From 76b5d077ae1b2fb150a2f928260e0b3c8c05b404 Mon Sep 17 00:00:00 2001 From: Thomas Dehaeze Date: Sun, 14 Feb 2021 19:13:40 +0100 Subject: [PATCH] Update docker-compose ver / use yaml for traefik --- nas.org | 161 +++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 131 insertions(+), 30 deletions(-) diff --git a/nas.org b/nas.org index 979b8cd..b169774 100644 --- a/nas.org +++ b/nas.org @@ -271,7 +271,7 @@ You can use =latest= instead of the ID. :END: #+begin_src yaml -version: "3.2" +version: "3.4" #+end_src ** Networks @@ -286,6 +286,16 @@ networks: driver: bridge #+end_src +** Logging +#+begin_src yaml +x-logging: + &default-logging + driver: "json-file" + options: + max-size: "200k" + max-file: "10" +#+end_src + ** =traefik= - Application proxy #+begin_src yaml services: @@ -296,33 +306,6 @@ services: container_name: traefik image: traefik:2.2.1 restart: unless-stopped - command: - - --global.checkNewVersion=true - - --global.sendAnonymousUsage=false - - --entryPoints.http.address=:80 - - --entryPoints.https.address=:443 - - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22 - - --entryPoints.traefik.address=:8080 - - --api=true - - --api.dashboard=true - - --log=true - - --log.level=ERROR # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC - - --accessLog=true - - --accessLog.filePath=/var/log/access.log - - --accessLog.filters.statusCodes=400-499 - - --providers.docker=true - - --providers.docker.endpoint=unix:///var/run/docker.sock - - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`) - - --providers.docker.exposedByDefault=false - - --providers.docker.network=t2_proxy - - --providers.docker.swarmMode=false - - --providers.file.directory=/rules - - --providers.file.watch=true - # - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing - - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL - - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json - - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare - - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53 networks: t2_proxy: ipv4_address: 192.168.90.254 # You can specify a static IP @@ -336,6 +319,7 @@ services: - $CONFIGDIR/traefik2/rules:/rules - $CONFIGDIR/traefik2/acme/acme.json:/acme.json - $CONFIGDIR/traefik2/shared:/shared + - $CONFIGDIR/traefik2/traefik.yaml:/etc/traefik/traefik.yaml - /var/log/traefik:/var/log - /var/run/docker.sock:/var/run/docker.sock:ro environment: @@ -365,6 +349,55 @@ services: # - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://login.$DOMAINNAME/' # - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' + logging: *default-logging +#+end_src + +*** =traefik.yaml= +#+begin_src yaml :tangle /ssh:thomas@grenoble:~/docker/config/traefik2/traefik.yaml +global: + checkNewVersion: true + sendAnonymousUsage: false + +entryPoints: + traefik: + address: :8080 + http: + address: :80 + https: + address: :443 + forwardedHeaders: + trustedIPs: 173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22 + +api: + dashboard: true + +log: + level: ERROR + +accessLog: + filePath: /var/log/access.log + filters: + statusCodes: 400-499 + +providers: + docker: + endpoint: unix:///var/run/docker.sock + defaultrule: Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`) + exposedByDefault: false + network: t2_proxy + swarmMode: false + file: + directory: /rules + watch: true + +certificatesResolvers: + dns-cloudflare: + acme: + email: $CLOUDFLARE_EMAIL + storage: /acme.json + dnsChallenge: + provider: cloudflare + resolvers: 1.1.1.1:53,1.0.0.1:53 #+end_src ** =homer= - Home page @@ -388,6 +421,7 @@ services: - "traefik.http.routers.homer-rtr.tls=true" - "traefik.http.routers.homer-rtr.service=homer-svc" - "traefik.http.services.homer-svc.loadbalancer.server.port=8080" + logging: *default-logging #+end_src *** =config.yml= @@ -523,7 +557,7 @@ services: - name: "OctoPrint" logo: "/assets/tools/octoprint.png" subtitle: "3D-Printing" - url: "http://192.168.1.56/" + url: "https://octoprint.tdehaeze.xyz/" #+end_src ** =snapraid= - Manage local backup with parity disk @@ -543,6 +577,7 @@ services: - PUID=$PUID - PGID=$PGID - TZ=$TZ + logging: *default-logging #+end_src *** =snapraid.conf= @@ -666,6 +701,7 @@ older-than = 10 - "traefik.http.routers.portainer-rtr.service=portainer-svc" - "traefik.http.routers.portainer-rtr.middlewares=traefik-auth" - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000" + logging: *default-logging #+end_src ** =wireguard= - VPN @@ -692,6 +728,7 @@ older-than = 10 - /lib/modules:/lib/modules ports: - 51820:51820/udp + logging: *default-logging #+end_src ** =gitea= - Git server @@ -721,6 +758,7 @@ older-than = 10 - "traefik.http.routers.git-rtr.tls=true" - "traefik.http.routers.git-rtr.service=git-svc" - "traefik.http.services.git-svc.loadbalancer.server.port=3000" + logging: *default-logging #+end_src #+begin_src yaml @@ -765,6 +803,7 @@ older-than = 10 - "traefik.http.routers.caddy-rtr.tls=true" - "traefik.http.routers.caddy-rtr.service=caddy-svc" - "traefik.http.services.caddy-svc.loadbalancer.server.port=2015" + logging: *default-logging #+end_src *** =Caddyfile= @@ -805,6 +844,7 @@ older-than = 10 - "traefik.http.routers.dotfiles-rtr.tls=true" - "traefik.http.routers.dotfiles-rtr.service=dotfiles-svc" - "traefik.http.services.dotfiles-svc.loadbalancer.server.port=2015" + logging: *default-logging #+end_src *** =Caddyfile= @@ -838,6 +878,7 @@ older-than = 10 - "traefik.http.routers.hugo-rtr.tls=true" - "traefik.http.routers.hugo-rtr.service=hugo-svc" - "traefik.http.services.hugo-svc.loadbalancer.server.port=2015" + logging: *default-logging #+end_src ** =syncthing= - File Synchronization @@ -872,6 +913,7 @@ older-than = 10 - "traefik.http.routers.syncthing-rtr.service=syncthing-svc" - "traefik.http.routers.syncthing-rtr.middlewares=traefik-auth" - "traefik.http.services.syncthing-svc.loadbalancer.server.port=8384" + logging: *default-logging #+end_src ** =miniflux= - RSS reader @@ -900,7 +942,10 @@ older-than = 10 # - 'traefik.http.routers.miniflux-rtr.middlewares=authelia@docker' - "traefik.http.routers.miniflux-rtr.service=miniflux-svc" - "traefik.http.services.miniflux-svc.loadbalancer.server.port=8080" + logging: *default-logging +#+end_src +#+begin_src yaml miniflux_db: container_name: miniflux_db image: postgres:12 @@ -912,6 +957,7 @@ older-than = 10 - POSTGRES_PASSWORD=$MINIFLUX_POSTGRES_PASSWORD volumes: - $CONFIGDIR/miniflux_db:/var/lib/postgresql/data + logging: *default-logging #+end_src ** =homeassistant= - Home Automation @@ -949,6 +995,7 @@ older-than = 10 - "traefik.http.routers.homeassistant-rtr.service=homeassistant-svc" - "traefik.http.services.homeassistant-svc.loadbalancer.servers.url=http://172.17.0.1:8123" #- "traefik.http.services.homeassistant-svc.loadbalancer.server.port=8123" + logging: *default-logging #+end_src ** =jellyfin= - Media server @@ -977,6 +1024,7 @@ older-than = 10 - "traefik.http.routers.jellyfin-rtr.tls=true" - "traefik.http.routers.jellyfin-rtr.service=jellyfin-svc" - "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096" + logging: *default-logging #+end_src ** =filebrowser= - Web file browser @@ -1003,6 +1051,7 @@ older-than = 10 - "traefik.http.routers.filebrowser-rtr.tls=true" - "traefik.http.routers.filebrowser-rtr.service=filebrowser-svc" - "traefik.http.services.filebrowser-svc.loadbalancer.server.port=80" + logging: *default-logging #+end_src *** =.filebrowser.json= @@ -1047,6 +1096,7 @@ older-than = 10 - /dev/nvme0n1:/dev/nvme0n1 ports: - 8089:8080 + logging: *default-logging #+end_src ** =guacamole= - Remote connection @@ -1071,6 +1121,7 @@ older-than = 10 - "traefik.http.routers.guacamole-rtr.tls=true" - "traefik.http.routers.guacamole-rtr.service=guacamole-svc" - "traefik.http.services.guacamole-svc.loadbalancer.server.port=8080" + logging: *default-logging #+end_src ** =transmission= - Torrent server @@ -1113,6 +1164,7 @@ older-than = 10 - "traefik.http.routers.transmission-rtr.service=transmission-svc" - "traefik.http.routers.transmission-rtr.middlewares=traefik-auth" - "traefik.http.services.transmission-svc.loadbalancer.server.port=9091" + logging: *default-logging #+end_src ** =aria2= - Download daemon @@ -1132,6 +1184,7 @@ older-than = 10 - /srv/storage/Downloads:/downloads ports: - 6800:6800 + logging: *default-logging #+end_src *** =aria2.conf= @@ -1179,6 +1232,7 @@ split=16 - "traefik.http.routers.aria2-rtr.tls=false" - "traefik.http.routers.aria2-rtr.service=aria2-svc" - "traefik.http.services.aria2-svc.loadbalancer.server.port=6880" + logging: *default-logging #+end_src ** =deemix= - Music Download @@ -1205,6 +1259,7 @@ split=16 - "traefik.http.routers.deemix-rtr.service=deemix-svc" # - "traefik.http.routers.deemix-rtr.middlewares=traefik-auth" - "traefik.http.services.deemix-svc.loadbalancer.server.port=6595" + logging: *default-logging #+end_src *** =.arl= @@ -1233,6 +1288,7 @@ split=16 - "traefik.http.routers.linkding-rtr.tls=true" - "traefik.http.routers.linkding-rtr.service=linkding-svc" - "traefik.http.services.linkding-svc.loadbalancer.server.port=9090" + logging: *default-logging #+end_src ** =restic= - Automatic online backups @@ -1240,7 +1296,7 @@ split=16 restic: container_name: restic image: mazzolino/restic - restart: "no" + restart: unless-stopped networks: - t2_proxy environment: @@ -1249,13 +1305,58 @@ split=16 - RESTIC_PASSWORD=$RESTIC_PASSWORD - RESTIC_BACKUP_SOURCES=/source - RESTIC_FORGET_ARGS=--keep-daily 7 --keep-weekly 4 --keep-monthly 12 + - RESTIC_BACKUP_ARGS=--exclude-file /exclude.txt - B2_ACCOUNT_ID=$RESTIC_B2_ACCOUNT_ID - B2_ACCOUNT_KEY=$RESTIC_B2_ACCOUNT_KEY - UID=$PUID - GID=$PGID - TZ=$TZ volumes: + - $CONFIGDIR/restic/exclude.txt:/exclude.txt:ro - /srv/storage/Cloud/thesis:/source/Cloud/thesis:ro + - /home/thomas/docker:/source/docker:ro + logging: *default-logging +#+end_src + +*** =exclude.txt= - Exclude files + +#+begin_src conf :tangle /ssh:thomas@grenoble:~/docker/config/restic/exclude.txt +*.db +*.log +*.log.* +/source/docker/config/gitea/git/ +/source/docker/config/guacamole/ +/source/docker/config/guacamole_db/ +/source/docker/config/mariadb/ +/source/docker/config/miniflux_db/ +/source/docker/config/jellyfin/data/ +/source/docker/config/dotfiles/www/ +/source/docker/config/web/www/ +#+end_src + +** =octoprint= - Web interface for 3D printing +#+begin_src yaml + octoprint: + container_name: octoprint + image: octoprint/octoprint + restart: unless-stopped + networks: + - t2_proxy + environment: + - UID=$PUID + - GID=$PGID + - TZ=$TZ + volumes: + - $CONFIGDIR/octoprint:/octoprint + labels: + - "traefik.enable=true" + - "traefik.http.routers.octoprint-rtr.entrypoints=https" + - "traefik.http.routers.octoprint-rtr.rule=Host(`octoprint.$DOMAINNAME`)" + - "traefik.http.routers.octoprint-rtr.tls=true" + - "traefik.http.routers.octoprint-rtr.service=octoprint-svc" + - "traefik.http.routers.octoprint-rtr.middlewares=traefik-auth" + - "traefik.http.services.octoprint-svc.loadbalancer.server.port=80" + logging: *default-logging #+end_src * Docker-Compose OLD :noexport: