Bhasher/homelab
Bhasher
/
homelab
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Split docker compose

This commit is contained in:
Brieuc Dubois 2023-04-16 18:16:59 +02:00 committed by Bhasher
parent e42ab413b8
commit 6033bebef3
14 changed files with 666 additions and 556 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
bxl-rpi/apps/docker-compose.baikal.yaml Normal file
View File

@ -0,0 +1,23 @@
services:
baikal:
container_name: baikal
image: ckulka/baikal:nginx
restart: on-failure
environment:
- TZ=Europe/Paris
volumes:
- $DATA/baikal/config:/var/www/baikal/config
- $DATA/baikal/data:/var/www/baikal/Specific
labels:
- "traefik.enable=true"
- "traefik.http.routers.baikal.rule=Host(`baikal.bxl.bhasher.com`)"
- "traefik.http.services.baikal.loadbalancer.server.port=80"
- "traefik.http.routers.baikal.tls=true"
- "traefik.http.routers.baikal.tls.certresolver=http"
- "traefik.http.routers.baikal.entrypoints=internalsecure,externalsecure"
networks:
- external
networks:
external:
external: true

39
bxl-rpi/apps/docker-compose.matrix.yaml Normal file
View File

@ -0,0 +1,39 @@
services:
matrix-synapse:
container_name: matrix-synapse
image: matrixdotorg/synapse:latest
restart: unless-stopped
environment:
- SYNAPSE_SERVER_NAME=matrix.bhasher.com
- SYNAPSE_REPORT_STATS=no
volumes:
- $DATA/matrix/synapse:/data:rw
labels:
- "traefik.enable=true"
- "traefik.http.routers.matrix-synapse.rule=Host(`matrix.bhasher.com`)"
- "traefik.http.routers.matrix-synapse.tls=true"
- "traefik.http.routers.matrix-synapse.tls.certresolver=http"
- "traefik.http.routers.matrix-synapse.entrypoints=internalsecure,externalsecure"
- "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"
networks:
- external
matrix-riot:
container_name: matrix-element
image: ghcr.io/bubuntux/element-web
restart: unless-stopped
volumes:
- $CONFIG/riot/config.json:/etc/element-web/config.json:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.matrix-riot.rule=Host(`element.bhasher.com`)"
- "traefik.http.routers.matrix-riot.tls=true"
- "traefik.http.routers.matrix-riot.tls.certresolver=http"
- "traefik.http.routers.matrix-riot.entrypoints=internalsecure,externalsecure"
- "traefik.http.services.matrix-riot.loadbalancer.server.port=80"
networks:
- external
networks:
external:
external: true

