stacks/homelab/docker-compose.yaml

152 lines
5.0 KiB
YAML

version: "3.8"
services:
traefik:
image: traefik
environment:
TRAEFIK_API: "true"
TRAEFIK_API_INSECURE: "true"
TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: :80
TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https
TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: :443
TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCYRPT_ACME_EMAIL: neale@woozle.org
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: /acme.json
XXX_TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_TLSCHALLENGE: "true"
TRAEFIK_PROVIDERS_DOCKER_SWARMMODE: "true"
TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false"
ports:
- target: 443
published: 443
mode: host
- target: 80
published: 80
mode: host
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
read_only: true
- type: bind
source: /srv/ext/sys/traefik/acme.json
target: /acme.json
deploy:
labels:
traefik.enable: "true"
# XXX: This HSTS stuff doesn't seem to be working
traefik.frontend.headers.STSSeconds: "31536000"
traefik.frontend.headers.STSPreload: "true"
traefik.http.routers.dashboard.rule: "Host(`$HOSTNAME`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
traefik.http.routers.dashboard.tls.certresolver: letsencrypt
traefik.http.routers.dashboard.middlewares: forward-auth
traefik.http.routers.dashboard.service: api@internal
traefik.http.middlewares.forward-auth.forwardauth.address: http://simpleauth:8080/
traefik.http.services.traefik.loadbalancer.server.port: "1"
simpleauth:
image: ghcr.io/nealey/simpleauth
secrets:
- password
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.simpleauth.rule: "PathPrefix(`/`)"
traefik.http.services.simpleauth.loadbalancer.server.port: "8080"
plex:
image: ghcr.io/linuxserver/plex:1.25.2
networks:
- hostnet
environment:
TZ: US/Mountain
volumes:
- type: bind
source: /srv/ext/sys/plex
target: /config
- type: bind
source: /srv
target: /srv
read_only: true
bind:
propagation: rslave
transmission:
image: ghcr.io/linuxserver/transmission
networks:
- hostnet
volumes:
- type: bind
source: /srv/ext/sys/transmission
target: /config
- type: bind
source: /srv/ext/incoming
target: /srv/ext/incoming
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.transmission.rule: "PathPrefix(`/transmission`)"
traefik.http.routers.transmission.tls: "true"
traefik.http.routers.transmission.middlewares: forward-auth
traefik.http.services.transmission.loadbalancer.server.port: "9091"
nextcloud:
image: ghcr.io/linuxserver/nextcloud:23.0.0-ls168
environment:
OVERWRITEPROTOCOL: https
volumes:
- type: bind
source: /srv/ext/sys/nextcloud
target: /config
- type: bind
source: /srv/ext/storage
target: /data
- type: bind
source: /srv/ext
target: /srv/ext
read_only: true
bind:
propagation: rslave
- type: bind
source: /srv/ext/incoming
target: /srv/ext/incoming
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.nextcloud.rule: "Host(`drive.woozle.org`) || PathPrefix(`/nextcloud`)"
traefik.http.routers.nextcloud.tls: "true"
traefik.http.routers.nextcloud.tls.certresolver: letsencrypt
traefik.http.routers.nextcloud.middlewares: nextcloud-caldav@docker,sts
traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent: "true"
traefik.http.middlewares.nextcloud-caldav.redirectregex.regex: ^https://(.*)/.well-known/(card|cal)dav
traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement: https://$${1}/remote.php/dav/
traefik.http.middlewares.sts.headers.stsincludesubdomains: "false"
traefik.http.middlewares.sts.headers.stspreload: "true"
traefik.http.middlewares.sts.headers.stsseconds: "31536000"
traefik.http.services.nextcloud.loadbalancer.server.port: "80"
redis:
image: redis
volumes:
- type: bind
source: /srv/ext/sys/redis
target: /var/lib/redis
atlas:
image: ctassisf/ripe-atlas-alpine:arm64v8
volumes:
- type: bind
source: /srv/ext/sys/atlas/etc
target: /var/atlas-probe/etc
- type: bind
source: /srv/ext/sys/atlas/status
target: /var/atlas-probe/status
networks:
- hostnet
secrets:
password:
file: password
name: password-v1
networks:
hostnet:
external: true
name: host