+ traefik: null
+ restart: always
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/apps/gitea/runner-data
+ target: /data
+ bind:
+ create_host_path: true
+ gotify:
+ profiles:
+ - monitoring
+ - all
+ - gotify
+ container_name: gotify
+ environment:
+ GOTIFY_DEFAULTUSER_NAME: ""
+ GOTIFY_DEFAULTUSER_PASS: ""
+ GOTIFY_REGISTRATION: "false"
+ TZ: Australia/Brisbane
+ image: gotify/server:latest
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.routers.gotify.entrypoints: websecure
+ traefik.http.routers.gotify.rule: Host(`gotify.lan.ddnsgeek.com`)
+ traefik.http.routers.gotify.tls.certresolver: myresolver
+ traefik.http.routers.gotify.tls.options: mtls-private-admin@file
+ traefik.http.services.gotify.loadbalancer.server.port: "80"
+ networks:
+ traefik: null
+ restart: always
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/monitoring/gotify/data
+ target: /app/data
+ bind:
+ create_host_path: true
+ grafana:
+ profiles:
+ - monitoring
+ - all
+ - grafana
+ container_name: grafana
+ environment:
+ GF_SERVER_ROOT_URL: https://grafana.lan.ddnsgeek.com/
+ healthcheck:
+ test:
+ - CMD
+ - wget
+ - --spider
+ - -q
+ - http://localhost:3000/api/health
+ timeout: 10s
+ interval: 30s
+ retries: 3
+ start_period: 30s
+ image: grafana/grafana:latest
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.routers.grafana.entrypoints: websecure
+ traefik.http.routers.grafana.rule: Host(`grafana.lan.ddnsgeek.com`)
+ traefik.http.routers.grafana.tls.certresolver: myresolver
+ traefik.http.routers.grafana.tls.options: mtls-private-admin@file
+ traefik.http.services.grafana.loadbalancer.server.port: "3000"
+ networks:
+ monitor: null
+ traefik: null
+ restart: unless-stopped
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/monitoring/grafana/data
+ target: /var/lib/grafana
+ bind:
+ create_host_path: true
+ gramps-redis:
+ profiles:
+ - apps
+ - all
+ - gramps
+ container_name: gramps-redis
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - valkey-cli -h 127.0.0.1 -p 6379 ping | grep -q PONG
+ timeout: 5s
+ interval: 10s
+ retries: 6
+ start_period: 10s
+ image: valkey/valkey:8-alpine
+ networks:
+ gramps: null
+ restart: always
+ grampsweb:
+ profiles:
+ - apps
+ - all
+ - gramps
+ container_name: gramps-web
+ depends_on:
+ gramps-redis:
+ condition: service_started
+ required: true
+ grampsweb_celery:
+ condition: service_started
+ required: true
+ environment:
+ GRAMPSWEB_BASE_URL: https://familytree.lan.ddnsgeek.com
+ GRAMPSWEB_CELERY_CONFIG__broker_url: redis://gramps-redis:6379/0
+ GRAMPSWEB_CELERY_CONFIG__result_backend: redis://gramps-redis:6379/0
+ GRAMPSWEB_DEFAULT_FROM_EMAIL: beatz174@gmail.com
+ GRAMPSWEB_EMAIL_HOST: smtp.gmail.com
+ GRAMPSWEB_EMAIL_HOST_PASSWORD: ""
+ GRAMPSWEB_EMAIL_HOST_USER: ""
+ GRAMPSWEB_EMAIL_PORT: "587"
+ GRAMPSWEB_EMAIL_USE_SSL: "false"
+ GRAMPSWEB_EMAIL_USE_STARTTLS: "true"
+ GRAMPSWEB_RATELIMIT_STORAGE_URI: redis://gramps-redis:6379/1
+ GRAMPSWEB_REGISTRATION_DISABLED: "true"
+ GRAMPSWEB_SECRET_KEY: ""
+ GRAMPSWEB_TREE: main
+ TZ: Australia/Brisbane
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - wget -qO- http://127.0.0.1:5000/ >/dev/null
+ timeout: 5s
+ interval: 30s
+ retries: 6
+ start_period: 1m0s
+ image: ghcr.io/gramps-project/grampsweb:latest
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.routers.gramps.entrypoints: websecure
+ traefik.http.routers.gramps.rule: Host(`familytree.lan.ddnsgeek.com`)
+ traefik.http.routers.gramps.tls.certresolver: myresolver
+ traefik.http.services.gramps.loadbalancer.server.port: "5000"
+ networks:
+ gramps: null
+ traefik: null
+ restart: always
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/users
+ target: /app/users
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/index
+ target: /app/indexdir
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/thumbnail_cache
+ target: /app/thumbnail_cache
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/cache
+ target: /app/cache
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/secret
+ target: /app/secret
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/db
+ target: /root/.gramps/grampsdb
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/media
+ target: /app/media
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/tmp
+ target: /tmp
+ bind:
+ create_host_path: true
+ grampsweb_celery:
+ profiles:
+ - apps
+ - all
+ - gramps
+ command:
+ - celery
+ - -A
+ - gramps_webapi.celery
+ - worker
+ - --loglevel=INFO
+ - --concurrency=2
+ container_name: gramps-web-celery
+ depends_on:
+ gramps-redis:
+ condition: service_started
+ required: true
+ environment:
+ GRAMPSWEB_BASE_URL: https://familytree.lan.ddnsgeek.com
