bxl-shp
This commit is contained in:
parent
7677dace65
commit
0bb0cd575c
|
@ -0,0 +1,23 @@
|
||||||
|
services:
|
||||||
|
baikal:
|
||||||
|
container_name: baikal
|
||||||
|
image: ckulka/baikal:nginx
|
||||||
|
restart: on-failure
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
volumes:
|
||||||
|
- $DATA/baikal/config:/var/www/baikal/config
|
||||||
|
- $DATA/baikal/data:/var/www/baikal/Specific
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.baikal.rule=Host(`baikal.bxl.bhasher.com`)"
|
||||||
|
- "traefik.http.services.baikal.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.baikal.tls=true"
|
||||||
|
- "traefik.http.routers.baikal.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.baikal.entrypoints=internalsecure,externalsecure"
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,29 @@
|
||||||
|
services:
|
||||||
|
dashy:
|
||||||
|
container_name: dashy
|
||||||
|
image: dashy
|
||||||
|
environment:
|
||||||
|
- NODE_ENV=production
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- $CONFIG/dashy/config.yml:/app/public/conf.yml
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.dashy.rule=Host(`hub.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.dashy.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.dashy.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.dashy.tls=true"
|
||||||
|
- "traefik.http.routers.dashy.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.dashy.middlewares=authelia@docker"
|
||||||
|
- "com.centurylinklabs.watchtower.enable=false"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', 'node', '/app/services/healthcheck']
|
||||||
|
interval: 1m30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,79 @@
|
||||||
|
services:
|
||||||
|
# invoicenginx:
|
||||||
|
# container_name: invoice_nginx
|
||||||
|
# image: nginx:latest
|
||||||
|
# restart: on-failure
|
||||||
|
# volumes:
|
||||||
|
# - $CONFIG/invoiceninja/in-vhost.conf:/etc/nginx/conf.d/in-vhost.conf:ro
|
||||||
|
# - $DATA/invoiceninja/public:/var/www/app/public:ro
|
||||||
|
# environment:
|
||||||
|
# - TRUSTED_PROXIES='*'
|
||||||
|
# depends_on:
|
||||||
|
# - invoiceninja
|
||||||
|
# networks:
|
||||||
|
# - invoice
|
||||||
|
# - external
|
||||||
|
# #labels:
|
||||||
|
# #- "traefik.enable=true"
|
||||||
|
# #- "traefik.http.routers.invoice.rule=Host(`invoice.bhasher.com`)"
|
||||||
|
# #- "traefik.http.services.invoice.loadbalancer.server.port=80"
|
||||||
|
# #- "traefik.http.routers.invoice.tls=true"
|
||||||
|
# #- "traefik.http.routers.invoice.tls.certresolver=http"
|
||||||
|
# #- "traefik.http.routers.invoice.entrypoints=internalsecure"
|
||||||
|
#
|
||||||
|
# invoiceninja:
|
||||||
|
# image: invoiceninja/invoiceninja:5
|
||||||
|
# container_name: invoice_ninja
|
||||||
|
# environment:
|
||||||
|
# - APP_URL=https://invoice.bhasher.com
|
||||||
|
# - APP_KEY=${INVOICENINJA_APIKEY}
|
||||||
|
# - REQUIRE_HTTPS=true
|
||||||
|
# - PHANTOMJS_PDF_GENERATION=false
|
||||||
|
# - PDF_GENERATOR=snappdf
|
||||||
|
# - QUEUE_CONNECTION=database
|
||||||
|
# - DB_HOST=mariadb
|
||||||
|
# - DB_DATABASE=invoiceninja
|
||||||
|
# - DB_USERNAME=root
|
||||||
|
# - DB_PASSWORD=${MARIADB_ROOT}
|
||||||
|
# - IN_USER_EMAIL=invoice@bhasher.com
|
||||||
|
# - IN_PASSWORD=${INVOICENINJA_PASSWORD}
|
||||||
|
# - TRUSTED_PROXIES='*'
|
||||||
|
# restart: unless-stopped
|
||||||
|
# volumes:
|
||||||
|
# - $DATA/invoiceninja/public:/var/www/app/public:rw
|
||||||
|
# - $DATA/invoiceninja/storage:/var/www/app/storage:rw
|
||||||
|
# networks:
|
||||||
|
# - invoice
|
||||||
|
# - storage
|
||||||
|
|
||||||
|
invoiceplane:
|
||||||
|
container_name: invoiceplane
|
||||||
|
image: mhzawadi/invoiceplane:latest
|
||||||
|
volumes:
|
||||||
|
- $DATA/invoiceplane/uploads:/var/www/html/uploads
|
||||||
|
- $DATA/invoiceplane/ipconfig.php:/var/www/html/ipconfig.php
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
environment:
|
||||||
|
- IP_URL=https://invoice.bhasher.com
|
||||||
|
#- MYSQL_HOST=mariadb
|
||||||
|
#- MYSQL_USER=root
|
||||||
|
#- MYSQL_PASSWORD=${MARIADB_ROOT}
|
||||||
|
#- MYSQL_DB=InvoicePlane
|
||||||
|
#- DISABLE_SETUP=false
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.invoice.rule=Host(`invoice.bhasher.com`)"
|
||||||
|
- "traefik.http.services.invoice.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.invoice.tls=true"
|
||||||
|
- "traefik.http.routers.invoice.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.invoice.entrypoints=internalsecure"
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
- storage
|
||||||
|
|
||||||
|
networks:
|
||||||
|
invoice:
|
||||||
|
external:
|
||||||
|
external: true
|
||||||
|
storage:
|
||||||
|
external: true
|
|
@ -0,0 +1,39 @@
|
||||||
|
services:
|
||||||
|
matrix-synapse:
|
||||||
|
container_name: matrix-synapse
|
||||||
|
image: matrixdotorg/synapse:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- SYNAPSE_SERVER_NAME=matrix.bhasher.com
|
||||||
|
- SYNAPSE_REPORT_STATS=no
|
||||||
|
volumes:
|
||||||
|
- $DATA/matrix/synapse:/data:rw
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.matrix-synapse.rule=Host(`matrix.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.matrix-synapse.tls=true"
|
||||||
|
- "traefik.http.routers.matrix-synapse.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.matrix-synapse.entrypoints=internalsecure,externalsecure"
|
||||||
|
- "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
matrix-riot:
|
||||||
|
container_name: matrix-element
|
||||||
|
image: ghcr.io/bubuntux/element-web
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- $CONFIG/riot/config.json:/etc/element-web/config.json:ro
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.matrix-riot.rule=Host(`element.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.matrix-riot.tls=true"
|
||||||
|
- "traefik.http.routers.matrix-riot.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.matrix-riot.entrypoints=internalsecure,externalsecure"
|
||||||
|
- "traefik.http.services.matrix-riot.loadbalancer.server.port=80"
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,30 @@
|
||||||
|
services:
|
||||||
|
mealie:
|
||||||
|
container_name: mealie
|
||||||
|
image: hkotel/mealie:latest
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- RECIPE_PUBLIC=true
|
||||||
|
- RECIPE_SHOW_NUTRITION=true
|
||||||
|
- RECIPE_SHOW_ASSETS=true
|
||||||
|
- RECIPE_LANDSCAPE_VIEW=true
|
||||||
|
- RECIPE_DISABLE_COMMENTS=true
|
||||||
|
- RECIPE_DISABLE_AMOUNT=false
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.mealie.rule=Host(`mealie.bhasher.com`)"
|
||||||
|
- "traefik.http.services.mealie.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.mealie.tls=true"
|
||||||
|
- "traefik.http.routers.mealie.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.mealie.entrypoints=internalsecure,externalsecure"
|
||||||
|
volumes:
|
||||||
|
- $DATA/mealie/:/app/data
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,211 @@
|
||||||
|
services:
|
||||||
|
jellyfin:
|
||||||
|
container_name: jellyfin
|
||||||
|
image: linuxserver/jellyfin:latest
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/jellyfin:/config
|
||||||
|
- /mnt/movies/series:/data/tvshows
|
||||||
|
- /mnt/movies/movies:/data/movies
|
||||||
|
- /mnt/movies/musics:/data/musics
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.jellyfin.entrypoints=internalsecure,externalsecure"
|
||||||
|
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
|
||||||
|
- "traefik.http.routers.jellyfin.tls=true"
|
||||||
|
- "traefik.http.routers.jellyfin.tls.certresolver=http"
|
||||||
|
networks:
|
||||||
|
- auth
|
||||||
|
- external
|
||||||
|
|
||||||
|
radarr:
|
||||||
|
container_name: radarr
|
||||||
|
image: lscr.io/linuxserver/radarr:latest
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/radarr:/config
|
||||||
|
- /mnt/movies/movies:/movies
|
||||||
|
- /mnt/movies/tmp:/downloads
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.radarr.rule=Host(`radarr.bhasher.com`)"
|
||||||
|
- "traefik.http.services.radarr.loadbalancer.server.port=7878"
|
||||||
|
- "traefik.http.routers.radarr.tls=true"
|
||||||
|
- "traefik.http.routers.radarr.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.radarr.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.radarr.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
sonarr:
|
||||||
|
container_name: sonarr
|
||||||
|
image: lscr.io/linuxserver/sonarr:latest
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/sonarr:/config
|
||||||
|
- /mnt/movies/series:/tv
|
||||||
|
- /mnt/movies/tmp:/downloads
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.sonarr.rule=Host(`sonarr.bhasher.com`)"
|
||||||
|
- "traefik.http.services.sonarr.loadbalancer.server.port=8989"
|
||||||
|
- "traefik.http.routers.sonarr.tls=true"
|
||||||
|
- "traefik.http.routers.sonarr.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.sonarr.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.sonarr.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
lidarr:
|
||||||
|
container_name: lidarr
|
||||||
|
image: lscr.io/linuxserver/lidarr:latest
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/lidarr:/config
|
||||||
|
- /mnt/movies/musics:/music
|
||||||
|
- /mnt/movies/tmp:/downloads
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.lidarr.rule=Host(`lidarr.bhasher.com`)"
|
||||||
|
- "traefik.http.services.lidarr.loadbalancer.server.port=8686"
|
||||||
|
- "traefik.http.routers.lidarr.tls=true"
|
||||||
|
- "traefik.http.routers.lidarr.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.lidarr.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.lidarr.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
transmission:
|
||||||
|
container_name: transmission
|
||||||
|
image: lscr.io/linuxserver/transmission:latest
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/transmission:/config
|
||||||
|
- /mnt/movies/tmp:/downloads
|
||||||
|
- /mnt/movies/torrents:/watch
|
||||||
|
ports:
|
||||||
|
- 51413:51413/tcp
|
||||||
|
- 51413:51413/udp
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.transmission.rule=Host(`transmission.bhasher.com`)"
|
||||||
|
- "traefik.http.services.transmission.loadbalancer.server.port=9091"
|
||||||
|
- "traefik.http.routers.transmission.tls=true"
|
||||||
|
- "traefik.http.routers.transmission.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.transmission.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.transmission.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
# jackett:
|
||||||
|
# container_name: jackett
|
||||||
|
# image: lscr.io/linuxserver/jackett:latest
|
||||||
|
# environment:
|
||||||
|
# - PUID=1000
|
||||||
|
# - PGID=1000
|
||||||
|
# - TZ=Europe/Paris
|
||||||
|
# - AUTO_UPDATE=true
|
||||||
|
# volumes:
|
||||||
|
# - $DATA/mediaserver/jackett:/config
|
||||||
|
# - /mnt/movies/torrents:/downloads
|
||||||
|
# restart: unless-stopped
|
||||||
|
# labels:
|
||||||
|
# - "traefik.enable=true"
|
||||||
|
# - "traefik.http.routers.jackett.rule=Host(`jackett.bhasher.com`)"
|
||||||
|
# - "traefik.http.services.jackett.loadbalancer.server.port=9117"
|
||||||
|
# - "traefik.http.routers.jackett.tls=true"
|
||||||
|
# - "traefik.http.routers.jackett.tls.certresolver=http"
|
||||||
|
# - "traefik.http.routers.jackett.entrypoints=internalsecure"
|
||||||
|
# - "traefik.http.routers.jackett.middlewares=authelia@docker"
|
||||||
|
# networks:
|
||||||
|
# - mediaserver
|
||||||
|
# - external
|
||||||
|
|
||||||
|
prowlarr:
|
||||||
|
container_name: prowlarr
|
||||||
|
image: lscr.io/linuxserver/prowlarr:latest
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/prowlarr:/config
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.prowlarr.rule=Host(`prowlarr.bhasher.com`)"
|
||||||
|
- "traefik.http.services.prowlarr.loadbalancer.server.port=9696"
|
||||||
|
- "traefik.http.routers.prowlarr.tls=true"
|
||||||
|
- "traefik.http.routers.prowlarr.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.prowlarr.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.prowlarr.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
flaresolverr:
|
||||||
|
container_name: flaresolverr
|
||||||
|
image: ghcr.io/flaresolverr/flaresolverr:latest
|
||||||
|
environment:
|
||||||
|
- LOG_LEVEL=info
|
||||||
|
- LOG_HTML=false
|
||||||
|
- CAPTCHA_SOLVER=none
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
|
||||||
|
bazarr:
|
||||||
|
container_name: bazarr
|
||||||
|
image: lscr.io/linuxserver/bazarr
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/bazarr:/config
|
||||||
|
- /mnt/movies/movies:/movies
|
||||||
|
- /mnt/movies/series:/tv
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.bazarr.rule=Host(`bazarr.bhasher.com`)"
|
||||||
|
- "traefik.http.services.bazarr.loadbalancer.server.port=6767"
|
||||||
|
- "traefik.http.routers.bazarr.tls=true"
|
||||||
|
- "traefik.http.routers.bazarr.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.bazarr.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.bazarr.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
mediaserver:
|
||||||
|
external:
|
||||||
|
external: true
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
services:
|
||||||
|
pihole:
|
||||||
|
container_name: pihole
|
||||||
|
image: cbcrowe/pihole-unbound:latest
|
||||||
|
ports:
|
||||||
|
- 53:53/tcp
|
||||||
|
- 53:53/udp
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- WEBPASSWORD=
|
||||||
|
- WEBTHEME=default-dark
|
||||||
|
- REV_SERVER=false
|
||||||
|
- PIHOLE_DNS_=127.0.0.1#5335
|
||||||
|
- DNSSEC=true
|
||||||
|
- DNSMASQ_LISTENING=all
|
||||||
|
- FTLCONF_LOCAL_IPV4=192.168.1.220
|
||||||
|
- FTLCONF_RATE_LIMIT=0/0
|
||||||
|
- FTL_CMD=debug
|
||||||
|
- DNSMASQ_USER=root
|
||||||
|
volumes:
|
||||||
|
- $DATA/pihole/config:/etc/pihole
|
||||||
|
- $DATA/pihole/dnsmasq.d:/etc/dnsmasq.d
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.pihole.rule=Host(`pihole.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.pihole.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.pihole.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.pihole.tls=true"
|
||||||
|
- "traefik.http.routers.pihole.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.pihole.middlewares=pihole-strip,authelia@docker"
|
||||||
|
- "traefik.http.middlewares.pihole-strip.addprefix.prefix=/admin"
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,73 @@
|
||||||
|
services:
|
||||||
|
hass:
|
||||||
|
container_name: hass
|
||||||
|
image: ghcr.io/home-assistant/home-assistant:stable
|
||||||
|
volumes:
|
||||||
|
- $DATA/hass:/config
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
networks:
|
||||||
|
- smarthome
|
||||||
|
- external
|
||||||
|
restart: on-failure
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.hass.rule=Host(`hass.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.hass.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.hass.loadbalancer.server.port=8123"
|
||||||
|
- "traefik.http.routers.hass.tls=true"
|
||||||
|
- "traefik.http.routers.hass.tls.certresolver=http"
|
||||||
|
|
||||||
|
mosquitto:
|
||||||
|
container_name: mosquitto
|
||||||
|
image: eclipse-mosquitto:latest
|
||||||
|
volumes:
|
||||||
|
- $CONFIG/smarthome/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro
|
||||||
|
- $DATA/mosquitto/data:/mosquitto/data
|
||||||
|
- $DATA/mosquitto/passwordfile:/mosquitto/passwordfile
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
ports:
|
||||||
|
- 1883:1883
|
||||||
|
- 9001:9001
|
||||||
|
networks:
|
||||||
|
- smarthome
|
||||||
|
- external
|
||||||
|
restart: on-failure
|
||||||
|
|
||||||
|
zigbee2mqtt:
|
||||||
|
container_name: zigbee2mqtt
|
||||||
|
restart: unless-stopped
|
||||||
|
image: koenkk/zigbee2mqtt:latest
|
||||||
|
volumes:
|
||||||
|
- $DATA/zigbee2mqtt:/app/data
|
||||||
|
- /run/udev:/run/udev:ro
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
devices:
|
||||||
|
- /dev/ttyACM0:/dev/ttyACM0
|
||||||
|
networks:
|
||||||
|
- smarthome
|
||||||
|
|
||||||
|
nodered:
|
||||||
|
container_name: nodered
|
||||||
|
restart: on-failure
|
||||||
|
image: nodered/node-red:latest
|
||||||
|
volumes:
|
||||||
|
- $DATA/nodered:/data
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
networks:
|
||||||
|
- smarthome
|
||||||
|
- external
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.nodered.rule=Host(`nodered.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.nodered.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.nodered.loadbalancer.server.port=1880"
|
||||||
|
- "traefik.http.routers.nodered.tls=true"
|
||||||
|
- "traefik.http.routers.nodered.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.nodered.middlewares=authelia@docker"
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
smarthome:
|
||||||
|
external:
|
||||||
|
external: true
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
services:
|
||||||
|
syncthing:
|
||||||
|
container_name: syncthing
|
||||||
|
image: syncthing/syncthing:latest
|
||||||
|
hostname: snode0
|
||||||
|
environment:
|
||||||
|
- PUID=33
|
||||||
|
- PGID=33
|
||||||
|
volumes:
|
||||||
|
- $DATA/syncthing:/var/syncthing:rw
|
||||||
|
- /mnt/syncDocuments:/mnt/SyncDocuments:rw
|
||||||
|
- /mnt/brieuc-pictures:/mnt/pictures:rw
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.syncthing.rule=Host(`syncthing.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.syncthing.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.syncthing.loadbalancer.server.port=8384"
|
||||||
|
- "traefik.http.routers.syncthing.tls=true"
|
||||||
|
- "traefik.http.routers.syncthing.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.syncthing.middlewares=authelia@docker"
|
||||||
|
ports:
|
||||||
|
- 22000:22000/tcp # TCP file transfers
|
||||||
|
- 22000:22000/udp # QUIC file transfers
|
||||||
|
- 21027:21027/udp # Receive local discovery broadcasts
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,14 @@
|
||||||
|
services:
|
||||||
|
tg2:
|
||||||
|
container_name: tg2
|
||||||
|
image: tg2:latest
|
||||||
|
restart: on-failure
|
||||||
|
environment:
|
||||||
|
- TGTG_EMAIL=tgtg.trash@bhasher.com
|
||||||
|
- TELEGRAM_TOKEN=${TELEGRAM_TOKEN}
|
||||||
|
- TELEGRAM_ID=${TELEGRAM_ID}
|
||||||
|
volumes:
|
||||||
|
- $DATA/tg2:/data
|
||||||
|
labels:
|
||||||
|
- "com.centurylinklabs.watchtower.enable=false"
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
services:
|
||||||
|
wireguard:
|
||||||
|
container_name: wireguard
|
||||||
|
image: lscr.io/linuxserver/wireguard:latest
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- $DATA/wireguard:/config
|
||||||
|
- /lib/modules:/lib/modules
|
||||||
|
ports:
|
||||||
|
- 51822:51820/udp
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- SERVERURL=vpn.bhasher.com
|
||||||
|
- SERVERPORT=51822
|
||||||
|
- PEERS=10
|
||||||
|
- PEERDNS=auto
|
||||||
|
- INTERNAL_SUBNET=10.13.14.0
|
||||||
|
- ALLOWEDIPS=0.0.0.0/0
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
- SYS_MODULE
|
||||||
|
sysctls:
|
||||||
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
@ -0,0 +1,14 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Start Borg Backup Container
|
||||||
|
After=docker.service
|
||||||
|
ConditionPathExists=/mnt/borg
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/bin/docker start borg
|
||||||
|
User=pi
|
||||||
|
Group=pi
|
||||||
|
Restart=no
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,9 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Run Borg Backup at 4 a.m. every day
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar=*-*-* 04:00:00
|
||||||
|
Persistent=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
|
@ -0,0 +1,227 @@
|
||||||
|
pageInfo:
|
||||||
|
title: Homelab
|
||||||
|
description: Welcome to bhasher's homelab dashboard!
|
||||||
|
navLinks:
|
||||||
|
- title: GitHub
|
||||||
|
path: https://github.com/BhasherBEL
|
||||||
|
appConfig:
|
||||||
|
theme: one-dark
|
||||||
|
layout: auto
|
||||||
|
iconSize: small
|
||||||
|
language: en
|
||||||
|
statusCheck: true
|
||||||
|
colCount: 8
|
||||||
|
sections:
|
||||||
|
- name: Public services
|
||||||
|
icon: fa-server
|
||||||
|
displayData:
|
||||||
|
sortBy: most-used
|
||||||
|
rows: 1
|
||||||
|
cols: 3
|
||||||
|
collapsed: false
|
||||||
|
hideForGuests: false
|
||||||
|
items:
|
||||||
|
- title: Jellyfin
|
||||||
|
icon: hl-jellyfin
|
||||||
|
url: https://jellyfin.bhasher.com
|
||||||
|
statusCheckUrl: http://jellyfin:8096
|
||||||
|
id: 0_1507_jellyfin
|
||||||
|
- title: Authelia
|
||||||
|
icon: hl-authelia
|
||||||
|
url: https://idp.bhasher.com
|
||||||
|
statusCheckUrl: http://authelia:9091
|
||||||
|
id: 1_1507_authelia
|
||||||
|
- title: Mealie
|
||||||
|
icon: hl-mealie
|
||||||
|
url: https://mealie.bhasher.com
|
||||||
|
statusCheckUrl: http://mealie
|
||||||
|
id: 2_1507_mealie
|
||||||
|
- title: Baikal
|
||||||
|
icon: hl-baikal
|
||||||
|
url: https://baikal.bxl.bhasher.com
|
||||||
|
statusCheckUrl: http://baikal
|
||||||
|
id: 3_1507_baikal
|
||||||
|
- title: Element web
|
||||||
|
icon: hl-element
|
||||||
|
url: https://element.bhasher.com
|
||||||
|
statusCheckUrl: http://matrix-riot
|
||||||
|
id: 4_1507_elementweb
|
||||||
|
- title: Shlink
|
||||||
|
icon: hl-shlink
|
||||||
|
url: https://shlink.bhasher.com
|
||||||
|
statusCheckUrl: https://shlink_ui
|
||||||
|
id: 5_1507_shlink
|
||||||
|
- name: Private services
|
||||||
|
displayData:
|
||||||
|
sortBy: most-used
|
||||||
|
rows: 1
|
||||||
|
cols: 3
|
||||||
|
collapsed: false
|
||||||
|
hideForGuests: false
|
||||||
|
items:
|
||||||
|
- title: Bazarr
|
||||||
|
icon: hl-bazarr
|
||||||
|
url: https://bazarr.bhasher.com
|
||||||
|
statusCheckUrl: http://bazarr:6767
|
||||||
|
id: 0_1631_bazarr
|
||||||
|
- title: Radarr
|
||||||
|
icon: hl-radarr
|
||||||
|
url: https://radarr.bhasher.com
|
||||||
|
statusCheckUrl: http://radarr:7878
|
||||||
|
id: 1_1631_radarr
|
||||||
|
- title: Sonarr
|
||||||
|
icon: hl-sonarr
|
||||||
|
url: https://sonarr.bhasher.com
|
||||||
|
statusCheckUrl: http://sonarr:8989
|
||||||
|
id: 2_1631_sonarr
|
||||||
|
- title: Lidarr
|
||||||
|
icon: hl-lidarr
|
||||||
|
url: https://lidarr.bhasher.com
|
||||||
|
statusCheckUrl: http://lidarr:8686
|
||||||
|
id: 3_1631_lidarr
|
||||||
|
- title: Transmission
|
||||||
|
icon: hl-transmission
|
||||||
|
url: https://transmission.bhasher.com
|
||||||
|
statusCheckUrl: http://transmission:9091
|
||||||
|
id: 4_1631_transmission
|
||||||
|
- title: Prowlarr
|
||||||
|
icon: hl-prowlarr
|
||||||
|
url: https://prowlarr.bhasher.com
|
||||||
|
statusCheckUrl: http://prowlarr:9696
|
||||||
|
id: 5_1631_prowlarr
|
||||||
|
- title: Grafana
|
||||||
|
icon: hl-grafana
|
||||||
|
url: https://grafana.bhasher.com
|
||||||
|
statusCheckUrl: http://grafana:3000
|
||||||
|
id: 6_1631_grafana
|
||||||
|
- title: Portainer
|
||||||
|
icon: hl-portainer
|
||||||
|
url: https://portainer.bxl.bhasher.com
|
||||||
|
statusCheckUrl: http://portainer:9000
|
||||||
|
id: 7_1631_portainer
|
||||||
|
- title: InvoiceNinja
|
||||||
|
icon: hl-invoiceninja
|
||||||
|
url: https://invoice.bhasher.com
|
||||||
|
statusCheckUrl: http://invoicenginx
|
||||||
|
id: 8_1631_invoiceninja
|
||||||
|
- title: Dashboard
|
||||||
|
icon: hl-dashy
|
||||||
|
url: https://hub.bhasher.com
|
||||||
|
statusCheckUrl: http://dashy
|
||||||
|
id: 9_1631_dashboard
|
||||||
|
- title: Syncthing
|
||||||
|
icon: hl-syncthing
|
||||||
|
url: https://syncthing.bhasher.com
|
||||||
|
statusCheckUrl: http://syncthing:8384
|
||||||
|
id: 10_1631_syncthing
|
||||||
|
- title: Portainer (VPS)
|
||||||
|
icon: hl-portainer
|
||||||
|
url: https://portainer.vps.bhasher.com
|
||||||
|
id: 11_1631_portainervps
|
||||||
|
- title: Portainer (LLN)
|
||||||
|
icon: hl-portainer
|
||||||
|
url: https://portainer.lln.bhasher.com
|
||||||
|
id: 12_1631_portainerlln
|
||||||
|
- title: Home assistant
|
||||||
|
icon: hl-home-assistant
|
||||||
|
url: https://hass.bhasher.com
|
||||||
|
statusCheckUrl: http://hass:8123
|
||||||
|
id: 13_1631_homeassistant
|
||||||
|
- title: Node-red
|
||||||
|
icon: hl-node-red
|
||||||
|
url: https://nodered.bhasher.com
|
||||||
|
statusCheckUrl: http://nodered:1880
|
||||||
|
id: 14_1631_nodered
|
||||||
|
- title: Planka
|
||||||
|
icon: hl-planka
|
||||||
|
url: https://planka.bhasher.com
|
||||||
|
statusCheckUrl: http://planka:1337
|
||||||
|
id: 15_1631_planka
|
||||||
|
- name: System services
|
||||||
|
displayData:
|
||||||
|
sortBy: most-used
|
||||||
|
rows: 1
|
||||||
|
cols: 2
|
||||||
|
collapsed: false
|
||||||
|
hideForGuests: false
|
||||||
|
items:
|
||||||
|
- title: Prometeus
|
||||||
|
icon: hl-prometheus
|
||||||
|
url: https://prometheus.bhasher.com
|
||||||
|
statusCheckUrl: http://prometheus:9090
|
||||||
|
id: 0_1545_prometeus
|
||||||
|
- title: Traefik
|
||||||
|
icon: hl-traefik
|
||||||
|
url: https://traefik.bhasher.com
|
||||||
|
statusCheckUrl: http://traefik:8080
|
||||||
|
id: 1_1545_traefik
|
||||||
|
- title: User manager
|
||||||
|
icon: hl-phpldapadmin
|
||||||
|
url: https://lum.bhasher.com
|
||||||
|
statusCheckUrl: http://ldapusermanager
|
||||||
|
id: 2_1545_usermanager
|
||||||
|
- title: Mikrotik router
|
||||||
|
icon: hl-mikrotik
|
||||||
|
url: http://192.168.1.1:8080/
|
||||||
|
id: 3_1545_mikrotikrouter
|
||||||
|
- name: Real life survey
|
||||||
|
widgets:
|
||||||
|
- type: clock
|
||||||
|
options:
|
||||||
|
timezone: Europe/Brussels
|
||||||
|
format: fr-FR
|
||||||
|
hideDate: false
|
||||||
|
id: 0_1554_clock
|
||||||
|
- type: public-holidays
|
||||||
|
options:
|
||||||
|
country: BE
|
||||||
|
holidayType: all
|
||||||
|
monthsToShow: 4
|
||||||
|
lang: fr
|
||||||
|
id: 1_1554_publicholidays
|
||||||
|
displayData:
|
||||||
|
sortBy: default
|
||||||
|
rows: 1
|
||||||
|
cols: 2
|
||||||
|
collapsed: false
|
||||||
|
hideForGuests: false
|
||||||
|
