beatz174-bit
1355 lines
40 KiB
YAML
1355 lines
40 KiB
YAML
name: core
|
|
services:
|
|
authelia:
|
|
profiles:
|
|
- core
|
|
- all
|
|
- authelia
|
|
- traefik
|
|
build:
|
|
context: /home/nixos/docker/core/authelia
|
|
dockerfile: Dockerfile
|
|
container_name: authelia
|
|
image: authelia/authelia
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.enable: "true"
|
|
traefik.http.middlewares.authelia.forwardauth.address: http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/
|
|
traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups
|
|
traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize: "2097152"
|
|
traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: "true"
|
|
traefik.http.routers.authelia.entrypoints: websecure
|
|
traefik.http.routers.authelia.rule: Host(`auth.lan.ddnsgeek.com`)
|
|
traefik.http.routers.authelia.tls: "true"
|
|
traefik.http.routers.authelia.tls.certresolver: myresolver
|
|
networks:
|
|
traefik: null
|
|
restart: always
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/core/authelia
|
|
target: /config
|
|
bind:
|
|
create_host_path: true
|
|
crowdsec:
|
|
profiles:
|
|
- core
|
|
- all
|
|
- crowdsec
|
|
- traefik
|
|
build:
|
|
context: /home/nixos/docker/core/crowdsec
|
|
dockerfile: Dockerfile
|
|
container_name: crowdsec
|
|
environment:
|
|
COLLECTIONS: crowdsecurity/traefik
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- cscli metrics || exit 1
|
|
timeout: 10s
|
|
interval: 30s
|
|
retries: 3
|
|
start_period: 15s
|
|
networks:
|
|
traefik: null
|
|
restart: always
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/core/crowdsec/logs
|
|
target: /logs
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/core/crowdsec/data
|
|
target: /var/lib/crowdsec/data
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/core/crowdsec/config
|
|
target: /etc/crowdsec
|
|
bind:
|
|
create_host_path: true
|
|
docker-socket-proxy:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- docker-socket-proxy
|
|
- core
|
|
- traefik
|
|
- prometheus
|
|
cap_drop:
|
|
- ALL
|
|
container_name: docker-socket-proxy
|
|
environment:
|
|
ALLOW_RESTARTS: "1"
|
|
ALLOW_START: "1"
|
|
ALLOW_STOP: "1"
|
|
AUTH: "1"
|
|
BUILD: "0"
|
|
COMMIT: "0"
|
|
CONFIGS: "0"
|
|
CONTAINERS: "1"
|
|
DELETE: "1"
|
|
DISABLE_IPV6: "0"
|
|
DISTRIBUTION: "1"
|
|
EVENTS: "1"
|
|
EXEC: "1"
|
|
IMAGES: "1"
|
|
INFO: "1"
|
|
LOG_LEVEL: info
|
|
NETWORKS: "1"
|
|
NODES: "1"
|
|
PING: "1"
|
|
PLUGINS: "0"
|
|
POST: "1"
|
|
SECRETS: "1"
|
|
SERVICES: "1"
|
|
SESSION: "0"
|
|
SWARM: "1"
|
|
SYSTEM: "1"
|
|
TASKS: "1"
|
|
VERSION: "1"
|
|
VOLUMES: "1"
|
|
hostname: docker-socket-proxy
|
|
image: tecnativa/docker-socket-proxy:latest
|
|
networks:
|
|
monitor: null
|
|
traefik: null
|
|
restart: unless-stopped
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
volumes:
|
|
- type: bind
|
|
source: /var/run/docker.sock
|
|
target: /var/run/docker.sock
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
docker-update-exporter:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- docker-exporter
|
|
- prometheus
|
|
build:
|
|
context: /home/nixos/docker/monitoring/docker-exporter
|
|
dockerfile: Dockerfile
|
|
cap_drop:
|
|
- ALL
|
|
container_name: docker-update-exporter
|
|
depends_on:
|
|
docker-socket-proxy:
|
|
condition: service_started
|
|
required: true
|
|
environment:
|
|
DOCKER_HOST: tcp://docker-socket-proxy:2375
|
|
LOG_LEVEL: INFO
|
|
healthcheck:
|
|
test:
|
|
- CMD
|
|
- python
|
|
- -c
|
|
- import urllib.request; urllib.request.urlopen('http://localhost:9105/metrics')
|
|
timeout: 5s
|
|
interval: 30s
|
|
retries: 3
|
|
start_period: 10s
|
|
networks:
|
|
monitor: null
|
|
restart: unless-stopped
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
volumes:
|
|
- type: bind
|
|
source: /root/.docker/config.json
|
|
target: /root/.docker/config.json
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/docker-exporter/data
|
|
target: /data
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker
|
|
target: /compose
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
error-pages:
|
|
profiles:
|
|
- core
|
|
- all
|
|
- error-pages
|
|
- traefik
|
|
container_name: error-pages
|
|
environment:
|
|
TEMPLATE_NAME: app-down
|
|
hostname: error-pages
|
|
image: tarampampam/error-pages:3
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.enable: "true"
|
|
traefik.http.middlewares.error-pages-middleware.errors.query: /{status}.html
|
|
traefik.http.middlewares.error-pages-middleware.errors.service: error-pages-service
|
|
traefik.http.middlewares.error-pages-middleware.errors.status: 400-599
|
|
traefik.http.routers.error-pages-router.entrypoints: web
|
|
traefik.http.routers.error-pages-router.middlewares: error-pages-middleware
|
|
traefik.http.routers.error-pages-router.rule: HostRegexp(`{host:.+}`)
|
|
traefik.http.services.error-pages-service.loadbalancer.server.port: "8080"
|
|
networks:
|
|
traefik: null
|
|
read_only: true
|
|
restart: always
|
|
gitea:
|
|
profiles:
|
|
- apps
|
|
- all
|
|
- gitea
|
|
container_name: gitea
|
|
environment:
|
|
GITEA__actions__ENABLED: "true"
|
|
GITEA__database__DB_TYPE: sqlite3
|
|
GITEA__server__ROOT_URL: https://gitea.lan.ddnsgeek.com/
|
|
USER_GID: "1000"
|
|
USER_UID: "1000"
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- curl -fsS http://localhost:3000/api/healthz >/dev/null
|
|
timeout: 5s
|
|
interval: 30s
|
|
retries: 6
|
|
start_period: 2m0s
|
|
image: gitea/gitea:latest
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.routers.gitea.entrypoints: websecure
|
|
traefik.http.routers.gitea.rule: Host(`gitea.lan.ddnsgeek.com`)
|
|
traefik.http.routers.gitea.tls: "true"
|
|
traefik.http.routers.gitea.tls.certresolver: myresolver
|
|
traefik.http.services.gitea.loadbalancer.server.port: "3000"
|
|
networks:
|
|
traefik: null
|
|
restart: always
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gitea/data
|
|
target: /data
|
|
bind:
|
|
create_host_path: true
|
|
gitea-runner:
|
|
profiles:
|
|
- apps
|
|
- all
|
|
- gitea
|
|
- ci
|
|
container_name: gitea-runner
|
|
depends_on:
|
|
docker-socket-proxy:
|
|
condition: service_started
|
|
required: true
|
|
gitea:
|
|
condition: service_started
|
|
required: true
|
|
environment:
|
|
DOCKER_HOST: tcp://docker-socket-proxy:2375
|
|
GITEA_INSTANCE_URL: https://gitea.lan.ddnsgeek.com/
|
|
GITEA_RUNNER_LABELS: ubuntu-latest:docker://node:20-bookworm,ubuntu-22.04:docker://node:20-bookworm,linux:docker://node:20-bookworm,docker:docker://docker:cli
|
|
GITEA_RUNNER_NAME: docker-runner-01
|
|
GITEA_RUNNER_REGISTRATION_TOKEN: vYDNxzMvayREkXoaAR3x3UREkxQB2PU4eORzmkZ9
|
|
image: gitea/act_runner:latest
|
|
networks:
|
|
traefik: null
|
|
restart: always
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gitea/runner-data
|
|
target: /data
|
|
bind:
|
|
create_host_path: true
|
|
gotify:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- gotify
|
|
container_name: gotify
|
|
environment:
|
|
GOTIFY_DEFAULTUSER_NAME: ""
|
|
GOTIFY_DEFAULTUSER_PASS: ""
|
|
GOTIFY_REGISTRATION: "false"
|
|
TZ: Australia/Brisbane
|
|
image: gotify/server:latest
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.routers.gotify.entrypoints: websecure
|
|
traefik.http.routers.gotify.rule: Host(`gotify.lan.ddnsgeek.com`)
|
|
traefik.http.routers.gotify.tls.certresolver: myresolver
|
|
traefik.http.routers.gotify.tls.options: mtls-private-admin@file
|
|
traefik.http.services.gotify.loadbalancer.server.port: "80"
|
|
networks:
|
|
traefik: null
|
|
restart: always
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/gotify/data
|
|
target: /app/data
|
|
bind:
|
|
create_host_path: true
|
|
grafana:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- grafana
|
|
container_name: grafana
|
|
environment:
|
|
GF_SERVER_ROOT_URL: https://grafana.lan.ddnsgeek.com/
|
|
healthcheck:
|
|
test:
|
|
- CMD
|
|
- wget
|
|
- --spider
|
|
- -q
|
|
- http://localhost:3000/api/health
|
|
timeout: 10s
|
|
interval: 30s
|
|
retries: 3
|
|
start_period: 30s
|
|
image: grafana/grafana:latest
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.routers.grafana.entrypoints: websecure
|
|
traefik.http.routers.grafana.rule: Host(`grafana.lan.ddnsgeek.com`)
|
|
traefik.http.routers.grafana.tls.certresolver: myresolver
|
|
traefik.http.routers.grafana.tls.options: mtls-private-admin@file
|
|
traefik.http.services.grafana.loadbalancer.server.port: "3000"
|
|
networks:
|
|
monitor: null
|
|
traefik: null
|
|
restart: unless-stopped
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/grafana/data
|
|
target: /var/lib/grafana
|
|
bind:
|
|
create_host_path: true
|
|
gramps-redis:
|
|
profiles:
|
|
- apps
|
|
- all
|
|
- gramps
|
|
container_name: gramps-redis
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- valkey-cli -h 127.0.0.1 -p 6379 ping | grep -q PONG
|
|
timeout: 5s
|
|
interval: 10s
|
|
retries: 6
|
|
start_period: 10s
|
|
image: valkey/valkey:8-alpine
|
|
networks:
|
|
gramps: null
|
|
restart: always
|
|
grampsweb:
|
|
profiles:
|
|
- apps
|
|
- all
|
|
- gramps
|
|
container_name: gramps-web
|
|
depends_on:
|
|
gramps-redis:
|
|
condition: service_started
|
|
required: true
|
|
grampsweb_celery:
|
|
condition: service_started
|
|
required: true
|
|
environment:
|
|
GRAMPSWEB_BASE_URL: https://familytree.lan.ddnsgeek.com
|
|
GRAMPSWEB_CELERY_CONFIG__broker_url: redis://gramps-redis:6379/0
|
|
GRAMPSWEB_CELERY_CONFIG__result_backend: redis://gramps-redis:6379/0
|
|
GRAMPSWEB_DEFAULT_FROM_EMAIL: beatz174@gmail.com
|
|
GRAMPSWEB_EMAIL_HOST: smtp.gmail.com
|
|
GRAMPSWEB_EMAIL_HOST_PASSWORD: ""
|
|
GRAMPSWEB_EMAIL_HOST_USER: ""
|
|
GRAMPSWEB_EMAIL_PORT: "587"
|
|
GRAMPSWEB_EMAIL_USE_SSL: "false"
|
|
GRAMPSWEB_EMAIL_USE_STARTTLS: "true"
|
|
GRAMPSWEB_RATELIMIT_STORAGE_URI: redis://gramps-redis:6379/1
|
|
GRAMPSWEB_REGISTRATION_DISABLED: "true"
|
|
GRAMPSWEB_SECRET_KEY: ""
|
|
GRAMPSWEB_TREE: main
|
|
TZ: Australia/Brisbane
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- wget -qO- http://127.0.0.1:5000/ >/dev/null
|
|
timeout: 5s
|
|
interval: 30s
|
|
retries: 6
|
|
start_period: 1m0s
|
|
image: ghcr.io/gramps-project/grampsweb:latest
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.routers.gramps.entrypoints: websecure
|
|
traefik.http.routers.gramps.rule: Host(`familytree.lan.ddnsgeek.com`)
|
|
traefik.http.routers.gramps.tls.certresolver: myresolver
|
|
traefik.http.services.gramps.loadbalancer.server.port: "5000"
|
|
networks:
|
|
gramps: null
|
|
traefik: null
|
|
restart: always
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/users
|
|
target: /app/users
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/index
|
|
target: /app/indexdir
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/thumbnail_cache
|
|
target: /app/thumbnail_cache
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/cache
|
|
target: /app/cache
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/secret
|
|
target: /app/secret
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/db
|
|
target: /root/.gramps/grampsdb
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/media
|
|
target: /app/media
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/tmp
|
|
target: /tmp
|
|
bind:
|
|
create_host_path: true
|
|
grampsweb_celery:
|
|
profiles:
|
|
- apps
|
|
- all
|
|
- gramps
|
|
command:
|
|
- celery
|
|
- -A
|
|
- gramps_webapi.celery
|
|
- worker
|
|
- --loglevel=INFO
|
|
- --concurrency=2
|
|
container_name: gramps-web-celery
|
|
depends_on:
|
|
gramps-redis:
|
|
condition: service_started
|
|
required: true
|
|
environment:
|
|
GRAMPSWEB_BASE_URL: https://familytree.lan.ddnsgeek.com
|
|
GRAMPSWEB_CELERY_CONFIG__broker_url: redis://gramps-redis:6379/0
|
|
GRAMPSWEB_CELERY_CONFIG__result_backend: redis://gramps-redis:6379/0
|
|
GRAMPSWEB_DEFAULT_FROM_EMAIL: beatz174@gmail.com
|
|
GRAMPSWEB_EMAIL_HOST: smtp.gmail.com
|
|
GRAMPSWEB_EMAIL_HOST_PASSWORD: ""
|
|
GRAMPSWEB_EMAIL_HOST_USER: ""
|
|
GRAMPSWEB_EMAIL_PORT: "587"
|
|
GRAMPSWEB_EMAIL_USE_SSL: "false"
|
|
GRAMPSWEB_EMAIL_USE_STARTTLS: "true"
|
|
GRAMPSWEB_RATELIMIT_STORAGE_URI: redis://gramps-redis:6379/1
|
|
GRAMPSWEB_REGISTRATION_DISABLED: "true"
|
|
GRAMPSWEB_SECRET_KEY: ""
|
|
GRAMPSWEB_TREE: main
|
|
TZ: Australia/Brisbane
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- pgrep -f "celery.*gramps_webapi.celery.*worker" >/dev/null
|
|
timeout: 5s
|
|
interval: 30s
|
|
retries: 6
|
|
start_period: 1m0s
|
|
image: ghcr.io/gramps-project/grampsweb:latest
|
|
networks:
|
|
gramps: null
|
|
restart: always
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/users
|
|
target: /app/users
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/index
|
|
target: /app/indexdir
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/thumbnail_cache
|
|
target: /app/thumbnail_cache
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/cache
|
|
target: /app/cache
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/secret
|
|
target: /app/secret
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/db
|
|
target: /root/.gramps/grampsdb
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/media
|
|
target: /app/media
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/gramps/data/tmp
|
|
target: /tmp
|
|
bind:
|
|
create_host_path: true
|
|
influxdb:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- influxdb
|
|
- prometheus
|
|
container_name: influxdb
|
|
environment:
|
|
DOCKER_INFLUXDB_INIT_BUCKET: telemetry
