Split docker compose
This commit is contained in:
parent
e42ab413b8
commit
6033bebef3
|
@ -0,0 +1,23 @@
|
||||||
|
services:
|
||||||
|
baikal:
|
||||||
|
container_name: baikal
|
||||||
|
image: ckulka/baikal:nginx
|
||||||
|
restart: on-failure
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
volumes:
|
||||||
|
- $DATA/baikal/config:/var/www/baikal/config
|
||||||
|
- $DATA/baikal/data:/var/www/baikal/Specific
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.baikal.rule=Host(`baikal.bxl.bhasher.com`)"
|
||||||
|
- "traefik.http.services.baikal.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.baikal.tls=true"
|
||||||
|
- "traefik.http.routers.baikal.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.baikal.entrypoints=internalsecure,externalsecure"
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,39 @@
|
||||||
|
services:
|
||||||
|
matrix-synapse:
|
||||||
|
container_name: matrix-synapse
|
||||||
|
image: matrixdotorg/synapse:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- SYNAPSE_SERVER_NAME=matrix.bhasher.com
|
||||||
|
- SYNAPSE_REPORT_STATS=no
|
||||||
|
volumes:
|
||||||
|
- $DATA/matrix/synapse:/data:rw
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.matrix-synapse.rule=Host(`matrix.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.matrix-synapse.tls=true"
|
||||||
|
- "traefik.http.routers.matrix-synapse.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.matrix-synapse.entrypoints=internalsecure,externalsecure"
|
||||||
|
- "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
matrix-riot:
|
||||||
|
container_name: matrix-element
|
||||||
|
image: ghcr.io/bubuntux/element-web
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- $CONFIG/riot/config.json:/etc/element-web/config.json:ro
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.matrix-riot.rule=Host(`element.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.matrix-riot.tls=true"
|
||||||
|
- "traefik.http.routers.matrix-riot.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.matrix-riot.entrypoints=internalsecure,externalsecure"
|
||||||
|
- "traefik.http.services.matrix-riot.loadbalancer.server.port=80"
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,188 @@
|
||||||
|
services:
|
||||||
|
jellyfin:
|
||||||
|
container_name: jellyfin
|
||||||
|
image: linuxserver/jellyfin:latest
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/jellyfin:/config
|
||||||
|
- /mnt/movies/series:/data/tvshows
|
||||||
|
- /mnt/movies/movies:/data/movies
|
||||||
|
- /mnt/movies/musics:/data/musics
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.jellyfin.entrypoints=internalsecure,externalsecure"
|
||||||
|
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
|
||||||
|
- "traefik.http.routers.jellyfin.tls=true"
|
||||||
|
- "traefik.http.routers.jellyfin.tls.certresolver=http"
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
radarr:
|
||||||
|
container_name: radarr
|
||||||
|
image: lscr.io/linuxserver/radarr:latest
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/radarr:/config
|
||||||
|
- /mnt/movies/movies:/movies
|
||||||
|
- /mnt/movies/tmp:/downloads
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.radarr.rule=Host(`radarr.bhasher.com`)"
|
||||||
|
- "traefik.http.services.radarr.loadbalancer.server.port=7878"
|
||||||
|
- "traefik.http.routers.radarr.tls=true"
|
||||||
|
- "traefik.http.routers.radarr.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.radarr.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.radarr.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
sonarr:
|
||||||
|
container_name: sonarr
|
||||||
|
image: lscr.io/linuxserver/sonarr:latest
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/sonarr:/config
|
||||||
|
- /mnt/movies/series:/tv
|
||||||
|
- /mnt/movies/tmp:/downloads
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.sonarr.rule=Host(`sonarr.bhasher.com`)"
|
||||||
|
- "traefik.http.services.sonarr.loadbalancer.server.port=8989"
|
||||||
|
- "traefik.http.routers.sonarr.tls=true"
|
||||||
|
- "traefik.http.routers.sonarr.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.sonarr.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.sonarr.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
lidarr:
|
||||||
|
container_name: lidarr
|
||||||
|
image: lscr.io/linuxserver/lidarr:latest
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/lidarr:/config
|
||||||
|
- /mnt/movies/musics:/music
|
||||||
|
- /mnt/movies/tmp:/downloads
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.lidarr.rule=Host(`lidarr.bhasher.com`)"
|
||||||
|
- "traefik.http.services.lidarr.loadbalancer.server.port=8686"
|
||||||
|
- "traefik.http.routers.lidarr.tls=true"
|
||||||
|
- "traefik.http.routers.lidarr.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.lidarr.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.lidarr.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
transmission:
|
||||||
|
container_name: transmission
|
||||||
|
image: lscr.io/linuxserver/transmission:latest
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/transmission:/config
|
||||||
|
- /mnt/movies/tmp:/downloads
|
||||||
|
- /mnt/movies/torrents:/watch
|
||||||
|
ports:
|
||||||
|
- 51413:51413/tcp
|
||||||
|
- 51413:51413/udp
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.transmission.rule=Host(`transmission.bhasher.com`)"
|
||||||
|
- "traefik.http.services.transmission.loadbalancer.server.port=9091"
|
||||||
|
- "traefik.http.routers.transmission.tls=true"
|
||||||
|
- "traefik.http.routers.transmission.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.transmission.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.transmission.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
jackett:
|
||||||
|
container_name: jackett
|
||||||
|
image: lscr.io/linuxserver/jackett:latest
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- AUTO_UPDATE=true
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/jackett:/config
|
||||||
|
- /mnt/movies/torrents:/downloads
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.jackett.rule=Host(`jackett.bhasher.com`)"
|
||||||
|
- "traefik.http.services.jackett.loadbalancer.server.port=9117"
|
||||||
|
- "traefik.http.routers.jackett.tls=true"
|
||||||
|
- "traefik.http.routers.jackett.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.jackett.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.jackett.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
flaresolverr:
|
||||||
|
container_name: flaresolverr
|
||||||
|
image: ghcr.io/flaresolverr/flaresolverr:latest
|
||||||
|
environment:
|
||||||
|
- LOG_LEVEL=info
|
||||||
|
- LOG_HTML=false
|
||||||
|
- CAPTCHA_SOLVER=none
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
|
||||||
|
bazarr:
|
||||||
|
container_name: bazarr
|
||||||
|
image: lscr.io/linuxserver/bazarr
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
volumes:
|
||||||
|
- $DATA/mediaserver/bazarr:/config
|
||||||
|
- /mnt/movies/movies:/movies
|
||||||
|
- /mnt/movies/series:/tv
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.bazarr.rule=Host(`bazarr.bhasher.com`)"
|
||||||
|
- "traefik.http.services.bazarr.loadbalancer.server.port=6767"
|
||||||
|
- "traefik.http.routers.bazarr.tls=true"
|
||||||
|
- "traefik.http.routers.bazarr.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.bazarr.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.routers.bazarr.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- mediaserver
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
mediaserver:
|
||||||
|
external:
|
||||||
|
external: true
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
services:
|
||||||
|
pihole:
|
||||||
|
container_name: pihole
|
||||||
|
image: cbcrowe/pihole-unbound:latest
|
||||||
|
ports:
|
||||||
|
- 53:53/tcp
|
||||||
|
- 53:53/udp
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- WEBPASSWORD=
|
||||||
|
- WEBTHEME=default-dark
|
||||||
|
- REV_SERVER=false
|
||||||
|
- PIHOLE_DNS_=127.0.0.1#5335
|
||||||
|
- DNSSEC=true
|
||||||
|
- DNSMASQ_LISTENING=all
|
||||||
|
- FTLCONF_LOCAL_IPV4=192.168.1.220
|
||||||
|
- FTLCONF_RATE_LIMIT=0/0
|
||||||
|
- FTL_CMD=debug
|
||||||
|
- DNSMASQ_USER=root
|
||||||
|
volumes:
|
||||||
|
- $DATA/pihole/config:/etc/pihole
|
||||||
|
- $DATA/pihole/dnsmasq.d:/etc/dnsmasq.d
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.pihole.rule=Host(`pihole.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.pihole.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.pihole.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.pihole.tls=true"
|
||||||
|
- "traefik.http.routers.pihole.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.pihole.middlewares=pihole-strip,authelia@docker"
|
||||||
|
- "traefik.http.middlewares.pihole-strip.addprefix.prefix=/admin"
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,31 @@
|
||||||
|
services:
|
||||||
|
syncthing:
|
||||||
|
container_name: syncthing
|
||||||
|
image: syncthing/syncthing:latest
|
||||||
|
hostname: snode0
|
||||||
|
environment:
|
||||||
|
- PUID=33
|
||||||
|
- PGID=33
|
||||||
|
volumes:
|
||||||
|
- $DATA/syncthing:/var/syncthing:rw
|
||||||
|
- /mnt/syncDocuments:/mnt/SyncDocuments:rw
|
||||||
|
- /mnt/brieuc-pictures:/mnt/pictures:rw
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.syncthing.rule=Host(`syncthing.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.syncthing.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.syncthing.loadbalancer.server.port=8384"
|
||||||
|
- "traefik.http.routers.syncthing.tls=true"
|
||||||
|
- "traefik.http.routers.syncthing.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.syncthing.middlewares=authelia@docker"
|
||||||
|
ports:
|
||||||
|
- 22000:22000/tcp # TCP file transfers
|
||||||
|
- 22000:22000/udp # QUIC file transfers
|
||||||
|
- 21027:21027/udp # Receive local discovery broadcasts
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,23 @@
|
||||||
|
services:
|
||||||
|
wireguard:
|
||||||
|
container_name: wireguard
|
||||||
|
image: lscr.io/linuxserver/wireguard:latest
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- $DATA/wireguard:/config
|
||||||
|
- /lib/modules:/lib/modules
|
||||||
|
ports:
|
||||||
|
- 51821:51820/udp
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- SERVERURL=vpn.bhasher.com
|
||||||
|
- SERVERPORT=51821
|
||||||
|
- PEERS=5
|
||||||
|
- PEERDNS=auto
|
||||||
|
- INTERNAL_SUBNET=10.13.14.0
|
||||||
|
- ALLOWEDIPS=0.0.0.0/0
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
- SYS_MODULE
|
||||||
|
sysctls:
|
||||||
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
@ -0,0 +1,5 @@
|
||||||
|
cd ~/homelab/bxl-rpi
|
||||||
|
cmd=$(find . -type f \( -name "docker-compose.*.yaml" \) | awk '{printf "-f %s \0", $0}' | xargs -0 -I{} echo "docker compose {} --env-file .env up -d")
|
||||||
|
echo $cmd
|
||||||
|
eval $cmd
|
||||||
|
# -name "docker-compose.yaml" -o
|
|
@ -1,556 +0,0 @@
|
||||||
services:
|
|
||||||
traefik:
|
|
||||||
container_name: traefik
|
|
||||||
image: traefik:v2.9
|
|
||||||
command:
|
|
||||||
- "--api.insecure=true"
