neale/stacks
neale
/
stacks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove OCIS

This commit is contained in:
Neale Pickett 2022-08-02 20:57:44 -06:00
parent cbc7bf672e
commit 014ac43b84
4 changed files with 321 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
homelab/docker-compose.yaml
View File

@ -15,7 +15,7 @@ services:
XXX_TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_TLSCHALLENGE: "true"
TRAEFIK_PROVIDERS_DOCKER_SWARMMODE: "true"
TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "true"
TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false"
ports:
- target: 443
published: 443
@ -34,6 +34,7 @@ services:
deploy:
labels:
# XXX: This HSTS stuff doesn't seem to be working
traefik.enable: "true"
traefik.frontend.headers.STSSeconds: "31536000"
traefik.frontend.headers.STSPreload: "true"
traefik.http.routers.dashboard.rule: "Host(`$FQDN`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
@ -49,15 +50,17 @@ services:
- password
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.simpleauth.rule: "Host(`$FQDN`) && Path(`/`)"
traefik.http.services.simpleauth.loadbalancer.server.port: "8080"
plex:
image: ghcr.io/linuxserver/plex:1.26.2
image: ghcr.io/linuxserver/plex
networks:
- hostnet
environment:
TZ: US/Mountain
VERSION: public
volumes:
- type: bind
source: /srv/ext/sys/plex
@ -69,20 +72,6 @@ services:
bind:
propagation: rslave
## Can't bind mount /dev/sr0, apparently
#sucker:
#image: registry.gitlab.com/dartcatcher/media-sucker/media-sucker
#ports:
#- published: 5880
#target: 8080
#volumes:
#- type: bind
#source: /srv/ext/incoming
#target: /incoming
#- type: bind
#source: /dev/sr0
#target: /dev/sr0
transmission:
image: ghcr.io/linuxserver/transmission
networks:
@ -100,46 +89,6 @@ services:
traefik.http.routers.transmission.rule: "PathPrefix(`/transmission`)"
traefik.http.services.transmission.loadbalancer.server.port: "9091"
nextcloud:
image: ghcr.io/linuxserver/nextcloud:23.0.2
environment:
OVERWRITEPROTOCOL: https
volumes:
- type: bind
source: /srv/ext/sys/nextcloud
target: /config
- type: bind
source: /srv/ext/nextcloud
target: /data
- type: bind
source: /srv/ext
target: /srv/ext
read_only: true
bind:
propagation: rslave
- type: bind
source: /srv/ext/incoming
target: /srv/ext/incoming
deploy:
labels:
traefik.http.routers.nextcloud.rule: "Host(`drive.woozle.org`) || PathPrefix(`/nextcloud`)"
traefik.http.routers.nextcloud.tls: "true"
traefik.http.routers.nextcloud.tls.certresolver: letsencrypt
traefik.http.routers.nextcloud.middlewares: nextcloud-caldav@docker,sts
traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent: "true"
traefik.http.middlewares.nextcloud-caldav.redirectregex.regex: ^https://(.*)/.well-known/(card|cal)dav
traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement: https://$${1}/remote.php/dav/
traefik.http.middlewares.sts.headers.stsincludesubdomains: "false"
traefik.http.middlewares.sts.headers.stspreload: "true"
traefik.http.middlewares.sts.headers.stsseconds: "31536000"
traefik.http.services.nextcloud.loadbalancer.server.port: "80"
redis:
image: redis
volumes:
- type: bind
source: /srv/ext/sys/redis
target: /var/lib/redis
gitea:
image: gitea/gitea:1
environment:
@ -159,6 +108,7 @@ services:
read_only: true
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.gitea.rule: "Host(`git.woozle.org`)"
traefik.http.routers.gitea.middlewares: gitea-striparoo
traefik.http.middlewares.gitea-striparoo.stripprefix.prefixes: "/gitea"
@ -212,6 +162,7 @@ services:
target: /usr/local/share/geneweb/log
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.gwsetup.rule: "PathPrefix(`/gwsetup`)"
traefik.http.middlewares.gwsetup-striparoo.stripprefix.prefixes: "/gwsetup"
traefik.http.routers.gwsetup.middlewares: gwsetup-striparoo,forward-auth
@ -250,14 +201,15 @@ services:
target: 445
public:
image: busybox
image: caddy
volumes:
- type: bind
source: /srv/ext/storage/public
target: /srv/ext/storage/public
command: [ "httpd", "-f", "-h", "/srv/ext/storage" ]
target: /usr/share/caddy/public
read_only: true
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.public.rule: "PathPrefix(`/public`)"
traefik.http.services.public.loadbalancer.server.port: "80"

