2023-04-02 22:26:01 +02:00
|
|
|
version: '3.7'
|
|
|
|
|
|
|
|
services:
|
|
|
|
traefik:
|
|
|
|
container_name: traefik
|
|
|
|
image: traefik:v2.9
|
|
|
|
command:
|
2023-04-06 16:32:48 +02:00
|
|
|
- "--api.insecure=true"
|
2023-04-02 22:26:01 +02:00
|
|
|
- "--providers.docker=true"
|
|
|
|
- "--providers.docker.exposedbydefault=false"
|
|
|
|
- "--providers.docker.network=external"
|
|
|
|
- "--entrypoints.internal.address=:80"
|
|
|
|
- "--entrypoints.internalsecure.address=:443"
|
|
|
|
- "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure"
|
|
|
|
- "--entrypoints.internal.http.redirections.entryPoint.scheme=https"
|
|
|
|
- "--entrypoints.internal.http.redirections.entryPoint.permanent=true"
|
|
|
|
- "--certificatesresolvers.http.acme.httpchallenge=true"
|
|
|
|
- "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external"
|
|
|
|
- "--certificatesresolvers.http.acme.email=acme@bhasher.com"
|
|
|
|
- "--certificatesresolvers.http.acme.storage=acme.json"
|
|
|
|
- "--entrypoints.external.address=:81"
|
|
|
|
- "--entrypoints.externalsecure.address=:444"
|
|
|
|
- "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"
|
|
|
|
- "--entrypoints.external.http.redirections.entryPoint.scheme=https"
|
|
|
|
- "--entrypoints.external.http.redirections.entryPoint.permanent=true"
|
2023-04-06 16:32:48 +02:00
|
|
|
#- "--log.level=DEBUG"
|
|
|
|
- "--metrics.prometheus=true"
|
2023-04-02 22:26:01 +02:00
|
|
|
environment:
|
|
|
|
- TZ=Europe/Paris
|
|
|
|
ports:
|
|
|
|
- "80:80"
|
|
|
|
- "443:443"
|
|
|
|
- "81:81"
|
|
|
|
- "444:444"
|
|
|
|
#- "8080:8080"
|
|
|
|
volumes:
|
|
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
|
|
- type: bind
|
2023-04-06 16:32:48 +02:00
|
|
|
source: $DATA/traefik/acme.json
|
2023-04-02 22:26:01 +02:00
|
|
|
target: /acme.json
|
|
|
|
- type: bind
|
2023-04-06 16:32:48 +02:00
|
|
|
source: $DATA/traefik/rules.toml
|
2023-04-02 22:26:01 +02:00
|
|
|
target: /rules.toml
|
|
|
|
restart: always
|
|
|
|
|
|
|
|
portainer:
|
|
|
|
container_name: portainer
|
|
|
|
image: portainer/portainer-ce:latest
|
|
|
|
#command: -H tcp://tasks.agent:9001 --tlsskipverify
|
|
|
|
ports:
|
|
|
|
- "9443:9443"
|
|
|
|
volumes:
|
2023-04-06 16:32:48 +02:00
|
|
|
- $DATA/portainer:/data:rw
|
2023-04-02 22:26:01 +02:00
|
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.portainer.rule=Host(`portainer.bxl.bhasher.com`)"
|
|
|
|
- "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure"
|
|
|
|
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
|
|
|
|
- "traefik.http.routers.portainer.tls=true"
|
|
|
|
- "traefik.http.routers.portainer.tls.certresolver=http"
|
|
|
|
restart: always
|
|
|
|
|
|
|
|
matrix-synapse:
|
|
|
|
container_name: matrix-synapse
|
|
|
|
image: matrixdotorg/synapse:latest
|
|
|
|
restart: unless-stopped
|
|
|
|
environment:
|
|
|
|
- SYNAPSE_SERVER_NAME=matrix.bhasher.com
|
|
|
|
- SYNAPSE_REPORT_STATS=no
|
|
|
|
volumes:
|
2023-04-06 16:32:48 +02:00
|
|
|
- $DATA/matrix/synapse:/data:rw
|
2023-04-02 22:26:01 +02:00
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.matrix-synapse.rule=Host(`matrix.bhasher.com`)"
|
|
|
|
- "traefik.http.routers.matrix-synapse.tls=true"
|
|
|
|
- "traefik.http.routers.matrix-synapse.tls.certresolver=http"
|
|
|
|
- "traefik.http.routers.matrix-synapse.entrypoints=internalsecure,externalsecure"
|
|
|
|
