From 8d18ab7059a1f6d0034d7dc7837b2627a6e3c59e Mon Sep 17 00:00:00 2001 From: beatz174-bit Date: Wed, 13 May 2026 08:33:26 +1000 Subject: [PATCH] Fix docs compose rendering to include all profiles --- docs/diagrams/docker-compose.dot | 71 + docs/diagrams/docker-compose.svg | 14 +- docs/generated/compose-inventory.md | 39 +- docs/generated/docker-compose.resolved.yml | 1354 +++++++++++++++++++- docs/generated/traefik-routes.md | 20 +- docs/public/compose-inventory.md | 39 +- docs/public/docker-compose.svg | 14 +- docs/public/traefik-routes.md | 20 +- scripts/docs/render-compose-config.sh | 17 +- 9 files changed, 1552 insertions(+), 36 deletions(-) diff --git a/docs/diagrams/docker-compose.dot b/docs/diagrams/docker-compose.dot index 4eff403..d378433 100644 --- a/docs/diagrams/docker-compose.dot +++ b/docs/diagrams/docker-compose.dot @@ -1,4 +1,75 @@ digraph Compose { rankdir=LR; node [fontname=Helvetica]; + "svc:authelia" [label="authelia", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:crowdsec" [label="crowdsec", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:docker-socket-proxy" [label="docker-socket-proxy", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:docker-update-exporter" [label="docker-update-exporter", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:error-pages" [label="error-pages", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:gitea" [label="gitea", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:gitea-runner" [label="gitea-runner", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:gotify" [label="gotify", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:grafana" [label="grafana", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:gramps-redis" [label="gramps-redis", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:grampsweb" [label="grampsweb", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:grampsweb_celery" [label="grampsweb_celery", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:influxdb" [label="influxdb", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:monitor-kuma" [label="monitor-kuma", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:mtls-bridge" [label="mtls-bridge", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:nextcloud-db" [label="nextcloud-db", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:nextcloud-redis" [label="nextcloud-redis", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:nextcloud-webapp" [label="nextcloud-webapp", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:node-exporter" [label="node-exporter", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:node-red" [label="node-red", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:passbolt-db" [label="passbolt-db", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:passbolt-webapp" [label="passbolt-webapp", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:pihole-exporter" [label="pihole-exporter", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:portainer" [label="portainer", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:prometheus" [label="prometheus", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:searxng-webapp" [label="searxng-webapp", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:telegraf" [label="telegraf", shape=box, style=filled, fillcolor="#dfefff"]; + "svc:traefik" [label="traefik", shape=box, style=filled, fillcolor="#dfefff"]; + "net:gramps" [label="gramps", shape=ellipse, style=filled, fillcolor="#f4f4f4"]; + "net:monitor" [label="monitor", shape=ellipse, style=filled, fillcolor="#f4f4f4"]; + "net:nextcloud" [label="nextcloud", shape=ellipse, style=filled, fillcolor="#f4f4f4"]; + "net:passbolt" [label="passbolt", shape=ellipse, style=filled, fillcolor="#f4f4f4"]; + "net:traefik" [label="traefik", shape=ellipse, style=filled, fillcolor="#f4f4f4"]; + "svc:authelia" -> "net:traefik"; + "svc:crowdsec" -> "net:traefik"; + "svc:docker-socket-proxy" -> "net:monitor"; + "svc:docker-socket-proxy" -> "net:traefik"; + "svc:docker-update-exporter" -> "net:monitor"; + "svc:error-pages" -> "net:traefik"; + "svc:gitea" -> "net:traefik"; + "svc:gitea-runner" -> "net:traefik"; + "svc:gotify" -> "net:traefik"; + "svc:grafana" -> "net:monitor"; + "svc:grafana" -> "net:traefik"; + "svc:gramps-redis" -> "net:gramps"; + "svc:grampsweb" -> "net:gramps"; + "svc:grampsweb" -> "net:traefik"; + "svc:grampsweb_celery" -> "net:gramps"; + "svc:influxdb" -> "net:monitor"; + "svc:influxdb" -> "net:traefik"; + "svc:monitor-kuma" -> "net:monitor"; + "svc:monitor-kuma" -> "net:traefik"; + "svc:mtls-bridge" -> "net:monitor"; + "svc:mtls-bridge" -> "net:traefik"; + "svc:nextcloud-db" -> "net:nextcloud"; + "svc:nextcloud-redis" -> "net:nextcloud"; + "svc:nextcloud-webapp" -> "net:nextcloud"; + "svc:nextcloud-webapp" -> "net:traefik"; + "svc:node-exporter" -> "net:monitor"; + "svc:node-red" -> "net:monitor"; + "svc:node-red" -> "net:traefik"; + "svc:passbolt-db" -> "net:passbolt"; + "svc:passbolt-webapp" -> "net:passbolt"; + "svc:passbolt-webapp" -> "net:traefik"; + "svc:pihole-exporter" -> "net:monitor"; + "svc:portainer" -> "net:traefik"; + "svc:prometheus" -> "net:monitor"; + "svc:prometheus" -> "net:traefik"; + "svc:searxng-webapp" -> "net:traefik"; + "svc:telegraf" -> "net:monitor"; + "svc:traefik" -> "net:traefik"; } diff --git a/docs/diagrams/docker-compose.svg b/docs/diagrams/docker-compose.svg index 23e03bc..cd8a7c6 100644 --- a/docs/diagrams/docker-compose.svg +++ b/docs/diagrams/docker-compose.svg @@ -1,13 +1 @@ - - - - - - -Compose - - - +Graphviz dot not found in environment. diff --git a/docs/generated/compose-inventory.md b/docs/generated/compose-inventory.md index c079bfa..f94b77c 100644 --- a/docs/generated/compose-inventory.md +++ b/docs/generated/compose-inventory.md @@ -1,24 +1,57 @@ # Docker Compose Inventory -Source fingerprint: `d6aa78e3317a` +Source fingerprint: `aadce80b9c30` ## Summary | Item | Count | |---|---:| -| Services | 0 | -| Networks | 0 | +| Services | 28 | +| Networks | 5 | | Volumes | 0 | ## Services | Service | Container | Image | Build | Profiles | Networks | Ports | Restart | |---|---|---|---|---|---|---|---| +| authelia | authelia | authelia/authelia | /home/nixos/docker/core/authelia | core, all, authelia, traefik | traefik | | always | +| crowdsec | crowdsec | | /home/nixos/docker/core/crowdsec | core, all, crowdsec, traefik | traefik | | always | +| docker-socket-proxy | docker-socket-proxy | tecnativa/docker-socket-proxy:latest | | monitoring, all, docker-socket-proxy, core, traefik, prometheus | monitor, traefik | | unless-stopped | +| docker-update-exporter | docker-update-exporter | | /home/nixos/docker/monitoring/docker-exporter | monitoring, all, docker-exporter, prometheus | monitor | | unless-stopped | +| error-pages | error-pages | tarampampam/error-pages:3 | | core, all, error-pages, traefik | traefik | | always | +| gitea | gitea | gitea/gitea:latest | | apps, all, gitea | traefik | | always | +| gitea-runner | gitea-runner | gitea/act_runner:latest | | apps, all, gitea, ci | traefik | | always | +| gotify | gotify | gotify/server:latest | | monitoring, all, gotify | traefik | | always | +| grafana | grafana | grafana/grafana:latest | | monitoring, all, grafana | monitor, traefik | | unless-stopped | +| gramps-redis | gramps-redis | valkey/valkey:8-alpine | | apps, all, gramps | gramps | | always | +| grampsweb | gramps-web | ghcr.io/gramps-project/grampsweb:latest | | apps, all, gramps | gramps, traefik | | always | +| grampsweb_celery | gramps-web-celery | ghcr.io/gramps-project/grampsweb:latest | | apps, all, gramps | gramps | | always | +| influxdb | influxdb | influxdb:2.7 | | monitoring, all, influxdb, prometheus | monitor, traefik | | unless-stopped | +| monitor-kuma | monitor-kuma | louislam/uptime-kuma:2.1.1 | | monitoring, all, uptime-kuma | monitor, traefik | | always | +| mtls-bridge | mtls-bridge | | /home/nixos/docker/monitoring/mtls-bridge | monitoring, all, mtls-bridge | monitor, traefik | | unless-stopped | +| nextcloud-db | nextcloud-db | mariadb:11.4 | | apps, all, nextcloud | nextcloud | | always | +| nextcloud-redis | nextcloud-redis | redis | | apps, all, nextcloud | nextcloud | | always | +| nextcloud-webapp | nextcloud-webapp | | /home/nixos/docker/apps/nextcloud | apps, all, nextcloud | nextcloud, traefik | | always | +| node-exporter | node-exporter | prom/node-exporter:latest | | monitoring, all, node-exporter, prometheus | monitor | | unless-stopped | +| node-red | node-red | | /home/nixos/docker/monitoring/node-red | monitoring, all, node-red | monitor, traefik | | unless-stopped | +| passbolt-db | passbolt-db | mariadb:12 | | apps, all, passbolt | passbolt | | always | +| passbolt-webapp | passbolt-webapp | passbolt/passbolt:latest-ce | | apps, all, passbolt | passbolt, traefik | | always | +| pihole-exporter | pihole-exporter | ekofr/pihole-exporter:latest | | monitoring, all, pihole-exporter, prometheus | monitor | {'mode': 'ingress', 'target': 9617, 'published': '9617', 'protocol': 'tcp'} | unless-stopped | +| portainer | portainer | portainer/portainer-ce:latest | | monitoring, all, portainer | traefik | | unless-stopped | +| prometheus | prometheus | prom/prometheus:latest | | monitoring, all, prometheus | monitor, traefik | | unless-stopped | +| searxng-webapp | searxng-webapp | searxng/searxng | | apps, all, searxng | traefik | | always | +| telegraf | telegraf | telegraf:latest | | monitoring, all, telegraf, prometheus | monitor | | unless-stopped | +| traefik | traefik | traefik:3 | /home/nixos/docker/core | core, all, traefik | traefik | {'mode': 'ingress', 'target': 80, 'published': '80', 'protocol': 'tcp'}, {'mode': 'ingress', 'target': 443, 'published': '443', 'protocol': 'tcp'} | always | ## Networks | Network | Driver | External | |---|---|---| +| gramps | | False | +| monitor | | False | +| nextcloud | | False | +| passbolt | | False | +| traefik | bridge | False | ## Volumes diff --git a/docs/generated/docker-compose.resolved.yml b/docs/generated/docker-compose.resolved.yml index 2a4d71d..ba3fb36 100644 --- a/docs/generated/docker-compose.resolved.yml +++ b/docs/generated/docker-compose.resolved.yml @@ -1,2 +1,1354 @@ name: core -services: {} +services: + authelia: + profiles: + - core + - all + - authelia + - traefik + build: + context: /home/nixos/docker/core/authelia + dockerfile: Dockerfile + container_name: authelia + image: authelia/authelia + labels: + io.portainer.accesscontrol.public: "" + traefik.enable: "true" + traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/ + traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups + traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize: "2097152" + traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: "true" + traefik.http.routers.authelia.entrypoints: websecure + traefik.http.routers.authelia.rule: Host(`auth.lan.ddnsgeek.com`) + traefik.http.routers.authelia.tls: "true" + traefik.http.routers.authelia.tls.certresolver: myresolver + networks: + traefik: null + restart: always + volumes: + - type: bind + source: /home/nixos/docker/core/authelia + target: /config + bind: + create_host_path: true + crowdsec: + profiles: + - core + - all + - crowdsec + - traefik + build: + context: /home/nixos/docker/core/crowdsec + dockerfile: Dockerfile + container_name: crowdsec + environment: + COLLECTIONS: crowdsecurity/traefik + healthcheck: + test: + - CMD-SHELL + - cscli metrics || exit 1 + timeout: 10s + interval: 30s + retries: 3 + start_period: 15s + networks: + traefik: null + restart: always + volumes: + - type: bind + source: /home/nixos/docker/core/crowdsec/logs + target: /logs + read_only: true + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/core/crowdsec/data + target: /var/lib/crowdsec/data + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/core/crowdsec/config + target: /etc/crowdsec + bind: + create_host_path: true + docker-socket-proxy: + profiles: + - monitoring + - all + - docker-socket-proxy + - core + - traefik + - prometheus + cap_drop: + - ALL + container_name: docker-socket-proxy + environment: + ALLOW_RESTARTS: "1" + ALLOW_START: "1" + ALLOW_STOP: "1" + AUTH: "1" + BUILD: "0" + COMMIT: "0" + CONFIGS: "0" + CONTAINERS: "1" + DELETE: "1" + DISABLE_IPV6: "0" + DISTRIBUTION: "1" + EVENTS: "1" + EXEC: "1" + IMAGES: "1" + INFO: "1" + LOG_LEVEL: info + NETWORKS: "1" + NODES: "1" + PING: "1" + PLUGINS: "0" + POST: "1" + SECRETS: "1" + SERVICES: "1" + SESSION: "0" + SWARM: "1" + SYSTEM: "1" + TASKS: "1" + VERSION: "1" + VOLUMES: "1" + hostname: docker-socket-proxy + image: tecnativa/docker-socket-proxy:latest + networks: + monitor: null + traefik: null + restart: unless-stopped + security_opt: + - no-new-privileges:true + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + read_only: true + bind: + create_host_path: true + docker-update-exporter: + profiles: + - monitoring + - all + - docker-exporter + - prometheus + build: + context: /home/nixos/docker/monitoring/docker-exporter + dockerfile: Dockerfile + cap_drop: + - ALL + container_name: docker-update-exporter + depends_on: + docker-socket-proxy: + condition: service_started + required: true + environment: + DOCKER_HOST: tcp://docker-socket-proxy:2375 + LOG_LEVEL: INFO + healthcheck: + test: + - CMD + - python + - -c + - import