58
homelab/unused/docker-compose.rejected.yaml Normal file
View File

@ -0,0 +1,58 @@
version: "3.8"
services:
syncthing:
image: syncthing/syncthing
environment:
PUID: 911
CGID: 911
volumes:
- type: bind
source: /srv/ext/sys/syncthing
target: /var/syncthing
- type: bind
source: /srv/ext
target: /srv/ext
ports:
- published: 22000
target: 22000
protocol: tcp
- published: 22000
target: 22000
protocol: udp
- published: 21027
target: 21027
protocol: udp
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.syncthing.rule: "PathPrefix(`/syncthing`)"
traefik.http.routers.syncthing.middlewares: syncthing-striparoo
traefik.http.middlewares.syncthing-striparoo.stripprefix.prefixes: "/syncthing"
traefik.http.services.syncthing.loadbalancer.server.port: "8384"
## Drop this in to get a netdata container.
## It uses a lot of RAM and causes my machine to swap.
## Granted, it's a lot more lightweight than nextcloud.
## But I can live without netdata.
netdata:
image: netdata/netdata
hostname: $HOSTNAME
volumes:
- type: bind
source: /
target: /host
read_only: true
configs:
- source: netdata.conf
target: /etc/netdata/netdata.conf
deploy:
labels:
traefik.http.routers.netdata.rule: "PathPrefix(`/netdata`)"
traefik.http.middlewares.netdata-striparoo.stripprefix.prefixes: "/netdata"
traefik.http.routers.netdata.middlewares: netdata-striparoo
traefik.http.services.netdata.loadbalancer.server.port: "19999"
configs:
netdata.conf:
file: netdata.conf
name: netdata.conf-v4