188
bxl-rpi/apps/docker-compose.mediaserver.yaml Normal file
View File

@ -0,0 +1,188 @@
services:
jellyfin:
container_name: jellyfin
image: linuxserver/jellyfin:latest
volumes:
- $DATA/mediaserver/jellyfin:/config
- /mnt/movies/series:/data/tvshows
- /mnt/movies/movies:/data/movies
- /mnt/movies/musics:/data/musics
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.bhasher.com`)"
- "traefik.http.routers.jellyfin.entrypoints=internalsecure,externalsecure"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
- "traefik.http.routers.jellyfin.tls=true"
- "traefik.http.routers.jellyfin.tls.certresolver=http"
networks:
- external
radarr:
container_name: radarr
image: lscr.io/linuxserver/radarr:latest
environment:
- TZ=Europe/Paris
- PUID=1000
- PGID=1000
volumes:
- $DATA/mediaserver/radarr:/config
- /mnt/movies/movies:/movies
- /mnt/movies/tmp:/downloads
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.radarr.rule=Host(`radarr.bhasher.com`)"
- "traefik.http.services.radarr.loadbalancer.server.port=7878"
- "traefik.http.routers.radarr.tls=true"
- "traefik.http.routers.radarr.tls.certresolver=http"
- "traefik.http.routers.radarr.entrypoints=internalsecure"
- "traefik.http.routers.radarr.middlewares=authelia@docker"
networks:
- mediaserver
- external
sonarr:
container_name: sonarr
image: lscr.io/linuxserver/sonarr:latest
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
volumes:
- $DATA/mediaserver/sonarr:/config
- /mnt/movies/series:/tv
- /mnt/movies/tmp:/downloads
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.sonarr.rule=Host(`sonarr.bhasher.com`)"
- "traefik.http.services.sonarr.loadbalancer.server.port=8989"
- "traefik.http.routers.sonarr.tls=true"
- "traefik.http.routers.sonarr.tls.certresolver=http"
- "traefik.http.routers.sonarr.entrypoints=internalsecure"
- "traefik.http.routers.sonarr.middlewares=authelia@docker"
networks:
- mediaserver
- external
lidarr:
container_name: lidarr
image: lscr.io/linuxserver/lidarr:latest
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
volumes:
- $DATA/mediaserver/lidarr:/config
- /mnt/movies/musics:/music
- /mnt/movies/tmp:/downloads
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.lidarr.rule=Host(`lidarr.bhasher.com`)"
- "traefik.http.services.lidarr.loadbalancer.server.port=8686"
- "traefik.http.routers.lidarr.tls=true"
- "traefik.http.routers.lidarr.tls.certresolver=http"
- "traefik.http.routers.lidarr.entrypoints=internalsecure"
- "traefik.http.routers.lidarr.middlewares=authelia@docker"
networks:
- mediaserver
- external
transmission:
container_name: transmission
image: lscr.io/linuxserver/transmission:latest
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
volumes:
- $DATA/mediaserver/transmission:/config
- /mnt/movies/tmp:/downloads
- /mnt/movies/torrents:/watch
ports:
- 51413:51413/tcp
- 51413:51413/udp
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.transmission.rule=Host(`transmission.bhasher.com`)"
- "traefik.http.services.transmission.loadbalancer.server.port=9091"
- "traefik.http.routers.transmission.tls=true"
- "traefik.http.routers.transmission.tls.certresolver=http"
- "traefik.http.routers.transmission.entrypoints=internalsecure"
- "traefik.http.routers.transmission.middlewares=authelia@docker"
networks:
- mediaserver
- external
jackett:
container_name: jackett
image: lscr.io/linuxserver/jackett:latest
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
- AUTO_UPDATE=true
volumes:
- $DATA/mediaserver/jackett:/config
- /mnt/movies/torrents:/downloads
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.jackett.rule=Host(`jackett.bhasher.com`)"
- "traefik.http.services.jackett.loadbalancer.server.port=9117"
- "traefik.http.routers.jackett.tls=true"
- "traefik.http.routers.jackett.tls.certresolver=http"
- "traefik.http.routers.jackett.entrypoints=internalsecure"
- "traefik.http.routers.jackett.middlewares=authelia@docker"
networks:
- mediaserver
- external
flaresolverr:
container_name: flaresolverr
image: ghcr.io/flaresolverr/flaresolverr:latest
environment:
- LOG_LEVEL=info
- LOG_HTML=false
- CAPTCHA_SOLVER=none
- TZ=Europe/Paris
restart: unless-stopped
networks:
- mediaserver
bazarr:
container_name: bazarr
image: lscr.io/linuxserver/bazarr
environment:
- TZ=Europe/Paris
- PUID=1000
- PGID=1000
volumes:
- $DATA/mediaserver/bazarr:/config
- /mnt/movies/movies:/movies
- /mnt/movies/series:/tv
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.bazarr.rule=Host(`bazarr.bhasher.com`)"
- "traefik.http.services.bazarr.loadbalancer.server.port=6767"
- "traefik.http.routers.bazarr.tls=true"
- "traefik.http.routers.bazarr.tls.certresolver=http"
- "traefik.http.routers.bazarr.entrypoints=internalsecure"
- "traefik.http.routers.bazarr.middlewares=authelia@docker"
networks:
- mediaserver
- external
networks:
mediaserver:
external:
external: true

38
bxl-rpi/apps/docker-compose.pihole.yaml Normal file
View File

@ -0,0 +1,38 @@
services:
pihole:
container_name: pihole
image: cbcrowe/pihole-unbound:latest
ports:
- 53:53/tcp
- 53:53/udp
environment:
- TZ=Europe/Paris
- WEBPASSWORD=
- WEBTHEME=default-dark
- REV_SERVER=false
- PIHOLE_DNS_=127.0.0.1#5335
- DNSSEC=true
- DNSMASQ_LISTENING=all
- FTLCONF_LOCAL_IPV4=192.168.1.220
- FTLCONF_RATE_LIMIT=0/0
- FTL_CMD=debug
- DNSMASQ_USER=root
volumes:
- $DATA/pihole/config:/etc/pihole
- $DATA/pihole/dnsmasq.d:/etc/dnsmasq.d
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.pihole.rule=Host(`pihole.bhasher.com`)"
- "traefik.http.routers.pihole.entrypoints=internalsecure"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
- "traefik.http.routers.pihole.tls=true"
- "traefik.http.routers.pihole.tls.certresolver=http"
- "traefik.http.routers.pihole.middlewares=pihole-strip,authelia@docker"
- "traefik.http.middlewares.pihole-strip.addprefix.prefix=/admin"
networks:
- external
networks:
external:
external: true

31
bxl-rpi/apps/docker-compose.syncthing.yaml Normal file
View File

@ -0,0 +1,31 @@
services:
syncthing:
container_name: syncthing
image: syncthing/syncthing:latest
hostname: snode0
environment:
- PUID=33
- PGID=33
volumes:
- $DATA/syncthing:/var/syncthing:rw
- /mnt/syncDocuments:/mnt/SyncDocuments:rw
- /mnt/brieuc-pictures:/mnt/pictures:rw
labels:
- "traefik.enable=true"
- "traefik.http.routers.syncthing.rule=Host(`syncthing.bhasher.com`)"
- "traefik.http.routers.syncthing.entrypoints=internalsecure"
- "traefik.http.services.syncthing.loadbalancer.server.port=8384"
- "traefik.http.routers.syncthing.tls=true"
- "traefik.http.routers.syncthing.tls.certresolver=http"
- "traefik.http.routers.syncthing.middlewares=authelia@docker"
ports:
- 22000:22000/tcp # TCP file transfers
- 22000:22000/udp # QUIC file transfers
- 21027:21027/udp # Receive local discovery broadcasts
restart: unless-stopped
networks:
- external
networks:
external:
external: true

