Split core and prometheus compose files by service

core/authelia/docker-compose.yml

@@ -0,0 +1,30 @@
+services:
+  authelia:
+    profiles: ["core","all","traefik"]
+    image: authelia/authelia
+    restart: always
+    build:
+      context: ${PROJECT_ROOT}/core/authelia
+#    env_file:
+#      - ${PROJECT_ROOT}/secrets/stack-secrets.env
+#    environment:
+#      - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:${AUTHELIA_JWT_SECRET}
+#      - AUTHELIA_SESSION_SECRET:${AUTHELIA_SESSION_SECRET}
+#      - AUTHELIA_STORAGE_ENCRYPTION_KEY:${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+    volumes:
+      - ${PROJECT_ROOT}/core/authelia:/config
+    networks:
+#      - reverse_proxy
+      - traefik
+    container_name: authelia
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.authelia.rule=Host(`auth.lan.ddnsgeek.com`)
+      - traefik.http.routers.authelia.entrypoints=websecure
+      - traefik.http.routers.authelia.tls=true
+      - traefik.http.routers.authelia.tls.certresolver=myresolver
+      - io.portainer.accesscontrol.public
+      - traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/
+      - traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
+      - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups
+      - traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize=2097152

core/crowdsec/docker-compose.yml

@@ -0,0 +1,23 @@
+services:
+  crowdsec:
+#    image: crowdsecurity/crowdsec:latest
+    profiles: ["core","all","traefik"]
+    build: ${PROJECT_ROOT}/core/crowdsec
+    container_name: crowdsec
+    restart: always
+    environment:
+      - COLLECTIONS=crowdsecurity/traefik
+#      - CROWDSEC_LAPI_KEY=${CROWDSEC_LAPI_KEY}
+    volumes:
+      - ${PROJECT_ROOT}/core/crowdsec/logs:/logs:ro
+      - ${PROJECT_ROOT}/core/crowdsec/data:/var/lib/crowdsec/data
+      - ${PROJECT_ROOT}/core/crowdsec/config:/etc/crowdsec
+    networks:
+#      - reverse_proxy
+      - traefik
+    healthcheck:
+      test: ["CMD-SHELL", "cscli metrics || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 15s

core/docker-compose.yml

@@ -1,132 +1 @@
-services:
-  traefik:
-    profiles: ["core","all","traefik"]
-    image: traefik:3
-    container_name: traefik
-    restart: always
-    read_only: true
-    hostname: traefik.lan.ddnsgeek.com
-    depends_on:
-      - docker-socket-proxy
-      - error-pages
-      - authelia
-      - crowdsec
-
-    ports:
-      - "80:80"
-      - "443:443"
-
-    build:
-      context: ${PROJECT_ROOT}/core
- #   env_file:
- #     - ${PROJECT_ROOT}/secrets/stack-secrets.env
-
-    volumes:
-      - ${PROJECT_ROOT}/core/traefik/data/letsencrypt:/letsencrypt
-      - ${PROJECT_ROOT}/core/traefik/data/logs:/logs
-      - ${PROJECT_ROOT}/core/traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro
-      - ${PROJECT_ROOT}/core/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
-      - ${PROJECT_ROOT}/core/traefik/data/plugins:/plugins-storage
-
-    healthcheck:
-      test: traefik healthcheck --ping
-
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.traefik.rule=Host(`traefik.lan.ddnsgeek.com`)"
-      - "traefik.http.routers.traefik.service=api@internal"
-      - "traefik.http.routers.traefik.entrypoints=websecure"
-      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
-      - "traefik.http.routers.traefik.middlewares=authelia"
-      - "io.portainer.accesscontrol.public"
-      - "traefik.docker.network=core_traefik"
-      - "traefik.http.routers.traefik.observability.tracing=true"
-
-    networks:
-#      - reverse_proxy
-#      - prometheus_edge
-      - traefik
-  crowdsec:
-#    image: crowdsecurity/crowdsec:latest
-    profiles: ["core","all","traefik"]
-    build: ${PROJECT_ROOT}/core/crowdsec
-    container_name: crowdsec
-    restart: always
-    environment:
-      - COLLECTIONS=crowdsecurity/traefik
-#      - CROWDSEC_LAPI_KEY=${CROWDSEC_LAPI_KEY}
-    volumes:
-      - ${PROJECT_ROOT}/core/crowdsec/logs:/logs:ro
-      - ${PROJECT_ROOT}/core/crowdsec/data:/var/lib/crowdsec/data
-      - ${PROJECT_ROOT}/core/crowdsec/config:/etc/crowdsec
-    networks:
-#      - reverse_proxy
-      - traefik
-    healthcheck:
-      test: ["CMD-SHELL", "cscli metrics || exit 1"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-      start_period: 15s
-
-  error-pages:
-    profiles: ["core","all","traefik"]
-    image: tarampampam/error-pages:3
-    restart: always
-    container_name: error-pages
-    read_only: true
-    environment:
-      TEMPLATE_NAME: ${ERROR_PAGES_TEMPLATE_NAME}
-    networks:
-#      - reverse_proxy
-      - traefik
-    hostname: error-pages
-    labels:
-      - "traefik.enable=true"
-      # use as "fallback" for any NON-registered services (with priority below normal)
-      - "traefik.http.routers.error-pages-router.rule=HostRegexp(`{host:.+}`)"
-      # should say that all of your services work on https
-      - "traefik.http.routers.error-pages-router.entrypoints=web"
-      - "traefik.http.routers.error-pages-router.middlewares=error-pages-middleware"
-      # "errors" middleware settings
-      - "traefik.http.middlewares.error-pages-middleware.errors.status=400-599"
-      - "traefik.http.middlewares.error-pages-middleware.errors.service=error-pages-service"
-      - "traefik.http.middlewares.error-pages-middleware.errors.query=/{status}.html"
-      # define service properties
-      - "traefik.http.services.error-pages-service.loadbalancer.server.port=8080"
-      - "io.portainer.accesscontrol.public"
-
-  authelia:
-    profiles: ["core","all","traefik"]
-    image: authelia/authelia
-    restart: always
-    build:
-      context: ${PROJECT_ROOT}/core/authelia
-#    env_file:
-#      - ${PROJECT_ROOT}/secrets/stack-secrets.env
-#    environment:
-#      - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:${AUTHELIA_JWT_SECRET}
-#      - AUTHELIA_SESSION_SECRET:${AUTHELIA_SESSION_SECRET}
-#      - AUTHELIA_STORAGE_ENCRYPTION_KEY:${AUTHELIA_STORAGE_ENCRYPTION_KEY}
-    volumes:
-      - ${PROJECT_ROOT}/core/authelia:/config
-    networks:
-#      - reverse_proxy
-      - traefik
-    container_name: authelia
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.authelia.rule=Host(`auth.lan.ddnsgeek.com`)
-      - traefik.http.routers.authelia.entrypoints=websecure
-      - traefik.http.routers.authelia.tls=true
-      - traefik.http.routers.authelia.tls.certresolver=myresolver
-      - io.portainer.accesscontrol.public
-      - traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/
-      - traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
-      - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups
-      - traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize=2097152
-#networks:
-#  reverse_proxy:
-#    driver: bridge
-#  prometheus_edge:
-#    external: true
+services: {}