0
homelab/jellyfin.yaml → homelab/unused/jellyfin.yaml
View File

252
homelab/unused/ocis.yaml Normal file
View File

@ -0,0 +1,252 @@
version: "3.8"
services:
traefik:
image: traefik
environment:
TRAEFIK_API: "true"
TRAEFIK_API_INSECURE: "true"
TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: :80
TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https
TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: :443
TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCYRPT_ACME_EMAIL: neale@woozle.org
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: /acme.json
XXX_TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_TLSCHALLENGE: "true"
TRAEFIK_PROVIDERS_DOCKER_SWARMMODE: "true"
TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false"
ports:
- target: 443
published: 443
mode: host
- target: 80
published: 80
mode: host
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
read_only: true
- type: bind
source: /srv/ext/sys/traefik/acme.json
target: /acme.json
deploy:
labels:
# XXX: This HSTS stuff doesn't seem to be working
traefik.enable: "true"
traefik.frontend.headers.STSSeconds: "31536000"
traefik.frontend.headers.STSPreload: "true"
traefik.http.routers.dashboard.rule: "Host(`$FQDN`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
traefik.http.routers.dashboard.tls.certresolver: letsencrypt
traefik.http.routers.dashboard.middlewares: forward-auth
traefik.http.routers.dashboard.service: api@internal
traefik.http.middlewares.forward-auth.forwardauth.address: http://simpleauth:8080/
traefik.http.services.traefik.loadbalancer.server.port: "1"
simpleauth:
image: ghcr.io/nealey/simpleauth
secrets:
- password
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.simpleauth.rule: "Host(`$FQDN`) && Path(`/`)"
traefik.http.services.simpleauth.loadbalancer.server.port: "8080"
plex:
image: ghcr.io/linuxserver/plex
networks:
- hostnet
environment:
TZ: US/Mountain
VERSION: public
volumes:
- type: bind
source: /srv/ext/sys/plex
target: /config
- type: bind
source: /srv
target: /srv
read_only: true
bind:
propagation: rslave
transmission:
image: ghcr.io/linuxserver/transmission
networks:
- hostnet
volumes:
- type: bind
source: /srv/ext/sys/transmission
target: /config
- type: bind
source: /srv/ext/incoming
target: /srv/ext/incoming
deploy:
labels:
# This isn't going to work, because transmission binds to the host network.
traefik.http.routers.transmission.rule: "PathPrefix(`/transmission`)"
traefik.http.services.transmission.loadbalancer.server.port: "9091"
ocis:
image: owncloud/ocis:2.0.0-beta.5
environment:
OCIS_URL: https://drive.woozle.org/
PROXY_TLS: "false"
# ports:
# - published: 9200
# target: 9200
volumes:
- type: bind
source: /srv/ext/sys/ocis/config
target: /etc/ocis
- type: bind
source: /srv/ext/sys/ocis/data
target: /var/lib/ocis
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.ocis.rule: "Host(`drive.woozle.org`)"
traefik.http.routers.ocis.tls: "true"
traefik.http.routers.ocis.tls.certresolver: letsencrypt
traefik.http.services.ocis.loadbalancer.server.port: "9200"
gitea:
image: gitea/gitea:1
environment:
USER_UID: 1000
USER_GID: 1000
volumes:
- type: bind
source: /srv/ext/sys/gitea
target: /data
- type: bind
source: /etc/timezone
target: /etc/timezone
read_only: true
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.gitea.rule: "Host(`git.woozle.org`)"
traefik.http.routers.gitea.middlewares: gitea-striparoo
traefik.http.middlewares.gitea-striparoo.stripprefix.prefixes: "/gitea"
traefik.http.services.gitea.loadbalancer.server.port: "3000"
atlas:
image: ctassisf/ripe-atlas-alpine:arm64v8
volumes:
- type: bind
source: /srv/ext/sys/atlas/etc
target: /var/atlas-probe/etc
- type: bind
source: /srv/ext/sys/atlas/status
target: /var/atlas-probe/status
networks:
- hostnet
## Drop this in to get a netdata container.
## It uses a lot of RAM and causes my machine to swap.
## Granted, it's a lot more lightweight than nextcloud.
## But I can live without netdata.
# netdata:
# image: netdata/netdata
# hostname: $HOSTNAME
# volumes:
# - type: bind
# source: /
# target: /host
# read_only: true
# configs:
# - source: netdata.conf
# target: /etc/netdata/netdata.conf
# deploy:
# labels:
# traefik.http.routers.netdata.rule: "PathPrefix(`/netdata`)"
# traefik.http.middlewares.netdata-striparoo.stripprefix.prefixes: "/netdata"
# traefik.http.routers.netdata.middlewares: netdata-striparoo
# traefik.http.services.netdata.loadbalancer.server.port: "19999"
geneweb:
image: ravermeister/geneweb
volumes:
- type: bind
source: /srv/ext/sys/geneweb/etc
target: /usr/local/share/geneweb/etc
- type: bind
source: /srv/ext/sys/geneweb/share/data
target: /usr/local/share/geneweb/share/data
- type: bind
source: /srv/ext/sys/geneweb/log
target: /usr/local/share/geneweb/log
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.gwsetup.rule: "PathPrefix(`/gwsetup`)"
traefik.http.middlewares.gwsetup-striparoo.stripprefix.prefixes: "/gwsetup"
traefik.http.routers.gwsetup.middlewares: gwsetup-striparoo,forward-auth
traefik.http.routers.gwsetup.service: gwsetup
traefik.http.services.gwsetup.loadbalancer.server.port: "2316"
traefik.http.routers.geneweb.rule: "Host(`ancestry.woozle.org`)"
traefik.http.routers.geneweb.service: geneweb
traefik.http.services.geneweb.loadbalancer.server.port: "2317"
samba:
image: dperson/samba
volumes:
- type: bind
source: /srv/ext
target: /srv/ext
bind:
propagation: rslave
environment:
NMBD: enable
RECYCLE: disable
USERID: 911
GROUPID: 911
# name;path;browse;readonly;guest
SHARE1: storage;/srv/ext/storage;yes;no;no
SHARE2: media;/srv/ext/media;yes;no;no
SHARE3: software;/srv/ext/software;yes;no;no
SHARE4: backups;/srv/ext/backups;yes;no;no
SHARE4: incoming;/srv/ext/incoming;yes;no;no
env_file:
- samba-users.env
ports:
- published: 139
target: 139
- published: 445
target: 445
public:
image: caddy
volumes:
- type: bind
source: /srv/ext/storage/public
target: /usr/share/caddy/public
read_only: true
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.public.rule: "PathPrefix(`/public`)"
traefik.http.services.public.loadbalancer.server.port: "80"
configs:
netdata.conf:
file: netdata.conf
name: netdata.conf-v4
secrets:
password:
file: password
name: password-v1
networks:
hostnet:
external: true
name: host