23
bxl-rpi/apps/docker-compose.wireguard.yaml Normal file
View File

@ -0,0 +1,23 @@
services:
wireguard:
container_name: wireguard
image: lscr.io/linuxserver/wireguard:latest
restart: always
volumes:
- $DATA/wireguard:/config
- /lib/modules:/lib/modules
ports:
- 51821:51820/udp
environment:
- TZ=Europe/Paris
- SERVERURL=vpn.bhasher.com
- SERVERPORT=51821
- PEERS=5
- PEERDNS=auto
- INTERNAL_SUBNET=10.13.14.0
- ALLOWEDIPS=0.0.0.0/0
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1

5
bxl-rpi/deploy.sh Executable file
View File

@ -0,0 +1,5 @@
cd ~/homelab/bxl-rpi
cmd=$(find . -type f \( -name "docker-compose.*.yaml" \) | awk '{printf "-f %s \0", $0}' | xargs -0 -I{} echo "docker compose {} --env-file .env up -d")
echo $cmd
eval $cmd
# -name "docker-compose.yaml" -o

556
bxl-rpi/docker-compose.yaml
View File

@ -1,556 +0,0 @@
services:
traefik:
container_name: traefik
image: traefik:v2.9
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=external"
- "--entrypoints.internal.address=:80"
- "--entrypoints.internalsecure.address=:443"
- "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure"
- "--entrypoints.internal.http.redirections.entryPoint.scheme=https"
- "--entrypoints.internal.http.redirections.entryPoint.permanent=true"
- "--certificatesresolvers.http.acme.httpchallenge=true"
- "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external"
- "--certificatesresolvers.http.acme.email=acme@bhasher.com"
- "--certificatesresolvers.http.acme.storage=acme.json"
- "--entrypoints.external.address=:81"
- "--entrypoints.externalsecure.address=:444"
- "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"
- "--entrypoints.external.http.redirections.entryPoint.scheme=https"
- "--entrypoints.external.http.redirections.entryPoint.permanent=true"
#- "--log.level=DEBUG"
- "--metrics.prometheus=true"
environment:
- TZ=Europe/Paris
ports:
- "80:80"
- "443:443"
- "81:81"
- "444:444"
#- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- type: bind
source: $DATA/traefik/acme.json
target: /acme.json
- type: bind
source: $DATA/traefik/rules.toml
target: /rules.toml
restart: always
portainer:
container_name: portainer
image: portainer/portainer-ce:latest
#command: -H tcp://tasks.agent:9001 --tlsskipverify
ports:
- "9443:9443"
volumes:
- $DATA/portainer:/data:rw
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.bxl.bhasher.com`)"
- "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.tls=true"
- "traefik.http.routers.portainer.tls.certresolver=http"
restart: always
matrix-synapse:
container_name: matrix-synapse
image: matrixdotorg/synapse:latest
restart: unless-stopped
environment:
- SYNAPSE_SERVER_NAME=matrix.bhasher.com
- SYNAPSE_REPORT_STATS=no
volumes:
- $DATA/matrix/synapse:/data:rw
labels:
- "traefik.enable=true"
- "traefik.http.routers.matrix-synapse.rule=Host(`matrix.bhasher.com`)"
- "traefik.http.routers.matrix-synapse.tls=true"
- "traefik.http.routers.matrix-synapse.tls.certresolver=http"
- "traefik.http.routers.matrix-synapse.entrypoints=internalsecure,externalsecure"
- "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"
wireguard:
container_name: wireguard
image: lscr.io/linuxserver/wireguard:latest
restart: always
volumes:
- $DATA/wireguard:/config
- /lib/modules:/lib/modules
ports:
- 51821:51820/udp
environment:
- TZ=Europe/Paris
- SERVERURL=vpn.bhasher.com
- SERVERPORT=51821
- PEERS=5
- PEERDNS=auto
- INTERNAL_SUBNET=10.13.14.0
- ALLOWEDIPS=0.0.0.0/0
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
matrix-riot:
container_name: matrix-element
image: ghcr.io/bubuntux/element-web
restart: unless-stopped
volumes:
- ./config/riot/config.json:/etc/element-web/config.json:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.matrix-riot.rule=Host(`element.bhasher.com`)"
- "traefik.http.routers.matrix-riot.tls=true"
- "traefik.http.routers.matrix-riot.tls.certresolver=http"
- "traefik.http.routers.matrix-riot.entrypoints=internalsecure,externalsecure"
- "traefik.http.services.matrix-riot.loadbalancer.server.port=80"
prom_monitoring:
container_name: prom_monitoring
image: prom/prometheus:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.prom.rule=Host(`prometheus.bhasher.com`)"
- "traefik.http.routers.prom.entrypoints=internalsecure"
- "traefik.http.services.prom.loadbalancer.server.port=9090"