+ GRAMPSWEB_CELERY_CONFIG__broker_url: redis://gramps-redis:6379/0
+ GRAMPSWEB_CELERY_CONFIG__result_backend: redis://gramps-redis:6379/0
+ GRAMPSWEB_DEFAULT_FROM_EMAIL: beatz174@gmail.com
+ GRAMPSWEB_EMAIL_HOST: smtp.gmail.com
+ GRAMPSWEB_EMAIL_HOST_PASSWORD: ""
+ GRAMPSWEB_EMAIL_HOST_USER: ""
+ GRAMPSWEB_EMAIL_PORT: "587"
+ GRAMPSWEB_EMAIL_USE_SSL: "false"
+ GRAMPSWEB_EMAIL_USE_STARTTLS: "true"
+ GRAMPSWEB_RATELIMIT_STORAGE_URI: redis://gramps-redis:6379/1
+ GRAMPSWEB_REGISTRATION_DISABLED: "true"
+ GRAMPSWEB_SECRET_KEY: ""
+ GRAMPSWEB_TREE: main
+ TZ: Australia/Brisbane
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - pgrep -f "celery.*gramps_webapi.celery.*worker" >/dev/null
+ timeout: 5s
+ interval: 30s
+ retries: 6
+ start_period: 1m0s
+ image: ghcr.io/gramps-project/grampsweb:latest
+ networks:
+ gramps: null
+ restart: always
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/users
+ target: /app/users
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/index
+ target: /app/indexdir
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/thumbnail_cache
+ target: /app/thumbnail_cache
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/cache
+ target: /app/cache
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/secret
+ target: /app/secret
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/db
+ target: /root/.gramps/grampsdb
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/media
+ target: /app/media
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/gramps/data/tmp
+ target: /tmp
+ bind:
+ create_host_path: true
+ influxdb:
+ profiles:
+ - monitoring
+ - all
+ - influxdb
+ - prometheus
+ container_name: influxdb
+ environment:
+ DOCKER_INFLUXDB_INIT_BUCKET: telemetry
+ DOCKER_INFLUXDB_INIT_MODE: setup
+ DOCKER_INFLUXDB_INIT_ORG: pbs
+ DOCKER_INFLUXDB_INIT_PASSWORD_FILE: /run/secrets/influxdb_init_password
+ DOCKER_INFLUXDB_INIT_USERNAME: ""
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - curl -f http://localhost:8086/health || exit 1
+ timeout: 5s
+ interval: 30s
+ retries: 3
+ start_period: 10s
+ image: influxdb:2.7
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.routers.influxdb.entrypoints: websecure
+ traefik.http.routers.influxdb.middlewares: authelia
+ traefik.http.routers.influxdb.rule: Host(`influxdb.lan.ddnsgeek.com`)
+ traefik.http.routers.influxdb.tls.certresolver: myresolver
+ traefik.http.routers.influxdb.tls.options: mtls-private-admin@file
+ traefik.http.services.influxdb.loadbalancer.server.port: "8086"
+ networks:
+ monitor: null
+ traefik: null
+ restart: unless-stopped
+ secrets:
+ - source: influxdb_init_password
+ target: /run/secrets/influxdb_init_password
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/monitoring/influxdb
+ target: /var/lib/influxdb2
+ bind:
+ create_host_path: true
+ monitor-kuma:
+ profiles:
+ - monitoring
+ - all
+ - uptime-kuma
+ container_name: monitor-kuma
+ depends_on:
+ docker-socket-proxy:
+ condition: service_started
+ required: true
+ environment:
+ DOCKER_HOST: tcp://docker-socket-proxy:2375
+ image: louislam/uptime-kuma:2.1.1
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.routers.monitor.entrypoints: websecure
+ traefik.http.routers.monitor.rule: Host(`monitor-kuma.lan.ddnsgeek.com`)
+ traefik.http.routers.monitor.tls: "true"
+ traefik.http.routers.monitor.tls.certresolver: myresolver
+ traefik.http.routers.monitor.tls.options: mtls-private-admin@file
+ traefik.http.services.monitor.loadbalancer.server.port: "3001"
+ networks:
+ monitor: null
+ traefik: null
+ restart: always
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/monitoring/uptime-kuma/data
+ target: /app/data
+ bind:
+ create_host_path: true
+ mtls-bridge:
+ profiles:
+ - monitoring
+ - all
+ - mtls-bridge
+ build:
+ context: /home/nixos/docker/monitoring/mtls-bridge
+ dockerfile: Dockerfile
+ container_name: mtls-bridge
+ environment:
+ ALLOWED_PATHS_FILE: ""
+ CLIENT_CERT: /certs/clients/office-pc/office-pc.crt
+ CLIENT_KEY: /certs/clients/office-pc/office-pc.key
+ LOG_LEVEL: DEBUG
+ TARGET_URL: http://node-red:1880
+ TIMEOUT: "5"
+ UPSTREAM_CA_CERT: ""
+ hostname: mtls-bridge.lan.ddnsgeek.com
+ healthcheck:
+ test:
+ - CMD
+ - python
+ - -c
+ - import urllib.request; urllib.request.urlopen('http://localhost:8080/_mtls_bridge/health', timeout=3).read()
+ timeout: 5s
+ interval: 30s
+ retries: 3
+ start_period: 10s
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.middlewares.mtls-bridge-auth.basicauth.users: ""
+ traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowcredentials: "true"
+ traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowheaders: authorization,content-type,x-grafana-action,x-grafana-device-id
+ traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowmethods: GET,POST,PUT,PATCH,DELETE,OPTIONS
+ traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolalloworiginlist: https://grafana.lan.ddnsgeek.com
+ traefik.http.middlewares.mtls-bridge-cors.headers.addvaryheader: "true"
+ traefik.http.routers.mtls-bridge-preflight.entrypoints: websecure
+ traefik.http.routers.mtls-bridge-preflight.middlewares: mtls-bridge-cors
+ traefik.http.routers.mtls-bridge-preflight.priority: "100"
+ traefik.http.routers.mtls-bridge-preflight.rule: Host(`mtls-bridge.lan.ddnsgeek.com`) && Method(`OPTIONS`)
+ traefik.http.routers.mtls-bridge-preflight.service: mtls-bridge
+ traefik.http.routers.mtls-bridge-preflight.tls.certresolver: myresolver
+ traefik.http.routers.mtls-bridge.entrypoints: websecure
+ traefik.http.routers.mtls-bridge.middlewares: mtls-bridge-auth,mtls-bridge-cors
+ traefik.http.routers.mtls-bridge.rule: Host(`mtls-bridge.lan.ddnsgeek.com`)
+ traefik.http.routers.mtls-bridge.tls.certresolver: myresolver
+ traefik.http.services.mtls-bridge.loadbalancer.server.port: "8080"
+ networks:
+ monitor: null
+ traefik: null
+ restart: unless-stopped
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/core/traefik/certs
+ target: /certs
+ read_only: true
+ bind:
+ create_host_path: true
+ nextcloud-db:
+ profiles:
+ - apps
+ - all
+ - nextcloud
+ command:
+ - --transaction-isolation=READ-COMMITTED
+ - --log-bin=binlog
+ - --binlog-format=ROW
+ container_name: nextcloud-db
+ environment:
+ MARIADB_AUTO_UPGRADE: "1"
+ MYSQL_DATABASE: nextcloud
+ MYSQL_PASSWORD_FILE: /run/secrets/nextcloud_db_password
+ MYSQL_ROOT_PASSWORD_FILE: /run/secrets/nextcloud_db_root_password
+ MYSQL_USER: ""
+ NEXTCLOUD_ADMIN_PASSWORD_FILE: /run/secrets/nextcloud_admin_password
+ NEXTCLOUD_ADMIN_USER: ""
+ hostname: nextcloud_db
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - mariadb-admin ping -u $$MYSQL_USER --password=$$(cat /run/secrets/nextcloud_db_password) --silent
+ timeout: 5s
+ interval: 10s
+ retries: 12
+ start_period: 1m0s
+ image: mariadb:11.4
+ labels:
+ io.portainer.accesscontrol.public: ""
+ networks:
+ nextcloud: null
+ restart: always
+ secrets:
+ - source: nextcloud_db_root_password
+ target: /run/secrets/nextcloud_db_root_password
+ - source: nextcloud_db_password
+ target: /run/secrets/nextcloud_db_password
+ - source: nextcloud_admin_password
+ target: /run/secrets/nextcloud_admin_password
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/apps/nextcloud/database
+ target: /var/lib/mysql
+ bind:
+ create_host_path: true
+ nextcloud-redis:
+ profiles:
+ - apps
+ - all
+ - nextcloud
+ command:
+ - sh
+ - -c
+ - redis-server --requirepass "$$(cat /run/secrets/nextcloud_redis_password)" --appendonly yes --save 60 1000
+ container_name: nextcloud-redis
+ hostname: redis
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - redis-cli -a "$$(cat /run/secrets/nextcloud_redis_password)" PING | grep -q PONG
+ timeout: 5s
+ interval: 10s
+ retries: 6
+ start_period: 10s
+ image: redis
+ labels:
+ io.portainer.accesscontrol.public: ""
+ networks:
+ nextcloud: null
+ restart: always
+ secrets:
+ - source: nextcloud_redis_password
+ target: /run/secrets/nextcloud_redis_password
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/apps/nextcloud/data/redis
+ target: /data
+ bind:
+ create_host_path: true
+ nextcloud-webapp:
+ profiles:
+ - apps
+ - all
+ - nextcloud
+ build:
+ context: /home/nixos/docker/apps/nextcloud
+ dockerfile: Dockerfile
+ container_name: nextcloud-webapp
+ depends_on:
+ nextcloud-db:
+ condition: service_started
+ required: true
+ nextcloud-redis:
+ condition: service_started
+ required: true
+ environment:
+ MAIL_DOMAIN: ""
+ MAIL_FROM_ADDRESS: ""
+ MYSQL_DATABASE: nextcloud
+ MYSQL_HOST: nextcloud_db:3306
+ MYSQL_PASSWORD_FILE: /run/secrets/nextcloud_db_password
+ MYSQL_USER: ""
+ NEXTCLOUD_TRUSTED_DOMAINS: nextcloud.lan.ddnsgeek.com
+ OVERWRITECLIURL: https://nextcloud.lan.ddnsgeek.com
+ OVERWRITEPROTOCOL: https
+ REDIS_HOST: redis
+ REDIS_HOST_PASSWORD_FILE: /run/secrets/nextcloud_redis_password
+ REDIS_HOST_PORT: "6379"
+ SMTP_AUTHTYPE: login
+ SMTP_HOST: smtp.gmail.com
+ SMTP_NAME: ""
+ SMTP_PASSWORD_FILE: /run/secrets/nextcloud_smtp_password
+ SMTP_PORT: "587"
+ SMTP_SECURE: tls
+ hostname: nextcloud.lan.ddnsgeek.com
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - 'php -r ''$$f=@fsockopen("127.0.0.1",80,$$e,$$s,2); if(!$$f) exit(1); fwrite($$f,"GET /status.php HTTP/1.0\r\nHost: localhost\r\nConnection: close\r\n\r\n"); $$o=""; while(!feof($$f)){$$o.=fgets($$f,1024);} fclose($$f); if(strpos($$o,"\"installed\":true")===false) exit(1);'''
+ timeout: 5s
+ interval: 30s
+ retries: 6
+ start_period: 3m0s