|
|
||||||
- "--providers.docker=true"
|
|
||||||
- "--providers.docker.exposedbydefault=false"
|
|
||||||
- "--providers.docker.network=external"
|
|
||||||
- "--entrypoints.internal.address=:80"
|
|
||||||
- "--entrypoints.internalsecure.address=:443"
|
|
||||||
- "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure"
|
|
||||||
- "--entrypoints.internal.http.redirections.entryPoint.scheme=https"
|
|
||||||
- "--entrypoints.internal.http.redirections.entryPoint.permanent=true"
|
|
||||||
- "--certificatesresolvers.http.acme.httpchallenge=true"
|
|
||||||
- "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external"
|
|
||||||
- "--certificatesresolvers.http.acme.email=acme@bhasher.com"
|
|
||||||
- "--certificatesresolvers.http.acme.storage=acme.json"
|
|
||||||
- "--entrypoints.external.address=:81"
|
|
||||||
- "--entrypoints.externalsecure.address=:444"
|
|
||||||
- "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"
|
|
||||||
- "--entrypoints.external.http.redirections.entryPoint.scheme=https"
|
|
||||||
- "--entrypoints.external.http.redirections.entryPoint.permanent=true"
|
|
||||||
#- "--log.level=DEBUG"
|
|
||||||
- "--metrics.prometheus=true"
|
|
||||||
environment:
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
ports:
|
|
||||||
- "80:80"
|
|
||||||
- "443:443"
|
|
||||||
- "81:81"
|
|
||||||
- "444:444"
|
|
||||||
#- "8080:8080"
|
|
||||||
volumes:
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
- type: bind
|
|
||||||
source: $DATA/traefik/acme.json
|
|
||||||
target: /acme.json
|
|
||||||
- type: bind
|
|
||||||
source: $DATA/traefik/rules.toml
|
|
||||||
target: /rules.toml
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
portainer:
|
|
||||||
container_name: portainer
|
|
||||||
image: portainer/portainer-ce:latest
|
|
||||||
#command: -H tcp://tasks.agent:9001 --tlsskipverify
|
|
||||||
ports:
|
|
||||||
- "9443:9443"
|
|
||||||
volumes:
|
|
||||||
- $DATA/portainer:/data:rw
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.portainer.rule=Host(`portainer.bxl.bhasher.com`)"
|
|
||||||
- "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure"
|
|
||||||
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
|
|
||||||
- "traefik.http.routers.portainer.tls=true"
|
|
||||||
- "traefik.http.routers.portainer.tls.certresolver=http"
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
matrix-synapse:
|
|
||||||
container_name: matrix-synapse
|
|
||||||
image: matrixdotorg/synapse:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- SYNAPSE_SERVER_NAME=matrix.bhasher.com
|
|
||||||
- SYNAPSE_REPORT_STATS=no
|
|
||||||
volumes:
|
|
||||||
- $DATA/matrix/synapse:/data:rw
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.matrix-synapse.rule=Host(`matrix.bhasher.com`)"
|
|
||||||
- "traefik.http.routers.matrix-synapse.tls=true"
|
|
||||||
- "traefik.http.routers.matrix-synapse.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.matrix-synapse.entrypoints=internalsecure,externalsecure"
|
|
||||||
- "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"
|
|
||||||
|
|
||||||
wireguard:
|
|
||||||
container_name: wireguard
|
|
||||||
image: lscr.io/linuxserver/wireguard:latest
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- $DATA/wireguard:/config
|
|
||||||
- /lib/modules:/lib/modules
|
|
||||||
ports:
|
|
||||||
- 51821:51820/udp
|
|
||||||
environment:
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
- SERVERURL=vpn.bhasher.com
|
|
||||||
- SERVERPORT=51821
|
|
||||||
- PEERS=5
|
|
||||||
- PEERDNS=auto
|
|
||||||
- INTERNAL_SUBNET=10.13.14.0
|
|
||||||
- ALLOWEDIPS=0.0.0.0/0
|
|
||||||
cap_add:
|
|
||||||
- NET_ADMIN
|
|
||||||
- SYS_MODULE
|
|
||||||
sysctls:
|
|
||||||
- net.ipv4.conf.all.src_valid_mark=1
|
|
||||||
|
|
||||||
matrix-riot:
|
|
||||||
container_name: matrix-element
|
|
||||||
image: ghcr.io/bubuntux/element-web
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- ./config/riot/config.json:/etc/element-web/config.json:ro
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.matrix-riot.rule=Host(`element.bhasher.com`)"
|
|
||||||
- "traefik.http.routers.matrix-riot.tls=true"
|
|
||||||
- "traefik.http.routers.matrix-riot.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.matrix-riot.entrypoints=internalsecure,externalsecure"
|
|
||||||
- "traefik.http.services.matrix-riot.loadbalancer.server.port=80"
|
|
||||||
|
|
||||||
prom_monitoring:
|
|
||||||
container_name: prom_monitoring
|
|
||||||
image: prom/prometheus:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.prom.rule=Host(`prometheus.bhasher.com`)"
|
|
||||||
- "traefik.http.routers.prom.entrypoints=internalsecure"
|
|
||||||
- "traefik.http.services.prom.loadbalancer.server.port=9090"
|
|
||||||
- "traefik.http.routers.prom.tls=true"
|
|
||||||
- "traefik.http.routers.prom.tls.certresolver=http"
|
|
||||||
extra_hosts:
|
|
||||||
- "host.docker.internal:host-gateway"
|
|
||||||
volumes:
|
|
||||||
- ./config/monitoring/prometheus.yaml:/etc/prometheus/prometheus.yml:ro
|
|
||||||
- $DATA/monitoring/prometheus:/prometheus
|
|
||||||
|
|
||||||
grafana:
|
|
||||||
container_name: grafana
|
|
||||||
image: grafana/grafana
|
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.grafana.rule=Host(`grafana.bhasher.com`)"
|
|
||||||
- "traefik.http.routers.grafana.entrypoints=internalsecure"
|
|
||||||
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
|
||||||
- "traefik.http.routers.grafana.tls=true"
|
|
||||||
- "traefik.http.routers.grafana.tls.certresolver=http"
|
|
||||||
environment:
|
|
||||||