|
|
DOCKER_INFLUXDB_INIT_MODE: setup
|
|
DOCKER_INFLUXDB_INIT_ORG: pbs
|
|
DOCKER_INFLUXDB_INIT_PASSWORD_FILE: /run/secrets/influxdb_init_password
|
|
DOCKER_INFLUXDB_INIT_USERNAME: ""
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- curl -f http://localhost:8086/health || exit 1
|
|
timeout: 5s
|
|
interval: 30s
|
|
retries: 3
|
|
start_period: 10s
|
|
image: influxdb:2.7
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.routers.influxdb.entrypoints: websecure
|
|
traefik.http.routers.influxdb.middlewares: authelia
|
|
traefik.http.routers.influxdb.rule: Host(`influxdb.lan.ddnsgeek.com`)
|
|
traefik.http.routers.influxdb.tls.certresolver: myresolver
|
|
traefik.http.routers.influxdb.tls.options: mtls-private-admin@file
|
|
traefik.http.services.influxdb.loadbalancer.server.port: "8086"
|
|
networks:
|
|
monitor: null
|
|
traefik: null
|
|
restart: unless-stopped
|
|
secrets:
|
|
- source: influxdb_init_password
|
|
target: /run/secrets/influxdb_init_password
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/influxdb
|
|
target: /var/lib/influxdb2
|
|
bind:
|
|
create_host_path: true
|
|
monitor-kuma:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- uptime-kuma
|
|
container_name: monitor-kuma
|
|
depends_on:
|
|
docker-socket-proxy:
|
|
condition: service_started
|
|
required: true
|
|
environment:
|
|
DOCKER_HOST: tcp://docker-socket-proxy:2375
|
|
image: louislam/uptime-kuma:2.1.1
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.routers.monitor.entrypoints: websecure
|
|
traefik.http.routers.monitor.rule: Host(`monitor-kuma.lan.ddnsgeek.com`)
|
|
traefik.http.routers.monitor.tls: "true"
|
|
traefik.http.routers.monitor.tls.certresolver: myresolver
|
|
traefik.http.routers.monitor.tls.options: mtls-private-admin@file
|
|
traefik.http.services.monitor.loadbalancer.server.port: "3001"
|
|
networks:
|
|
monitor: null
|
|
traefik: null
|
|
restart: always
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/uptime-kuma/data
|
|
target: /app/data
|
|
bind:
|
|
create_host_path: true
|
|
mtls-bridge:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- mtls-bridge
|
|
build:
|
|
context: /home/nixos/docker/monitoring/mtls-bridge
|
|
dockerfile: Dockerfile
|
|
container_name: mtls-bridge
|
|
environment:
|
|
ALLOWED_PATHS_FILE: ""
|
|
CLIENT_CERT: /certs/clients/office-pc/office-pc.crt
|
|
CLIENT_KEY: /certs/clients/office-pc/office-pc.key
|
|
LOG_LEVEL: DEBUG
|
|
TARGET_URL: http://node-red:1880
|
|
TIMEOUT: "5"
|
|
UPSTREAM_CA_CERT: ""
|
|
hostname: mtls-bridge.lan.ddnsgeek.com
|
|
healthcheck:
|
|
test:
|
|
- CMD
|
|
- python
|
|
- -c
|
|
- import urllib.request; urllib.request.urlopen('http://localhost:8080/_mtls_bridge/health', timeout=3).read()
|
|
timeout: 5s
|
|
interval: 30s
|
|
retries: 3
|
|
start_period: 10s
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.middlewares.mtls-bridge-auth.basicauth.users: ""
|
|
traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowcredentials: "true"
|
|
traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowheaders: authorization,content-type,x-grafana-action,x-grafana-device-id
|
|
traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowmethods: GET,POST,PUT,PATCH,DELETE,OPTIONS
|
|
traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolalloworiginlist: https://grafana.lan.ddnsgeek.com
|
|
traefik.http.middlewares.mtls-bridge-cors.headers.addvaryheader: "true"
|
|
traefik.http.routers.mtls-bridge-preflight.entrypoints: websecure
|
|
traefik.http.routers.mtls-bridge-preflight.middlewares: mtls-bridge-cors
|
|
traefik.http.routers.mtls-bridge-preflight.priority: "100"
|
|
traefik.http.routers.mtls-bridge-preflight.rule: Host(`mtls-bridge.lan.ddnsgeek.com`) && Method(`OPTIONS`)
|
|
traefik.http.routers.mtls-bridge-preflight.service: mtls-bridge
|
|
traefik.http.routers.mtls-bridge-preflight.tls.certresolver: myresolver
|
|
traefik.http.routers.mtls-bridge.entrypoints: websecure
|
|
traefik.http.routers.mtls-bridge.middlewares: mtls-bridge-auth,mtls-bridge-cors
|
|
traefik.http.routers.mtls-bridge.rule: Host(`mtls-bridge.lan.ddnsgeek.com`)
|
|
traefik.http.routers.mtls-bridge.tls.certresolver: myresolver
|
|
traefik.http.services.mtls-bridge.loadbalancer.server.port: "8080"
|
|
networks:
|
|
monitor: null
|
|
traefik: null
|
|
restart: unless-stopped
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/core/traefik/certs
|
|
target: /certs
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
nextcloud-db:
|
|
profiles:
|
|
- apps
|
|
- all
|
|
- nextcloud
|
|
command:
|
|
- --transaction-isolation=READ-COMMITTED
|
|
- --log-bin=binlog
|
|
- --binlog-format=ROW
|
|
container_name: nextcloud-db
|
|
environment:
|
|
MARIADB_AUTO_UPGRADE: "1"
|
|
MYSQL_DATABASE: nextcloud
|
|
MYSQL_PASSWORD_FILE: /run/secrets/nextcloud_db_password
|
|
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/nextcloud_db_root_password
|
|
MYSQL_USER: ""
|
|
NEXTCLOUD_ADMIN_PASSWORD_FILE: /run/secrets/nextcloud_admin_password
|
|
NEXTCLOUD_ADMIN_USER: ""
|
|
hostname: nextcloud_db
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- mariadb-admin ping -u $$MYSQL_USER --password=$$(cat /run/secrets/nextcloud_db_password) --silent
|
|
timeout: 5s
|
|
interval: 10s
|
|
retries: 12
|
|
start_period: 1m0s
|
|
image: mariadb:11.4
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
networks:
|
|
nextcloud: null
|
|
restart: always
|
|
secrets:
|
|
- source: nextcloud_db_root_password
|
|
target: /run/secrets/nextcloud_db_root_password
|
|
- source: nextcloud_db_password
|
|
target: /run/secrets/nextcloud_db_password
|
|
- source: nextcloud_admin_password
|
|
target: /run/secrets/nextcloud_admin_password
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/nextcloud/database
|
|
target: /var/lib/mysql
|
|
bind:
|
|
create_host_path: true
|
|
nextcloud-redis:
|
|
profiles:
|
|
- apps
|
|
- all
|
|
- nextcloud
|
|
command:
|
|
- sh
|
|
- -c
|
|
- redis-server --requirepass "$$(cat /run/secrets/nextcloud_redis_password)" --appendonly yes --save 60 1000
|
|
container_name: nextcloud-redis
|
|
hostname: redis
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- redis-cli -a "$$(cat /run/secrets/nextcloud_redis_password)" PING | grep -q PONG
|
|
timeout: 5s
|
|
interval: 10s
|
|
retries: 6
|
|
start_period: 10s
|
|
image: redis
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
networks:
|
|
nextcloud: null
|
|
restart: always
|
|
secrets:
|
|
- source: nextcloud_redis_password
|
|
target: /run/secrets/nextcloud_redis_password
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/nextcloud/data/redis
|
|
target: /data
|
|
bind:
|
|
create_host_path: true
|
|
nextcloud-webapp:
|
|
profiles:
|
|
- apps
|
|
- all
|
|
- nextcloud
|
|
build:
|
|
context: /home/nixos/docker/apps/nextcloud
|
|
dockerfile: Dockerfile
|
|
container_name: nextcloud-webapp
|
|
depends_on:
|
|
nextcloud-db:
|
|
condition: service_started
|
|
required: true
|
|
nextcloud-redis:
|
|
condition: service_started
|
|
required: true
|
|
environment:
|
|
MAIL_DOMAIN: ""
|
|
MAIL_FROM_ADDRESS: ""
|
|
MYSQL_DATABASE: nextcloud
|
|
MYSQL_HOST: nextcloud_db:3306
|
|
MYSQL_PASSWORD_FILE: /run/secrets/nextcloud_db_password
|
|
MYSQL_USER: ""
|
|
NEXTCLOUD_TRUSTED_DOMAINS: nextcloud.lan.ddnsgeek.com
|
|
OVERWRITECLIURL: https://nextcloud.lan.ddnsgeek.com
|
|
OVERWRITEPROTOCOL: https
|
|
REDIS_HOST: redis
|
|
REDIS_HOST_PASSWORD_FILE: /run/secrets/nextcloud_redis_password
|
|
REDIS_HOST_PORT: "6379"
|
|
SMTP_AUTHTYPE: login
|
|
SMTP_HOST: smtp.gmail.com
|
|
SMTP_NAME: ""
|
|
SMTP_PASSWORD_FILE: /run/secrets/nextcloud_smtp_password
|
|
SMTP_PORT: "587"
|
|
SMTP_SECURE: tls
|
|
hostname: nextcloud.lan.ddnsgeek.com
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- 'php -r ''$$f=@fsockopen("127.0.0.1",80,$$e,$$s,2); if(!$$f) exit(1); fwrite($$f,"GET /status.php HTTP/1.0\r\nHost: localhost\r\nConnection: close\r\n\r\n"); $$o=""; while(!feof($$f)){$$o.=fgets($$f,1024);} fclose($$f); if(strpos($$o,"\"installed\":true")===false) exit(1);'''
|
|
timeout: 5s
|
|
interval: 30s
|
|
retries: 6
|
|
start_period: 3m0s
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.middlewares.nextcloud-dav.replacepathregex.regex: ^/.well-known/ca(l|rd)dav
|
|
traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement: /remote.php/dav/
|
|
traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.regex: ^/.well-known/nodeinfo
|
|
traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.replacement: /nextcloud/index.php/.well-known/nodeinfo/
|
|
traefik.http.middlewares.nextcloud-webfinger.redirectregex.permanent: "true"
|
|
traefik.http.middlewares.nextcloud-webfinger.redirectregex.regex: https://(.*)/.well-known/webfinger
|
|
traefik.http.middlewares.nextcloud-webfinger.redirectregex.replacement: https://$${1}/nextcloud/index.php/.well-known/webfinger
|
|
traefik.http.routers.nextcloud.entrypoints: websecure
|
|
traefik.http.routers.nextcloud.middlewares: nextcloud-dav, nextcloud-webfinger
|
|