- name: Online survey
|
||||||
|
displayData:
|
||||||
|
sortBy: default
|
||||||
|
rows: 1
|
||||||
|
cols: 2
|
||||||
|
collapsed: false
|
||||||
|
hideForGuests: false
|
||||||
|
widgets:
|
||||||
|
- type: public-ip
|
||||||
|
id: 0_1331_publicip
|
||||||
|
- type: github-profile-stats
|
||||||
|
options:
|
||||||
|
username: BhasherBEL
|
||||||
|
hideLanguagesCard: true
|
||||||
|
id: 1_1331_githubprofilestats
|
||||||
|
- type: crypto-watch-list
|
||||||
|
options:
|
||||||
|
currency: USD
|
||||||
|
sortBy: marketCap
|
||||||
|
assets:
|
||||||
|
- bitcoin
|
||||||
|
- ethereum
|
||||||
|
id: 2_1331_cryptowatchlist
|
||||||
|
- name: Random
|
||||||
|
widgets:
|
||||||
|
- type: joke
|
||||||
|
options:
|
||||||
|
language: en
|
||||||
|
category: all
|
||||||
|
id: 0_609_joke
|
||||||
|
- type: xkcd-comic
|
||||||
|
options:
|
||||||
|
comic: random
|
||||||
|
id: 1_609_xkcdcomic
|
||||||
|
displayData:
|
||||||
|
sortBy: default
|
||||||
|
rows: 1
|
||||||
|
cols: 4
|
||||||
|
collapsed: false
|
||||||
|
hideForGuests: false
|
|
@ -0,0 +1,167 @@
|
||||||
|
default_redirection_url: https://hub.bhasher.com
|
||||||
|
theme: dark
|
||||||
|
|
||||||
|
server:
|
||||||
|
host: 0.0.0.0
|
||||||
|
port: 9091
|
||||||
|
|
||||||
|
log:
|
||||||
|
level: info
|
||||||
|
|
||||||
|
totp:
|
||||||
|
disable: false
|
||||||
|
issuer: idp.bhasher.com
|
||||||
|
algorithm: sha256
|
||||||
|
digits: 6
|
||||||
|
period: 30
|
||||||
|
skew: 1
|
||||||
|
secret_size: 32
|
||||||
|
|
||||||
|
ntp:
|
||||||
|
disable_startup_check: true
|
||||||
|
|
||||||
|
authentication_backend:
|
||||||
|
password_reset:
|
||||||
|
disable: false
|
||||||
|
refresh_interval: 5m
|
||||||
|
ldap:
|
||||||
|
user: cn=readonly,dc=bhasher,dc=com
|
||||||
|
implementation: custom
|
||||||
|
url: ldap://openldap
|
||||||
|
timeout: 5s
|
||||||
|
start_tls: false
|
||||||
|
base_dn: DC=bhasher,DC=com
|
||||||
|
username_attribute: uid
|
||||||
|
additional_users_dn: ou=users
|
||||||
|
users_filter: (&({username_attribute}={input})(objectClass=inetOrgPerson))
|
||||||
|
additional_groups_dn: ou=groups
|
||||||
|
groups_filter: (&(uniqueMember={dn})(objectClass=groupOfUniqueNames))
|
||||||
|
group_name_attribute: cn
|
||||||
|
mail_attribute: mail
|
||||||
|
display_name_attribute: cn
|
||||||
|
permit_referrals: false
|
||||||
|
|
||||||
|
access_control:
|
||||||
|
default_policy: deny
|
||||||
|
rules:
|
||||||
|
- domain: 'radarr.bhasher.com'
|
||||||
|
policy: one_factor
|
||||||
|
subject:
|
||||||
|
- "group:mediaserver"
|
||||||
|
- domain: 'sonarr.bhasher.com'
|
||||||
|
policy: one_factor
|
||||||
|
subject:
|
||||||
|
- "group:mediaserver"
|
||||||
|
- domain: 'jellyfin.bhasher.com'
|
||||||
|
policy: one_factor
|
||||||
|
subject:
|
||||||
|
- "group:mediaserver"
|
||||||
|
- domain: 'lum.bhasher.com'
|
||||||
|
policy: two_factor
|
||||||
|
subject:
|
||||||
|
- "group:admin"
|
||||||
|
- domain: '*.bhasher.com'
|
||||||
|
policy: one_factor
|
||||||
|
subject:
|
||||||
|
- "group:admin"
|
||||||
|
|
||||||
|
session:
|
||||||
|
name: auth_session
|
||||||
|
domain: bhasher.com
|
||||||
|
same_site: lax
|
||||||
|
expiration: 1d
|
||||||
|
inactivity: 3h
|
||||||
|
remember_me_duration: 1w
|
||||||
|
redis:
|
||||||
|
host: redis
|
||||||
|
port: 6379
|
||||||
|
|
||||||
|
regulation:
|
||||||
|
max_retries: 3
|
||||||
|
find_time: 1m
|
||||||
|
ban_time: 5m
|
||||||
|
|
||||||
|
storage:
|
||||||
|
# local:
|
||||||
|
# path: /data/db.sqlite3
|
||||||
|
postgres:
|
||||||
|
host: postgres
|
||||||
|
port: 5432
|
||||||
|
database: authelia
|
||||||
|
schema: public
|
||||||
|
username: postgres
|
||||||
|
|
||||||
|
notifier:
|
||||||
|
smtp:
|
||||||
|
host: bdubois.io
|
||||||
|
port: 587
|
||||||
|
sender: no-reply@bhasher.com
|
||||||
|
|
||||||
|
password_policy:
|
||||||
|
standard:
|
||||||
|
enabled: true
|
||||||
|
min_length: 8
|
||||||
|
max_length: 0
|
||||||
|
require_uppercase: false
|
||||||
|
require_lowercase: false
|
||||||
|
require_number: false
|
||||||
|
require_special: false
|
||||||
|
|
||||||
|
telemetry:
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
address: "tcp://0.0.0.0:9959"
|
||||||
|
buffers:
|
||||||
|
read: 4096
|
||||||
|
write: 4096
|
||||||
|
timeouts:
|
||||||
|
read: 6s
|
||||||
|
write: 6s
|
||||||
|
idle: 30s
|
||||||
|
|
||||||
|
|
||||||
|
identity_providers:
|
||||||
|
oidc:
|
||||||
|
enforce_pkce: public_clients_only
|
||||||
|
clients:
|
||||||
|
- id: grafana
|
||||||
|
description: Grafana
|
||||||
|
secret: '$argon2id$v=19$m=65536,t=3,p=4$dQfNyInvlh1Lgw3JXi7G6A$M/WaNpHJkAyaQcXIMsOTl0+gBWGPPVBoCm7NpEQfTpI'
|
||||||
|
public: false
|
||||||
|
authorization_policy: one_factor
|
||||||
|
redirect_uris:
|
||||||
|
- https://grafana.bhasher.com/login/generic_oauth
|
||||||
|
consent_mode: implicit
|
||||||
|
scopes:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- groups
|
||||||
|
- email
|
||||||
|
userinfo_signing_algorithm: none
|
||||||
|
- id: matrix_synapse
|
||||||
|
description: Matrix Synapse
|
||||||
|
secret: '$argon2id$v=19$m=65536,t=3,p=4$Z+6HONrjDp54s+MhXuq1cA$bjc5tMGD3gR6AaBYIDx3S2mz/UfPv6a0n1Vf3q2Ifik'
|
||||||
|
public: false
|
||||||
|
authorization_policy: one_factor
|
||||||
|
redirect_uris:
|
||||||
|
- https://matrix.bhasher.com/_synapse/client/oidc/callback
|
||||||
|
consent_mode: implicit
|
||||||
|
scopes:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- email
|
||||||
|
userinfo_signing_algorithm: none
|
||||||
|
- id: portainer
|
||||||
|
description: Portainer
|
||||||
|
secret: '$argon2id$v=19$m=65536,t=3,p=4$7bqhx/sMH6Hes4ggVwpEPg$uue9QyGkROpAihkGpbDV6YjKCJlZVXj1JBkJfyLj2MI'
|
||||||
|
public: false
|
||||||
|
authorization_policy: two_factor
|
||||||
|
redirect_uris:
|
||||||
|
- https://portainer.bxl.bhasher.com
|
||||||
|
consent_mode: implicit
|
||||||
|
scopes:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- groups
|
||||||
|
- email
|
||||||
|
userinfo_signing_algorithm: none
|
|
@ -0,0 +1,28 @@
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
client_max_body_size 100M;
|
||||||
|
|
||||||
|