- GF_SERVER_ROOT_URL=https://grafana.bhasher.com
|
|
||||||
- GF_SMTP_ENABLED=true
|
|
||||||
- GF_SMTP_HOST=bdubois.io:465
|
|
||||||
- GF_SMTP_USER=${SMTP_USER}
|
|
||||||
- GF_SMTP_PASSWORD=${SMTP_PASSWORD}
|
|
||||||
- GF_SMTP_FROM_ADDRESS=grafana@bhasher.com
|
|
||||||
- GF_AUTH_LOGIN_DISABLE_LOGIN_FORM=true
|
|
||||||
- GF_AUTH_DISABLE_SIGNOUT_MENU=true
|
|
||||||
- GF_AUTH_OAUTH_AUTO_LOGIN=true
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_ICON=signin
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_NAME=Authelia
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_OAUTH}
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email groups
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES=false
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://idp.bhasher.com/api/oidc/authorization
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://idp.bhasher.com/api/oidc/token
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_API_URL=https://idp.bhasher.com/api/oidc/userinfo
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_GROUPS_ATTRIBUTE_PATH=groups
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_USE_PKCE=false
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(roles[*], 'admin') && 'Admin' || 'Viewer'
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_GROUPS_PATH=groups
|
|
||||||
- GF_AUTH_GENERIC_OAUTH_ALLOWED_GROUPS=admin
|
|
||||||
volumes:
|
|
||||||
- $DATA/monitoring/grafana:/var/lib/grafana
|
|
||||||
|
|
||||||
cadvisor:
|
|
||||||
container_name: cadvisor
|
|
||||||
image: gcr.io/cadvisor/cadvisor:v0.47.1
|
|
||||||
volumes:
|
|
||||||
- /:/rootfs:ro
|
|
||||||
- /var/run:/var/run:rw
|
|
||||||
- /sys:/sys:ro
|
|
||||||
- /var/lib/docker/:/var/lib/docker:ro
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
node-exporter:
|
|
||||||
container_name: node-exporter
|
|
||||||
image: quay.io/prometheus/node-exporter:latest
|
|
||||||
volumes:
|
|
||||||
- /proc:/host/proc:ro
|
|
||||||
- /sys:/host/sys:ro
|
|
||||||
- /:/rootfs:ro
|
|
||||||
- /:/host:ro,rslave
|
|
||||||
command:
|
|
||||||
- '--path.rootfs=/host'
|
|
||||||
- '--path.procfs=/host/proc'
|
|
||||||
- '--path.sysfs=/host/sys'
|
|
||||||
- --collector.filesystem.ignored-mount-points
|
|
||||||
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
jellyfin:
|
|
||||||
container_name: jellyfin
|
|
||||||
image: linuxserver/jellyfin:latest
|
|
||||||
volumes:
|
|
||||||
- $DATA/mediaserver/jellyfin:/config
|
|
||||||
- /mnt/movies/series:/data/tvshows
|
|
||||||
- /mnt/movies/movies:/data/movies
|
|
||||||
- /mnt/movies/musics:/data/musics
|
|
||||||
environment:
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.bhasher.com`)"
|
|
||||||
- "traefik.http.routers.jellyfin.entrypoints=internalsecure,externalsecure"
|
|
||||||
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
|
|
||||||
- "traefik.http.routers.jellyfin.tls=true"
|
|
||||||
- "traefik.http.routers.jellyfin.tls.certresolver=http"
|
|
||||||
|
|
||||||
radarr:
|
|
||||||
container_name: radarr
|
|
||||||
image: lscr.io/linuxserver/radarr:latest
|
|
||||||
environment:
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
volumes:
|
|
||||||
- $DATA/mediaserver/radarr:/config
|
|
||||||
- /mnt/movies/movies:/movies
|
|
||||||
- /mnt/movies/tmp:/downloads
|
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.radarr.rule=Host(`radarr.bhasher.com`)"
|
|
||||||
- "traefik.http.services.radarr.loadbalancer.server.port=7878"
|
|
||||||
- "traefik.http.routers.radarr.tls=true"
|
|
||||||
- "traefik.http.routers.radarr.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.radarr.entrypoints=internalsecure"
|
|
||||||
- "traefik.http.routers.radarr.middlewares=authelia@docker"
|
|
||||||
|
|
||||||
sonarr:
|
|
||||||
container_name: sonarr
|
|
||||||
image: lscr.io/linuxserver/sonarr:latest
|
|
||||||
environment:
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
volumes:
|
|
||||||
- $DATA/mediaserver/sonarr:/config
|
|
||||||
- /mnt/movies/series:/tv
|
|
||||||
- /mnt/movies/tmp:/downloads
|
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.sonarr.rule=Host(`sonarr.bhasher.com`)"
|
|
||||||
- "traefik.http.services.sonarr.loadbalancer.server.port=8989"
|
|
||||||
- "traefik.http.routers.sonarr.tls=true"
|
|
||||||
- "traefik.http.routers.sonarr.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.sonarr.entrypoints=internalsecure"
|
|
||||||
- "traefik.http.routers.sonarr.middlewares=authelia@docker"
|
|
||||||
|
|
||||||
lidarr:
|
|
||||||
container_name: lidarr
|
|
||||||
image: lscr.io/linuxserver/lidarr:latest
|
|
||||||
environment:
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
volumes:
|
|
||||||
- $DATA/mediaserver/lidarr:/config
|
|
||||||
- /mnt/movies/musics:/music
|
|
||||||
- /mnt/movies/tmp:/downloads
|
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.lidarr.rule=Host(`lidarr.bhasher.com`)"
|
|
||||||
- "traefik.http.services.lidarr.loadbalancer.server.port=8686"
|
|
||||||
- "traefik.http.routers.lidarr.tls=true"
|
|
||||||
- "traefik.http.routers.lidarr.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.lidarr.entrypoints=internalsecure"
|
|
||||||
- "traefik.http.routers.lidarr.middlewares=authelia@docker"
|
|
||||||
|
|
||||||
transmission:
|
|
||||||
container_name: transmission
|
|
||||||
image: lscr.io/linuxserver/transmission:latest
|
|
||||||
environment:
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
volumes:
|
|
||||||
- $DATA/mediaserver/transmission:/config
|
|
||||||
- /mnt/movies/tmp:/downloads
|
|
||||||
- /mnt/movies/torrents:/watch
|
|
||||||