- "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"
|
|
|
|
|
|
|
|
wireguard:
|
|
|
|
container_name: wireguard
|
|
|
|
image: lscr.io/linuxserver/wireguard:latest
|
|
|
|
restart: always
|
|
|
|
volumes:
|
2023-04-06 16:32:48 +02:00
|
|
|
- $DATA/wireguard:/config
|
2023-04-02 22:26:01 +02:00
|
|
|
- /lib/modules:/lib/modules
|
|
|
|
ports:
|
|
|
|
- 51821:51820/udp
|
|
|
|
environment:
|
|
|
|
- TZ=Europe/Paris
|
|
|
|
- SERVERURL=vpn.bhasher.com
|
|
|
|
- SERVERPORT=51821
|
|
|
|
- PEERS=5
|
|
|
|
- PEERDNS=auto
|
|
|
|
- INTERNAL_SUBNET=10.13.14.0
|
|
|
|
- ALLOWEDIPS=0.0.0.0/0
|
|
|
|
cap_add:
|
|
|
|
- NET_ADMIN
|
|
|
|
- SYS_MODULE
|
|
|
|
sysctls:
|
|
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
2023-04-06 16:32:48 +02:00
|
|
|
|
|
|
|
matrix-riot:
|
|
|
|
container_name: matrix-element
|
|
|
|
image: ghcr.io/bubuntux/element-web
|
|
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
|
|
- ./config/riot/config.json:/etc/element-web/config.json:ro
|
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.matrix-riot.rule=Host(`element.bhasher.com`)"
|
|
|
|
- "traefik.http.routers.matrix-riot.tls=true"
|
|
|
|
- "traefik.http.routers.matrix-riot.tls.certresolver=http"
|
|
|
|
- "traefik.http.routers.matrix-riot.entrypoints=internalsecure,externalsecure"
|
|
|
|
- "traefik.http.services.matrix-riot.loadbalancer.server.port=80"
|
|
|
|
|
|
|
|
prom_monitoring:
|
|
|
|
container_name: prom_monitoring
|
|
|
|
image: prom/prometheus:latest
|
|
|
|
restart: unless-stopped
|
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.prom.rule=Host(`prometheus.bhasher.com`)"
|
|
|
|
- "traefik.http.routers.prom.entrypoints=internalsecure"
|
|
|
|
- "traefik.http.services.prom.loadbalancer.server.port=9090"
|
|
|
|
- "traefik.http.routers.prom.tls=true"
|
|
|
|
- "traefik.http.routers.prom.tls.certresolver=http"
|
|
|
|
extra_hosts:
|
|
|
|
- "host.docker.internal:host-gateway"
|
|
|
|
volumes:
|
|
|
|
- ./config/monitoring/prometheus.yaml:/etc/prometheus/prometheus.yml:ro
|
|
|
|
- $DATA/monitoring/prometheus:/prometheus
|
|
|
|
|
|
|
|
grafana:
|
|
|
|
container_name: grafana
|
|
|
|
image: grafana/grafana
|
|
|
|
restart: unless-stopped
|
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.grafana.rule=Host(`grafana.bhasher.com`)"
|
|
|
|
- "traefik.http.routers.grafana.entrypoints=internalsecure"
|
|
|
|
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
|
|
|
- "traefik.http.routers.grafana.tls=true"
|
|
|
|
- "traefik.http.routers.grafana.tls.certresolver=http"
|
|
|
|
volumes:
|
|
|
|
- $DATA/monitoring/grafana:/var/lib/grafana
|
|
|
|
|
|
|
|
cadvisor:
|
|
|
|
container_name: cadvisor
|
|
|
|
image: gcr.io/cadvisor/cadvisor:v0.47.1
|
|
|
|
volumes:
|
|
|
|
- /:/rootfs:ro
|
|
|
|
- /var/run:/var/run:rw
|
|
|
|
- /sys:/sys:ro
|
|
|
|
- /var/lib/docker/:/var/lib/docker:ro
|
|
|
|
restart: always
|
|
|
|
|
|
|
|
node-exporter:
|
|
|
|
container_name: node-exporter
|
|
|
|
image: quay.io/prometheus/node-exporter:latest
|
|
|
|
volumes:
|
|
|
|
- /proc:/host/proc:ro
|
|
|
|
- /sys:/host/sys:ro
|
|
|
|
- /:/rootfs:ro
|
|
|
|
- /:/host:ro,rslave
|
|
|
|
command:
|
|
|
|
- '--path.rootfs=/host'
|
|
|
|
- '--path.procfs=/host/proc'
|
|
|
|
- '--path.sysfs=/host/sys'
|
|
|
|
- --collector.filesystem.ignored-mount-points
|
|
|
|
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
|
|
|
|
restart: always
|