- "traefik.http.routers.prom.tls=true"
- "traefik.http.routers.prom.tls.certresolver=http"
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- ./config/monitoring/prometheus.yaml:/etc/prometheus/prometheus.yml:ro
- $DATA/monitoring/prometheus:/prometheus
grafana:
container_name: grafana
image: grafana/grafana
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.rule=Host(`grafana.bhasher.com`)"
- "traefik.http.routers.grafana.entrypoints=internalsecure"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.routers.grafana.tls.certresolver=http"
environment:
- GF_SERVER_ROOT_URL=https://grafana.bhasher.com
- GF_SMTP_ENABLED=true
- GF_SMTP_HOST=bdubois.io:465
- GF_SMTP_USER=${SMTP_USER}
- GF_SMTP_PASSWORD=${SMTP_PASSWORD}
- GF_SMTP_FROM_ADDRESS=grafana@bhasher.com
- GF_AUTH_LOGIN_DISABLE_LOGIN_FORM=true
- GF_AUTH_DISABLE_SIGNOUT_MENU=true
- GF_AUTH_OAUTH_AUTO_LOGIN=true
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
- GF_AUTH_GENERIC_OAUTH_ICON=signin
- GF_AUTH_GENERIC_OAUTH_NAME=Authelia
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_OAUTH}
- GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email groups
- GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES=false
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://idp.bhasher.com/api/oidc/authorization
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://idp.bhasher.com/api/oidc/token
- GF_AUTH_GENERIC_OAUTH_API_URL=https://idp.bhasher.com/api/oidc/userinfo
- GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
- GF_AUTH_GENERIC_OAUTH_GROUPS_ATTRIBUTE_PATH=groups
- GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
- GF_AUTH_GENERIC_OAUTH_USE_PKCE=false
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(roles[*], 'admin') && 'Admin' || 'Viewer'
- GF_AUTH_GENERIC_OAUTH_GROUPS_PATH=groups
- GF_AUTH_GENERIC_OAUTH_ALLOWED_GROUPS=admin
volumes:
- $DATA/monitoring/grafana:/var/lib/grafana
cadvisor:
container_name: cadvisor
image: gcr.io/cadvisor/cadvisor:v0.47.1
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
restart: always
node-exporter:
container_name: node-exporter
image: quay.io/prometheus/node-exporter:latest
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
- /:/host:ro,rslave
command:
- '--path.rootfs=/host'
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- --collector.filesystem.ignored-mount-points
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
restart: always
jellyfin:
container_name: jellyfin
image: linuxserver/jellyfin:latest
volumes:
- $DATA/mediaserver/jellyfin:/config
- /mnt/movies/series:/data/tvshows
- /mnt/movies/movies:/data/movies
- /mnt/movies/musics:/data/musics
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin.rule=Host(`jellyfin.bhasher.com`)"
- "traefik.http.routers.jellyfin.entrypoints=internalsecure,externalsecure"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
- "traefik.http.routers.jellyfin.tls=true"
- "traefik.http.routers.jellyfin.tls.certresolver=http"
radarr:
container_name: radarr
image: lscr.io/linuxserver/radarr:latest
environment:
- TZ=Europe/Paris
- PUID=1000
- PGID=1000
volumes:
- $DATA/mediaserver/radarr:/config
- /mnt/movies/movies:/movies
- /mnt/movies/tmp:/downloads
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.radarr.rule=Host(`radarr.bhasher.com`)"
- "traefik.http.services.radarr.loadbalancer.server.port=7878"
- "traefik.http.routers.radarr.tls=true"
- "traefik.http.routers.radarr.tls.certresolver=http"
- "traefik.http.routers.radarr.entrypoints=internalsecure"
- "traefik.http.routers.radarr.middlewares=authelia@docker"
sonarr:
container_name: sonarr
image: lscr.io/linuxserver/sonarr:latest
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
volumes:
- $DATA/mediaserver/sonarr:/config
- /mnt/movies/series:/tv
- /mnt/movies/tmp:/downloads
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.sonarr.rule=Host(`sonarr.bhasher.com`)"
- "traefik.http.services.sonarr.loadbalancer.server.port=8989"
- "traefik.http.routers.sonarr.tls=true"
- "traefik.http.routers.sonarr.tls.certresolver=http"
- "traefik.http.routers.sonarr.entrypoints=internalsecure"
- "traefik.http.routers.sonarr.middlewares=authelia@docker"
lidarr:
container_name: lidarr
image: lscr.io/linuxserver/lidarr:latest
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
volumes:
- $DATA/mediaserver/lidarr:/config
- /mnt/movies/musics:/music
- /mnt/movies/tmp:/downloads
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.lidarr.rule=Host(`lidarr.bhasher.com`)"
- "traefik.http.services.lidarr.loadbalancer.server.port=8686"
- "traefik.http.routers.lidarr.tls=true"
- "traefik.http.routers.lidarr.tls.certresolver=http"
- "traefik.http.routers.lidarr.entrypoints=internalsecure"
- "traefik.http.routers.lidarr.middlewares=authelia@docker"
transmission:
container_name: transmission
image: lscr.io/linuxserver/transmission:latest
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
volumes:
- $DATA/mediaserver/transmission:/config
- /mnt/movies/tmp:/downloads
- /mnt/movies/torrents:/watch
ports:
- 51413:51413/tcp
- 51413:51413/udp
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.transmission.rule=Host(`transmission.bhasher.com`)"
- "traefik.http.services.transmission.loadbalancer.server.port=9091"
- "traefik.http.routers.transmission.tls=true"
- "traefik.http.routers.transmission.tls.certresolver=http"
- "traefik.http.routers.transmission.entrypoints=internalsecure"
- "traefik.http.routers.transmission.middlewares=authelia@docker"
jackett:
container_name: jackett
image: lscr.io/linuxserver/jackett:latest
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
- AUTO_UPDATE=true
volumes:
- $DATA/mediaserver/jackett:/config
- /mnt/movies/torrents:/downloads
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.jackett.rule=Host(`jackett.bhasher.com`)"
- "traefik.http.services.jackett.loadbalancer.server.port=9117"
- "traefik.http.routers.jackett.tls=true"
- "traefik.http.routers.jackett.tls.certresolver=http"
- "traefik.http.routers.jackett.entrypoints=internalsecure"
- "traefik.http.routers.jackett.middlewares=authelia@docker"
flaresolverr:
container_name: flaresolverr
image: ghcr.io/flaresolverr/flaresolverr:latest
environment:
- LOG_LEVEL=info
- LOG_HTML=false
- CAPTCHA_SOLVER=none
- TZ=Europe/Paris
restart: unless-stopped
bazarr:
container_name: bazarr
image: lscr.io/linuxserver/bazarr
environment:
- TZ=Europe/Paris
- PUID=1000
- PGID=1000
volumes:
- $DATA/mediaserver/bazarr:/config
- /mnt/movies/movies:/movies
- /mnt/movies/series:/tv
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.bazarr.rule=Host(`bazarr.bhasher.com`)"
- "traefik.http.services.bazarr.loadbalancer.server.port=6767"
- "traefik.http.routers.bazarr.tls=true"
- "traefik.http.routers.bazarr.tls.certresolver=http"
- "traefik.http.routers.bazarr.entrypoints=internalsecure"
- "traefik.http.routers.bazarr.middlewares=authelia@docker"
baikal:
container_name: baikal
image: ckulka/baikal:nginx
restart: on-failure
environment:
- TZ=Europe/Paris
volumes:
- $DATA/baikal/config:/var/www/baikal/config
- $DATA/baikal/data:/var/www/baikal/Specific
labels:
- "traefik.enable=true"
- "traefik.http.routers.baikal.rule=Host(`baikal.bxl.bhasher.com`)"
- "traefik.http.services.baikal.loadbalancer.server.port=80"
- "traefik.http.routers.baikal.tls=true"
- "traefik.http.routers.baikal.tls.certresolver=http"
- "traefik.http.routers.baikal.entrypoints=internalsecure,externalsecure"
borg:
container_name: borg
image: pschiffe/borg
volumes:
- /mnt/borg:/borg/repo
- $DATA/borg/config:/root
- $DATA:/borg/data/docker-data:ro
- /etc/localtime:/etc/localtime:ro
environment:
- BORG_REPO=/borg/repo
- BORG_PASSPHRASE=${BORG_PASSPHRASE}
- BACKUP_DIRS=/borg/data
- COMPRESSION=lz4
- PRUNE=1
restart: 'no'
cron:
container_name: cron-scheduling
image: alpine:latest
volumes:
- ./config/cron:/etc/cron.d:ro
- /etc/localtime:/etc/localtime:ro
command: crond -f
restart: unless-stopped
pihole:
container_name: pihole
image: cbcrowe/pihole-unbound:latest
ports:
- 53:53/tcp
- 53:53/udp
environment:
- TZ=Europe/Paris
- WEBPASSWORD=
- WEBTHEME=default-dark
- REV_SERVER=false
- PIHOLE_DNS_=127.0.0.1#5335
- DNSSEC=true
- DNSMASQ_LISTENING=all
- FTLCONF_LOCAL_IPV4=192.168.1.220
- FTLCONF_RATE_LIMIT=0/0
- FTL_CMD=debug
- DNSMASQ_USER=root
volumes:
- $DATA/pihole/config:/etc/pihole
- $DATA/pihole/dnsmasq.d:/etc/dnsmasq.d
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.pihole.rule=Host(`pihole.bhasher.com`)"
- "traefik.http.routers.pihole.entrypoints=internalsecure"
- "traefik.http.services.pihole.loadbalancer.server.port=80"
- "traefik.http.routers.pihole.tls=true"