root /var/www/app/public/;
|
||||||
|
index index.php;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.php?$query_string;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /favicon.ico { access_log off; log_not_found off; }
|
||||||
|
location = /robots.txt { access_log off; log_not_found off; }
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_pass invoiceninja:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_intercept_errors off;
|
||||||
|
fastcgi_buffer_size 16k;
|
||||||
|
fastcgi_buffers 4 16k;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
devices:
|
||||||
|
- name: router
|
||||||
|
address: 192.168.1.1
|
||||||
|
username: prometheus
|
||||||
|
password: ck1Jm25pcgW4IbnrHa3VCkxVR5H19fbO
|
||||||
|
features:
|
||||||
|
bgp: true #
|
||||||
|
dhcp: true
|
||||||
|
dhcpv6: true #
|
||||||
|
dhcpl: true
|
||||||
|
dhcp_leases: true
|
||||||
|
routes: true #
|
||||||
|
pools: true #
|
||||||
|
optics: true #
|
||||||
|
wlansta: true
|
||||||
|
wlanif: true
|
||||||
|
ipsec: true #
|
||||||
|
ipsec-peers: true #
|
||||||
|
monitor: true
|
||||||
|
health: true
|
||||||
|
conntrack: true
|
||||||
|
pool: true #
|
||||||
|
resource: true
|
||||||
|
|
||||||
|
features:
|
||||||
|
bgp: true #
|
||||||
|
dhcp: true
|
||||||
|
dhcpv6: true #
|
||||||
|
dhcpl: true
|
||||||
|
dhcp_leases: true
|
||||||
|
routes: true #
|
||||||
|
pools: true #
|
||||||
|
optics: true #
|
||||||
|
wlansta: true
|
||||||
|
wlanif: true
|
||||||
|
ipsec: true #
|
||||||
|
ipsec-peers: true #
|
||||||
|
monitor: true
|
||||||
|
health: true
|
||||||
|
conntrack: true
|
||||||
|
pool: true #
|
||||||
|
resource: true
|
|
@ -0,0 +1,40 @@
|
||||||
|
global:
|
||||||
|
scrape_interval: 60s # By default, scrape targets every 15 seconds.
|
||||||
|
|
||||||
|
# Attach these labels to any time series or alerts when communicating with
|
||||||
|
# external systems (federation, remote storage, Alertmanager).
|
||||||
|
external_labels:
|
||||||
|
monitor: 'monitor'
|
||||||
|
|
||||||
|
# A scrape configuration containing exactly one endpoint to scrape:
|
||||||
|
# Here it's Prometheus itself.
|
||||||
|
scrape_configs:
|
||||||
|
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
|
||||||
|
- job_name: 'prometheus'
|
||||||
|
static_configs:
|
||||||
|
- targets: ['localhost:9090']
|
||||||
|
|
||||||
|
- job_name: "Docker Job"
|
||||||
|
static_configs:
|
||||||
|
- targets: ["host.docker.internal:9323"]
|
||||||
|
|
||||||
|
- job_name: 'cadvisor'
|
||||||
|
static_configs:
|
||||||
|
- targets: ['cadvisor:8080']
|
||||||
|
|
||||||
|
- job_name: 'node-exporter'
|
||||||
|
static_configs:
|
||||||
|
- targets: ['node-exporter:9100']
|
||||||
|
|
||||||
|
- job_name: 'treafik'
|
||||||
|
static_configs:
|
||||||
|
- targets: ['traefik:8080']
|
||||||
|
|
||||||
|
- job_name: 'authelia'
|
||||||
|
static_configs:
|
||||||
|
- targets: ['authelia:9959']
|
||||||
|
|
||||||
|
- job_name: 'mikrotik'
|
||||||
|
static_configs:
|
||||||
|
- targets: ['mikrotik:9436']
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
"default_server_config": {
|
||||||
|
"m.homeserver": {
|
||||||
|
"base_url": "https://matrix.bhasher.com"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
listener 1883
|
||||||
|
allow_anonymous false
|
||||||
|
password_file /mosquitto/passwordfile
|
|
@ -0,0 +1,5 @@
|
||||||
|
cd ~/homelab/bxl-shp
|
||||||
|
cmd=$(find . -type f \( -name "docker-compose.*.yaml" \) | awk '{printf "-f %s \0", $0}' | xargs -0 -I{} echo "docker compose {} --env-file .env up -d")
|
||||||
|
echo $cmd
|
||||||
|
eval $cmd
|
||||||
|
# -name "docker-compose.yaml" -o
|
|
@ -0,0 +1,99 @@
|
||||||
|
services:
|
||||||
|
openldap:
|
||||||
|
container_name: openldap
|
||||||
|
image: osixia/openldap:1.5.0
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- LDAP_ADMIN_USERNAME=admin
|
||||||
|
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
||||||
|
- LDAP_READONLY_USER=true
|
||||||
|
- LDAP_READONLY_USER_USERNAME=readonly
|
||||||
|
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_PASSWORD}
|
||||||
|
- LDAP_DOMAIN=bhasher.com
|
||||||
|
- LDAP_ORGANISATION=Bhasher
|
||||||
|
- LDAP_RFC2307BIS_SCHEMA=true
|
||||||
|
- LDAP_TLS=false
|
||||||
|
volumes:
|
||||||
|
- $DATA/openldap/ldap:/var/lib/ldap
|
||||||
|
- $DATA/openldap/slapd.d:/etc/ldap/slapd.d
|
||||||
|
networks:
|
||||||
|
- auth
|
||||||
|
|
||||||
|
ldapusermanager:
|
||||||
|
container_name: ldapusermanager
|
||||||
|
image: wheelybird/ldap-user-manager:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- LDAP_URI=ldap://openldap
|
||||||
|
- LDAP_BASE_DN=dc=bhasher,dc=com
|
||||||
|
- LDAP_ADMIN_BIND_DN=cn=admin,dc=bhasher,dc=com
|
||||||
|
- LDAP_ADMINS_GROUP=admin
|
||||||
|
- SERVER_HOSTNAME=lum.bhasher.com
|
||||||
|
- NO_HTTPS=true
|
||||||
|
- ORGANISATION_NAME=Bhasher
|
||||||
|
- LDAP_REQUIRE_STARTTLS=false
|
||||||
|
- FORCE_RFC2307BIS=true
|
||||||
|
- SHOW_POSIX_ATTRIBUTES=false
|
||||||
|
- LDAP_ADMIN_BIND_PWD=${LDAP_ADMIN_PASSWORD}
|
||||||
|
- LDAP_USER_OU=users
|
||||||
|
- LDAP_GROUP_OU=groups
|
||||||
|
- LDAP_ACCOUNT_ATTRIBUTE=uid
|
||||||
|
- LDAP_GROUP_ATTRIBUTE=cn
|
||||||
|
- USERNAME_FORMAT={first_name}.{last_name}
|
||||||
|
- ENFORCE_SAFE_SYSTEM_NAMES=false
|
||||||
|
- PASSWORD_HASH=SHA512CRYPT
|
||||||
|
- ACCEPT_WEAK_PASSWORDS=false
|
||||||
|
- LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=jpegPhoto^:Profile picture,sshpubkey^+:SSH public key
|
||||||
|
#- REMOTE_HTTP_HEADERS_LOGIN=true
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.lum.rule=Host(`lum.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.lum.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.lum.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.lum.tls=true"
|
||||||
|
- "traefik.http.routers.lum.tls.certresolver=http"
|
||||||
|
#- "traefik.http.routers.lum.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- auth
|
||||||
|
- external
|
||||||
|
|
||||||
|
authelia:
|
||||||
|
container_name: authelia
|
||||||
|
image: authelia/authelia:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD=${LDAP_READONLY_PASSWORD}