traefik.http.routers.nextcloud.rule: Host(`nextcloud.lan.ddnsgeek.com`)
|
|
traefik.http.routers.nextcloud.tls.certresolver: myresolver
|
|
networks:
|
|
nextcloud: null
|
|
traefik: null
|
|
restart: always
|
|
secrets:
|
|
- source: nextcloud_db_password
|
|
target: /run/secrets/nextcloud_db_password
|
|
- source: nextcloud_smtp_password
|
|
target: /run/secrets/nextcloud_smtp_password
|
|
- source: nextcloud_redis_password
|
|
target: /run/secrets/nextcloud_redis_password
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/nextcloud/data
|
|
target: /var/www/html/data
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/nextcloud/config
|
|
target: /var/www/html/config
|
|
bind:
|
|
create_host_path: true
|
|
- type: tmpfs
|
|
target: /tmp:exec
|
|
node-exporter:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- node-exporter
|
|
- prometheus
|
|
command:
|
|
- --path.procfs=/host/proc
|
|
- --path.sysfs=/host/sys
|
|
- --path.rootfs=/rootfs
|
|
container_name: node-exporter
|
|
healthcheck:
|
|
test:
|
|
- CMD
|
|
- wget
|
|
- --spider
|
|
- -q
|
|
- http://localhost:9100/metrics
|
|
timeout: 10s
|
|
interval: 30s
|
|
retries: 3
|
|
image: prom/node-exporter:latest
|
|
networks:
|
|
monitor: null
|
|
pid: host
|
|
restart: unless-stopped
|
|
volumes:
|
|
- type: bind
|
|
source: /proc
|
|
target: /host/proc
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /sys
|
|
target: /host/sys
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /
|
|
target: /rootfs
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
node-red:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- node-red
|
|
build:
|
|
context: /home/nixos/docker/monitoring/node-red
|
|
dockerfile: Dockerfile
|
|
cap_drop:
|
|
- ALL
|
|
container_name: node-red
|
|
depends_on:
|
|
docker-socket-proxy:
|
|
condition: service_started
|
|
required: true
|
|
environment:
|
|
DOCKER_HOST: tcp://docker-socket-proxy:2375
|
|
PROJECT_ROOT: /compose
|
|
TZ: Australia/Brisbane
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.routers.node-red.entrypoints: websecure
|
|
traefik.http.routers.node-red.middlewares: authelia
|
|
traefik.http.routers.node-red.rule: Host(`node-red.lan.ddnsgeek.com`)
|
|
traefik.http.routers.node-red.tls.certresolver: myresolver
|
|
traefik.http.routers.node-red.tls.options: mtls-private-admin@file
|
|
traefik.http.services.node-red.loadbalancer.server.port: "1880"
|
|
networks:
|
|
monitor: null
|
|
traefik: null
|
|
restart: unless-stopped
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/node-red/data
|
|
target: /data
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker
|
|
target: /compose/docker
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/raspi
|
|
target: /compose/raspi
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
passbolt-db:
|
|
profiles:
|
|
- apps
|
|
- all
|
|
- passbolt
|
|
container_name: passbolt-db
|
|
environment:
|
|
MYSQL_DATABASE: ""
|
|
MYSQL_PASSWORD_FILE: /run/secrets/passbolt_db_password
|
|
MYSQL_RANDOM_ROOT_PASSWORD: "true"
|
|
MYSQL_USER: ""
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- mariadb-admin ping -h 127.0.0.1 -u"$$MYSQL_USER" -p"$$(cat /run/secrets/passbolt_db_password)" --silent
|
|
timeout: 5s
|
|
interval: 10s
|
|
retries: 12
|
|
start_period: 1m0s
|
|
image: mariadb:12
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
networks:
|
|
passbolt: null
|
|
restart: always
|
|
secrets:
|
|
- source: passbolt_db_password
|
|
target: /run/secrets/passbolt_db_password
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/passbolt/data/database
|
|
target: /var/lib/mysql
|
|
bind:
|
|
create_host_path: true
|
|
passbolt-webapp:
|
|
profiles:
|
|
- apps
|
|
- all
|
|
- passbolt
|
|
command:
|
|
- /usr/bin/wait-for.sh
|
|
- -t
|
|
- "0"
|
|
- passbolt-db:3306
|
|
- --
|
|
- /docker-entrypoint.sh
|
|
container_name: passbolt-webapp
|
|
depends_on:
|
|
passbolt-db:
|
|
condition: service_started
|
|
required: true
|
|
environment:
|
|
APP_FULL_BASE_URL: https://passbolt.lan.ddnsgeek.com
|
|
DATASOURCES_DEFAULT_DATABASE: ""
|
|
DATASOURCES_DEFAULT_HOST: passbolt-db
|
|
DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/passbolt_db_password
|
|
DATASOURCES_DEFAULT_USERNAME: ""
|
|
PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: ""
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- curl -fsS http://localhost/healthcheck/status | grep -qx OK
|
|
timeout: 10s
|
|
interval: 30s
|
|
retries: 6
|
|
start_period: 2m0s
|
|
