From 85f93019d6b106c174c99113c8617a3db5a4c85f Mon Sep 17 00:00:00 2001 From: BhasherBEL Date: Fri, 27 Jan 2023 18:20:12 +0100 Subject: [PATCH] Bxl-swarm --- {bxl => bxl-nas}/auth.docker-compose.yaml | 0 .../mediaserver.docker-compose.yaml | 0 {bxl => bxl-nas}/other.docker-compose.yaml | 0 {bxl => bxl-nas}/storage.docker-compose.yaml | 0 {bxl => bxl-nas}/system.docker-compose.yaml | 0 {bxl => bxl-nas}/system.sh | 0 bxl-swarm/pihole.stack.yaml | 39 ++++++++ bxl-swarm/system.stack.yaml | 93 +++++++++++++++++++ bxl-swarm/wireguard.stack.yaml | 31 +++++++ 9 files changed, 163 insertions(+) rename {bxl => bxl-nas}/auth.docker-compose.yaml (100%) rename {bxl => bxl-nas}/mediaserver.docker-compose.yaml (100%) rename {bxl => bxl-nas}/other.docker-compose.yaml (100%) rename {bxl => bxl-nas}/storage.docker-compose.yaml (100%) rename {bxl => bxl-nas}/system.docker-compose.yaml (100%) rename {bxl => bxl-nas}/system.sh (100%) create mode 100644 bxl-swarm/pihole.stack.yaml create mode 100644 bxl-swarm/system.stack.yaml create mode 100644 bxl-swarm/wireguard.stack.yaml diff --git a/bxl/auth.docker-compose.yaml b/bxl-nas/auth.docker-compose.yaml similarity index 100% rename from bxl/auth.docker-compose.yaml rename to bxl-nas/auth.docker-compose.yaml diff --git a/bxl/mediaserver.docker-compose.yaml b/bxl-nas/mediaserver.docker-compose.yaml similarity index 100% rename from bxl/mediaserver.docker-compose.yaml rename to bxl-nas/mediaserver.docker-compose.yaml diff --git a/bxl/other.docker-compose.yaml b/bxl-nas/other.docker-compose.yaml similarity index 100% rename from bxl/other.docker-compose.yaml rename to bxl-nas/other.docker-compose.yaml diff --git a/bxl/storage.docker-compose.yaml b/bxl-nas/storage.docker-compose.yaml similarity index 100% rename from bxl/storage.docker-compose.yaml rename to bxl-nas/storage.docker-compose.yaml diff --git a/bxl/system.docker-compose.yaml b/bxl-nas/system.docker-compose.yaml similarity index 100% rename from bxl/system.docker-compose.yaml rename to bxl-nas/system.docker-compose.yaml diff --git a/bxl/system.sh b/bxl-nas/system.sh similarity index 100% rename from bxl/system.sh rename to bxl-nas/system.sh diff --git a/bxl-swarm/pihole.stack.yaml b/bxl-swarm/pihole.stack.yaml new file mode 100644 index 0000000..2cd3735 --- /dev/null +++ b/bxl-swarm/pihole.stack.yaml @@ -0,0 +1,39 @@ +version: '3.7' +services: + pihole: + image: cbcrowe/pihole-unbound:latest + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + max_attempts: 3 + ports: + - mode: host + protocol: tcp + published: 53 + target: 53 + - mode: host + protocol: udp + published: 53 + target: 53 + - mode: host + protocol: tcp + published: 80 + target: 80 + environment: + TZ: 'Europe/Paris' + WEBPASSWORD: 'z9w1r0FvKKvuLdXIygDlhidUhinERhOKZTBJtOXCMaFLi1dZvh0f2vsy9miDqsFu' + WEBTHEME: 'default-dark' + REV_SERVER: 'false' + PIHOLE_DNS_: '127.0.0.1#5335' + DNSSEC: 'true' + DNSMASQ_LISTENING: 'all' + FTLCONF_REPLY_ADDR4: '192.168.1.220' + FTLCONF_RATE_LIMIT: '0/0' + FTL_CMD: 'debug' + volumes: + - '/mnt/nfs/pihole/config:/etc/pihole' + - '/mnt/nfs/pihole/dnsmasq.d:/etc/dnsmasq.d' + # - '/tmp/config:/etc/pihole' + # - '/tmp/dnsmasq.d:/etc/dnsmasq.d' diff --git a/bxl-swarm/system.stack.yaml b/bxl-swarm/system.stack.yaml new file mode 100644 index 0000000..40eb044 --- /dev/null +++ b/bxl-swarm/system.stack.yaml @@ -0,0 +1,93 @@ +version: '3.2' + +services: + traefik: + image: traefik:v2.9 + command: + #- "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.network=external" + - "--providers.docker.swarmmode=true" + - "--entrypoints.internal.address=:80" + - "--entrypoints.internalsecure.address=:443" + - "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure" + - "--entrypoints.internal.http.redirections.entryPoint.scheme=https" + - "--entrypoints.internal.http.redirections.entryPoint.permanent=true" + - "--certificatesresolvers.http.acme.httpchallenge=true" + - "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external" + - "--certificatesresolvers.http.acme.email=acme@bhasher.com" + - "--certificatesresolvers.http.acme.storage=acme.json" + - "--entrypoints.external.address=:81" + - "--entrypoints.externalsecure.address=:444" + - "--entrypoints.external.http.redirections.entryPoint.to=externalsecure" + - "--entrypoints.external.http.redirections.entryPoint.scheme=https" + - "--entrypoints.external.http.redirections.entryPoint.permanent=true" + #- "--log.level=DEBUG" + environment: + - TZ=Europe/Paris + ports: + - "80:80" + - "443:443" + - "81:81" + - "444:444" + #- "8080:8080" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - type: bind + source: /mnt/nfs/traefik/acme.json + target: /acme.json + networks: + - external + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + max_attempts: 3 + + portainer: + image: portainer/portainer-ce:latest + command: -H tcp://tasks.agent:9001 --tlsskipverify + ports: + - "9443:9443" + volumes: + - /mnt/nfs/portainer_data:/data:rw + - /var/run/docker.sock:/var/run/docker.sock + networks: + - external + - agent_network + deploy: + labels: + - "traefik.enable=true" + - "traefik.http.routers.portainer.rule=Host(`portainer.bxl.bhasher.com`)" + - "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure" + - "traefik.http.services.portainer.loadbalancer.server.port=9000" + - "traefik.http.routers.portainer.tls=true" + - "traefik.http.routers.portainer.tls.certresolver=http" + mode: replicated + replicas: 1 + restart_policy: + condition: any + max_attempts: 3 + placement: + constraints: [node.role == manager] + + agent: + image: portainer/agent:latest + volumes: + - /var/run/docker.sock:/var/run/docker.sock + # - /var/lib/docker/volumes:/var/lib/docker/volumes + networks: + - agent_network + deploy: + mode: global + placement: + constraints: [node.platform.os == linux] + +networks: + external: + external: true + agent_network: + driver: overlay + attachable: true diff --git a/bxl-swarm/wireguard.stack.yaml b/bxl-swarm/wireguard.stack.yaml new file mode 100644 index 0000000..13687fd --- /dev/null +++ b/bxl-swarm/wireguard.stack.yaml @@ -0,0 +1,31 @@ +version: '3.7' +services: + wireguard: + image: lscr.io/linuxserver/wireguard:latest + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + max_attempts: 3 + volumes: + - /mnt/nfs/wireguard:/config + - /lib/modules:/lib/modules + ports: + - mode: host + protocol: udp + published: 51821 + target: 51820 + environment: + - TZ=Europe/Paris + - SERVERURL=vpn.bhasher.com + - SERVERPORT=51821 + - PEERS=5 + - PEERDNS=auto + - INTERNAL_SUBNET=10.13.14.0 + - ALLOWEDIPS=0.0.0.0/0 + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.conf.all.src_valid_mark=1