homelab/bxl-rpi/docker-compose.yaml

version: '3.7'

services:
  traefik:
    container_name: traefik
    image: traefik:v2.9
    command:
    #- "--api.insecure=true"
    - "--providers.docker=true"
    - "--providers.docker.exposedbydefault=false"
    - "--providers.docker.network=external"
    - "--entrypoints.internal.address=:80"
    - "--entrypoints.internalsecure.address=:443"
    - "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure"
    - "--entrypoints.internal.http.redirections.entryPoint.scheme=https"
    - "--entrypoints.internal.http.redirections.entryPoint.permanent=true"
    - "--certificatesresolvers.http.acme.httpchallenge=true"
    - "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external"
    - "--certificatesresolvers.http.acme.email=acme@bhasher.com"
    - "--certificatesresolvers.http.acme.storage=acme.json"
    - "--entrypoints.external.address=:81"
    - "--entrypoints.externalsecure.address=:444"
    - "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"
    - "--entrypoints.external.http.redirections.entryPoint.scheme=https"
    - "--entrypoints.external.http.redirections.entryPoint.permanent=true"
    - "--log.level=DEBUG"
    environment:
    - TZ=Europe/Paris
    ports:
    - "80:80"
    - "443:443"
    - "81:81"
    - "444:444"
    #- "8080:8080"
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - type: bind
      source: /home/pi/data/traefik/acme.json
      target: /acme.json
    - type: bind
      source: /home/pi/data/traefik/rules.toml
      target: /rules.toml
    restart: always

  portainer:
    container_name: portainer
    image: portainer/portainer-ce:latest
    #command: -H tcp://tasks.agent:9001 --tlsskipverify
    ports:
    - "9443:9443"
    volumes:
    - /home/pi/data/portainer:/data:rw
    - /var/run/docker.sock:/var/run/docker.sock
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.portainer.rule=Host(`portainer.bxl.bhasher.com`)"
    - "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure"
    - "traefik.http.services.portainer.loadbalancer.server.port=9000"
    - "traefik.http.routers.portainer.tls=true"
    - "traefik.http.routers.portainer.tls.certresolver=http"
    restart: always

  matrix-synapse:
    container_name: matrix-synapse
    image: matrixdotorg/synapse:latest
    restart: unless-stopped
    environment:
    - SYNAPSE_SERVER_NAME=matrix.bhasher.com
    - SYNAPSE_REPORT_STATS=no
    volumes:
    - /home/pi/data/matrix/synapse:/data:rw
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.matrix-synapse.rule=Host(`matrix.bhasher.com`)"
    - "traefik.http.routers.matrix-synapse.tls=true"
    - "traefik.http.routers.matrix-synapse.tls.certresolver=http"
    - "traefik.http.routers.matrix-synapse.entrypoints=internalsecure,externalsecure"
    - "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"

  wireguard:
    container_name: wireguard
    image: lscr.io/linuxserver/wireguard:latest
    restart: always
    volumes:
    - /home/pi/data/wireguard:/config
    - /lib/modules:/lib/modules
    ports:
    - 51821:51820/udp
    environment:
    - TZ=Europe/Paris
    - SERVERURL=vpn.bhasher.com
    - SERVERPORT=51821
    - PEERS=5
    - PEERDNS=auto
    - INTERNAL_SUBNET=10.13.14.0
    - ALLOWEDIPS=0.0.0.0/0
    cap_add:
    - NET_ADMIN
    - SYS_MODULE
    sysctls:
    - net.ipv4.conf.all.src_valid_mark=1