ports:
|
|
||||||
- 51413:51413/tcp
|
|
||||||
- 51413:51413/udp
|
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.transmission.rule=Host(`transmission.bhasher.com`)"
|
|
||||||
- "traefik.http.services.transmission.loadbalancer.server.port=9091"
|
|
||||||
- "traefik.http.routers.transmission.tls=true"
|
|
||||||
- "traefik.http.routers.transmission.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.transmission.entrypoints=internalsecure"
|
|
||||||
- "traefik.http.routers.transmission.middlewares=authelia@docker"
|
|
||||||
|
|
||||||
jackett:
|
|
||||||
container_name: jackett
|
|
||||||
image: lscr.io/linuxserver/jackett:latest
|
|
||||||
environment:
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
- AUTO_UPDATE=true
|
|
||||||
volumes:
|
|
||||||
- $DATA/mediaserver/jackett:/config
|
|
||||||
- /mnt/movies/torrents:/downloads
|
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.jackett.rule=Host(`jackett.bhasher.com`)"
|
|
||||||
- "traefik.http.services.jackett.loadbalancer.server.port=9117"
|
|
||||||
- "traefik.http.routers.jackett.tls=true"
|
|
||||||
- "traefik.http.routers.jackett.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.jackett.entrypoints=internalsecure"
|
|
||||||
- "traefik.http.routers.jackett.middlewares=authelia@docker"
|
|
||||||
|
|
||||||
flaresolverr:
|
|
||||||
container_name: flaresolverr
|
|
||||||
image: ghcr.io/flaresolverr/flaresolverr:latest
|
|
||||||
environment:
|
|
||||||
- LOG_LEVEL=info
|
|
||||||
- LOG_HTML=false
|
|
||||||
- CAPTCHA_SOLVER=none
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
restart: unless-stopped
|
|
||||||
|
|
||||||
bazarr:
|
|
||||||
container_name: bazarr
|
|
||||||
image: lscr.io/linuxserver/bazarr
|
|
||||||
environment:
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
volumes:
|
|
||||||
- $DATA/mediaserver/bazarr:/config
|
|
||||||
- /mnt/movies/movies:/movies
|
|
||||||
- /mnt/movies/series:/tv
|
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.bazarr.rule=Host(`bazarr.bhasher.com`)"
|
|
||||||
- "traefik.http.services.bazarr.loadbalancer.server.port=6767"
|
|
||||||
- "traefik.http.routers.bazarr.tls=true"
|
|
||||||
- "traefik.http.routers.bazarr.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.bazarr.entrypoints=internalsecure"
|
|
||||||
- "traefik.http.routers.bazarr.middlewares=authelia@docker"
|
|
||||||
|
|
||||||
baikal:
|
|
||||||
container_name: baikal
|
|
||||||
image: ckulka/baikal:nginx
|
|
||||||
restart: on-failure
|
|
||||||
environment:
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
volumes:
|
|
||||||
- $DATA/baikal/config:/var/www/baikal/config
|
|
||||||
- $DATA/baikal/data:/var/www/baikal/Specific
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.baikal.rule=Host(`baikal.bxl.bhasher.com`)"
|
|
||||||
- "traefik.http.services.baikal.loadbalancer.server.port=80"
|
|
||||||
- "traefik.http.routers.baikal.tls=true"
|
|
||||||
- "traefik.http.routers.baikal.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.baikal.entrypoints=internalsecure,externalsecure"
|
|
||||||
|
|
||||||
borg:
|
|
||||||
container_name: borg
|
|
||||||
image: pschiffe/borg
|
|
||||||
volumes:
|
|
||||||
- /mnt/borg:/borg/repo
|
|
||||||
- $DATA/borg/config:/root
|
|
||||||
- $DATA:/borg/data/docker-data:ro
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
environment:
|
|
||||||
- BORG_REPO=/borg/repo
|
|
||||||
- BORG_PASSPHRASE=${BORG_PASSPHRASE}
|
|
||||||
- BACKUP_DIRS=/borg/data
|
|
||||||
- COMPRESSION=lz4
|
|
||||||
- PRUNE=1
|
|
||||||
restart: 'no'
|
|
||||||
|
|
||||||
cron:
|
|
||||||
container_name: cron-scheduling
|
|
||||||
image: alpine:latest
|
|
||||||
volumes:
|
|
||||||
- ./config/cron:/etc/cron.d:ro
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
command: crond -f
|
|
||||||
restart: unless-stopped
|
|
||||||
|
|
||||||
pihole:
|
|
||||||
container_name: pihole
|
|
||||||
image: cbcrowe/pihole-unbound:latest
|
|
||||||
ports:
|
|
||||||
- 53:53/tcp
|
|
||||||
- 53:53/udp
|
|
||||||
environment:
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
- WEBPASSWORD=
|
|
||||||
- WEBTHEME=default-dark
|
|
||||||
- REV_SERVER=false
|
|
||||||
- PIHOLE_DNS_=127.0.0.1#5335
|
|
||||||
- DNSSEC=true
|
|
||||||
- DNSMASQ_LISTENING=all
|
|
||||||
- FTLCONF_LOCAL_IPV4=192.168.1.220
|
|
||||||
- FTLCONF_RATE_LIMIT=0/0
|
|
||||||
- FTL_CMD=debug
|
|
||||||
- DNSMASQ_USER=root
|
|
||||||
volumes:
|
|
||||||
- $DATA/pihole/config:/etc/pihole
|
|
||||||
- $DATA/pihole/dnsmasq.d:/etc/dnsmasq.d
|
|
||||||
restart: unless-stopped
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.pihole.rule=Host(`pihole.bhasher.com`)"
|
|
||||||
- "traefik.http.routers.pihole.entrypoints=internalsecure"
|
|
||||||
- "traefik.http.services.pihole.loadbalancer.server.port=80"
|
|
||||||
- "traefik.http.routers.pihole.tls=true"
|
|
||||||
- "traefik.http.routers.pihole.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.pihole.middlewares=pihole-strip,authelia@docker"
|
|
||||||
#- "traefik.http.middlewares.pihole-strip.stripprefix.prefixes=/admin"
|
|
||||||
- "traefik.http.middlewares.pihole-strip.addprefix.prefix=/admin"
|
|
||||||
|
|
||||||
postgres:
|
|
||||||
container_name: postgres
|
|
||||||
image: postgres:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- POSTGRES_USER=postgres
|
|
||||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
|
||||||
volumes:
|
|
||||||
- $DATA/postgres:/var/lib/postgresql/data
|
|
||||||
|
|
||||||
redis:
|
|
||||||
container_name: redis
|
|
||||||
image: redis:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
