Bxl-swarm Fix order & pihole

bxl-swarm/mediaserver.stack.yaml

@@ -19,7 +19,8 @@ services:
         condition: on-failure
         max_attempts: 3
       placement:
-        constraints: [node.labels.HWA == true]
+        constraints:
+        - node.labels.HWA == true
       labels:
       - "traefik.enable=true"
       - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.bhasher.com`)"
@@ -27,6 +28,9 @@ services:
       - "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
       - "traefik.http.routers.jellyfin.tls=true"
       - "traefik.http.routers.jellyfin.tls.certresolver=http"
+    depends_on:
+    - system_traefik
+    - system_nfs
 
   radarr:
     image: lscr.io/linuxserver/radarr:latest
@@ -42,6 +46,9 @@ services:
       restart_policy:
         condition: on-failure
         max_attempts: 3
+      placement:
+        constraints:
+        - node.labels.POWER == true
       labels:
       - "traefik.enable=true"
       - "traefik.http.routers.radarr.rule=Host(`radarr.bhasher.com`)"
@@ -52,6 +59,9 @@ services:
     networks:
     - internal
     - external
+    depends_on:
+    - system_traefik
+    - system_nfs
 
   sonarr:
     image: lscr.io/linuxserver/sonarr:latest
@@ -69,6 +79,9 @@ services:
       restart_policy:
         condition: on-failure
         max_attempts: 3
+      placement:
+        constraints:
+        - node.labels.POWER == true
       labels:
       - "traefik.enable=true"
       - "traefik.http.routers.sonarr.rule=Host(`sonarr.bhasher.com`)"
@@ -79,6 +92,9 @@ services:
     networks:
     - internal
     - external
+    depends_on:
+    - system_traefik
+    - system_nfs
 
   lidarr:
     image: lscr.io/linuxserver/lidarr:latest
@@ -96,6 +112,9 @@ services:
       restart_policy:
         condition: on-failure
         max_attempts: 3
+      placement:
+        constraints:
+        - node.labels.POWER == true
       labels:
       - "traefik.enable=true"
       - "traefik.http.routers.lidarr.rule=Host(`lidarr.bhasher.com`)"
@@ -106,6 +125,9 @@ services:
     networks:
     - internal
     - external
+    depends_on:
+    - system_traefik
+    - system_nfs
 
   transmission:
     image: lscr.io/linuxserver/transmission:latest
@@ -128,6 +150,9 @@ services:
       restart_policy:
         condition: on-failure
         max_attempts: 3
+      placement:
+        constraints:
+        - node.labels.POWER == true
       labels:
       - "traefik.enable=true"
       - "traefik.http.routers.transmission.rule=Host(`transmission.bhasher.com`)"
@@ -138,6 +163,8 @@ services:
     networks:
     - internal
     - external
+    depends_on:
+    - system_nfs
     
   jackett:
     image: lscr.io/linuxserver/jackett:latest
@@ -155,6 +182,9 @@ services:
       restart_policy:
         condition: on-failure
         max_attempts: 3
+      placement:
+        constraints:
+        - node.labels.POWER == true
       labels:
       - "traefik.enable=true"
       - "traefik.http.routers.jackett.rule=Host(`jackett.bhasher.com`)"
@@ -165,6 +195,9 @@ services:
     networks:
     - internal
     - external
+    depends_on:
+    - system_traefik
+    - system_nfs
 
   flaresolverr:
     image: ghcr.io/flaresolverr/flaresolverr:latest
@@ -175,6 +208,15 @@ services:
       - TZ=Europe/Paris
     networks:
     - internal
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+      placement:
+        constraints:
+        - node.labels.POWER == true
 
   bazarr:
     image: lscr.io/linuxserver/bazarr:latest
@@ -190,6 +232,9 @@ services:
       restart_policy:
         condition: on-failure
         max_attempts: 3
+      placement:
+        constraints:
+        - node.labels.POWER == true
       labels:
       - "traefik.enable=true"
       - "traefik.http.routers.bazarr.rule=Host(`bazarr.bhasher.com`)"
@@ -200,6 +245,9 @@ services:
     networks:
     - external
     - internal
+    depends_on:
+    - system_traefik
+    - system_nfs
  
 
 

bxl-swarm/pihole.stack.yaml

@@ -36,6 +36,12 @@ services:
       - "traefik.http.services.pihole.loadbalancer.server.port=80"
       - "traefik.http.routers.pihole.tls=true"
       - "traefik.http.routers.pihole.tls.certresolver=http"
+      placement:
+        constraints:
+        - node.labels.POWER == true
+    depends_on:
+    - system_traefik
+    - system_nfs
 
 networks:
   external:

bxl-swarm/smarthome.stack.yaml

@@ -20,6 +20,12 @@ services:
       - "traefik.http.services.hass.loadbalancer.server.port=8123"
       - "traefik.http.routers.hass.tls=true"
       - "traefik.http.routers.hass.tls.certresolver=http"
+      placement:
+        constraints:
+        - node.labels.POWER == true
+    depends_on:
+    - system_traefik
+    - system_nfs
 