|
||||||
|
- AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET}
|
||||||
|
- AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET}
|
||||||
|
- AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_ENCRYPTION_KEY}
|
||||||
|
- AUTHELIA_STORAGE_POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||||
|
- AUTHELIA_NOTIFIER_SMTP_PASSWORD=${SMTP_PASSWORD}
|
||||||
|
- AUTHELIA_NOTIFIER_SMTP_USERNAME=${SMTP_USER}
|
||||||
|
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE=/secrets/oidc_certificate.pem
|
||||||
|
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET=${AUTHELIA_OIDC_HMAC}
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.authelia.rule=Host(`idp.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.authelia.entrypoints=internalsecure,externalsecure"
|
||||||
|
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
|
||||||
|
- "traefik.http.routers.authelia.tls=true"
|
||||||
|
- "traefik.http.routers.authelia.tls.certresolver=http"
|
||||||
|
- 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fidp.bhasher.com%2F'
|
||||||
|
- 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
|
||||||
|
- 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
|
||||||
|
volumes:
|
||||||
|
- $CONFIG/idp/authelia.configuration.yaml:/config/configuration.yml:ro
|
||||||
|
- $DATA/authelia:/secrets:ro
|
||||||
|
networks:
|
||||||
|
- auth
|
||||||
|
- storage
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
auth:
|
||||||
|
name: auth
|
||||||
|
external:
|
||||||
|
external: true
|
||||||
|
storage:
|
||||||
|
external: true
|
|
@ -0,0 +1,19 @@
|
||||||
|
services:
|
||||||
|
borg:
|
||||||
|
container_name: borg
|
||||||
|
image: pschiffe/borg
|
||||||
|
volumes:
|
||||||
|
- /mnt/borg:/borg/repo
|
||||||
|
- $DATA/borg/config:/root
|
||||||
|
- $DATA:/borg/data/docker-data:ro
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
environment:
|
||||||
|
- BORG_REPO=/borg/repo
|
||||||
|
- BORG_PASSPHRASE=${BORG_PASSPHRASE}
|
||||||
|
- BACKUP_DIRS=/borg/data
|
||||||
|
- COMPRESSION=lz4
|
||||||
|
- PRUNE=1
|
||||||
|
restart: "no"
|
||||||
|
profiles:
|
||||||
|
- dnr
|
||||||
|
|
|
@ -0,0 +1,134 @@
|
||||||
|
services:
|
||||||
|
prometheus:
|
||||||
|
container_name: prometheus
|
||||||
|
image: prom/prometheus:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
user: root
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.prom.rule=Host(`prometheus.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.prom.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.prom.loadbalancer.server.port=9090"
|
||||||
|
- "traefik.http.routers.prom.tls=true"
|
||||||
|
- "traefik.http.routers.prom.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.prom.middlewares=authelia@docker"
|
||||||
|
extra_hosts:
|
||||||
|
- "host.docker.internal:host-gateway"
|
||||||
|
volumes:
|
||||||
|
- $CONFIG/monitoring/prometheus.yaml:/etc/prometheus/prometheus.yml:ro
|
||||||
|
- $DATA/monitoring/prometheus:/prometheus
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
networks:
|
||||||
|
- monitoring
|
||||||
|
- external
|
||||||
|
|
||||||
|
grafana:
|
||||||
|
container_name: grafana
|
||||||
|
image: grafana/grafana
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.grafana.rule=Host(`grafana.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.grafana.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
||||||
|
- "traefik.http.routers.grafana.tls=true"
|
||||||
|
- "traefik.http.routers.grafana.tls.certresolver=http"
|
||||||
|
environment:
|
||||||
|
- GF_SERVER_ROOT_URL=https://grafana.bhasher.com
|
||||||
|
- GF_SMTP_ENABLED=true
|
||||||
|
- GF_SMTP_HOST=bdubois.io:465
|
||||||
|
- GF_SMTP_USER=${SMTP_USER}
|
||||||
|
- GF_SMTP_PASSWORD=${SMTP_PASSWORD}
|
||||||
|
- GF_SMTP_FROM_ADDRESS=grafana@bhasher.com
|
||||||
|
- GF_AUTH_LOGIN_DISABLE_LOGIN_FORM=true
|
||||||
|
- GF_AUTH_DISABLE_SIGNOUT_MENU=true
|
||||||
|
- GF_AUTH_OAUTH_AUTO_LOGIN=true
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_ICON=signin
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_NAME=Authelia
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_OAUTH}
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email groups
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES=false
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://idp.bhasher.com/api/oidc/authorization
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://idp.bhasher.com/api/oidc/token
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_API_URL=https://idp.bhasher.com/api/oidc/userinfo
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_GROUPS_ATTRIBUTE_PATH=groups
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_USE_PKCE=false
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(roles[*], 'admin') && 'Admin' || 'Viewer'
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_GROUPS_PATH=groups
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_ALLOWED_GROUPS=admin
|
||||||
|
volumes:
|
||||||
|
- $DATA/monitoring/grafana:/var/lib/grafana
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
- monitoring
|
||||||
|
|
||||||
|
cadvisor:
|
||||||
|
container_name: cadvisor
|
||||||
|
image: gcr.io/cadvisor/cadvisor:v0.47.0 #v0.47.1
|
||||||
|
volumes:
|
||||||
|
- /:/rootfs:ro
|
||||||
|
- /var/run:/var/run:rw
|
||||||
|
- /sys:/sys:ro
|
||||||
|
- /var/lib/docker/:/var/lib/docker:ro
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
restart: always
|
||||||
|
command:
|
||||||
|
- "--housekeeping_interval=60s"
|
||||||
|
- "--docker_only=true"
|
||||||
|
- "--store_container_labels=false"
|
||||||
|
- "--disable_metrics=percpu,sched,tcp,udp,disk,diskIO,hugetlb,referenced_memory,cpu_topology,resctrl"
|
||||||
|
networks:
|
||||||
|
- monitoring
|
||||||
|
healthcheck:
|
||||||
|
test: wget --quiet --tries=1 --spider http://localhost:8080/healthz || exit 1
|
||||||
|
interval: 15s
|
||||||
|
timeout: 15s
|
||||||
|
retries: 5
|
||||||
|
start_period: 30s
|
||||||
|
|
||||||
|
node-exporter:
|
||||||
|
container_name: node-exporter
|
||||||
|