- "traefik.http.routers.pihole.tls.certresolver=http"
- "traefik.http.routers.pihole.middlewares=pihole-strip,authelia@docker"
#- "traefik.http.middlewares.pihole-strip.stripprefix.prefixes=/admin"
- "traefik.http.middlewares.pihole-strip.addprefix.prefix=/admin"
postgres:
container_name: postgres
image: postgres:latest
restart: unless-stopped
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
volumes:
- $DATA/postgres:/var/lib/postgresql/data
redis:
container_name: redis
image: redis:latest
restart: unless-stopped
openldap:
container_name: openldap
image: osixia/openldap:latest
restart: unless-stopped
environment:
- LDAP_ADMIN_USERNAME=admin
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_READONLY_USER=true
- LDAP_READONLY_USER_USERNAME=readonly
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_PASSWORD}
- LDAP_DOMAIN=bhasher.com
- LDAP_ORGANISATION=Bhasher
- LDAP_RFC2307BIS_SCHEMA=true
- LDAP_TLS=false
volumes:
- $DATA/openldap/ldap:/var/lib/ldap
- $DATA/openldap/slapd.d:/etc/ldap/slapd.d
ldapusermanager:
container_name: ldapusermanager
image: wheelybird/ldap-user-manager:latest
restart: unless-stopped
environment:
- LDAP_URI=ldap://openldap
- LDAP_BASE_DN=dc=bhasher,dc=com
- LDAP_ADMIN_BIND_DN=cn=admin,dc=bhasher,dc=com
- LDAP_ADMINS_GROUP=admin
- SERVER_HOSTNAME=lum.bhasher.com
- NO_HTTPS=true
- ORGANISATION_NAME=Bhasher
- LDAP_REQUIRE_STARTTLS=false
- FORCE_RFC2307BIS=true
- SHOW_POSIX_ATTRIBUTES=false
- LDAP_ADMIN_BIND_PWD=${LDAP_ADMIN_PASSWORD}
- LDAP_USER_OU=users
- LDAP_GROUP_OU=groups
- LDAP_ACCOUNT_ATTRIBUTE=uid
- LDAP_GROUP_ATTRIBUTE=cn
- USERNAME_FORMAT={first_name}.{last_name}
- ENFORCE_SAFE_SYSTEM_NAMES=false
- PASSWORD_HASH=SHA512CRYPT
- ACCEPT_WEAK_PASSWORDS=false
- LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=jpegPhoto^:Profile picture,sshpubkey^+:SSH public key
- REMOTE_HTTP_HEADERS_LOGIN=true
labels:
- "traefik.enable=true"
- "traefik.http.routers.lum.rule=Host(`lum.bhasher.com`)"
- "traefik.http.routers.lum.entrypoints=internalsecure"
- "traefik.http.services.lum.loadbalancer.server.port=80"
- "traefik.http.routers.lum.tls=true"
- "traefik.http.routers.lum.tls.certresolver=http"
- "traefik.http.routers.lum.middlewares=authelia@docker"
authelia:
container_name: authelia
image: authelia/authelia:latest
restart: unless-stopped
environment:
- TZ=Europe/Paris
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD=${LDAP_READONLY_PASSWORD}
- AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET}
- AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET}
- AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_ENCRYPTION_KEY}
- AUTHELIA_STORAGE_POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- AUTHELIA_NOTIFIER_SMTP_PASSWORD=${SMTP_PASSWORD}
- AUTHELIA_NOTIFIER_SMTP_USERNAME=${SMTP_USER}
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE=/secrets/oidc_certificate.pem
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET=${AUTHELIA_OIDC_HMAC}
labels:
- "traefik.enable=true"
- "traefik.http.routers.authelia.rule=Host(`idp.bhasher.com`)"
- "traefik.http.routers.authelia.entrypoints=internalsecure,externalsecure"
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
- "traefik.http.routers.authelia.tls=true"
- "traefik.http.routers.authelia.tls.certresolver=http"
- 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fidp.bhasher.com%2F'
- 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
volumes:
- ./config/idp/authelia.configuration.yaml:/config/configuration.yml:ro
- $DATA/authelia:/secrets:ro
syncthing:
container_name: syncthing
image: syncthing/syncthing:latest
hostname: snode0
environment:
- PUID=33
- PGID=33
volumes:
- $DATA/syncthing:/var/syncthing:rw
- /mnt/syncDocuments:/mnt/SyncDocuments:rw
- /mnt/brieuc-pictures:/mnt/pictures:rw
labels:
- "traefik.enable=true"
- "traefik.http.routers.syncthing.rule=Host(`syncthing.bhasher.com`)"
- "traefik.http.routers.syncthing.entrypoints=internalsecure"
- "traefik.http.services.syncthing.loadbalancer.server.port=8384"
- "traefik.http.routers.syncthing.tls=true"
- "traefik.http.routers.syncthing.tls.certresolver=http"
- "traefik.http.routers.syncthing.middlewares=authelia@docker"
ports:
- 22000:22000/tcp # TCP file transfers
- 22000:22000/udp # QUIC file transfers
- 21027:21027/udp # Receive local discovery broadcasts
restart: unless-stopped