urllib.request; urllib.request.urlopen('http://localhost:9105/metrics') + timeout: 5s + interval: 30s + retries: 3 + start_period: 10s + networks: + monitor: null + restart: unless-stopped + security_opt: + - no-new-privileges:true + volumes: + - type: bind + source: /root/.docker/config.json + target: /root/.docker/config.json + read_only: true + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/monitoring/docker-exporter/data + target: /data + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker + target: /compose + read_only: true + bind: + create_host_path: true + error-pages: + profiles: + - core + - all + - error-pages + - traefik + container_name: error-pages + environment: + TEMPLATE_NAME: app-down + hostname: error-pages + image: tarampampam/error-pages:3 + labels: + io.portainer.accesscontrol.public: "" + traefik.enable: "true" + traefik.http.middlewares.error-pages-middleware.errors.query: /{status}.html + traefik.http.middlewares.error-pages-middleware.errors.service: error-pages-service + traefik.http.middlewares.error-pages-middleware.errors.status: 400-599 + traefik.http.routers.error-pages-router.entrypoints: web + traefik.http.routers.error-pages-router.middlewares: error-pages-middleware + traefik.http.routers.error-pages-router.rule: HostRegexp(`{host:.+}`) + traefik.http.services.error-pages-service.loadbalancer.server.port: "8080" + networks: + traefik: null + read_only: true + restart: always + gitea: + profiles: + - apps + - all + - gitea + container_name: gitea + environment: + GITEA__actions__ENABLED: "true" + GITEA__database__DB_TYPE: sqlite3 + GITEA__server__ROOT_URL: https://gitea.lan.ddnsgeek.com/ + USER_GID: "1000" + USER_UID: "1000" + healthcheck: + test: + - CMD-SHELL + - curl -fsS http://localhost:3000/api/healthz >/dev/null + timeout: 5s + interval: 30s + retries: 6 + start_period: 2m0s + image: gitea/gitea:latest + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.routers.gitea.entrypoints: websecure + traefik.http.routers.gitea.rule: Host(`gitea.lan.ddnsgeek.com`) + traefik.http.routers.gitea.tls: "true" + traefik.http.routers.gitea.tls.certresolver: myresolver + traefik.http.services.gitea.loadbalancer.server.port: "3000" + networks: + traefik: null + restart: always + volumes: + - type: bind + source: /home/nixos/docker/apps/gitea/data + target: /data + bind: + create_host_path: true + gitea-runner: + profiles: + - apps + - all + - gitea + - ci + container_name: gitea-runner + depends_on: + docker-socket-proxy: + condition: service_started + required: true + gitea: + condition: service_started + required: true + environment: + DOCKER_HOST: tcp://docker-socket-proxy:2375 + GITEA_INSTANCE_URL: https://gitea.lan.ddnsgeek.com/ + GITEA_RUNNER_LABELS: ubuntu-latest:docker://node:20-bookworm,ubuntu-22.04:docker://node:20-bookworm,linux:docker://node:20-bookworm,docker:docker://docker:cli + GITEA_RUNNER_NAME: docker-runner-01 + GITEA_RUNNER_REGISTRATION_TOKEN: vYDNxzMvayREkXoaAR3x3UREkxQB2PU4eORzmkZ9 + image: gitea/act_runner:latest + networks: + traefik: null + restart: always + volumes: + - type: bind + source: /home/nixos/docker/apps/gitea/runner-data + target: /data + bind: + create_host_path: true + gotify: + profiles: + - monitoring + - all + - gotify + container_name: gotify + environment: + GOTIFY_DEFAULTUSER_NAME: "" + GOTIFY_DEFAULTUSER_PASS: "" + GOTIFY_REGISTRATION: "false" + TZ: Australia/Brisbane + image: gotify/server:latest + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.routers.gotify.entrypoints: websecure + traefik.http.routers.gotify.rule: Host(`gotify.lan.ddnsgeek.com`) + traefik.http.routers.gotify.tls.certresolver: myresolver + traefik.http.routers.gotify.tls.options: mtls-private-admin@file + traefik.http.services.gotify.loadbalancer.server.port: "80" + networks: + traefik: null + restart: always + volumes: + - type: bind + source: /home/nixos/docker/monitoring/gotify/data + target: /app/data + bind: + create_host_path: true + grafana: + profiles: + - monitoring + - all + - grafana + container_name: grafana + environment: + GF_SERVER_ROOT_URL: https://grafana.lan.ddnsgeek.com/ + healthcheck: + test: + - CMD + - wget + - --spider + - -q + - http://localhost:3000/api/health + timeout: 10s + interval: 30s + retries: 3 + start_period: 30s + image: grafana/grafana:latest + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.routers.grafana.entrypoints: websecure + traefik.http.routers.grafana.rule: Host(`grafana.lan.ddnsgeek.com`) + traefik.http.routers.grafana.tls.certresolver: myresolver + traefik.http.routers.grafana.tls.options: mtls-private-admin@file + traefik.http.services.grafana.loadbalancer.server.port: "3000" + networks: + monitor: null + traefik: null + restart: unless-stopped + volumes: + - type: bind + source: /home/nixos/docker/monitoring/grafana/data + target: /var/lib/grafana + bind: + create_host_path: true + gramps-redis: + profiles: + - apps + - all + - gramps + container_name: gramps-redis + healthcheck: + test: + - CMD-SHELL + - valkey-cli -h 127.0.0.1 -p 6379 ping | grep -q PONG + timeout: 5s + interval: 10s + retries: 6 + start_period: 10s + image: valkey/valkey:8-alpine + networks: + gramps: null + restart: always + grampsweb: + profiles: + - apps + - all + - gramps + container_name: gramps-web + depends_on: + gramps-redis: + condition: service_started + required: true + grampsweb_celery: + condition: service_started + required: true + environment: + GRAMPSWEB_BASE_URL: https://familytree.lan.ddnsgeek.com + GRAMPSWEB_CELERY_CONFIG__broker_url: redis://gramps-redis:6379/0 + GRAMPSWEB_CELERY_CONFIG__result_backend: redis://gramps-redis:6379/0 + GRAMPSWEB_DEFAULT_FROM_EMAIL: beatz174@gmail.com + GRAMPSWEB_EMAIL_HOST: smtp.gmail.com + GRAMPSWEB_EMAIL_HOST_PASSWORD: "" + GRAMPSWEB_EMAIL_HOST_USER: "" + GRAMPSWEB_EMAIL_PORT: "587" + GRAMPSWEB_EMAIL_USE_SSL: "false" + GRAMPSWEB_EMAIL_USE_STARTTLS: "true" + GRAMPSWEB_RATELIMIT_STORAGE_URI: redis://gramps-redis:6379/1 + GRAMPSWEB_REGISTRATION_DISABLED: "true" + GRAMPSWEB_SECRET_KEY: "" + GRAMPSWEB_TREE: main + TZ: Australia/Brisbane + healthcheck: + test: + - CMD-SHELL + - wget -qO- http://127.0.0.1:5000/ >/dev/null + timeout: 5s + interval: 30s + retries: 6 + start_period: 1m0s + image: ghcr.io/gramps-project/grampsweb:latest + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.routers.gramps.entrypoints: websecure + traefik.http.routers.gramps.rule: Host(`familytree.lan.ddnsgeek.com`) + traefik.http.routers.gramps.tls.certresolver: myresolver + traefik.http.services.gramps.loadbalancer.server.port: "5000" + networks: + gramps: null + traefik: null + restart: always + volumes: + - type: bind + source: /home/nixos/docker/apps/gramps/data/users + target: /app/users + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/index + target: /app/indexdir + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/thumbnail_cache + target: /app/thumbnail_cache + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/cache + target: /app/cache + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/secret + target: /app/secret + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/db + target: /root/.gramps/grampsdb + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/media + target: /app/media + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/tmp + target: /tmp + bind: + create_host_path: true + grampsweb_celery: + profiles: + - apps + - all + - gramps + command: + - celery + - -A + - gramps_webapi.celery + - worker + - --loglevel=INFO + - --concurrency=2 + container_name: gramps-web-celery + depends_on: + gramps-redis: + condition: service_started + required: true + environment: + GRAMPSWEB_BASE_URL: https://familytree.lan.ddnsgeek.com + GRAMPSWEB_CELERY_CONFIG__broker_url: redis://gramps-redis:6379/0 + GRAMPSWEB_CELERY_CONFIG__result_backend: redis://gramps-redis:6379/0 + GRAMPSWEB_DEFAULT_FROM_EMAIL: beatz174@gmail.com + GRAMPSWEB_EMAIL_HOST: smtp.gmail.com + GRAMPSWEB_EMAIL_HOST_PASSWORD: "" + GRAMPSWEB_EMAIL_HOST_USER: "" + GRAMPSWEB_EMAIL_PORT: "587" + GRAMPSWEB_EMAIL_USE_SSL: "false" + GRAMPSWEB_EMAIL_USE_STARTTLS: "true" + GRAMPSWEB_RATELIMIT_STORAGE_URI: redis://gramps-redis:6379/1 + GRAMPSWEB_REGISTRATION_DISABLED: "true" + GRAMPSWEB_SECRET_KEY: "" + GRAMPSWEB_TREE: main + TZ: Australia/Brisbane + healthcheck: + test: + - CMD-SHELL + - pgrep -f "celery.*gramps_webapi.celery.*worker" >/dev/null + timeout: 5s + interval: 30s + retries: 6 + start_period: 1m0s + image: ghcr.io/gramps-project/grampsweb:latest + networks: + gramps: null + restart: always + volumes: + - type: bind + source: /home/nixos/docker/apps/gramps/data/users + target: /app/users + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/index + target: /app/indexdir + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/thumbnail_cache + target: /app/thumbnail_cache + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/cache + target: /app/cache + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/secret + target: /app/secret + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/db + target: /root/.gramps/grampsdb + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/media + target: /app/media + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/gramps/data/tmp + target: /tmp + bind: + create_host_path: true + influxdb: + profiles: + - monitoring + - all + - influxdb + - prometheus + container_name: influxdb + environment: + DOCKER_INFLUXDB_INIT_BUCKET: telemetry + DOCKER_INFLUXDB_INIT_MODE: setup + DOCKER_INFLUXDB_INIT_ORG: pbs + DOCKER_INFLUXDB_INIT_PASSWORD_FILE: /run/secrets/influxdb_init_password + DOCKER_INFLUXDB_INIT_USERNAME: "" + healthcheck: + test: + - CMD-SHELL + - curl -f http://localhost:8086/health || exit 1 + timeout: 5s + interval: 30s + retries: 3 + start_period: 10s + image: influxdb:2.7 + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.routers.influxdb.entrypoints: websecure + traefik.http.routers.influxdb.middlewares: authelia + traefik.http.routers.influxdb.rule: Host(`influxdb.lan.ddnsgeek.com`) + traefik.http.routers.influxdb.tls.certresolver: myresolver + traefik.http.routers.influxdb.tls.options: mtls-private-admin@file + traefik.http.services.influxdb.loadbalancer.server.port: "8086" + networks: + monitor: null + traefik: null + restart: unless-stopped + secrets: + - source: influxdb_init_password + target: /run/secrets/influxdb_init_password + volumes: + - type: bind + source: /home/nixos/docker/monitoring/influxdb + target: /var/lib/influxdb2 + bind: + create_host_path: true + monitor-kuma: + profiles: + - monitoring + - all + - uptime-kuma + container_name: monitor-kuma + depends_on: + docker-socket-proxy: + condition: service_started + required: true + environment: + DOCKER_HOST: tcp://docker-socket-proxy:2375 + image: louislam/uptime-kuma:2.1.1 + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.routers.monitor.entrypoints: websecure + traefik.http.routers.monitor.rule: Host(`monitor-kuma.lan.ddnsgeek.com`) + traefik.http.routers.monitor.tls: "true" + traefik.http.routers.monitor.tls.certresolver: myresolver + traefik.http.routers.monitor.tls.options: mtls-private-admin@file + traefik.http.services.monitor.loadbalancer.server.port: "3001" + networks: + monitor: null + traefik: null + restart: always + volumes: + - type: bind + source: /home/nixos/docker/monitoring/uptime-kuma/data + target: /app/data + bind: + create_host_path: true + mtls-bridge: + profiles: + - monitoring + - all + - mtls-bridge + build: + context: /home/nixos/docker/monitoring/mtls-bridge + dockerfile: Dockerfile + container_name: mtls-bridge + environment: + ALLOWED_PATHS_FILE: "" + CLIENT_CERT: /certs/clients/office-pc/office-pc.crt + CLIENT_KEY: /certs/clients/office-pc/office-pc.key + LOG_LEVEL: DEBUG + TARGET_URL: http://node-red:1880 + TIMEOUT: "5" + UPSTREAM_CA_CERT: "" + hostname: mtls-bridge.lan.ddnsgeek.com + healthcheck: + test: + - CMD + - python + - -c + - import urllib.request; urllib.request.urlopen('http://localhost:8080/_mtls_bridge/health', timeout=3).read() + timeout: 5s + interval: 30s + retries: 3 + start_period: 10s + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.middlewares.mtls-bridge-auth.basicauth.users: "" + traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowcredentials: "true" + traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowheaders: authorization,content-type,x-grafana-action,x-grafana-device-id + traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowmethods: GET,POST,PUT,PATCH,DELETE,OPTIONS + traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolalloworiginlist: https://grafana.lan.ddnsgeek.com + traefik.http.middlewares.mtls-bridge-cors.headers.addvaryheader: "true" + traefik.http.routers.mtls-bridge-preflight.entrypoints: websecure + traefik.http.routers.mtls-bridge-preflight.middlewares: mtls-bridge-cors + traefik.http.routers.mtls-bridge-preflight.priority: "100" + traefik.http.routers.mtls-bridge-preflight.rule: Host(`mtls-bridge.lan.ddnsgeek.com`) && Method(`OPTIONS`) + traefik.http.routers.mtls-bridge-preflight.service: mtls-bridge + traefik.http.routers.mtls-bridge-preflight.tls.certresolver: myresolver + traefik.http.routers.mtls-bridge.entrypoints: websecure + traefik.http.routers.mtls-bridge.middlewares: mtls-bridge-auth,mtls-bridge-cors + traefik.http.routers.mtls-bridge.rule: Host(`mtls-bridge.lan.ddnsgeek.com`) + traefik.http.routers.mtls-bridge.tls.certresolver: myresolver + traefik.http.services.mtls-bridge.loadbalancer.server.port: "8080" + networks: + monitor: null + traefik: null + restart: unless-stopped + volumes: + - type: bind + source: /home/nixos/docker/core/traefik/certs + target: /certs + read_only: true + bind: + create_host_path: true + nextcloud-db: + profiles: + - apps + - all + - nextcloud + command: + - --transaction-isolation=READ-COMMITTED + - --log-bin=binlog + - --binlog-format=ROW + container_name: nextcloud-db + environment: + MARIADB_AUTO_UPGRADE: "1" + MYSQL_DATABASE: nextcloud + MYSQL_PASSWORD_FILE: /run/secrets/nextcloud_db_password + MYSQL_ROOT_PASSWORD_FILE: /run/secrets/nextcloud_db_root_password + MYSQL_USER: "" + NEXTCLOUD_ADMIN_PASSWORD_FILE: /run/secrets/nextcloud_admin_password + NEXTCLOUD_ADMIN_USER: "" + hostname: nextcloud_db + healthcheck: + test: + - CMD-SHELL + - mariadb-admin ping -u $$MYSQL_USER --password=$$(cat /run/secrets/nextcloud_db_password) --silent + timeout: 5s + interval: 10s + retries: 12 + start_period: 1m0s + image: mariadb:11.4 + labels: + io.portainer.accesscontrol.public: "" + networks: + nextcloud: null + restart: always + secrets: + - source: nextcloud_db_root_password + target: /run/secrets/nextcloud_db_root_password + - source: nextcloud_db_password + target: /run/secrets/nextcloud_db_password + - source: nextcloud_admin_password + target: /run/secrets/nextcloud_admin_password + volumes: + - type: bind + source: /home/nixos/docker/apps/nextcloud/database + target: /var/lib/mysql + bind: + create_host_path: true + nextcloud-redis: + profiles: + - apps + - all + - nextcloud + command: + - sh + - -c + - redis-server --requirepass "$$(cat /run/secrets/nextcloud_redis_password)" --appendonly yes --save 60 1000 + container_name: nextcloud-redis + hostname: redis + healthcheck: + test: + - CMD-SHELL + - redis-cli -a "$$(cat /run/secrets/nextcloud_redis_password)" PING | grep -q PONG + timeout: 5s + interval: 10s + retries: 6 + start_period: 10s + image: redis + labels: + io.portainer.accesscontrol.public: "" + networks: + nextcloud: null + restart: always + secrets: + - source: nextcloud_redis_password + target: /run/secrets/nextcloud_redis_password + volumes: + - type: bind + source: /home/nixos/docker/apps/nextcloud/data/redis + target: /data + bind: + create_host_path: true + nextcloud-webapp: + profiles: + - apps + - all + - nextcloud + build: + context: /home/nixos/docker/apps/nextcloud + dockerfile: Dockerfile + container_name: nextcloud-webapp + depends_on: + nextcloud-db: + condition: service_started + required: true + nextcloud-redis: + condition: service_started + required: true + environment: + MAIL_DOMAIN: "" + MAIL_FROM_ADDRESS: "" + MYSQL_DATABASE: nextcloud + MYSQL_HOST: nextcloud_db:3306 + MYSQL_PASSWORD_FILE: /run/secrets/nextcloud_db_password + MYSQL_USER: "" + NEXTCLOUD_TRUSTED_DOMAINS: nextcloud.lan.ddnsgeek.com + OVERWRITECLIURL: https://nextcloud.lan.ddnsgeek.com + OVERWRITEPROTOCOL: https + REDIS_HOST: redis + REDIS_HOST_PASSWORD_FILE: /run/secrets/nextcloud_redis_password + REDIS_HOST_PORT: "6379" + SMTP_AUTHTYPE: login + SMTP_HOST: smtp.gmail.com + SMTP_NAME: "" + SMTP_PASSWORD_FILE: /run/secrets/nextcloud_smtp_password + SMTP_PORT: "587" + SMTP_SECURE: tls + hostname: nextcloud.lan.ddnsgeek.com + healthcheck: + test: + - CMD-SHELL + - 'php -r ''$$f=@fsockopen("127.0.0.1",80,$$e,$$s,2); if(!$$f) exit(1); fwrite($$f,"GET /status.php HTTP/1.0\r\nHost: localhost\r\nConnection: close\r\n\r\n"); $$o=""; while(!feof($$f)){$$o.=fgets($$f,1024);} fclose($$f); if(strpos($$o,"\"installed\":true")===false) exit(1);''' + timeout: 5s + interval: 30s + retries: 6 + start_period: 3m0s + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.middlewares.nextcloud-dav.replacepathregex.regex: ^/.well-known/ca(l|rd)dav + traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement: /remote.php/dav/ + traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.regex: ^/.well-known/nodeinfo + traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.replacement: /nextcloud/index.php/.well-known/nodeinfo/ + traefik.http.middlewares.nextcloud-webfinger.redirectregex.permanent: "true" + traefik.http.middlewares.nextcloud-webfinger.redirectregex.regex: https://(.*)/.well-known/webfinger + traefik.http.middlewares.nextcloud-webfinger.redirectregex.replacement: https://$${1}/nextcloud/index.php/.well-known/webfinger + traefik.http.routers.nextcloud.entrypoints: websecure + traefik.http.routers.nextcloud.middlewares: nextcloud-dav, nextcloud-webfinger + traefik.http.routers.nextcloud.rule: Host(`nextcloud.lan.ddnsgeek.com`) + traefik.http.routers.nextcloud.tls.certresolver: myresolver + networks: + nextcloud: null + traefik: null + restart: always + secrets: + - source: nextcloud_db_password + target: /run/secrets/nextcloud_db_password + - source: nextcloud_smtp_password + target: /run/secrets/nextcloud_smtp_password + - source: nextcloud_redis_password + target: /run/secrets/nextcloud_redis_password + volumes: + - type: bind + source: /home/nixos/docker/apps/nextcloud/data + target: /var/www/html/data + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/nextcloud/config + target: /var/www/html/config + bind: + create_host_path: true + - type: tmpfs + target: /tmp:exec + node-exporter: + profiles: + - monitoring + - all + - node-exporter + - prometheus + command: + - --path.procfs=/host/proc + - --path.sysfs=/host/sys + - --path.rootfs=/rootfs + container_name: node-exporter + healthcheck: + test: + - CMD + - wget + - --spider + - -q + - http://localhost:9100/metrics + timeout: 10s + interval: 30s + retries: 3 + image: prom/node-exporter:latest + networks: + monitor: null + pid: host + restart: unless-stopped + volumes: + - type: bind + source: /proc + target: /host/proc + read_only: true + bind: + create_host_path: true + - type: bind + source: /sys + target: /host/sys + read_only: true + bind: + create_host_path: true + - type: bind + source: / + target: /rootfs + read_only: true + bind: + create_host_path: true + node-red: + profiles: + - monitoring + - all + - node-red + build: + context: /home/nixos/docker/monitoring/node-red + dockerfile: Dockerfile + cap_drop: + - ALL + container_name: node-red + depends_on: + docker-socket-proxy: + condition: service_started + required: true + environment: + DOCKER_HOST: tcp://docker-socket-proxy:2375 + PROJECT_ROOT: /compose + TZ: Australia/Brisbane + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.routers.node-red.entrypoints: websecure + traefik.http.routers.node-red.middlewares: authelia + traefik.http.routers.node-red.rule: Host(`node-red.lan.ddnsgeek.com`) + traefik.http.routers.node-red.tls.certresolver: myresolver + traefik.http.routers.node-red.tls.options: mtls-private-admin@file + traefik.http.services.node-red.loadbalancer.server.port: "1880" + networks: + monitor: null + traefik: null + restart: unless-stopped + security_opt: + - no-new-privileges:true + volumes: + - type: bind + source: /home/nixos/docker/monitoring/node-red/data + target: /data + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker + target: /compose/docker + read_only: true + bind: + create_host_path: true + - type: bind + source: /home/nixos/raspi + target: /compose/raspi + read_only: true + bind: + create_host_path: true + passbolt-db: + profiles: + - apps + - all + - passbolt + container_name: passbolt-db + environment: + MYSQL_DATABASE: "" + MYSQL_PASSWORD_FILE: /run/secrets/passbolt_db_password + MYSQL_RANDOM_ROOT_PASSWORD: "true" + MYSQL_USER: "" + healthcheck: + test: + - CMD-SHELL + - mariadb-admin ping -h 127.0.0.1 -u"$$MYSQL_USER" -p"$$(cat /run/secrets/passbolt_db_password)" --silent + timeout: 5s + interval: 10s + retries: 12 + start_period: 1m0s + image: mariadb:12 + labels: + io.portainer.accesscontrol.public: "" + networks: + passbolt: null + restart: always + secrets: + - source: passbolt_db_password + target: /run/secrets/passbolt_db_password + volumes: + - type: bind + source: /home/nixos/docker/apps/passbolt/data/database + target: /var/lib/mysql + bind: + create_host_path: true + passbolt-webapp: + profiles: + - apps + - all + - passbolt + command: + - /usr/bin/wait-for.sh + - -t + - "0" + - passbolt-db:3306 + - -- + - /docker-entrypoint.sh + container_name: passbolt-webapp + depends_on: + passbolt-db: + condition: service_started + required: true + environment: + APP_FULL_BASE_URL: https://passbolt.lan.ddnsgeek.com + DATASOURCES_DEFAULT_DATABASE: "" + DATASOURCES_DEFAULT_HOST: passbolt-db + DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/passbolt_db_password + DATASOURCES_DEFAULT_USERNAME: "" + PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: "" + healthcheck: + test: + - CMD-SHELL + - curl -fsS http://localhost/healthcheck/status | grep -qx OK + timeout: 10s + interval: 30s + retries: 6 + start_period: 2m0s + image: passbolt/passbolt:latest-ce + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.routers.passbolt.entrypoints: websecure + traefik.http.routers.passbolt.rule: Host(`passbolt.lan.ddnsgeek.com`) + traefik.http.routers.passbolt.tls.certresolver: myresolver + networks: + passbolt: null + traefik: null + restart: always + secrets: + - source: passbolt_db_password + target: /run/secrets/passbolt_db_password + volumes: + - type: bind + source: /home/nixos/docker/apps/passbolt/data/gpg + target: /etc/passbolt/gpg + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/apps/passbolt/data/jwt + target: /etc/passbolt/jwt + bind: + create_host_path: true + pihole-exporter: + profiles: + - monitoring + - all + - pihole-exporter + - prometheus + container_name: pihole-exporter + environment: + PIHOLE_HOSTNAME: pihole.sweet.home + PIHOLE_PASSWORD: "" + PORT: "9617" + image: ekofr/pihole-exporter:latest + networks: + monitor: null + ports: + - mode: ingress + target: 9617 + published: "9617" + protocol: tcp + restart: unless-stopped + portainer: + profiles: + - monitoring + - all + - portainer + command: + - -H + - tcp://docker-socket-proxy:2375 + container_name: portainer + depends_on: + docker-socket-proxy: + condition: service_started + required: true + environment: + DOCKER_HOST: tcp://docker-socket-proxy:2375 + GODEBUG: netdns=cgo + TZ: Australia/Brisbane + image: portainer/portainer-ce:latest + labels: + io.portainer.accesscontrol.public: "" + traefik.enable: "true" + traefik.http.routers.portainer.entrypoints: websecure + traefik.http.routers.portainer.rule: Host(`portainer.lan.ddnsgeek.com`) + traefik.http.routers.portainer.tls: "true" + traefik.http.routers.portainer.tls.certresolver: myresolver + traefik.http.routers.portainer.tls.options: mtls-private-admin@file + traefik.http.services.portainer.loadbalancer.server.port: "9000" + networks: + traefik: null + restart: unless-stopped + volumes: + - type: bind + source: /home/nixos/docker/monitoring/portainer/data + target: /data + bind: + create_host_path: true + prometheus: + profiles: + - monitoring + - all + - prometheus + command: + - --config.file=/etc/prometheus/prometheus.yml + - --storage.tsdb.path=/prometheus + - --storage.tsdb.retention.time=15d + container_name: prometheus + depends_on: + docker-update-exporter: + condition: service_started + required: true + influxdb: + condition: service_started + required: true + node-exporter: + condition: service_started + required: true + pihole-exporter: + condition: service_started + required: true + telegraf: + condition: service_started + required: true + healthcheck: + test: + - CMD + - wget + - --spider + - -q + - http://localhost:9090/-/healthy + timeout: 10s + interval: 30s + retries: 3 + start_period: 30s + image: prom/prometheus:latest + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.routers.prometheus.entrypoints: websecure + traefik.http.routers.prometheus.middlewares: authelia + traefik.http.routers.prometheus.rule: Host(`prometheus.lan.ddnsgeek.com`) + traefik.http.routers.prometheus.tls.certresolver: myresolver + traefik.http.routers.prometheus.tls.options: mtls-private-admin@file + traefik.http.services.prometheus.loadbalancer.server.port: "9090" + networks: + monitor: null + traefik: null + restart: unless-stopped + volumes: + - type: bind + source: /home/nixos/docker/monitoring/prometheus/prometheus.yml + target: /etc/prometheus/prometheus.yml + read_only: true + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/monitoring/prometheus/data + target: /prometheus + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/monitoring/prometheus/rules + target: /etc/prometheus/rules + read_only: true + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/secrets/prometheus_kuma_basic_auth_password.txt + target: /run/secrets/prometheus_kuma_basic_auth_password + read_only: true + bind: + create_host_path: true + searxng-webapp: + profiles: + - apps + - all + - searxng + container_name: searxng-webapp + hostname: searxng.lan.ddnsgeek.com + healthcheck: + test: + - CMD-SHELL + - python3 -c "import urllib.request,sys; r=urllib.request.urlopen('http://127.0.0.1:8080/', timeout=3); sys.exit(0 if 200<=r.status<400 else 1)" + timeout: 5s + interval: 20s + retries: 8 + start_period: 30s + image: searxng/searxng + labels: + io.portainer.accesscontrol.public: "" + traefik.enable: "true" + traefik.http.routers.searxng.entrypoints: websecure + traefik.http.routers.searxng.rule: Host(`searxng.lan.ddnsgeek.com`) + traefik.http.routers.searxng.tls.certresolver: myresolver + traefik.http.services.searxng.loadbalancer.server.port: "8080" + networks: + traefik: null + read_only: true + restart: always + tmpfs: + - /tmp + - /var + - /run + telegraf: + profiles: + - monitoring + - all + - telegraf + - prometheus + container_name: telegraf + depends_on: + docker-socket-proxy: + condition: service_started + required: true + healthcheck: + test: + - CMD-SHELL + - curl -f http://localhost:9273/metrics || exit 1 + timeout: 5s + interval: 30s + retries: 3 + start_period: 10s + image: telegraf:latest + networks: + monitor: null + restart: unless-stopped + security_opt: + - no-new-privileges:true + volumes: + - type: bind + source: /home/nixos/docker/monitoring/telegraf/telegraf.conf + target: /etc/telegraf/telegraf.conf + read_only: true + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/monitoring/node-red/data + target: /var/log/node-red + read_only: true + bind: + create_host_path: true + traefik: + profiles: + - core + - all + - traefik + build: + context: /home/nixos/docker/core + dockerfile: Dockerfile + container_name: traefik + depends_on: + authelia: + condition: service_started + required: true + crowdsec: + condition: service_started + required: true + docker-socket-proxy: + condition: service_started + required: true + error-pages: + condition: service_started + required: true + hostname: traefik.lan.ddnsgeek.com + healthcheck: + test: + - CMD-SHELL + - traefik healthcheck --ping + image: traefik:3 + labels: + io.portainer.accesscontrol.public: "" + traefik.docker.network: core_traefik + traefik.enable: "true" + traefik.http.routers.traefik.entrypoints: websecure + traefik.http.routers.traefik.middlewares: authelia + traefik.http.routers.traefik.observability.tracing: "true" + traefik.http.routers.traefik.rule: Host(`traefik.lan.ddnsgeek.com`) + traefik.http.routers.traefik.service: api@internal + traefik.http.routers.traefik.tls.certresolver: myresolver + traefik.http.routers.traefik.tls.options: mtls-private-admin@file + networks: + traefik: null + ports: + - mode: ingress + target: 80 + published: "80" + protocol: tcp + - mode: ingress + target: 443 + published: "443" + protocol: tcp + read_only: true + restart: always + volumes: + - type: bind + source: /home/nixos/docker/core/traefik/data/letsencrypt + target: /letsencrypt + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/core/traefik/data/logs + target: /logs + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/core/traefik/certs + target: /etc/traefik/certs + read_only: true + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/core/traefik/dynamic.yml + target: /etc/traefik/dynamic.yml + read_only: true + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/core/traefik/traefik.yml + target: /etc/traefik/traefik.yml + read_only: true + bind: + create_host_path: true + - type: bind + source: /home/nixos/docker/core/traefik/data/plugins + target: /plugins-storage + bind: + create_host_path: true +networks: + gramps: + name: core_gramps + monitor: + name: core_monitor + nextcloud: + name: core_nextcloud + passbolt: + name: core_passbolt + traefik: + name: core_traefik + driver: bridge + ipam: + config: + - subnet: 172.21.0.0/16 +secrets: + influxdb_init_password: + name: core_influxdb_init_password + file: /home/nixos/docker/secrets/influxdb_init_password.txt + nextcloud_admin_password: + name: core_nextcloud_admin_password + file: /home/nixos/docker/secrets/nextcloud_admin_password.txt + nextcloud_db_password: + name: core_nextcloud_db_password + file: /home/nixos/docker/secrets/nextcloud_db_password.txt + nextcloud_db_root_password: + name: core_nextcloud_db_root_password + file: /home/nixos/docker/secrets/nextcloud_db_root_password.txt + nextcloud_redis_password: + name: core_nextcloud_redis_password + file: /home/nixos/docker/secrets/nextcloud_redis_password.txt + nextcloud_smtp_password: + name: core_nextcloud_smtp_password + file: /home/nixos/docker/secrets/nextcloud_smtp_password.txt + passbolt_db_password: + name: core_passbolt_db_password + file: /home/nixos/docker/secrets/passbolt_db_password.txt diff --git a/docs/generated/traefik-routes.md b/docs/generated/traefik-routes.md index f7e82b1..1e3d05c 100644 --- a/docs/generated/traefik-routes.md +++ b/docs/generated/traefik-routes.md @@ -1,3 +1,21 @@ # Traefik Routes -No Traefik routes were detected. +| Service | Router | Rule | Entrypoints | TLS | Middlewares | Target Port | +|---|---|---|---|---|---|---| +| authelia | authelia | Host(`auth.lan.ddnsgeek.com`) | websecure | true | | | +| error-pages | error-pages-router | HostRegexp(`{host:.+}`) | web | | error-pages-middleware | | +| gitea | gitea | Host(`gitea.lan.ddnsgeek.com`) | websecure | true | | 3000 | +| gotify | gotify | Host(`gotify.lan.ddnsgeek.com`) | websecure | | | 80 | +| grafana | grafana | Host(`grafana.lan.ddnsgeek.com`) | websecure | | | 3000 | +| grampsweb | gramps | Host(`familytree.lan.ddnsgeek.com`) | websecure | | | 5000 | +| influxdb | influxdb | Host(`influxdb.lan.ddnsgeek.com`) | websecure | | authelia | 8086 | +| monitor-kuma | monitor | Host(`monitor-kuma.lan.ddnsgeek.com`) | websecure | true | | 3001 | +| mtls-bridge | mtls-bridge | Host(`mtls-bridge.lan.ddnsgeek.com`) | websecure | | mtls-bridge-auth,mtls-bridge-cors | 8080 | +| mtls-bridge | mtls-bridge-preflight | Host(`mtls-bridge.lan.ddnsgeek.com`) && Method(`OPTIONS`) | websecure | | mtls-bridge-cors | | +| nextcloud-webapp | nextcloud | Host(`nextcloud.lan.ddnsgeek.com`) | websecure | | nextcloud-dav, nextcloud-webfinger | | +| node-red | node-red | Host(`node-red.lan.ddnsgeek.com`) | websecure | | authelia | 1880 | +| passbolt-webapp | passbolt | Host(`passbolt.lan.ddnsgeek.com`) | websecure | | | | +| portainer | portainer | Host(`portainer.lan.ddnsgeek.com`) | websecure | true | | 9000 | +| prometheus | prometheus | Host(`prometheus.lan.ddnsgeek.com`) | websecure | | authelia | 9090 | +| searxng-webapp | searxng | Host(`searxng.lan.ddnsgeek.com`) | websecure | | | 8080 | +| traefik | traefik | Host(`traefik.lan.ddnsgeek.com`) | websecure | | authelia | | diff --git a/docs/public/compose-inventory.md b/docs/public/compose-inventory.md index c079bfa..f94b77c 100644 --- a/docs/public/compose-inventory.md +++ b/docs/public/compose-inventory.md @@ -1,24 +1,57 @@ # Docker Compose Inventory -Source fingerprint: `d6aa78e3317a` +Source fingerprint: `aadce80b9c30` ## Summary | Item | Count | |---|---:| -| Services | 0 | -| Networks | 0 | +| Services | 28 | +| Networks | 5 | | Volumes | 0 | ## Services | Service | Container | Image | Build | Profiles | Networks | Ports | Restart | |---|---|---|---|---|---|---|---| +| authelia | authelia | authelia/authelia | /home/nixos/docker/core/authelia | core, all, authelia, traefik | traefik | | always | +| crowdsec | crowdsec | | /home/nixos/docker/core/crowdsec | core, all, crowdsec, traefik | traefik | | always | +| docker-socket-proxy | docker-socket-proxy | tecnativa/docker-socket-proxy:latest | | monitoring, all, docker-socket-proxy, core, traefik, prometheus | monitor, traefik | | unless-stopped | +| docker-update-exporter | docker-update-exporter | | /home/nixos/docker/monitoring/docker-exporter | monitoring, all, docker-exporter, prometheus | monitor | | unless-stopped | +| error-pages | error-pages | tarampampam/error-pages:3 | | core, all, error-pages, traefik | traefik | | always | +| gitea | gitea | gitea/gitea:latest | | apps, all, gitea | traefik | | always | +| gitea-runner | gitea-runner | gitea/act_runner:latest | | apps, all, gitea, ci | traefik | | always | +| gotify | gotify | gotify/server:latest | | monitoring, all, gotify | traefik | | always | +| grafana | grafana | grafana/grafana:latest | | monitoring, all, grafana | monitor, traefik | | unless-stopped | +| gramps-redis | gramps-redis | valkey/valkey:8-alpine | | apps, all, gramps | gramps | | always | +| grampsweb | gramps-web | ghcr.io/gramps-project/grampsweb:latest | | apps, all, gramps | gramps, traefik | | always | +| grampsweb_celery | gramps-web-celery | ghcr.io/gramps-project/grampsweb:latest | | apps, all, gramps | gramps | | always | +| influxdb | influxdb | influxdb:2.7 | | monitoring, all, influxdb, prometheus | monitor, traefik | | unless-stopped | +| monitor-kuma | monitor-kuma | louislam/uptime-kuma:2.1.1 | | monitoring, all, uptime-kuma | monitor, traefik | | always | +| mtls-bridge | mtls-bridge | | /home/nixos/docker/monitoring/mtls-bridge | monitoring, all, mtls-bridge | monitor, traefik | | unless-stopped | +| nextcloud-db | nextcloud-db | mariadb:11.4 | | apps, all, nextcloud | nextcloud | | always | +| nextcloud-redis | nextcloud-redis | redis | | apps, all, nextcloud | nextcloud | | always | +| nextcloud-webapp | nextcloud-webapp | | /home/nixos/docker/apps/nextcloud | apps, all, nextcloud | nextcloud, traefik | | always | +| node-exporter | node-exporter | prom/node-exporter:latest | | monitoring, all, node-exporter, prometheus | monitor | | unless-stopped | +| node-red | node-red | | /home/nixos/docker/monitoring/node-red | monitoring, all, node-red | monitor, traefik | | unless-stopped | +| passbolt-db | passbolt-db | mariadb:12 | | apps, all, passbolt | passbolt | | always | +| passbolt-webapp | passbolt-webapp | passbolt/passbolt:latest-ce | | apps, all, passbolt | passbolt, traefik | | always | +| pihole-exporter | pihole-exporter | ekofr/pihole-exporter:latest | | monitoring, all, pihole-exporter, prometheus | monitor | {'mode': 'ingress', 'target': 9617, 'published': '9617', 'protocol': 'tcp'} | unless-stopped | +| portainer | portainer | portainer/portainer-ce:latest | | monitoring, all, portainer | traefik | | unless-stopped | +| prometheus | prometheus | prom/prometheus:latest | | monitoring, all, prometheus | monitor, traefik | | unless-stopped | +| searxng-webapp | searxng-webapp | searxng/searxng | | apps, all, searxng | traefik | | always | +| telegraf | telegraf | telegraf:latest | | monitoring, all, telegraf, prometheus | monitor | | unless-stopped | +| traefik | traefik | traefik:3 | /home/nixos/docker/core | core, all, traefik | traefik | {'mode': 'ingress', 'target': 80, 'published': '80', 'protocol': 'tcp'}, {'mode': 'ingress', 'target': 443, 'published': '443', 'protocol': 'tcp'} | always | ## Networks | Network | Driver | External | |---|---|---| +| gramps | | False | +| monitor | | False | +| nextcloud | | False | +| passbolt | | False | +| traefik | bridge | False | ## Volumes diff --git a/docs/public/docker-compose.svg b/docs/public/docker-compose.svg index 23e03bc..cd8a7c6 100644 --- a/docs/public/docker-compose.svg +++ b/docs/public/docker-compose.svg @@ -1,13 +1 @@ - - - - - - -Compose - - - +Graphviz dot not found in environment. diff --git a/docs/public/traefik-routes.md b/docs/public/traefik-routes.md index f7e82b1..fa19faf 100644 --- a/docs/public/traefik-routes.md +++ b/docs/public/traefik-routes.md @@ -1,3 +1,21 @@ # Traefik Routes -No Traefik routes were detected. +| Service | Router | Rule | Entrypoints | TLS | Middlewares | Target Port | +|---|---|---|---|---|---|---| +| authelia | authelia | Host(``) | websecure | true | | | +| error-pages | error-pages-router | HostRegexp(`{host:.+}`) | web | | error-pages-middleware | | +| gitea | gitea | Host(``) | websecure | true | | 3000 | +| gotify | gotify | Host(``) | websecure | | | 80 | +| grafana | grafana | Host(``) | websecure | | | 3000 | +| grampsweb | gramps | Host(``) | websecure | | | 5000 | +| influxdb | influxdb | Host(``) | websecure | | authelia | 8086 | +| monitor-kuma | monitor | Host(``) | websecure | true | | 3001 | +| mtls-bridge | mtls-bridge | Host(``) | websecure | | mtls-bridge-auth,mtls-bridge-cors | 8080 | +| mtls-bridge | mtls-bridge-preflight | Host(``) && Method(`OPTIONS`) | websecure | | mtls-bridge-cors | | +| nextcloud-webapp | nextcloud | Host(``) | websecure | | nextcloud-dav, nextcloud-webfinger | | +| node-red | node-red | Host(``) | websecure | | authelia | 1880 | +| passbolt-webapp | passbolt | Host(``) | websecure | | | | +| portainer | portainer | Host(``) | websecure | true | | 9000 | +| prometheus | prometheus | Host(``) | websecure | | authelia | 9090 | +| searxng-webapp | searxng | Host(``) | websecure | | | 8080 | +| traefik | traefik | Host(``) | websecure | | authelia | | diff --git a/scripts/docs/render-compose-config.sh b/scripts/docs/render-compose-config.sh index 0619bb0..ad9e847 100755 --- a/scripts/docs/render-compose-config.sh +++ b/scripts/docs/render-compose-config.sh @@ -22,4 +22,19 @@ if [ ! -f "$ENV_FILE" ]; then exit 1 fi -docker compose -p core --env-file "$ENV_FILE" "${ARGS[@]}" config > docs/generated/docker-compose.resolved.yml +docker compose -p core --env-file "$ENV_FILE" --profile all "${ARGS[@]}" config > docs/generated/docker-compose.resolved.yml + +service_count="$( + python3 - <<'PY' +import yaml +from pathlib import Path + +data = yaml.safe_load(Path("docs/generated/docker-compose.resolved.yml").read_text()) or {} +print(len(data.get("services") or {})) +PY +)" + +if [ "$service_count" -eq 0 ]; then + echo "ERROR: rendered compose config contains zero services; check --profile all / COMPOSE_PROFILES." >&2 + exit 1 +fi