   mosquitto:
     image: eclipse-mosquitto:latest
@@ -37,6 +43,11 @@ services:
       restart_policy:
         condition: any
         max_attempts: 3
+      placement:
+        constraints:
+        - node.labels.POWER == true
+    depends_on:
+    - system_nfs
 
 networks:
   external:

bxl-swarm/storage.stack.yaml

@@ -18,6 +18,11 @@ services:
       restart_policy:
         condition: any
         max_attempts: 3
+      placement:
+        constraints:
+        - node.labels.POWER == true
+    depends_on:
+    - system_nfs
 
   redis:
     image: redis:latest
@@ -29,6 +34,9 @@ services:
       restart_policy:
         condition: any
         max_attempts: 3
+      placement:
+        constraints:
+        - node.labels.POWER == true
 
 networks:
   storage:

bxl-swarm/system.stack.yaml

@@ -48,6 +48,12 @@ services:
       restart_policy:
         condition: any
         max_attempts: 3
+      placement:
+        constraints:
+        - node.labels.POWER == true
+    depends_on:
+    - system_nfs
+    - system_keepalived
 
   portainer:
     image: portainer/portainer-ce:latest
@@ -68,13 +74,17 @@ services:
       - "traefik.http.services.portainer.loadbalancer.server.port=9000"
       - "traefik.http.routers.portainer.tls=true"
       - "traefik.http.routers.portainer.tls.certresolver=http"
-      mode: replicated
-      replicas: 1
       restart_policy:
         condition: any
+        delay: 30s
         max_attempts: 3
       placement:
-        constraints: [node.role == manager]
+        constraints:
+        - node.role == manager
+        - node.labels.POWER == true
+    depends_on:
+    - system_nfs
+    - system_keepalived
 
   agent:
     image: portainer/agent:latest
@@ -87,6 +97,8 @@ services:
       mode: global
       placement:
         constraints: [node.platform.os == linux]
+    depends_on:
+    - system_portainer
 
   keepalived:
     image: linkvt/osixia_keepalived:stable
@@ -105,7 +117,19 @@ services:
     deploy:
       mode: global
       placement:
-        constraints: [node.role == manager]
+        constraints:
+        - node.role == manager
+
+  nfs:
+    image: traefik/whoami:latest
+    volumes:
+    - /mnt/nfs/check:/tmp/check
+    deploy:
+      mode: global
+      placement:
+        constraints:
+        - node.role == manager
+  
 
 networks:
   external:

bxl-swarm/tools.stack.yaml

@@ -0,0 +1,72 @@
+version: '3.7'
+services:
+  kanboard:
+    image: kanboard/kanboard:latest
+    environment:
+    - DB_DRIVER=postgres
+    - DB_USERNAME=postgres
+    - DB_PASSWORD=DS7BVNZr0qZdGwc63wjHmZry5P0gUVhR
+    - DB_HOSTNAME=storage_postgres
+    - DB_NAME=kanboard
+    networks:
+    - external
+    - storage
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+        max_attempts: 3
+      labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.kanboard.rule=Host(`kanboard.bxl.bhasher.com`)"
+      - "traefik.http.routers.kanboard.entrypoints=internalsecure"
+      - "traefik.http.services.kanboard.loadbalancer.server.port=80"
+      - "traefik.http.routers.kanboard.tls=true"
+      - "traefik.http.routers.kanboard.tls.certresolver=http"
+      placement:
+        constraints:
+        - node.labels.POWER == true
+    depends_on:
+    - system_traefik
+    - storage_postgres
+
+  dashy:
+    image: lissy93/dashy:latest
+    volumes:
+    - /mnt/nfs/dashy/config.yml:/app/public/conf.yml
+    environment:
+    - NODE_ENV=production
+    networks:
+    - external
+    healthcheck:
+      test: ['CMD', 'node', '/app/services/healthcheck']
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+        max_attempts: 3
+      labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashy.rule=Host(`dashboard.bhasher.com`)"
+      - "traefik.http.routers.dashy.entrypoints=internalsecure"
+      - "traefik.http.services.dashy.loadbalancer.server.port=80"
+      - "traefik.http.routers.dashy.tls=true"
+      - "traefik.http.routers.dashy.tls.certresolver=http"
+      placement:
+        constraints:
+        - node.labels.POWER == true
+    depends_on:
+    - system_traefik
+    - system_nfs
+
+networks:
+  external:
+    external: true
+  storage:
+    external: true

bxl-swarm/wireguard.stack.yaml

@@ -7,15 +7,15 @@ services:
       replicas: 1
       restart_policy:
         condition: any
-        max_attempts: 3
+        delay: 30s
+      placement:
+        constraints:
+        - node.labels.POWER == true
     volumes:
     - /mnt/nfs/wireguard:/config
     - /lib/modules:/lib/modules
     ports:
-    - mode: host
+    - 51821:51820/udp
-      protocol: udp
-      published: 51821
-      target: 51820
     environment:
     - TZ=Europe/Paris
     - SERVERURL=vpn.bhasher.com
@@ -29,3 +29,6 @@ services:
     - SYS_MODULE
     sysctls:
     - net.ipv4.conf.all.src_valid_mark=1
+    depends_on:
+    - system_keepalived
+    - system_nfs