image: quay.io/prometheus/node-exporter:latest
|
||||||
|
volumes:
|
||||||
|
- /proc:/host/proc:ro
|
||||||
|
- /sys:/host/sys:ro
|
||||||
|
- /:/rootfs:ro
|
||||||
|
- /:/host:ro,rslave
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
command:
|
||||||
|
- '--path.rootfs=/host'
|
||||||
|
- '--path.procfs=/host/proc'
|
||||||
|
- '--path.sysfs=/host/sys'
|
||||||
|
- '--collector.filesystem.ignored-mount-points'
|
||||||
|
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- monitoring
|
||||||
|
|
||||||
|
mikrotik:
|
||||||
|
container_name: mikrotik
|
||||||
|
image: ogi4i/mikrotik-exporter:latest
|
||||||
|
#image: nshttpd/mikrotik-exporter-linux-arm64:1.0.12-DEVEL
|
||||||
|
command:
|
||||||
|
- -config-file
|
||||||
|
- /config.yaml
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- CONFIG_FILE=/config.yaml
|
||||||
|
volumes:
|
||||||
|
- $CONFIG/monitoring/mikrotik.yaml:/config.yaml:ro
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
networks:
|
||||||
|
- monitoring
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
monitoring:
|
||||||
|
name: monitoring
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,23 @@
|
||||||
|
services:
|
||||||
|
portainer:
|
||||||
|
container_name: portainer
|
||||||
|
image: portainer/portainer-ce:latest
|
||||||
|
ports:
|
||||||
|
- "9443:9443"
|
||||||
|
volumes:
|
||||||
|
- $DATA/portainer:/data:rw
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.portainer.rule=Host(`portainer.bxl.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure"
|
||||||
|
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
|
||||||
|
- "traefik.http.routers.portainer.tls=true"
|
||||||
|
- "traefik.http.routers.portainer.tls.certresolver=http"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,35 @@
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
container_name: postgres
|
||||||
|
image: postgres:15
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- POSTGRES_USER=postgres
|
||||||
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||||
|
volumes:
|
||||||
|
- $DATA/postgres:/var/lib/postgresql/data
|
||||||
|
networks:
|
||||||
|
- storage
|
||||||
|
|
||||||
|
redis:
|
||||||
|
container_name: redis
|
||||||
|
image: redis:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- storage
|
||||||
|
|
||||||
|
mariadb:
|
||||||
|
container_name: mariadb
|
||||||
|
image: mariadb:latest
|
||||||
|
restart: on-failure
|
||||||
|
environment:
|
||||||
|
- MARIADB_ROOT_PASSWORD=${MARIADB_ROOT}
|
||||||
|
volumes:
|
||||||
|
- $DATA/mariadb:/var/lib/mysql:rw
|
||||||
|
networks:
|
||||||
|
- storage
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
storage:
|
||||||
|
name: storage
|
|
@ -0,0 +1,57 @@
|
||||||
|
services:
|
||||||
|
traefik:
|
||||||
|
container_name: traefik
|
||||||
|
image: traefik:v2.9
|
||||||
|
command:
|
||||||
|
- "--api.insecure=true"
|
||||||
|
- "--providers.docker=true"
|
||||||
|
- "--providers.docker.exposedbydefault=false"
|
||||||
|
- "--providers.docker.network=external"
|
||||||
|
- "--entrypoints.internal.address=:80"
|
||||||
|
- "--entrypoints.internalsecure.address=:443"
|
||||||
|
- "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure"
|
||||||
|
- "--entrypoints.internal.http.redirections.entryPoint.scheme=https"
|
||||||
|
- "--entrypoints.internal.http.redirections.entryPoint.permanent=true"
|
||||||
|
- "--certificatesresolvers.http.acme.httpchallenge=true"
|
||||||
|
- "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external"
|
||||||
|
- "--certificatesresolvers.http.acme.email=acme@bhasher.com"
|
||||||
|
- "--certificatesresolvers.http.acme.storage=acme.json"
|
||||||
|
- "--entrypoints.external.address=:81"
|
||||||
|
- "--entrypoints.externalsecure.address=:444"
|
||||||
|
- "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"
|
||||||
|
- "--entrypoints.external.http.redirections.entryPoint.scheme=https"
|
||||||
|
- "--entrypoints.external.http.redirections.entryPoint.permanent=true"
|
||||||
|
#- "--log.level=DEBUG"
|
||||||
|
- "--metrics.prometheus=true"
|
||||||
|
- "--api.dashboard=true"
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
- "81:81"
|
||||||
|
- "444:444"
|
||||||
|
#- "8080:8080"
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
- type: bind
|
||||||
|
source: $DATA/traefik/acme.json
|
||||||
|
target: /acme.json
|
||||||
|
- type: bind
|
||||||
|
source: $DATA/traefik/rules.toml
|
||||||
|
target: /rules.toml
|
||||||
|
restart: always
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.traefik.rule=Host(`traefik.bhasher.com`)"
|
||||||
|
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
|
||||||
|
- "traefik.http.routers.traefik.tls=true"
|
||||||
|
- "traefik.http.routers.traefik.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.traefik.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.traefik.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
name: external
|
|
@ -0,0 +1,32 @@
|
||||||
|
services:
|
||||||
|
watchtower:
|
||||||
|
container_name: watchtower
|
||||||
|
image: containrrr/watchtower
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
command:
|
||||||
|
- "--cleanup"
|
||||||
|
- "--schedule=0 0 3 * * SAT"
|
||||||
|
- "--label-enable"
|
||||||
|
#- "--monitor-only"
|
||||||
|
- "--http-api-metrics=true"
|
||||||
|
- "--http-api-token=watchtower"
|
||||||
|
#- "--run-once=true"
|
||||||
|
# emails notification
|
||||||
|
- "--notifications=email"
|
||||||
|
- "--notifications-level=trace"
|
||||||
|
- "--notification-email-from=watchtower.noreply@bhasher.com"
|
||||||
|
- "--notification-email-to=watchtower.homelab@bhasher.com"
|
||||||
|
- "--notification-email-server=bdubois.io"
|
||||||
|
- "--notification-email-server-port=465"
|
||||||
|
- "--notification-email-server-user=${SMTP_USER}"
|
||||||
|
- "--notification-email-server-password=${SMTP_PASSWORD}"
|
||||||
|
networks:
|
||||||
|
- monitoring
|
||||||
|
labels:
|
||||||
|
- "com.centurylinklabs.watchtower.enable=false"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
monitoring:
|
||||||
|
external: true
|
Loading…
Reference in New Issue