diff --git a/bxl-swarm/mediaserver.stack.yaml b/bxl-swarm/mediaserver.stack.yaml index bcb31a8..53daff7 100644 --- a/bxl-swarm/mediaserver.stack.yaml +++ b/bxl-swarm/mediaserver.stack.yaml @@ -19,7 +19,8 @@ services: condition: on-failure max_attempts: 3 placement: - constraints: [node.labels.HWA == true] + constraints: + - node.labels.HWA == true labels: - "traefik.enable=true" - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.bhasher.com`)" @@ -27,6 +28,9 @@ services: - "traefik.http.services.jellyfin.loadbalancer.server.port=8096" - "traefik.http.routers.jellyfin.tls=true" - "traefik.http.routers.jellyfin.tls.certresolver=http" + depends_on: + - system_traefik + - system_nfs radarr: image: lscr.io/linuxserver/radarr:latest @@ -42,6 +46,9 @@ services: restart_policy: condition: on-failure max_attempts: 3 + placement: + constraints: + - node.labels.POWER == true labels: - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`radarr.bhasher.com`)" @@ -52,6 +59,9 @@ services: networks: - internal - external + depends_on: + - system_traefik + - system_nfs sonarr: image: lscr.io/linuxserver/sonarr:latest @@ -69,6 +79,9 @@ services: restart_policy: condition: on-failure max_attempts: 3 + placement: + constraints: + - node.labels.POWER == true labels: - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`sonarr.bhasher.com`)" @@ -79,6 +92,9 @@ services: networks: - internal - external + depends_on: + - system_traefik + - system_nfs lidarr: image: lscr.io/linuxserver/lidarr:latest @@ -96,6 +112,9 @@ services: restart_policy: condition: on-failure max_attempts: 3 + placement: + constraints: + - node.labels.POWER == true labels: - "traefik.enable=true" - "traefik.http.routers.lidarr.rule=Host(`lidarr.bhasher.com`)" @@ -106,6 +125,9 @@ services: networks: - internal - external + depends_on: + - system_traefik + - system_nfs transmission: image: lscr.io/linuxserver/transmission:latest @@ -128,6 +150,9 @@ services: restart_policy: condition: on-failure max_attempts: 3 + placement: + constraints: + - node.labels.POWER == true labels: - "traefik.enable=true" - "traefik.http.routers.transmission.rule=Host(`transmission.bhasher.com`)" @@ -138,6 +163,8 @@ services: networks: - internal - external + depends_on: + - system_nfs jackett: image: lscr.io/linuxserver/jackett:latest @@ -155,6 +182,9 @@ services: restart_policy: condition: on-failure max_attempts: 3 + placement: + constraints: + - node.labels.POWER == true labels: - "traefik.enable=true" - "traefik.http.routers.jackett.rule=Host(`jackett.bhasher.com`)" @@ -165,6 +195,9 @@ services: networks: - internal - external + depends_on: + - system_traefik + - system_nfs flaresolverr: image: ghcr.io/flaresolverr/flaresolverr:latest @@ -175,6 +208,15 @@ services: - TZ=Europe/Paris networks: - internal + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: on-failure + max_attempts: 3 + placement: + constraints: + - node.labels.POWER == true bazarr: image: lscr.io/linuxserver/bazarr:latest @@ -190,6 +232,9 @@ services: restart_policy: condition: on-failure max_attempts: 3 + placement: + constraints: + - node.labels.POWER == true labels: - "traefik.enable=true" - "traefik.http.routers.bazarr.rule=Host(`bazarr.bhasher.com`)" @@ -200,6 +245,9 @@ services: networks: - external - internal + depends_on: + - system_traefik + - system_nfs diff --git a/bxl-swarm/pihole.stack.yaml b/bxl-swarm/pihole.stack.yaml index e9936ac..439846d 100644 --- a/bxl-swarm/pihole.stack.yaml +++ b/bxl-swarm/pihole.stack.yaml @@ -36,6 +36,12 @@ services: - "traefik.http.services.pihole.loadbalancer.server.port=80" - "traefik.http.routers.pihole.tls=true" - "traefik.http.routers.pihole.tls.certresolver=http" + placement: + constraints: + - node.labels.POWER == true + depends_on: + - system_traefik + - system_nfs networks: external: diff --git a/bxl-swarm/smarthome.stack.yaml b/bxl-swarm/smarthome.stack.yaml index 126e706..bbaa590 100644 --- a/bxl-swarm/smarthome.stack.yaml +++ b/bxl-swarm/smarthome.stack.yaml @@ -20,6 +20,12 @@ services: - "traefik.http.services.hass.loadbalancer.server.port=8123" - "traefik.http.routers.hass.tls=true" - "traefik.http.routers.hass.tls.certresolver=http" + placement: + constraints: + - node.labels.POWER == true + depends_on: + - system_traefik + - system_nfs mosquitto: image: eclipse-mosquitto:latest @@ -37,6 +43,11 @@ services: restart_policy: condition: any max_attempts: 3 + placement: + constraints: + - node.labels.POWER == true + depends_on: + - system_nfs networks: external: diff --git a/bxl-swarm/storage.stack.yaml b/bxl-swarm/storage.stack.yaml index 7b91bda..2905cf8 100644 --- a/bxl-swarm/storage.stack.yaml +++ b/bxl-swarm/storage.stack.yaml @@ -18,6 +18,11 @@ services: restart_policy: condition: any max_attempts: 3 + placement: + constraints: + - node.labels.POWER == true + depends_on: + - system_nfs redis: image: redis:latest @@ -29,6 +34,9 @@ services: restart_policy: condition: any max_attempts: 3 + placement: + constraints: + - node.labels.POWER == true networks: storage: diff --git a/bxl-swarm/system.stack.yaml b/bxl-swarm/system.stack.yaml index a2d0f95..d30a62f 100644 --- a/bxl-swarm/system.stack.yaml +++ b/bxl-swarm/system.stack.yaml @@ -48,6 +48,12 @@ services: restart_policy: condition: any max_attempts: 3 + placement: + constraints: + - node.labels.POWER == true + depends_on: + - system_nfs + - system_keepalived portainer: image: portainer/portainer-ce:latest @@ -68,13 +74,17 @@ services: - "traefik.http.services.portainer.loadbalancer.server.port=9000" - "traefik.http.routers.portainer.tls=true" - "traefik.http.routers.portainer.tls.certresolver=http" - mode: replicated - replicas: 1 restart_policy: condition: any + delay: 30s max_attempts: 3 placement: - constraints: [node.role == manager] + constraints: + - node.role == manager + - node.labels.POWER == true + depends_on: + - system_nfs + - system_keepalived agent: image: portainer/agent:latest @@ -87,6 +97,8 @@ services: mode: global placement: constraints: [node.platform.os == linux] + depends_on: + - system_portainer keepalived: image: linkvt/osixia_keepalived:stable @@ -105,7 +117,19 @@ services: deploy: mode: global placement: - constraints: [node.role == manager] + constraints: + - node.role == manager + + nfs: + image: traefik/whoami:latest + volumes: + - /mnt/nfs/check:/tmp/check + deploy: + mode: global + placement: + constraints: + - node.role == manager + networks: external: diff --git a/bxl-swarm/tools.stack.yaml b/bxl-swarm/tools.stack.yaml new file mode 100644 index 0000000..88c5c8a --- /dev/null +++ b/bxl-swarm/tools.stack.yaml @@ -0,0 +1,72 @@ +version: '3.7' +services: + kanboard: + image: kanboard/kanboard:latest + environment: + - DB_DRIVER=postgres + - DB_USERNAME=postgres + - DB_PASSWORD=DS7BVNZr0qZdGwc63wjHmZry5P0gUVhR + - DB_HOSTNAME=storage_postgres + - DB_NAME=kanboard + networks: + - external + - storage + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + max_attempts: 3 + labels: + - "traefik.enable=true" + - "traefik.http.routers.kanboard.rule=Host(`kanboard.bxl.bhasher.com`)" + - "traefik.http.routers.kanboard.entrypoints=internalsecure" + - "traefik.http.services.kanboard.loadbalancer.server.port=80" + - "traefik.http.routers.kanboard.tls=true" + - "traefik.http.routers.kanboard.tls.certresolver=http" + placement: + constraints: + - node.labels.POWER == true + depends_on: + - system_traefik + - storage_postgres + + dashy: + image: lissy93/dashy:latest + volumes: + - /mnt/nfs/dashy/config.yml:/app/public/conf.yml + environment: + - NODE_ENV=production + networks: + - external + healthcheck: + test: ['CMD', 'node', '/app/services/healthcheck'] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + max_attempts: 3 + labels: + - "traefik.enable=true" + - "traefik.http.routers.dashy.rule=Host(`dashboard.bhasher.com`)" + - "traefik.http.routers.dashy.entrypoints=internalsecure" + - "traefik.http.services.dashy.loadbalancer.server.port=80" + - "traefik.http.routers.dashy.tls=true" + - "traefik.http.routers.dashy.tls.certresolver=http" + placement: + constraints: + - node.labels.POWER == true + depends_on: + - system_traefik + - system_nfs + +networks: + external: + external: true + storage: + external: true diff --git a/bxl-swarm/wireguard.stack.yaml b/bxl-swarm/wireguard.stack.yaml index 13687fd..7a714b8 100644 --- a/bxl-swarm/wireguard.stack.yaml +++ b/bxl-swarm/wireguard.stack.yaml @@ -7,15 +7,15 @@ services: replicas: 1 restart_policy: condition: any - max_attempts: 3 + delay: 30s + placement: + constraints: + - node.labels.POWER == true volumes: - /mnt/nfs/wireguard:/config - /lib/modules:/lib/modules ports: - - mode: host - protocol: udp - published: 51821 - target: 51820 + - 51821:51820/udp environment: - TZ=Europe/Paris - SERVERURL=vpn.bhasher.com @@ -29,3 +29,6 @@ services: - SYS_MODULE sysctls: - net.ipv4.conf.all.src_valid_mark=1 + depends_on: + - system_keepalived + - system_nfs