99
bxl-rpi/system/docker-compose.auth.yaml Normal file
View File

@ -0,0 +1,99 @@
services:
openldap:
container_name: openldap
image: osixia/openldap:latest
restart: unless-stopped
environment:
- LDAP_ADMIN_USERNAME=admin
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_READONLY_USER=true
- LDAP_READONLY_USER_USERNAME=readonly
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_PASSWORD}
- LDAP_DOMAIN=bhasher.com
- LDAP_ORGANISATION=Bhasher
- LDAP_RFC2307BIS_SCHEMA=true
- LDAP_TLS=false
volumes:
- $DATA/openldap/ldap:/var/lib/ldap
- $DATA/openldap/slapd.d:/etc/ldap/slapd.d
networks:
- auth
ldapusermanager:
container_name: ldapusermanager
image: wheelybird/ldap-user-manager:latest
restart: unless-stopped
environment:
- LDAP_URI=ldap://openldap
- LDAP_BASE_DN=dc=bhasher,dc=com
- LDAP_ADMIN_BIND_DN=cn=admin,dc=bhasher,dc=com
- LDAP_ADMINS_GROUP=admin
- SERVER_HOSTNAME=lum.bhasher.com
- NO_HTTPS=true
- ORGANISATION_NAME=Bhasher
- LDAP_REQUIRE_STARTTLS=false
- FORCE_RFC2307BIS=true
- SHOW_POSIX_ATTRIBUTES=false
- LDAP_ADMIN_BIND_PWD=${LDAP_ADMIN_PASSWORD}
- LDAP_USER_OU=users
- LDAP_GROUP_OU=groups
- LDAP_ACCOUNT_ATTRIBUTE=uid
- LDAP_GROUP_ATTRIBUTE=cn
- USERNAME_FORMAT={first_name}.{last_name}
- ENFORCE_SAFE_SYSTEM_NAMES=false
- PASSWORD_HASH=SHA512CRYPT
- ACCEPT_WEAK_PASSWORDS=false
- LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=jpegPhoto^:Profile picture,sshpubkey^+:SSH public key
- REMOTE_HTTP_HEADERS_LOGIN=true
labels:
- "traefik.enable=true"
- "traefik.http.routers.lum.rule=Host(`lum.bhasher.com`)"
- "traefik.http.routers.lum.entrypoints=internalsecure"
- "traefik.http.services.lum.loadbalancer.server.port=80"
- "traefik.http.routers.lum.tls=true"
- "traefik.http.routers.lum.tls.certresolver=http"
- "traefik.http.routers.lum.middlewares=authelia@docker"
networks:
- auth
- external
authelia:
container_name: authelia
image: authelia/authelia:latest
restart: unless-stopped
environment:
- TZ=Europe/Paris
- AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD=${LDAP_READONLY_PASSWORD}
- AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET}
- AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET}
- AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_ENCRYPTION_KEY}
- AUTHELIA_STORAGE_POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- AUTHELIA_NOTIFIER_SMTP_PASSWORD=${SMTP_PASSWORD}
- AUTHELIA_NOTIFIER_SMTP_USERNAME=${SMTP_USER}
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE=/secrets/oidc_certificate.pem
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET=${AUTHELIA_OIDC_HMAC}
labels:
- "traefik.enable=true"
- "traefik.http.routers.authelia.rule=Host(`idp.bhasher.com`)"
- "traefik.http.routers.authelia.entrypoints=internalsecure,externalsecure"
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
- "traefik.http.routers.authelia.tls=true"
- "traefik.http.routers.authelia.tls.certresolver=http"
- 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https%3A%2F%2Fidp.bhasher.com%2F'
- 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
volumes:
- $CONFIG/idp/authelia.configuration.yaml:/config/configuration.yml:ro
- $DATA/authelia:/secrets:ro
networks:
- auth
- storage
- external
networks:
auth:
name: auth
external:
external: true
storage:
external: true

25
bxl-rpi/system/docker-compose.backup.yaml Normal file
View File

@ -0,0 +1,25 @@
services:
borg:
container_name: borg
image: pschiffe/borg
volumes:
- /mnt/borg:/borg/repo
- $DATA/borg/config:/root
- $DATA:/borg/data/docker-data:ro
- /etc/localtime:/etc/localtime:ro
environment:
- BORG_REPO=/borg/repo
- BORG_PASSPHRASE=${BORG_PASSPHRASE}
- BACKUP_DIRS=/borg/data
- COMPRESSION=lz4
- PRUNE=1
restart: "no"
cron:
container_name: cron-scheduling
image: alpine:latest
volumes:
- ./config/cron:/etc/cron.d:ro
- /etc/localtime:/etc/localtime:ro
command: crond -f
restart: unless-stopped

