152 lines
5.0 KiB
YAML
152 lines
5.0 KiB
YAML
version: "3.8"
|
|
services:
|
|
traefik:
|
|
image: traefik
|
|
environment:
|
|
TRAEFIK_API: "true"
|
|
TRAEFIK_API_INSECURE: "true"
|
|
TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: :80
|
|
TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
|
|
TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https
|
|
TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: :443
|
|
TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt
|
|
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCYRPT_ACME_EMAIL: neale@woozle.org
|
|
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: /acme.json
|
|
XXX_TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
|
|
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_TLSCHALLENGE: "true"
|
|
TRAEFIK_PROVIDERS_DOCKER_SWARMMODE: "true"
|
|
TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false"
|
|
ports:
|
|
- target: 443
|
|
published: 443
|
|
mode: host
|
|
- target: 80
|
|
published: 80
|
|
mode: host
|
|
volumes:
|
|
- type: bind
|
|
source: /var/run/docker.sock
|
|
target: /var/run/docker.sock
|
|
read_only: true
|
|
- type: bind
|
|
source: /srv/ext/sys/traefik/acme.json
|
|
target: /acme.json
|
|
deploy:
|
|
labels:
|
|
traefik.enable: "true"
|
|
# XXX: This HSTS stuff doesn't seem to be working
|
|
traefik.frontend.headers.STSSeconds: "31536000"
|
|
traefik.frontend.headers.STSPreload: "true"
|
|
traefik.http.routers.dashboard.rule: "Host(`$HOSTNAME`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
|
traefik.http.routers.dashboard.tls.certresolver: letsencrypt
|
|
traefik.http.routers.dashboard.middlewares: forward-auth
|
|
traefik.http.routers.dashboard.service: api@internal
|
|
traefik.http.middlewares.forward-auth.forwardauth.address: http://simpleauth:8080/
|
|
traefik.http.services.traefik.loadbalancer.server.port: "1"
|
|
simpleauth:
|
|
image: ghcr.io/nealey/simpleauth
|
|
secrets:
|
|
- password
|
|
deploy:
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.http.routers.simpleauth.rule: "PathPrefix(`/`)"
|
|
traefik.http.services.simpleauth.loadbalancer.server.port: "8080"
|
|
plex:
|
|
image: ghcr.io/linuxserver/plex:1.25.2
|
|
networks:
|
|
- hostnet
|
|
environment:
|
|
TZ: US/Mountain
|
|
volumes:
|
|
- type: bind
|
|
source: /srv/ext/sys/plex
|
|
target: /config
|
|
- type: bind
|
|
source: /srv
|
|
target: /srv
|
|
read_only: true
|
|
bind:
|
|
propagation: rslave
|
|
|
|
transmission:
|
|
image: ghcr.io/linuxserver/transmission
|
|
networks:
|
|
- hostnet
|
|
volumes:
|
|
- type: bind
|
|
source: /srv/ext/sys/transmission
|
|
target: /config
|
|
- type: bind
|
|
source: /srv/ext/incoming
|
|
target: /srv/ext/incoming
|
|
deploy:
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.http.routers.transmission.rule: "PathPrefix(`/transmission`)"
|
|
traefik.http.routers.transmission.tls: "true"
|
|
traefik.http.routers.transmission.middlewares: forward-auth
|
|
traefik.http.services.transmission.loadbalancer.server.port: "9091"
|
|
nextcloud:
|
|
image: ghcr.io/linuxserver/nextcloud:23.0.0-ls168
|
|
environment:
|
|
OVERWRITEPROTOCOL: https
|
|
volumes:
|
|
- type: bind
|
|
source: /srv/ext/sys/nextcloud
|
|
target: /config
|
|
- type: bind
|
|
source: /srv/ext/storage
|
|
target: /data
|
|
- type: bind
|
|
source: /srv/ext
|
|
target: /srv/ext
|
|
read_only: true
|
|
bind:
|
|
propagation: rslave
|
|
- type: bind
|
|
source: /srv/ext/incoming
|
|
target: /srv/ext/incoming
|
|
deploy:
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.http.routers.nextcloud.rule: "Host(`drive.woozle.org`) || PathPrefix(`/nextcloud`)"
|
|
traefik.http.routers.nextcloud.tls: "true"
|
|
traefik.http.routers.nextcloud.tls.certresolver: letsencrypt
|
|
traefik.http.routers.nextcloud.middlewares: nextcloud-caldav@docker,sts
|
|
traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent: "true"
|
|
traefik.http.middlewares.nextcloud-caldav.redirectregex.regex: ^https://(.*)/.well-known/(card|cal)dav
|
|
traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement: https://$${1}/remote.php/dav/
|
|
traefik.http.middlewares.sts.headers.stsincludesubdomains: "false"
|
|
traefik.http.middlewares.sts.headers.stspreload: "true"
|
|
traefik.http.middlewares.sts.headers.stsseconds: "31536000"
|
|
traefik.http.services.nextcloud.loadbalancer.server.port: "80"
|
|
redis:
|
|
image: redis
|
|
volumes:
|
|
- type: bind
|
|
source: /srv/ext/sys/redis
|
|
target: /var/lib/redis
|
|
|
|
atlas:
|
|
image: ctassisf/ripe-atlas-alpine:arm64v8
|
|
volumes:
|
|
- type: bind
|
|
source: /srv/ext/sys/atlas/etc
|
|
target: /var/atlas-probe/etc
|
|
- type: bind
|
|
source: /srv/ext/sys/atlas/status
|
|
target: /var/atlas-probe/status
|
|
networks:
|
|
- hostnet
|
|
|
|
secrets:
|
|
password:
|
|
file: password
|
|
name: password-v1
|
|
|
|
networks:
|
|
hostnet:
|
|
external: true
|
|
name: host
|