image: passbolt/passbolt:latest-ce
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.routers.passbolt.entrypoints: websecure
|
|
traefik.http.routers.passbolt.rule: Host(`passbolt.lan.ddnsgeek.com`)
|
|
traefik.http.routers.passbolt.tls.certresolver: myresolver
|
|
networks:
|
|
passbolt: null
|
|
traefik: null
|
|
restart: always
|
|
secrets:
|
|
- source: passbolt_db_password
|
|
target: /run/secrets/passbolt_db_password
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/passbolt/data/gpg
|
|
target: /etc/passbolt/gpg
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/apps/passbolt/data/jwt
|
|
target: /etc/passbolt/jwt
|
|
bind:
|
|
create_host_path: true
|
|
pihole-exporter:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- pihole-exporter
|
|
- prometheus
|
|
container_name: pihole-exporter
|
|
environment:
|
|
PIHOLE_HOSTNAME: pihole.sweet.home
|
|
PIHOLE_PASSWORD: ""
|
|
PORT: "9617"
|
|
image: ekofr/pihole-exporter:latest
|
|
networks:
|
|
monitor: null
|
|
ports:
|
|
- mode: ingress
|
|
target: 9617
|
|
published: "9617"
|
|
protocol: tcp
|
|
restart: unless-stopped
|
|
portainer:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- portainer
|
|
command:
|
|
- -H
|
|
- tcp://docker-socket-proxy:2375
|
|
container_name: portainer
|
|
depends_on:
|
|
docker-socket-proxy:
|
|
condition: service_started
|
|
required: true
|
|
environment:
|
|
DOCKER_HOST: tcp://docker-socket-proxy:2375
|
|
GODEBUG: netdns=cgo
|
|
TZ: Australia/Brisbane
|
|
image: portainer/portainer-ce:latest
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.enable: "true"
|
|
traefik.http.routers.portainer.entrypoints: websecure
|
|
traefik.http.routers.portainer.rule: Host(`portainer.lan.ddnsgeek.com`)
|
|
traefik.http.routers.portainer.tls: "true"
|
|
traefik.http.routers.portainer.tls.certresolver: myresolver
|
|
traefik.http.routers.portainer.tls.options: mtls-private-admin@file
|
|
traefik.http.services.portainer.loadbalancer.server.port: "9000"
|
|
networks:
|
|
traefik: null
|
|
restart: unless-stopped
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/portainer/data
|
|
target: /data
|
|
bind:
|
|
create_host_path: true
|
|
prometheus:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- prometheus
|
|
command:
|
|
- --config.file=/etc/prometheus/prometheus.yml
|
|
- --storage.tsdb.path=/prometheus
|
|
- --storage.tsdb.retention.time=15d
|
|
container_name: prometheus
|
|
depends_on:
|
|
docker-update-exporter:
|
|
condition: service_started
|
|
required: true
|
|
influxdb:
|
|
condition: service_started
|
|
required: true
|
|
node-exporter:
|
|
condition: service_started
|
|
required: true
|
|
pihole-exporter:
|
|
condition: service_started
|
|
required: true
|
|
telegraf:
|
|
condition: service_started
|
|
required: true
|
|
healthcheck:
|
|
test:
|
|
- CMD
|
|
- wget
|
|
- --spider
|
|
- -q
|
|
- http://localhost:9090/-/healthy
|
|
timeout: 10s
|
|
interval: 30s
|
|
retries: 3
|
|
start_period: 30s
|
|
image: prom/prometheus:latest
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.routers.prometheus.entrypoints: websecure
|
|
traefik.http.routers.prometheus.middlewares: authelia
|
|
traefik.http.routers.prometheus.rule: Host(`prometheus.lan.ddnsgeek.com`)
|
|
traefik.http.routers.prometheus.tls.certresolver: myresolver
|
|
traefik.http.routers.prometheus.tls.options: mtls-private-admin@file
|
|
traefik.http.services.prometheus.loadbalancer.server.port: "9090"
|
|
networks:
|
|
monitor: null
|
|
traefik: null
|
|
restart: unless-stopped
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/prometheus/prometheus.yml
|
|
target: /etc/prometheus/prometheus.yml
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/prometheus/data
|
|
target: /prometheus
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/prometheus/rules
|
|
target: /etc/prometheus/rules
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/secrets/prometheus_kuma_basic_auth_password.txt
|
|
target: /run/secrets/prometheus_kuma_basic_auth_password
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
searxng-webapp:
|
|
profiles:
|
|
- apps
|
|
- all
|
|
- searxng
|
|
container_name: searxng-webapp
|
|
hostname: searxng.lan.ddnsgeek.com
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- python3 -c "import urllib.request,sys; r=urllib.request.urlopen('http://127.0.0.1:8080/', timeout=3); sys.exit(0 if 200<=r.status<400 else 1)"
|
|
timeout: 5s
|
|
interval: 20s
|
|
retries: 8
|
|
start_period: 30s
|
|
image: searxng/searxng