101
bxl-rpi/system/docker-compose.monitoring.yaml Normal file
View File

@ -0,0 +1,101 @@
services:
prom_monitoring:
container_name: prom_monitoring
image: prom/prometheus:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.prom.rule=Host(`prometheus.bhasher.com`)"
- "traefik.http.routers.prom.entrypoints=internalsecure"
- "traefik.http.services.prom.loadbalancer.server.port=9090"
- "traefik.http.routers.prom.tls=true"
- "traefik.http.routers.prom.tls.certresolver=http"
- "traefik.http.routers.prom.middlewares=authelia@docker"
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- $CONFIG/monitoring/prometheus.yaml:/etc/prometheus/prometheus.yml:ro
- $DATA/monitoring/prometheus:/prometheus
networks:
- monitoring
- external
grafana:
container_name: grafana
image: grafana/grafana
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.rule=Host(`grafana.bhasher.com`)"
- "traefik.http.routers.grafana.entrypoints=internalsecure"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.routers.grafana.tls.certresolver=http"
environment:
- GF_SERVER_ROOT_URL=https://grafana.bhasher.com
- GF_SMTP_ENABLED=true
- GF_SMTP_HOST=bdubois.io:465
- GF_SMTP_USER=${SMTP_USER}
- GF_SMTP_PASSWORD=${SMTP_PASSWORD}
- GF_SMTP_FROM_ADDRESS=grafana@bhasher.com
- GF_AUTH_LOGIN_DISABLE_LOGIN_FORM=true
- GF_AUTH_DISABLE_SIGNOUT_MENU=true
- GF_AUTH_OAUTH_AUTO_LOGIN=true
- GF_AUTH_GENERIC_OAUTH_ENABLED=true
- GF_AUTH_GENERIC_OAUTH_ICON=signin
- GF_AUTH_GENERIC_OAUTH_NAME=Authelia
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_OAUTH}
- GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email groups
- GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES=false
- GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://idp.bhasher.com/api/oidc/authorization
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://idp.bhasher.com/api/oidc/token
- GF_AUTH_GENERIC_OAUTH_API_URL=https://idp.bhasher.com/api/oidc/userinfo
- GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
- GF_AUTH_GENERIC_OAUTH_GROUPS_ATTRIBUTE_PATH=groups
- GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
- GF_AUTH_GENERIC_OAUTH_USE_PKCE=false
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(roles[*], 'admin') && 'Admin' || 'Viewer'
- GF_AUTH_GENERIC_OAUTH_GROUPS_PATH=groups
- GF_AUTH_GENERIC_OAUTH_ALLOWED_GROUPS=admin
volumes:
- $DATA/monitoring/grafana:/var/lib/grafana
networks:
- external
- monitoring
cadvisor:
container_name: cadvisor
image: gcr.io/cadvisor/cadvisor:v0.47.1
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
restart: always
networks:
- monitoring
node-exporter:
container_name: node-exporter
image: quay.io/prometheus/node-exporter:latest
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
- /:/host:ro,rslave
command:
- '--path.rootfs=/host'
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- --collector.filesystem.ignored-mount-points
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
restart: always
networks:
- monitoring
networks:
monitoring:
external:
external: true

23
bxl-rpi/system/docker-compose.portainer.yaml Normal file
View File

@ -0,0 +1,23 @@
services:
portainer:
container_name: portainer
image: portainer/portainer-ce:latest
ports:
- "9443:9443"
volumes:
- $DATA/portainer:/data:rw
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.bxl.bhasher.com`)"
- "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.tls=true"
- "traefik.http.routers.portainer.tls.certresolver=http"
restart: unless-stopped
networks:
- external
networks:
external:
external: true

23
bxl-rpi/system/docker-compose.storage.yaml Normal file
View File

@ -0,0 +1,23 @@
services:
postgres:
container_name: postgres
image: postgres:latest
restart: unless-stopped
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
volumes:
- $DATA/postgres:/var/lib/postgresql/data
networks:
- storage
redis:
container_name: redis
image: redis:latest
restart: unless-stopped
networks:
- storage
networks:
storage:
name: storage

48
bxl-rpi/system/docker-compose.traefik.yaml Normal file
View File

@ -0,0 +1,48 @@
services:
traefik:
container_name: traefik
image: traefik:v2.9
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=external"
- "--entrypoints.internal.address=:80"
- "--entrypoints.internalsecure.address=:443"
- "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure"
- "--entrypoints.internal.http.redirections.entryPoint.scheme=https"
- "--entrypoints.internal.http.redirections.entryPoint.permanent=true"
- "--certificatesresolvers.http.acme.httpchallenge=true"
- "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external"
- "--certificatesresolvers.http.acme.email=acme@bhasher.com"
- "--certificatesresolvers.http.acme.storage=acme.json"
- "--entrypoints.external.address=:81"
- "--entrypoints.externalsecure.address=:444"
- "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"
- "--entrypoints.external.http.redirections.entryPoint.scheme=https"
- "--entrypoints.external.http.redirections.entryPoint.permanent=true"
#- "--log.level=DEBUG"
- "--metrics.prometheus=true"
environment:
- TZ=Europe/Paris
ports:
- "80:80"
- "443:443"
- "81:81"
- "444:444"
#- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- type: bind
source: $DATA/traefik/acme.json
target: /acme.json
- type: bind
source: $DATA/traefik/rules.toml
target: /rules.toml
restart: always
networks:
- external
networks:
external:
name: external