|
|
||||||
openldap:
|
|
||||||
container_name: openldap
|
|
||||||
image: osixia/openldap:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- LDAP_ADMIN_USERNAME=admin
|
|
||||||
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
|
||||||
- LDAP_READONLY_USER=true
|
|
||||||
- LDAP_READONLY_USER_USERNAME=readonly
|
|
||||||
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_PASSWORD}
|
|
||||||
- LDAP_DOMAIN=bhasher.com
|
|
||||||
- LDAP_ORGANISATION=Bhasher
|
|
||||||
- LDAP_RFC2307BIS_SCHEMA=true
|
|
||||||
- LDAP_TLS=false
|
|
||||||
volumes:
|
|
||||||
- $DATA/openldap/ldap:/var/lib/ldap
|
|
||||||
- $DATA/openldap/slapd.d:/etc/ldap/slapd.d
|
|
||||||
|
|
||||||
ldapusermanager:
|
|
||||||
container_name: ldapusermanager
|
|
||||||
image: wheelybird/ldap-user-manager:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- LDAP_URI=ldap://openldap
|
|
||||||
- LDAP_BASE_DN=dc=bhasher,dc=com
|
|
||||||
- LDAP_ADMIN_BIND_DN=cn=admin,dc=bhasher,dc=com
|
|
||||||
- LDAP_ADMINS_GROUP=admin
|
|
||||||
- SERVER_HOSTNAME=lum.bhasher.com
|
|
||||||
- NO_HTTPS=true
|
|
||||||
- ORGANISATION_NAME=Bhasher
|
|
||||||
- LDAP_REQUIRE_STARTTLS=false
|
|
||||||
- FORCE_RFC2307BIS=true
|
|
||||||
- SHOW_POSIX_ATTRIBUTES=false
|
|
||||||
- LDAP_ADMIN_BIND_PWD=${LDAP_ADMIN_PASSWORD}
|
|
||||||
- LDAP_USER_OU=users
|
|
||||||
- LDAP_GROUP_OU=groups
|
|
||||||
- LDAP_ACCOUNT_ATTRIBUTE=uid
|
|
||||||
- LDAP_GROUP_ATTRIBUTE=cn
|
|
||||||
- USERNAME_FORMAT={first_name}.{last_name}
|
|
||||||
- ENFORCE_SAFE_SYSTEM_NAMES=false
|
|
||||||
- PASSWORD_HASH=SHA512CRYPT
|
|
||||||
- ACCEPT_WEAK_PASSWORDS=false
|
|
||||||
- LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=jpegPhoto^:Profile picture,sshpubkey^+:SSH public key
|
|
||||||
- REMOTE_HTTP_HEADERS_LOGIN=true
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.lum.rule=Host(`lum.bhasher.com`)"
|
|
||||||
- "traefik.http.routers.lum.entrypoints=internalsecure"
|
|
||||||
- "traefik.http.services.lum.loadbalancer.server.port=80"
|
|
||||||
- "traefik.http.routers.lum.tls=true"
|
|
||||||
- "traefik.http.routers.lum.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.lum.middlewares=authelia@docker"
|
|
||||||
|
|
||||||
authelia:
|
|
||||||
container_name: authelia
|
|
||||||
image: authelia/authelia:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD=${LDAP_READONLY_PASSWORD}
|
|
||||||
- AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET}
|
|
||||||
- AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET}
|
|
||||||
- AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_ENCRYPTION_KEY}
|
|
||||||
- AUTHELIA_STORAGE_POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
|
||||||
- AUTHELIA_NOTIFIER_SMTP_PASSWORD=${SMTP_PASSWORD}
|
|
||||||
- AUTHELIA_NOTIFIER_SMTP_USERNAME=${SMTP_USER}
|
|
||||||
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE=/secrets/oidc_certificate.pem
|
|
||||||
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET=${AUTHELIA_OIDC_HMAC}
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.authelia.rule=Host(`idp.bhasher.com`)"
|
|
||||||
- "traefik.http.routers.authelia.entrypoints=internalsecure,externalsecure"
|
|
||||||
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
|
|
||||||
- "traefik.http.routers.authelia.tls=true"
|
|
||||||
- "traefik.http.routers.authelia.tls.certresolver=http"
|
|
||||||
- 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fidp.bhasher.com%2F'
|
|
||||||
- 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
|
|
||||||
- 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
|
|
||||||
volumes:
|
|
||||||
- ./config/idp/authelia.configuration.yaml:/config/configuration.yml:ro
|
|
||||||
- $DATA/authelia:/secrets:ro
|
|
||||||
|
|
||||||
syncthing:
|
|
||||||
container_name: syncthing
|
|
||||||
image: syncthing/syncthing:latest
|
|
||||||
hostname: snode0
|
|
||||||
environment:
|
|
||||||
- PUID=33
|
|
||||||
- PGID=33
|
|
||||||
volumes:
|
|
||||||
- $DATA/syncthing:/var/syncthing:rw
|
|
||||||
- /mnt/syncDocuments:/mnt/SyncDocuments:rw
|
|
||||||
- /mnt/brieuc-pictures:/mnt/pictures:rw
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.syncthing.rule=Host(`syncthing.bhasher.com`)"
|
|
||||||
- "traefik.http.routers.syncthing.entrypoints=internalsecure"
|
|
||||||
- "traefik.http.services.syncthing.loadbalancer.server.port=8384"
|
|
||||||
- "traefik.http.routers.syncthing.tls=true"
|
|
||||||
- "traefik.http.routers.syncthing.tls.certresolver=http"
|
|
||||||
- "traefik.http.routers.syncthing.middlewares=authelia@docker"
|
|
||||||
ports:
|
|
||||||
- 22000:22000/tcp # TCP file transfers
|
|
||||||
- 22000:22000/udp # QUIC file transfers
|
|
||||||
- 21027:21027/udp # Receive local discovery broadcasts
|
|
||||||
restart: unless-stopped
|
|
||||||
|
|
|
@ -0,0 +1,99 @@
|
||||||
|
services:
|
||||||
|
openldap:
|
||||||
|
container_name: openldap
|
||||||
|
image: osixia/openldap:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- LDAP_ADMIN_USERNAME=admin
|
||||||
|
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
||||||
|
- LDAP_READONLY_USER=true
|
||||||
|
- LDAP_READONLY_USER_USERNAME=readonly
|
||||||
|
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_PASSWORD}
|
||||||
|
- LDAP_DOMAIN=bhasher.com
|
||||||
|
- LDAP_ORGANISATION=Bhasher
|
||||||
|
- LDAP_RFC2307BIS_SCHEMA=true
|
||||||
|
- LDAP_TLS=false
|
||||||
|
volumes:
|
||||||
|
- $DATA/openldap/ldap:/var/lib/ldap
|
||||||
|
- $DATA/openldap/slapd.d:/etc/ldap/slapd.d
|
||||||
|
networks:
|
||||||
|
- auth
|
||||||
|
|
||||||
|
ldapusermanager:
|
||||||
|
container_name: ldapusermanager
|
||||||
|
image: wheelybird/ldap-user-manager:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- LDAP_URI=ldap://openldap
|
||||||
|
- LDAP_BASE_DN=dc=bhasher,dc=com
|
||||||
|
- LDAP_ADMIN_BIND_DN=cn=admin,dc=bhasher,dc=com
|
||||||
|
- LDAP_ADMINS_GROUP=admin
|
||||||
|
- SERVER_HOSTNAME=lum.bhasher.com
|
||||||
|
- NO_HTTPS=true
|
||||||
|
- ORGANISATION_NAME=Bhasher
|
||||||
|
- LDAP_REQUIRE_STARTTLS=false
|
||||||
|
- FORCE_RFC2307BIS=true
|
||||||
|
- SHOW_POSIX_ATTRIBUTES=false
|
||||||
|
- LDAP_ADMIN_BIND_PWD=${LDAP_ADMIN_PASSWORD}
|
||||||
|
- LDAP_USER_OU=users
|
||||||
|
- LDAP_GROUP_OU=groups
|
||||||
|
- LDAP_ACCOUNT_ATTRIBUTE=uid
|
||||||
|
- LDAP_GROUP_ATTRIBUTE=cn
|
||||||
|
- USERNAME_FORMAT={first_name}.{last_name}
|
||||||
|
- ENFORCE_SAFE_SYSTEM_NAMES=false
|
||||||
|
- PASSWORD_HASH=SHA512CRYPT
|
||||||
|
- ACCEPT_WEAK_PASSWORDS=false
|
||||||
|
- LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=jpegPhoto^:Profile picture,sshpubkey^+:SSH public key
|
||||||
|
- REMOTE_HTTP_HEADERS_LOGIN=true
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.lum.rule=Host(`lum.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.lum.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.lum.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.lum.tls=true"
|
||||||
|
- "traefik.http.routers.lum.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.lum.middlewares=authelia@docker"
|
||||||
|
networks:
|
||||||
|
- auth
|
||||||
|
- external
|
||||||
|
|
||||||
|
authelia:
|
||||||
|
container_name: authelia
|
||||||
|
image: authelia/authelia:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD=${LDAP_READONLY_PASSWORD}
|
||||||
|
- AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET}
|
||||||
|
- AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET}
|
||||||
|
- AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_ENCRYPTION_KEY}
|
||||||
|
- AUTHELIA_STORAGE_POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||||
|
- AUTHELIA_NOTIFIER_SMTP_PASSWORD=${SMTP_PASSWORD}
|
||||||
|
- AUTHELIA_NOTIFIER_SMTP_USERNAME=${SMTP_USER}
|
||||||
|
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE=/secrets/oidc_certificate.pem
|
||||||
|
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET=${AUTHELIA_OIDC_HMAC}
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.authelia.rule=Host(`idp.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.authelia.entrypoints=internalsecure,externalsecure"
|
||||||
|
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
|
||||||
|
- "traefik.http.routers.authelia.tls=true"
|
||||||
|
- "traefik.http.routers.authelia.tls.certresolver=http"
|
||||||
|
- 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fidp.bhasher.com%2F'
|
||||||
|
- 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
|
||||||
|
- 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
|
||||||
|
volumes:
|
||||||
|
- $CONFIG/idp/authelia.configuration.yaml:/config/configuration.yml:ro
|
||||||
|
- $DATA/authelia:/secrets:ro
|
||||||
|
networks:
|
||||||
|
- auth
|
||||||
|
- storage
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
auth:
|
||||||
|
name: auth
|
||||||
|
external:
|
||||||
|
external: true
|
||||||
|
storage:
|
||||||
|
external: true
|
|
@ -0,0 +1,25 @@
|
||||||
|
services:
|
||||||
|
borg:
|
||||||
|
container_name: borg
|
||||||
|
image: pschiffe/borg
|
||||||
|
volumes:
|
||||||
|
- /mnt/borg:/borg/repo
|
||||||
|
- $DATA/borg/config:/root
|
||||||
|
- $DATA:/borg/data/docker-data:ro
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
environment:
|
||||||
|
- BORG_REPO=/borg/repo
|
||||||
|
- BORG_PASSPHRASE=${BORG_PASSPHRASE}
|
||||||
|
- BACKUP_DIRS=/borg/data
|
||||||
|
- COMPRESSION=lz4
|
||||||
|
- PRUNE=1
|
||||||
|
restart: "no"
|
||||||
|
|
||||||
|
cron:
|
||||||
|
container_name: cron-scheduling
|
||||||
|
image: alpine:latest
|
||||||
|
volumes:
|
||||||
|
- ./config/cron:/etc/cron.d:ro
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
command: crond -f
|
||||||
|
restart: unless-stopped
|
|
@ -0,0 +1,101 @@
|
||||||
|
services:
|
||||||
|
prom_monitoring:
|
||||||
|
container_name: prom_monitoring
|
||||||
|
image: prom/prometheus:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.prom.rule=Host(`prometheus.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.prom.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.prom.loadbalancer.server.port=9090"
|
||||||
|
- "traefik.http.routers.prom.tls=true"
|
||||||
|
- "traefik.http.routers.prom.tls.certresolver=http"
|
||||||
|
- "traefik.http.routers.prom.middlewares=authelia@docker"
|
||||||
|
extra_hosts:
|
||||||
|
- "host.docker.internal:host-gateway"
|
||||||
|
volumes:
|
||||||
|
- $CONFIG/monitoring/prometheus.yaml:/etc/prometheus/prometheus.yml:ro
|
||||||
|
- $DATA/monitoring/prometheus:/prometheus
|
||||||
|
networks:
|
||||||
|
- monitoring
|
||||||
|
- external
|
||||||
|
|
||||||
|
grafana:
|
||||||
|
container_name: grafana
|
||||||
|
image: grafana/grafana
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.grafana.rule=Host(`grafana.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.grafana.entrypoints=internalsecure"
|
||||||
|
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
||||||
|
- "traefik.http.routers.grafana.tls=true"
|
||||||
|
- "traefik.http.routers.grafana.tls.certresolver=http"
|
||||||
|
environment:
|
||||||
|
- GF_SERVER_ROOT_URL=https://grafana.bhasher.com
|
||||||
|
- GF_SMTP_ENABLED=true
|
||||||
|
- GF_SMTP_HOST=bdubois.io:465
|
||||||
|
- GF_SMTP_USER=${SMTP_USER}
|
||||||
|
- GF_SMTP_PASSWORD=${SMTP_PASSWORD}
|
||||||
|
- GF_SMTP_FROM_ADDRESS=grafana@bhasher.com
|
||||||
|
- GF_AUTH_LOGIN_DISABLE_LOGIN_FORM=true
|
||||||
|
- GF_AUTH_DISABLE_SIGNOUT_MENU=true
|
||||||
|
- GF_AUTH_OAUTH_AUTO_LOGIN=true
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_ICON=signin
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_NAME=Authelia
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_OAUTH}
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email groups
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES=false
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://idp.bhasher.com/api/oidc/authorization
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://idp.bhasher.com/api/oidc/token
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_API_URL=https://idp.bhasher.com/api/oidc/userinfo
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_GROUPS_ATTRIBUTE_PATH=groups
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_USE_PKCE=false
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(roles[*], 'admin') && 'Admin' || 'Viewer'
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_GROUPS_PATH=groups
|
||||||
|
- GF_AUTH_GENERIC_OAUTH_ALLOWED_GROUPS=admin
|
||||||
|
volumes:
|
||||||
|
- $DATA/monitoring/grafana:/var/lib/grafana
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
- monitoring
|
||||||
|
|
||||||
|
cadvisor:
|
||||||
|
container_name: cadvisor
|
||||||
|
image: gcr.io/cadvisor/cadvisor:v0.47.1
|
||||||
|
volumes:
|
||||||
|
- /:/rootfs:ro
|
||||||
|
- /var/run:/var/run:rw
|
||||||
|
- /sys:/sys:ro
|
||||||
|
- /var/lib/docker/:/var/lib/docker:ro
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- monitoring
|
||||||
|
|
||||||
|
node-exporter:
|
||||||
|
container_name: node-exporter
|
||||||
|
image: quay.io/prometheus/node-exporter:latest
|
||||||
|
volumes:
|
||||||
|
- /proc:/host/proc:ro
|
||||||
|
- /sys:/host/sys:ro
|
||||||
|
- /:/rootfs:ro
|
||||||
|
- /:/host:ro,rslave
|
||||||
|
command:
|
||||||
|
- '--path.rootfs=/host'
|
||||||
|
- '--path.procfs=/host/proc'
|
||||||
|
- '--path.sysfs=/host/sys'
|
||||||
|
- --collector.filesystem.ignored-mount-points
|
||||||
|
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- monitoring
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
monitoring:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,23 @@
|
||||||
|
services:
|
||||||
|
portainer:
|
||||||
|
container_name: portainer
|
||||||
|
image: portainer/portainer-ce:latest
|
||||||
|
ports:
|
||||||
|
- "9443:9443"
|
||||||
|
volumes:
|
||||||
|
- $DATA/portainer:/data:rw
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.portainer.rule=Host(`portainer.bxl.bhasher.com`)"
|
||||||
|
- "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure"
|
||||||
|
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
|
||||||
|
- "traefik.http.routers.portainer.tls=true"
|
||||||
|
- "traefik.http.routers.portainer.tls.certresolver=http"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
external: true
|
|
@ -0,0 +1,23 @@
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
container_name: postgres
|
||||||
|
image: postgres:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- POSTGRES_USER=postgres
|
||||||
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||||
|
volumes:
|
||||||
|
- $DATA/postgres:/var/lib/postgresql/data
|
||||||
|
networks:
|
||||||
|
- storage
|
||||||
|
|
||||||
|
redis:
|
||||||
|
container_name: redis
|
||||||
|
image: redis:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- storage
|
||||||
|
|
||||||
|
networks:
|
||||||
|
storage:
|
||||||
|
name: storage
|
|
@ -0,0 +1,48 @@
|
||||||
|
services:
|
||||||
|
traefik:
|
||||||
|
container_name: traefik
|
||||||
|
image: traefik:v2.9
|
||||||
|
command:
|
||||||
|
- "--api.insecure=true"
|
||||||
|
- "--providers.docker=true"
|
||||||
|
- "--providers.docker.exposedbydefault=false"
|
||||||
|
- "--providers.docker.network=external"
|
||||||
|
- "--entrypoints.internal.address=:80"
|
||||||
|
- "--entrypoints.internalsecure.address=:443"
|
||||||
|
- "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure"
|
||||||
|
- "--entrypoints.internal.http.redirections.entryPoint.scheme=https"
|
||||||
|
- "--entrypoints.internal.http.redirections.entryPoint.permanent=true"
|
||||||
|
- "--certificatesresolvers.http.acme.httpchallenge=true"
|
||||||
|
- "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external"
|
||||||
|
- "--certificatesresolvers.http.acme.email=acme@bhasher.com"
|
||||||
|
- "--certificatesresolvers.http.acme.storage=acme.json"
|
||||||
|
- "--entrypoints.external.address=:81"
|
||||||
|
- "--entrypoints.externalsecure.address=:444"
|
||||||
|
- "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"
|
||||||
|
- "--entrypoints.external.http.redirections.entryPoint.scheme=https"
|
||||||
|
- "--entrypoints.external.http.redirections.entryPoint.permanent=true"
|
||||||
|
#- "--log.level=DEBUG"
|
||||||
|
- "--metrics.prometheus=true"
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
- "81:81"
|
||||||
|
- "444:444"
|
||||||
|
#- "8080:8080"
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
- type: bind
|
||||||
|
source: $DATA/traefik/acme.json
|
||||||
|
target: /acme.json
|
||||||
|
- type: bind
|
||||||
|
source: $DATA/traefik/rules.toml
|
||||||
|
target: /rules.toml
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- external
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external:
|
||||||
|
name: external
|
Loading…
Reference in New Issue