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.enable: "true"
|
|
traefik.http.routers.searxng.entrypoints: websecure
|
|
traefik.http.routers.searxng.rule: Host(`searxng.lan.ddnsgeek.com`)
|
|
traefik.http.routers.searxng.tls.certresolver: myresolver
|
|
traefik.http.services.searxng.loadbalancer.server.port: "8080"
|
|
networks:
|
|
traefik: null
|
|
read_only: true
|
|
restart: always
|
|
tmpfs:
|
|
- /tmp
|
|
- /var
|
|
- /run
|
|
telegraf:
|
|
profiles:
|
|
- monitoring
|
|
- all
|
|
- telegraf
|
|
- prometheus
|
|
container_name: telegraf
|
|
depends_on:
|
|
docker-socket-proxy:
|
|
condition: service_started
|
|
required: true
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- curl -f http://localhost:9273/metrics || exit 1
|
|
timeout: 5s
|
|
interval: 30s
|
|
retries: 3
|
|
start_period: 10s
|
|
image: telegraf:latest
|
|
networks:
|
|
monitor: null
|
|
restart: unless-stopped
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/telegraf/telegraf.conf
|
|
target: /etc/telegraf/telegraf.conf
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/monitoring/node-red/data
|
|
target: /var/log/node-red
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
traefik:
|
|
profiles:
|
|
- core
|
|
- all
|
|
- traefik
|
|
build:
|
|
context: /home/nixos/docker/core
|
|
dockerfile: Dockerfile
|
|
container_name: traefik
|
|
depends_on:
|
|
authelia:
|
|
condition: service_started
|
|
required: true
|
|
crowdsec:
|
|
condition: service_started
|
|
required: true
|
|
docker-socket-proxy:
|
|
condition: service_started
|
|
required: true
|
|
error-pages:
|
|
condition: service_started
|
|
required: true
|
|
hostname: traefik.lan.ddnsgeek.com
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- traefik healthcheck --ping
|
|
image: traefik:3
|
|
labels:
|
|
io.portainer.accesscontrol.public: ""
|
|
traefik.docker.network: core_traefik
|
|
traefik.enable: "true"
|
|
traefik.http.routers.traefik.entrypoints: websecure
|
|
traefik.http.routers.traefik.middlewares: authelia
|
|
traefik.http.routers.traefik.observability.tracing: "true"
|
|
traefik.http.routers.traefik.rule: Host(`traefik.lan.ddnsgeek.com`)
|
|
traefik.http.routers.traefik.service: api@internal
|
|
traefik.http.routers.traefik.tls.certresolver: myresolver
|
|
traefik.http.routers.traefik.tls.options: mtls-private-admin@file
|
|
networks:
|
|
traefik: null
|
|
ports:
|
|
- mode: ingress
|
|
target: 80
|
|
published: "80"
|
|
protocol: tcp
|
|
- mode: ingress
|
|
target: 443
|
|
published: "443"
|
|
protocol: tcp
|
|
read_only: true
|
|
restart: always
|
|
volumes:
|
|
- type: bind
|
|
source: /home/nixos/docker/core/traefik/data/letsencrypt
|
|
target: /letsencrypt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/core/traefik/data/logs
|
|
target: /logs
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/core/traefik/certs
|
|
target: /etc/traefik/certs
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/core/traefik/dynamic.yml
|
|
target: /etc/traefik/dynamic.yml
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/core/traefik/traefik.yml
|
|
target: /etc/traefik/traefik.yml
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: /home/nixos/docker/core/traefik/data/plugins
|
|
target: /plugins-storage
|
|
bind:
|
|
create_host_path: true
|
|
networks:
|
|
gramps:
|
|
name: core_gramps
|
|
monitor:
|
|
name: core_monitor
|
|
nextcloud:
|
|
name: core_nextcloud
|
|
passbolt:
|
|
name: core_passbolt
|
|
traefik:
|
|
name: core_traefik
|
|
driver: bridge
|
|
ipam:
|
|
config:
|
|
- subnet: 172.21.0.0/16
|
|
secrets:
|
|
influxdb_init_password:
|
|
name: core_influxdb_init_password
|
|
file: /home/nixos/docker/secrets/influxdb_init_password.txt
|
|
nextcloud_admin_password:
|
|
name: core_nextcloud_admin_password
|
|
file: /home/nixos/docker/secrets/nextcloud_admin_password.txt
|
|
nextcloud_db_password:
|
|
name: core_nextcloud_db_password
|
|
file: /home/nixos/docker/secrets/nextcloud_db_password.txt
|
|
nextcloud_db_root_password:
|
|
name: core_nextcloud_db_root_password
|
|
file: /home/nixos/docker/secrets/nextcloud_db_root_password.txt
|
|
nextcloud_redis_password:
|
|
name: core_nextcloud_redis_password
|
|
file: /home/nixos/docker/secrets/nextcloud_redis_password.txt
|
|
nextcloud_smtp_password:
|
|
name: core_nextcloud_smtp_password
|
|
file: /home/nixos/docker/secrets/nextcloud_smtp_password.txt
|
|
passbolt_db_password:
|
|
name: core_passbolt_db_password
|
|
file: /home/nixos/docker/secrets/passbolt_db_password.txt
|