diff --git a/homelab/docker-compose.yaml b/homelab/docker-compose.yaml index d6b2bd9..f29e2e8 100644 --- a/homelab/docker-compose.yaml +++ b/homelab/docker-compose.yaml @@ -15,7 +15,7 @@ services: XXX_TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_TLSCHALLENGE: "true" TRAEFIK_PROVIDERS_DOCKER_SWARMMODE: "true" - TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "true" + TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false" ports: - target: 443 published: 443 @@ -34,6 +34,7 @@ services: deploy: labels: # XXX: This HSTS stuff doesn't seem to be working + traefik.enable: "true" traefik.frontend.headers.STSSeconds: "31536000" traefik.frontend.headers.STSPreload: "true" traefik.http.routers.dashboard.rule: "Host(`$FQDN`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" @@ -49,15 +50,17 @@ services: - password deploy: labels: + traefik.enable: "true" traefik.http.routers.simpleauth.rule: "Host(`$FQDN`) && Path(`/`)" traefik.http.services.simpleauth.loadbalancer.server.port: "8080" plex: - image: ghcr.io/linuxserver/plex:1.26.2 + image: ghcr.io/linuxserver/plex networks: - hostnet environment: TZ: US/Mountain + VERSION: public volumes: - type: bind source: /srv/ext/sys/plex @@ -69,20 +72,6 @@ services: bind: propagation: rslave - ## Can't bind mount /dev/sr0, apparently - #sucker: - #image: registry.gitlab.com/dartcatcher/media-sucker/media-sucker - #ports: - #- published: 5880 - #target: 8080 - #volumes: - #- type: bind - #source: /srv/ext/incoming - #target: /incoming - #- type: bind - #source: /dev/sr0 - #target: /dev/sr0 - transmission: image: ghcr.io/linuxserver/transmission networks: @@ -100,46 +89,6 @@ services: traefik.http.routers.transmission.rule: "PathPrefix(`/transmission`)" traefik.http.services.transmission.loadbalancer.server.port: "9091" - nextcloud: - image: ghcr.io/linuxserver/nextcloud:23.0.2 - environment: - OVERWRITEPROTOCOL: https - volumes: - - type: bind - source: /srv/ext/sys/nextcloud - target: /config - - type: bind - source: /srv/ext/nextcloud - target: /data - - type: bind - source: /srv/ext - target: /srv/ext - read_only: true - bind: - propagation: rslave - - type: bind - source: /srv/ext/incoming - target: /srv/ext/incoming - deploy: - labels: - traefik.http.routers.nextcloud.rule: "Host(`drive.woozle.org`) || PathPrefix(`/nextcloud`)" - traefik.http.routers.nextcloud.tls: "true" - traefik.http.routers.nextcloud.tls.certresolver: letsencrypt - traefik.http.routers.nextcloud.middlewares: nextcloud-caldav@docker,sts - traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent: "true" - traefik.http.middlewares.nextcloud-caldav.redirectregex.regex: ^https://(.*)/.well-known/(card|cal)dav - traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement: https://$${1}/remote.php/dav/ - traefik.http.middlewares.sts.headers.stsincludesubdomains: "false" - traefik.http.middlewares.sts.headers.stspreload: "true" - traefik.http.middlewares.sts.headers.stsseconds: "31536000" - traefik.http.services.nextcloud.loadbalancer.server.port: "80" - redis: - image: redis - volumes: - - type: bind - source: /srv/ext/sys/redis - target: /var/lib/redis - gitea: image: gitea/gitea:1 environment: @@ -159,6 +108,7 @@ services: read_only: true deploy: labels: + traefik.enable: "true" traefik.http.routers.gitea.rule: "Host(`git.woozle.org`)" traefik.http.routers.gitea.middlewares: gitea-striparoo traefik.http.middlewares.gitea-striparoo.stripprefix.prefixes: "/gitea" @@ -212,6 +162,7 @@ services: target: /usr/local/share/geneweb/log deploy: labels: + traefik.enable: "true" traefik.http.routers.gwsetup.rule: "PathPrefix(`/gwsetup`)" traefik.http.middlewares.gwsetup-striparoo.stripprefix.prefixes: "/gwsetup" traefik.http.routers.gwsetup.middlewares: gwsetup-striparoo,forward-auth @@ -250,14 +201,15 @@ services: target: 445 public: - image: busybox + image: caddy volumes: - type: bind source: /srv/ext/storage/public - target: /srv/ext/storage/public - command: [ "httpd", "-f", "-h", "/srv/ext/storage" ] + target: /usr/share/caddy/public + read_only: true deploy: labels: + traefik.enable: "true" traefik.http.routers.public.rule: "PathPrefix(`/public`)" traefik.http.services.public.loadbalancer.server.port: "80" diff --git a/homelab/unused/docker-compose.rejected.yaml b/homelab/unused/docker-compose.rejected.yaml new file mode 100644 index 0000000..fd28265 --- /dev/null +++ b/homelab/unused/docker-compose.rejected.yaml @@ -0,0 +1,58 @@ +version: "3.8" +services: + syncthing: + image: syncthing/syncthing + environment: + PUID: 911 + CGID: 911 + volumes: + - type: bind + source: /srv/ext/sys/syncthing + target: /var/syncthing + - type: bind + source: /srv/ext + target: /srv/ext + ports: + - published: 22000 + target: 22000 + protocol: tcp + - published: 22000 + target: 22000 + protocol: udp + - published: 21027 + target: 21027 + protocol: udp + deploy: + labels: + traefik.enable: "true" + traefik.http.routers.syncthing.rule: "PathPrefix(`/syncthing`)" + traefik.http.routers.syncthing.middlewares: syncthing-striparoo + traefik.http.middlewares.syncthing-striparoo.stripprefix.prefixes: "/syncthing" + traefik.http.services.syncthing.loadbalancer.server.port: "8384" + +## Drop this in to get a netdata container. +## It uses a lot of RAM and causes my machine to swap. +## Granted, it's a lot more lightweight than nextcloud. +## But I can live without netdata. + netdata: + image: netdata/netdata + hostname: $HOSTNAME + volumes: + - type: bind + source: / + target: /host + read_only: true + configs: + - source: netdata.conf + target: /etc/netdata/netdata.conf + deploy: + labels: + traefik.http.routers.netdata.rule: "PathPrefix(`/netdata`)" + traefik.http.middlewares.netdata-striparoo.stripprefix.prefixes: "/netdata" + traefik.http.routers.netdata.middlewares: netdata-striparoo + traefik.http.services.netdata.loadbalancer.server.port: "19999" + +configs: + netdata.conf: + file: netdata.conf + name: netdata.conf-v4 diff --git a/homelab/jellyfin.yaml b/homelab/unused/jellyfin.yaml similarity index 100% rename from homelab/jellyfin.yaml rename to homelab/unused/jellyfin.yaml diff --git a/homelab/unused/ocis.yaml b/homelab/unused/ocis.yaml new file mode 100644 index 0000000..ada6672 --- /dev/null +++ b/homelab/unused/ocis.yaml @@ -0,0 +1,252 @@ +version: "3.8" +services: + traefik: + image: traefik + environment: + TRAEFIK_API: "true" + TRAEFIK_API_INSECURE: "true" + TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: :80 + TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure + TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https + TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: :443 + TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt + TRAEFIK_CERTIFICATESRESOLVERS_LETSENCYRPT_ACME_EMAIL: neale@woozle.org + TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: /acme.json + XXX_TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web + TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_TLSCHALLENGE: "true" + TRAEFIK_PROVIDERS_DOCKER_SWARMMODE: "true" + TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false" + ports: + - target: 443 + published: 443 + mode: host + - target: 80 + published: 80 + mode: host + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + read_only: true + - type: bind + source: /srv/ext/sys/traefik/acme.json + target: /acme.json + deploy: + labels: + # XXX: This HSTS stuff doesn't seem to be working + traefik.enable: "true" + traefik.frontend.headers.STSSeconds: "31536000" + traefik.frontend.headers.STSPreload: "true" + traefik.http.routers.dashboard.rule: "Host(`$FQDN`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" + traefik.http.routers.dashboard.tls.certresolver: letsencrypt + traefik.http.routers.dashboard.middlewares: forward-auth + traefik.http.routers.dashboard.service: api@internal + traefik.http.middlewares.forward-auth.forwardauth.address: http://simpleauth:8080/ + traefik.http.services.traefik.loadbalancer.server.port: "1" + + simpleauth: + image: ghcr.io/nealey/simpleauth + secrets: + - password + deploy: + labels: + traefik.enable: "true" + traefik.http.routers.simpleauth.rule: "Host(`$FQDN`) && Path(`/`)" + traefik.http.services.simpleauth.loadbalancer.server.port: "8080" + + plex: + image: ghcr.io/linuxserver/plex + networks: + - hostnet + environment: + TZ: US/Mountain + VERSION: public + volumes: + - type: bind + source: /srv/ext/sys/plex + target: /config + - type: bind + source: /srv + target: /srv + read_only: true + bind: + propagation: rslave + + transmission: + image: ghcr.io/linuxserver/transmission + networks: + - hostnet + volumes: + - type: bind + source: /srv/ext/sys/transmission + target: /config + - type: bind + source: /srv/ext/incoming + target: /srv/ext/incoming + deploy: + labels: + # This isn't going to work, because transmission binds to the host network. + traefik.http.routers.transmission.rule: "PathPrefix(`/transmission`)" + traefik.http.services.transmission.loadbalancer.server.port: "9091" + + ocis: + image: owncloud/ocis:2.0.0-beta.5 + environment: + OCIS_URL: https://drive.woozle.org/ + PROXY_TLS: "false" +# ports: +# - published: 9200 +# target: 9200 + volumes: + - type: bind + source: /srv/ext/sys/ocis/config + target: /etc/ocis + - type: bind + source: /srv/ext/sys/ocis/data + target: /var/lib/ocis + deploy: + labels: + traefik.enable: "true" + traefik.http.routers.ocis.rule: "Host(`drive.woozle.org`)" + traefik.http.routers.ocis.tls: "true" + traefik.http.routers.ocis.tls.certresolver: letsencrypt + traefik.http.services.ocis.loadbalancer.server.port: "9200" + + gitea: + image: gitea/gitea:1 + environment: + USER_UID: 1000 + USER_GID: 1000 + volumes: + - type: bind + source: /srv/ext/sys/gitea + target: /data + - type: bind + source: /etc/timezone + target: /etc/timezone + read_only: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + deploy: + labels: + traefik.enable: "true" + traefik.http.routers.gitea.rule: "Host(`git.woozle.org`)" + traefik.http.routers.gitea.middlewares: gitea-striparoo + traefik.http.middlewares.gitea-striparoo.stripprefix.prefixes: "/gitea" + traefik.http.services.gitea.loadbalancer.server.port: "3000" + + atlas: + image: ctassisf/ripe-atlas-alpine:arm64v8 + volumes: + - type: bind + source: /srv/ext/sys/atlas/etc + target: /var/atlas-probe/etc + - type: bind + source: /srv/ext/sys/atlas/status + target: /var/atlas-probe/status + networks: + - hostnet + +## Drop this in to get a netdata container. +## It uses a lot of RAM and causes my machine to swap. +## Granted, it's a lot more lightweight than nextcloud. +## But I can live without netdata. +# netdata: +# image: netdata/netdata +# hostname: $HOSTNAME +# volumes: +# - type: bind +# source: / +# target: /host +# read_only: true +# configs: +# - source: netdata.conf +# target: /etc/netdata/netdata.conf +# deploy: +# labels: +# traefik.http.routers.netdata.rule: "PathPrefix(`/netdata`)" +# traefik.http.middlewares.netdata-striparoo.stripprefix.prefixes: "/netdata" +# traefik.http.routers.netdata.middlewares: netdata-striparoo +# traefik.http.services.netdata.loadbalancer.server.port: "19999" + + geneweb: + image: ravermeister/geneweb + volumes: + - type: bind + source: /srv/ext/sys/geneweb/etc + target: /usr/local/share/geneweb/etc + - type: bind + source: /srv/ext/sys/geneweb/share/data + target: /usr/local/share/geneweb/share/data + - type: bind + source: /srv/ext/sys/geneweb/log + target: /usr/local/share/geneweb/log + deploy: + labels: + traefik.enable: "true" + traefik.http.routers.gwsetup.rule: "PathPrefix(`/gwsetup`)" + traefik.http.middlewares.gwsetup-striparoo.stripprefix.prefixes: "/gwsetup" + traefik.http.routers.gwsetup.middlewares: gwsetup-striparoo,forward-auth + traefik.http.routers.gwsetup.service: gwsetup + traefik.http.services.gwsetup.loadbalancer.server.port: "2316" + + traefik.http.routers.geneweb.rule: "Host(`ancestry.woozle.org`)" + traefik.http.routers.geneweb.service: geneweb + traefik.http.services.geneweb.loadbalancer.server.port: "2317" + + samba: + image: dperson/samba + volumes: + - type: bind + source: /srv/ext + target: /srv/ext + bind: + propagation: rslave + environment: + NMBD: enable + RECYCLE: disable + USERID: 911 + GROUPID: 911 + # name;path;browse;readonly;guest + SHARE1: storage;/srv/ext/storage;yes;no;no + SHARE2: media;/srv/ext/media;yes;no;no + SHARE3: software;/srv/ext/software;yes;no;no + SHARE4: backups;/srv/ext/backups;yes;no;no + SHARE4: incoming;/srv/ext/incoming;yes;no;no + env_file: + - samba-users.env + ports: + - published: 139 + target: 139 + - published: 445 + target: 445 + + public: + image: caddy + volumes: + - type: bind + source: /srv/ext/storage/public + target: /usr/share/caddy/public + read_only: true + deploy: + labels: + traefik.enable: "true" + traefik.http.routers.public.rule: "PathPrefix(`/public`)" + traefik.http.services.public.loadbalancer.server.port: "80" + +configs: + netdata.conf: + file: netdata.conf + name: netdata.conf-v4 + +secrets: + password: + file: password + name: password-v1 + +networks: + hostnet: + external: true + name: host