core/error-pages/docker-compose.yml

@@ -0,0 +1,27 @@
+services:
+  error-pages:
+    profiles: ["core","all","traefik"]
+    image: tarampampam/error-pages:3
+    restart: always
+    container_name: error-pages
+    read_only: true
+    environment:
+      TEMPLATE_NAME: ${ERROR_PAGES_TEMPLATE_NAME}
+    networks:
+#      - reverse_proxy
+      - traefik
+    hostname: error-pages
+    labels:
+      - "traefik.enable=true"
+      # use as "fallback" for any NON-registered services (with priority below normal)
+      - "traefik.http.routers.error-pages-router.rule=HostRegexp(`{host:.+}`)"
+      # should say that all of your services work on https
+      - "traefik.http.routers.error-pages-router.entrypoints=web"
+      - "traefik.http.routers.error-pages-router.middlewares=error-pages-middleware"
+      # "errors" middleware settings
+      - "traefik.http.middlewares.error-pages-middleware.errors.status=400-599"
+      - "traefik.http.middlewares.error-pages-middleware.errors.service=error-pages-service"
+      - "traefik.http.middlewares.error-pages-middleware.errors.query=/{status}.html"
+      # define service properties
+      - "traefik.http.services.error-pages-service.loadbalancer.server.port=8080"
+      - "io.portainer.accesscontrol.public"

core/traefik/docker-compose.yml

@@ -0,0 +1,48 @@
+services:
+  traefik:
+    profiles: ["core","all","traefik"]
+    image: traefik:3
+    container_name: traefik
+    restart: always
+    read_only: true
+    hostname: traefik.lan.ddnsgeek.com
+    depends_on:
+      - docker-socket-proxy
+      - error-pages
+      - authelia
+      - crowdsec
+
+    ports:
+      - "80:80"
+      - "443:443"
+
+    build:
+      context: ${PROJECT_ROOT}/core
+ #   env_file:
+ #     - ${PROJECT_ROOT}/secrets/stack-secrets.env
+
+    volumes:
+      - ${PROJECT_ROOT}/core/traefik/data/letsencrypt:/letsencrypt
+      - ${PROJECT_ROOT}/core/traefik/data/logs:/logs
+      - ${PROJECT_ROOT}/core/traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      - ${PROJECT_ROOT}/core/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
+      - ${PROJECT_ROOT}/core/traefik/data/plugins:/plugins-storage
+
+    healthcheck:
+      test: traefik healthcheck --ping
+
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.lan.ddnsgeek.com`)"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
+      - "traefik.http.routers.traefik.middlewares=authelia"
+      - "io.portainer.accesscontrol.public"
+      - "traefik.docker.network=core_traefik"
+      - "traefik.http.routers.traefik.observability.tracing=true"
+
+    networks:
+#      - reverse_proxy
+#      - prometheus_edge
+      - traefik