From 4792e4eb5df9ef4140b26b2f9d701799bbc31772 Mon Sep 17 00:00:00 2001
From: BhasherBEL <github.it@bhasher.com>
Date: Sun, 2 Apr 2023 22:26:01 +0200
Subject: [PATCH] Bxl-rpi stack

---
 bxl-rpi/docker-compose.yaml | 101 ++++++++++++++++++++++++++++++++++++
 1 file changed, 101 insertions(+)
 create mode 100644 bxl-rpi/docker-compose.yaml

diff --git a/bxl-rpi/docker-compose.yaml b/bxl-rpi/docker-compose.yaml
new file mode 100644
index 0000000..aa10959
--- /dev/null
+++ b/bxl-rpi/docker-compose.yaml
@@ -0,0 +1,101 @@
+version: '3.7'
+
+services:
+  traefik:
+    container_name: traefik
+    image: traefik:v2.9
+    command:
+    #- "--api.insecure=true"
+    - "--providers.docker=true"
+    - "--providers.docker.exposedbydefault=false"
+    - "--providers.docker.network=external"
+    - "--entrypoints.internal.address=:80"
+    - "--entrypoints.internalsecure.address=:443"
+    - "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure"
+    - "--entrypoints.internal.http.redirections.entryPoint.scheme=https"
+    - "--entrypoints.internal.http.redirections.entryPoint.permanent=true"
+    - "--certificatesresolvers.http.acme.httpchallenge=true"
+    - "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external"
+    - "--certificatesresolvers.http.acme.email=acme@bhasher.com"
+    - "--certificatesresolvers.http.acme.storage=acme.json"
+    - "--entrypoints.external.address=:81"
+    - "--entrypoints.externalsecure.address=:444"
+    - "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"
+    - "--entrypoints.external.http.redirections.entryPoint.scheme=https"
+    - "--entrypoints.external.http.redirections.entryPoint.permanent=true"
+    - "--log.level=DEBUG"
+    environment:
+    - TZ=Europe/Paris
+    ports:
+    - "80:80"
+    - "443:443"
+    - "81:81"
+    - "444:444"
+    #- "8080:8080"
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock:ro
+    - type: bind
+      source: /home/pi/data/traefik/acme.json
+      target: /acme.json
+    - type: bind
+      source: /home/pi/data/traefik/rules.toml
+      target: /rules.toml
+    restart: always
+
+  portainer:
+    container_name: portainer
+    image: portainer/portainer-ce:latest
+    #command: -H tcp://tasks.agent:9001 --tlsskipverify
+    ports:
+    - "9443:9443"
+    volumes:
+    - /home/pi/data/portainer:/data:rw
+    - /var/run/docker.sock:/var/run/docker.sock
+    labels:
+    - "traefik.enable=true"
+    - "traefik.http.routers.portainer.rule=Host(`portainer.bxl.bhasher.com`)"
+    - "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure"
+    - "traefik.http.services.portainer.loadbalancer.server.port=9000"
+    - "traefik.http.routers.portainer.tls=true"
+    - "traefik.http.routers.portainer.tls.certresolver=http"
+    restart: always
+
+  matrix-synapse:
+    container_name: matrix-synapse
+    image: matrixdotorg/synapse:latest
+    restart: unless-stopped
+    environment:
+    - SYNAPSE_SERVER_NAME=matrix.bhasher.com
+    - SYNAPSE_REPORT_STATS=no
+    volumes:
+    - /home/pi/data/matrix/synapse:/data:rw
+    labels:
+    - "traefik.enable=true"
+    - "traefik.http.routers.matrix-synapse.rule=Host(`matrix.bhasher.com`)"
+    - "traefik.http.routers.matrix-synapse.tls=true"
+    - "traefik.http.routers.matrix-synapse.tls.certresolver=http"
+    - "traefik.http.routers.matrix-synapse.entrypoints=internalsecure,externalsecure"
+    - "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"
+
+  wireguard:
+    container_name: wireguard
+    image: lscr.io/linuxserver/wireguard:latest
+    restart: always
+    volumes:
+    - /home/pi/data/wireguard:/config
+    - /lib/modules:/lib/modules
+    ports:
+    - 51821:51820/udp
+    environment:
+    - TZ=Europe/Paris
+    - SERVERURL=vpn.bhasher.com
+    - SERVERPORT=51821
+    - PEERS=5
+    - PEERDNS=auto
+    - INTERNAL_SUBNET=10.13.14.0
+    - ALLOWEDIPS=0.0.0.0/0
+    cap_add:
+    - NET_ADMIN
+    - SYS_MODULE
+    sysctls:
+    - net.ipv4.conf.all.src_valid_mark=1