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.middlewares.nextcloud-dav.replacepathregex.regex: ^/.well-known/ca(l|rd)dav
+ traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement: /remote.php/dav/
+ traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.regex: ^/.well-known/nodeinfo
+ traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.replacement: /nextcloud/index.php/.well-known/nodeinfo/
+ traefik.http.middlewares.nextcloud-webfinger.redirectregex.permanent: "true"
+ traefik.http.middlewares.nextcloud-webfinger.redirectregex.regex: https://(.*)/.well-known/webfinger
+ traefik.http.middlewares.nextcloud-webfinger.redirectregex.replacement: https://$${1}/nextcloud/index.php/.well-known/webfinger
+ traefik.http.routers.nextcloud.entrypoints: websecure
+ traefik.http.routers.nextcloud.middlewares: nextcloud-dav, nextcloud-webfinger
+ traefik.http.routers.nextcloud.rule: Host(`nextcloud.lan.ddnsgeek.com`)
+ traefik.http.routers.nextcloud.tls.certresolver: myresolver
+ networks:
+ nextcloud: null
+ traefik: null
+ restart: always
+ secrets:
+ - source: nextcloud_db_password
+ target: /run/secrets/nextcloud_db_password
+ - source: nextcloud_smtp_password
+ target: /run/secrets/nextcloud_smtp_password
+ - source: nextcloud_redis_password
+ target: /run/secrets/nextcloud_redis_password
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/apps/nextcloud/data
+ target: /var/www/html/data
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/nextcloud/config
+ target: /var/www/html/config
+ bind:
+ create_host_path: true
+ - type: tmpfs
+ target: /tmp:exec
+ node-exporter:
+ profiles:
+ - monitoring
+ - all
+ - node-exporter
+ - prometheus
+ command:
+ - --path.procfs=/host/proc
+ - --path.sysfs=/host/sys
+ - --path.rootfs=/rootfs
+ container_name: node-exporter
+ healthcheck:
+ test:
+ - CMD
+ - wget
+ - --spider
+ - -q
+ - http://localhost:9100/metrics
+ timeout: 10s
+ interval: 30s
+ retries: 3
+ image: prom/node-exporter:latest
+ networks:
+ monitor: null
+ pid: host
+ restart: unless-stopped
+ volumes:
+ - type: bind
+ source: /proc
+ target: /host/proc
+ read_only: true
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /sys
+ target: /host/sys
+ read_only: true
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /
+ target: /rootfs
+ read_only: true
+ bind:
+ create_host_path: true
+ node-red:
+ profiles:
+ - monitoring
+ - all
+ - node-red
+ build:
+ context: /home/nixos/docker/monitoring/node-red
+ dockerfile: Dockerfile
+ cap_drop:
+ - ALL
+ container_name: node-red
+ depends_on:
+ docker-socket-proxy:
+ condition: service_started
+ required: true
+ environment:
+ DOCKER_HOST: tcp://docker-socket-proxy:2375
+ PROJECT_ROOT: /compose
+ TZ: Australia/Brisbane
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.routers.node-red.entrypoints: websecure
+ traefik.http.routers.node-red.middlewares: authelia
+ traefik.http.routers.node-red.rule: Host(`node-red.lan.ddnsgeek.com`)
+ traefik.http.routers.node-red.tls.certresolver: myresolver
+ traefik.http.routers.node-red.tls.options: mtls-private-admin@file
+ traefik.http.services.node-red.loadbalancer.server.port: "1880"
+ networks:
+ monitor: null
+ traefik: null
+ restart: unless-stopped
+ security_opt:
+ - no-new-privileges:true
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/monitoring/node-red/data
+ target: /data
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker
+ target: /compose/docker
+ read_only: true
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/raspi
+ target: /compose/raspi
+ read_only: true
+ bind:
+ create_host_path: true
+ passbolt-db:
+ profiles:
+ - apps
+ - all
+ - passbolt
+ container_name: passbolt-db
+ environment:
+ MYSQL_DATABASE: ""
+ MYSQL_PASSWORD_FILE: /run/secrets/passbolt_db_password
+ MYSQL_RANDOM_ROOT_PASSWORD: "true"
+ MYSQL_USER: ""
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - mariadb-admin ping -h 127.0.0.1 -u"$$MYSQL_USER" -p"$$(cat /run/secrets/passbolt_db_password)" --silent
+ timeout: 5s
+ interval: 10s
+ retries: 12
+ start_period: 1m0s
+ image: mariadb:12
+ labels:
+ io.portainer.accesscontrol.public: ""
+ networks:
+ passbolt: null
+ restart: always
+ secrets:
+ - source: passbolt_db_password
+ target: /run/secrets/passbolt_db_password
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/apps/passbolt/data/database
+ target: /var/lib/mysql
+ bind:
+ create_host_path: true
+ passbolt-webapp:
+ profiles:
+ - apps
+ - all
+ - passbolt
+ command:
+ - /usr/bin/wait-for.sh
+ - -t
+ - "0"
+ - passbolt-db:3306
+ - --
+ - /docker-entrypoint.sh
+ container_name: passbolt-webapp
+ depends_on:
+ passbolt-db:
+ condition: service_started
+ required: true
+ environment:
+ APP_FULL_BASE_URL: https://passbolt.lan.ddnsgeek.com
+ DATASOURCES_DEFAULT_DATABASE: ""
+ DATASOURCES_DEFAULT_HOST: passbolt-db
+ DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/passbolt_db_password
+ DATASOURCES_DEFAULT_USERNAME: ""
+ PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: ""
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - curl -fsS http://localhost/healthcheck/status | grep -qx OK
+ timeout: 10s
+ interval: 30s
+ retries: 6
+ start_period: 2m0s
+ image: passbolt/passbolt:latest-ce
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.routers.passbolt.entrypoints: websecure
+ traefik.http.routers.passbolt.rule: Host(`passbolt.lan.ddnsgeek.com`)
+ traefik.http.routers.passbolt.tls.certresolver: myresolver
+ networks:
+ passbolt: null
+ traefik: null
+ restart: always
+ secrets:
+ - source: passbolt_db_password
+ target: /run/secrets/passbolt_db_password
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/apps/passbolt/data/gpg
+ target: /etc/passbolt/gpg
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/apps/passbolt/data/jwt
+ target: /etc/passbolt/jwt
+ bind:
+ create_host_path: true
+ pihole-exporter:
+ profiles:
+ - monitoring
+ - all
+ - pihole-exporter
+ - prometheus
+ container_name: pihole-exporter
+ environment:
+ PIHOLE_HOSTNAME: pihole.sweet.home
+ PIHOLE_PASSWORD: ""
+ PORT: "9617"
+ image: ekofr/pihole-exporter:latest
+ networks:
+ monitor: null
+ ports:
+ - mode: ingress
+ target: 9617
+ published: "9617"
+ protocol: tcp
+ restart: unless-stopped
+ portainer:
+ profiles:
+ - monitoring
+ - all
+ - portainer
+ command:
+ - -H
+ - tcp://docker-socket-proxy:2375
+ container_name: portainer
+ depends_on:
+ docker-socket-proxy:
+ condition: service_started
+ required: true
+ environment:
+ DOCKER_HOST: tcp://docker-socket-proxy:2375
+ GODEBUG: netdns=cgo
+ TZ: Australia/Brisbane
+ image: portainer/portainer-ce:latest
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.enable: "true"
+ traefik.http.routers.portainer.entrypoints: websecure
+ traefik.http.routers.portainer.rule: Host(`portainer.lan.ddnsgeek.com`)
+ traefik.http.routers.portainer.tls: "true"
+ traefik.http.routers.portainer.tls.certresolver: myresolver
+ traefik.http.routers.portainer.tls.options: mtls-private-admin@file
+ traefik.http.services.portainer.loadbalancer.server.port: "9000"
+ networks:
+ traefik: null
+ restart: unless-stopped
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/monitoring/portainer/data
+ target: /data
+ bind:
+ create_host_path: true
+ prometheus:
+ profiles:
+ - monitoring
+ - all
+ - prometheus
+ command:
+ - --config.file=/etc/prometheus/prometheus.yml
+ - --storage.tsdb.path=/prometheus
+ - --storage.tsdb.retention.time=15d
+ container_name: prometheus
+ depends_on:
+ docker-update-exporter:
+ condition: service_started
+ required: true
+ influxdb:
+ condition: service_started
+ required: true
+ node-exporter:
+ condition: service_started
+ required: true
+ pihole-exporter:
+ condition: service_started
+ required: true
+ telegraf:
+ condition: service_started
+ required: true
+ healthcheck:
+ test:
+ - CMD
+ - wget
+ - --spider
+ - -q
+ - http://localhost:9090/-/healthy
+ timeout: 10s
+ interval: 30s
+ retries: 3
+ start_period: 30s
+ image: prom/prometheus:latest
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.routers.prometheus.entrypoints: websecure
+ traefik.http.routers.prometheus.middlewares: authelia
+ traefik.http.routers.prometheus.rule: Host(`prometheus.lan.ddnsgeek.com`)
+ traefik.http.routers.prometheus.tls.certresolver: myresolver
+ traefik.http.routers.prometheus.tls.options: mtls-private-admin@file
+ traefik.http.services.prometheus.loadbalancer.server.port: "9090"
+ networks:
+ monitor: null
+ traefik: null
+ restart: unless-stopped
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/monitoring/prometheus/prometheus.yml
+ target: /etc/prometheus/prometheus.yml
+ read_only: true
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/monitoring/prometheus/data
+ target: /prometheus
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/monitoring/prometheus/rules
+ target: /etc/prometheus/rules
+ read_only: true
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/secrets/prometheus_kuma_basic_auth_password.txt
+ target: /run/secrets/prometheus_kuma_basic_auth_password
+ read_only: true
+ bind:
+ create_host_path: true
+ searxng-webapp:
+ profiles:
+ - apps
+ - all
+ - searxng
+ container_name: searxng-webapp
+ hostname: searxng.lan.ddnsgeek.com
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - python3 -c "import urllib.request,sys; r=urllib.request.urlopen('http://127.0.0.1:8080/', timeout=3); sys.exit(0 if 200<=r.status<400 else 1)"
+ timeout: 5s
+ interval: 20s
+ retries: 8
+ start_period: 30s
+ image: searxng/searxng
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.enable: "true"
+ traefik.http.routers.searxng.entrypoints: websecure
+ traefik.http.routers.searxng.rule: Host(`searxng.lan.ddnsgeek.com`)
+ traefik.http.routers.searxng.tls.certresolver: myresolver
+ traefik.http.services.searxng.loadbalancer.server.port: "8080"
+ networks:
+ traefik: null
+ read_only: true
+ restart: always
+ tmpfs:
+ - /tmp
+ - /var
+ - /run
+ telegraf:
+ profiles:
+ - monitoring
+ - all
+ - telegraf
+ - prometheus
+ container_name: telegraf
+ depends_on:
+ docker-socket-proxy:
+ condition: service_started
+ required: true
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - curl -f http://localhost:9273/metrics || exit 1
+ timeout: 5s
+ interval: 30s
+ retries: 3
+ start_period: 10s
+ image: telegraf:latest
+ networks:
+ monitor: null
+ restart: unless-stopped
+ security_opt:
+ - no-new-privileges:true
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/monitoring/telegraf/telegraf.conf
+ target: /etc/telegraf/telegraf.conf
+ read_only: true
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/monitoring/node-red/data
+ target: /var/log/node-red
+ read_only: true
+ bind:
+ create_host_path: true
+ traefik:
+ profiles:
+ - core
+ - all
+ - traefik
+ build:
+ context: /home/nixos/docker/core
+ dockerfile: Dockerfile
+ container_name: traefik
+ depends_on:
+ authelia:
+ condition: service_started
+ required: true
+ crowdsec:
+ condition: service_started
+ required: true
+ docker-socket-proxy:
+ condition: service_started
+ required: true
+ error-pages:
+ condition: service_started
+ required: true
+ hostname: traefik.lan.ddnsgeek.com
+ healthcheck:
+ test:
+ - CMD-SHELL
+ - traefik healthcheck --ping
+ image: traefik:3
+ labels:
+ io.portainer.accesscontrol.public: ""
+ traefik.docker.network: core_traefik
+ traefik.enable: "true"
+ traefik.http.routers.traefik.entrypoints: websecure
+ traefik.http.routers.traefik.middlewares: authelia
+ traefik.http.routers.traefik.observability.tracing: "true"
+ traefik.http.routers.traefik.rule: Host(`traefik.lan.ddnsgeek.com`)
+ traefik.http.routers.traefik.service: api@internal
+ traefik.http.routers.traefik.tls.certresolver: myresolver
+ traefik.http.routers.traefik.tls.options: mtls-private-admin@file
+ networks:
+ traefik: null
+ ports:
+ - mode: ingress
+ target: 80
+ published: "80"
+ protocol: tcp
+ - mode: ingress
+ target: 443
+ published: "443"
+ protocol: tcp
+ read_only: true
+ restart: always
+ volumes:
+ - type: bind
+ source: /home/nixos/docker/core/traefik/data/letsencrypt
+ target: /letsencrypt
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/core/traefik/data/logs
+ target: /logs
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/core/traefik/certs
+ target: /etc/traefik/certs
+ read_only: true
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/core/traefik/dynamic.yml
+ target: /etc/traefik/dynamic.yml
+ read_only: true
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/core/traefik/traefik.yml
+ target: /etc/traefik/traefik.yml
+ read_only: true
+ bind:
+ create_host_path: true
+ - type: bind
+ source: /home/nixos/docker/core/traefik/data/plugins
+ target: /plugins-storage
+ bind:
+ create_host_path: true
+networks:
+ gramps:
+ name: core_gramps
+ monitor:
+ name: core_monitor
+ nextcloud:
+ name: core_nextcloud
+ passbolt:
+ name: core_passbolt
+ traefik:
+ name: core_traefik
+ driver: bridge
+ ipam:
+ config:
+ - subnet: 172.21.0.0/16
+secrets:
+ influxdb_init_password:
+ name: core_influxdb_init_password
+ file: /home/nixos/docker/secrets/influxdb_init_password.txt
+ nextcloud_admin_password:
+ name: core_nextcloud_admin_password
+ file: /home/nixos/docker/secrets/nextcloud_admin_password.txt
+ nextcloud_db_password:
+ name: core_nextcloud_db_password
+ file: /home/nixos/docker/secrets/nextcloud_db_password.txt
+ nextcloud_db_root_password:
+ name: core_nextcloud_db_root_password
+ file: /home/nixos/docker/secrets/nextcloud_db_root_password.txt
+ nextcloud_redis_password:
+ name: core_nextcloud_redis_password
+ file: /home/nixos/docker/secrets/nextcloud_redis_password.txt
+ nextcloud_smtp_password:
+ name: core_nextcloud_smtp_password
+ file: /home/nixos/docker/secrets/nextcloud_smtp_password.txt
+ passbolt_db_password:
+ name: core_passbolt_db_password
+ file: /home/nixos/docker/secrets/passbolt_db_password.txt
diff --git a/docs/generated/traefik-routes.md b/docs/generated/traefik-routes.md
index f7e82b1..1e3d05c 100644
--- a/docs/generated/traefik-routes.md
+++ b/docs/generated/traefik-routes.md
@@ -1,3 +1,21 @@
# Traefik Routes
-No Traefik routes were detected.
+| Service | Router | Rule | Entrypoints | TLS | Middlewares | Target Port |
+|---|---|---|---|---|---|---|
+| authelia | authelia | Host(`auth.lan.ddnsgeek.com`) | websecure | true | | |
+| error-pages | error-pages-router | HostRegexp(`{host:.+}`) | web | | error-pages-middleware | |
+| gitea | gitea | Host(`gitea.lan.ddnsgeek.com`) | websecure | true | | 3000 |
+| gotify | gotify | Host(`gotify.lan.ddnsgeek.com`) | websecure | | | 80 |
+| grafana | grafana | Host(`grafana.lan.ddnsgeek.com`) | websecure | | | 3000 |
+| grampsweb | gramps | Host(`familytree.lan.ddnsgeek.com`) | websecure | | | 5000 |
+| influxdb | influxdb | Host(`influxdb.lan.ddnsgeek.com`) | websecure | | authelia | 8086 |
+| monitor-kuma | monitor | Host(`monitor-kuma.lan.ddnsgeek.com`) | websecure | true | | 3001 |
+| mtls-bridge | mtls-bridge | Host(`mtls-bridge.lan.ddnsgeek.com`) | websecure | | mtls-bridge-auth,mtls-bridge-cors | 8080 |
+| mtls-bridge | mtls-bridge-preflight | Host(`mtls-bridge.lan.ddnsgeek.com`) && Method(`OPTIONS`) | websecure | | mtls-bridge-cors | |
+| nextcloud-webapp | nextcloud | Host(`nextcloud.lan.ddnsgeek.com`) | websecure | | nextcloud-dav, nextcloud-webfinger | |
+| node-red | node-red | Host(`node-red.lan.ddnsgeek.com`) | websecure | | authelia | 1880 |
+| passbolt-webapp | passbolt | Host(`passbolt.lan.ddnsgeek.com`) | websecure | | | |
+| portainer | portainer | Host(`portainer.lan.ddnsgeek.com`) | websecure | true | | 9000 |
+| prometheus | prometheus | Host(`prometheus.lan.ddnsgeek.com`) | websecure | | authelia | 9090 |
+| searxng-webapp | searxng | Host(`searxng.lan.ddnsgeek.com`) | websecure | | | 8080 |
+| traefik | traefik | Host(`traefik.lan.ddnsgeek.com`) | websecure | | authelia | |
diff --git a/docs/public/compose-inventory.md b/docs/public/compose-inventory.md
index c079bfa..f94b77c 100644
--- a/docs/public/compose-inventory.md
+++ b/docs/public/compose-inventory.md
@@ -1,24 +1,57 @@
# Docker Compose Inventory
-Source fingerprint: `d6aa78e3317a`
+Source fingerprint: `aadce80b9c30`
## Summary
| Item | Count |
|---|---:|
-| Services | 0 |
-| Networks | 0 |
+| Services | 28 |
+| Networks | 5 |
| Volumes | 0 |
## Services
| Service | Container | Image | Build | Profiles | Networks | Ports | Restart |
|---|---|---|---|---|---|---|---|
+| authelia | authelia | authelia/authelia | /home/nixos/docker/core/authelia | core, all, authelia, traefik | traefik | | always |
+| crowdsec | crowdsec | | /home/nixos/docker/core/crowdsec | core, all, crowdsec, traefik | traefik | | always |
+| docker-socket-proxy | docker-socket-proxy | tecnativa/docker-socket-proxy:latest | | monitoring, all, docker-socket-proxy, core, traefik, prometheus | monitor, traefik | | unless-stopped |
+| docker-update-exporter | docker-update-exporter | | /home/nixos/docker/monitoring/docker-exporter | monitoring, all, docker-exporter, prometheus | monitor | | unless-stopped |
+| error-pages | error-pages | tarampampam/error-pages:3 | | core, all, error-pages, traefik | traefik | | always |
+| gitea | gitea | gitea/gitea:latest | | apps, all, gitea | traefik | | always |
+| gitea-runner | gitea-runner | gitea/act_runner:latest | | apps, all, gitea, ci | traefik | | always |
+| gotify | gotify | gotify/server:latest | | monitoring, all, gotify | traefik | | always |
+| grafana | grafana | grafana/grafana:latest | | monitoring, all, grafana | monitor, traefik | | unless-stopped |
+| gramps-redis | gramps-redis | valkey/valkey:8-alpine | | apps, all, gramps | gramps | | always |
+| grampsweb | gramps-web | ghcr.io/gramps-project/grampsweb:latest | | apps, all, gramps | gramps, traefik | | always |
+| grampsweb_celery | gramps-web-celery | ghcr.io/gramps-project/grampsweb:latest | | apps, all, gramps | gramps | | always |
+| influxdb | influxdb | influxdb:2.7 | | monitoring, all, influxdb, prometheus | monitor, traefik | | unless-stopped |
+| monitor-kuma | monitor-kuma | louislam/uptime-kuma:2.1.1 | | monitoring, all, uptime-kuma | monitor, traefik | | always |
+| mtls-bridge | mtls-bridge | | /home/nixos/docker/monitoring/mtls-bridge | monitoring, all, mtls-bridge | monitor, traefik | | unless-stopped |
+| nextcloud-db | nextcloud-db | mariadb:11.4 | | apps, all, nextcloud | nextcloud | | always |
+| nextcloud-redis | nextcloud-redis | redis | | apps, all, nextcloud | nextcloud | | always |
+| nextcloud-webapp | nextcloud-webapp | | /home/nixos/docker/apps/nextcloud | apps, all, nextcloud | nextcloud, traefik | | always |
+| node-exporter | node-exporter | prom/node-exporter:latest | | monitoring, all, node-exporter, prometheus | monitor | | unless-stopped |
+| node-red | node-red | | /home/nixos/docker/monitoring/node-red | monitoring, all, node-red | monitor, traefik | | unless-stopped |
+| passbolt-db | passbolt-db | mariadb:12 | | apps, all, passbolt | passbolt | | always |
+| passbolt-webapp | passbolt-webapp | passbolt/passbolt:latest-ce | | apps, all, passbolt | passbolt, traefik | | always |
+| pihole-exporter | pihole-exporter | ekofr/pihole-exporter:latest | | monitoring, all, pihole-exporter, prometheus | monitor | {'mode': 'ingress', 'target': 9617, 'published': '9617', 'protocol': 'tcp'} | unless-stopped |
+| portainer | portainer | portainer/portainer-ce:latest | | monitoring, all, portainer | traefik | | unless-stopped |
+| prometheus | prometheus | prom/prometheus:latest | | monitoring, all, prometheus | monitor, traefik | | unless-stopped |
+| searxng-webapp | searxng-webapp | searxng/searxng | | apps, all, searxng | traefik | | always |
+| telegraf | telegraf | telegraf:latest | | monitoring, all, telegraf, prometheus | monitor | | unless-stopped |
+| traefik | traefik | traefik:3 | /home/nixos/docker/core | core, all, traefik | traefik | {'mode': 'ingress', 'target': 80, 'published': '80', 'protocol': 'tcp'}, {'mode': 'ingress', 'target': 443, 'published': '443', 'protocol': 'tcp'} | always |
## Networks
| Network | Driver | External |
|---|---|---|
+| gramps | | False |
+| monitor | | False |
+| nextcloud | | False |
+| passbolt | | False |
+| traefik | bridge | False |
## Volumes
diff --git a/docs/public/docker-compose.svg b/docs/public/docker-compose.svg
index 23e03bc..cd8a7c6 100644
--- a/docs/public/docker-compose.svg
+++ b/docs/public/docker-compose.svg
@@ -1,13 +1 @@
-
-
-
-
-
+
diff --git a/docs/public/traefik-routes.md b/docs/public/traefik-routes.md
index f7e82b1..fa19faf 100644
--- a/docs/public/traefik-routes.md
+++ b/docs/public/traefik-routes.md
@@ -1,3 +1,21 @@
# Traefik Routes
-No Traefik routes were detected.
+| Service | Router | Rule | Entrypoints | TLS | Middlewares | Target Port |
+|---|---|---|---|---|---|---|
+| authelia | authelia | Host(``) | websecure | true | | |
+| error-pages | error-pages-router | HostRegexp(`{host:.+}`) | web | | error-pages-middleware | |
+| gitea | gitea | Host(``) | websecure | true | | 3000 |
+| gotify | gotify | Host(``) | websecure | | | 80 |
+| grafana | grafana | Host(``) | websecure | | | 3000 |
+| grampsweb | gramps | Host(``) | websecure | | | 5000 |
+| influxdb | influxdb | Host(``) | websecure | | authelia | 8086 |
+| monitor-kuma | monitor | Host(``) | websecure | true | | 3001 |
+| mtls-bridge | mtls-bridge | Host(``) | websecure | | mtls-bridge-auth,mtls-bridge-cors | 8080 |
+| mtls-bridge | mtls-bridge-preflight | Host(``) && Method(`OPTIONS`) | websecure | | mtls-bridge-cors | |
+| nextcloud-webapp | nextcloud | Host(``) | websecure | | nextcloud-dav, nextcloud-webfinger | |
+| node-red | node-red | Host(``) | websecure | | authelia | 1880 |
+| passbolt-webapp | passbolt | Host(``) | websecure | | | |
+| portainer | portainer | Host(``) | websecure | true | | 9000 |
+| prometheus | prometheus | Host(``) | websecure | | authelia | 9090 |
+| searxng-webapp | searxng | Host(``) | websecure | | | 8080 |
+| traefik | traefik | Host(``) | websecure | | authelia | |
diff --git a/scripts/docs/render-compose-config.sh b/scripts/docs/render-compose-config.sh
index 0619bb0..ad9e847 100755
--- a/scripts/docs/render-compose-config.sh
+++ b/scripts/docs/render-compose-config.sh
@@ -22,4 +22,19 @@ if [ ! -f "$ENV_FILE" ]; then
exit 1
fi
-docker compose -p core --env-file "$ENV_FILE" "${ARGS[@]}" config > docs/generated/docker-compose.resolved.yml
+docker compose -p core --env-file "$ENV_FILE" --profile all "${ARGS[@]}" config > docs/generated/docker-compose.resolved.yml
+
+service_count="$(
+ python3 - <<'PY'
+import yaml
+from pathlib import Path
+
+data = yaml.safe_load(Path("docs/generated/docker-compose.resolved.yml").read_text()) or {}
+print(len(data.get("services") or {}))
+PY
+)"
+
+if [ "$service_count" -eq 0 ]; then
+ echo "ERROR: rendered compose config contains zero services; check --profile all / COMPOSE_PROFILES." >&2
+ exit 1
+fi