tdehaeze/literate-dotfiles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update docker-compose ver / use yaml for traefik

Browse Source
This commit is contained in:
Thomas Dehaeze 2021-02-14 19:13:40 +01:00
parent 13aea680b6
commit be94b96bc5
1 changed files with 131 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
nas.org
View File

@ -271,7 +271,7 @@ You can use =latest= instead of the ID.
:END:
#+begin_src yaml
version: "3.2"
version: "3.4"
#+end_src
** Networks
@ -286,6 +286,16 @@ networks:
driver: bridge
#+end_src
** Logging
#+begin_src yaml
x-logging:
&default-logging
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
#+end_src
** =traefik= - Application proxy
#+begin_src yaml
services:
@ -296,33 +306,6 @@ services:
container_name: traefik
image: traefik:2.2.1
restart: unless-stopped
command:
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=false
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443
- --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
- --entryPoints.traefik.address=:8080
- --api=true
- --api.dashboard=true
- --log=true
- --log.level=ERROR # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/var/log/access.log
- --accessLog.filters.statusCodes=400-499
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
- --providers.docker.exposedByDefault=false
- --providers.docker.network=t2_proxy
- --providers.docker.swarmMode=false
- --providers.file.directory=/rules
- --providers.file.watch=true
# - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
networks:
t2_proxy:
ipv4_address: 192.168.90.254 # You can specify a static IP
@ -336,6 +319,7 @@ services:
- $CONFIGDIR/traefik2/rules:/rules
- $CONFIGDIR/traefik2/acme/acme.json:/acme.json
- $CONFIGDIR/traefik2/shared:/shared
- $CONFIGDIR/traefik2/traefik.yaml:/etc/traefik/traefik.yaml
- /var/log/traefik:/var/log
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
@ -365,6 +349,55 @@ services:
# - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://login.$DOMAINNAME/'
# - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
# - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups'
logging: *default-logging
#+end_src
*** =traefik.yaml=
#+begin_src yaml :tangle /ssh:thomas@grenoble:~/docker/config/traefik2/traefik.yaml
global:
checkNewVersion: true
sendAnonymousUsage: false
entryPoints:
traefik:
address: :8080
http:
address: :80
https:
address: :443
forwardedHeaders:
trustedIPs: 173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
api:
dashboard: true
log:
level: ERROR
accessLog:
filePath: /var/log/access.log
filters:
statusCodes: 400-499
providers:
docker:
endpoint: unix:///var/run/docker.sock
defaultrule: Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
exposedByDefault: false
network: t2_proxy
swarmMode: false
file:
directory: /rules
watch: true
certificatesResolvers:
dns-cloudflare:
acme:
email: $CLOUDFLARE_EMAIL
storage: /acme.json
dnsChallenge:
provider: cloudflare
resolvers: 1.1.1.1:53,1.0.0.1:53
#+end_src
** =homer= - Home page
@ -388,6 +421,7 @@ services:
- "traefik.http.routers.homer-rtr.tls=true"
- "traefik.http.routers.homer-rtr.service=homer-svc"
- "traefik.http.services.homer-svc.loadbalancer.server.port=8080"
logging: *default-logging
#+end_src
*** =config.yml=
@ -523,7 +557,7 @@ services:
- name: "OctoPrint"
logo: "/assets/tools/octoprint.png"
subtitle: "3D-Printing"
url: "http://192.168.1.56/"
url: "https://octoprint.tdehaeze.xyz/"
#+end_src
** =snapraid= - Manage local backup with parity disk
@ -543,6 +577,7 @@ services:
- PUID=$PUID
- PGID=$PGID
- TZ=$TZ
logging: *default-logging
#+end_src
*** =snapraid.conf=
@ -666,6 +701,7 @@ older-than = 10
- "traefik.http.routers.portainer-rtr.service=portainer-svc"
- "traefik.http.routers.portainer-rtr.middlewares=traefik-auth"
- "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"
logging: *default-logging
#+end_src
** =wireguard= - VPN
@ -692,6 +728,7 @@ older-than = 10
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
logging: *default-logging
#+end_src
** =gitea= - Git server
@ -721,6 +758,7 @@ older-than = 10
- "traefik.http.routers.git-rtr.tls=true"
- "traefik.http.routers.git-rtr.service=git-svc"
- "traefik.http.services.git-svc.loadbalancer.server.port=3000"
logging: *default-logging
#+end_src
#+begin_src yaml
@ -765,6 +803,7 @@ older-than = 10
- "traefik.http.routers.caddy-rtr.tls=true"
- "traefik.http.routers.caddy-rtr.service=caddy-svc"
- "traefik.http.services.caddy-svc.loadbalancer.server.port=2015"
logging: *default-logging
#+end_src
*** =Caddyfile=
@ -805,6 +844,7 @@ older-than = 10
- "traefik.http.routers.dotfiles-rtr.tls=true"
- "traefik.http.routers.dotfiles-rtr.service=dotfiles-svc"
- "traefik.http.services.dotfiles-svc.loadbalancer.server.port=2015"
logging: *default-logging
#+end_src
*** =Caddyfile=
@ -838,6 +878,7 @@ older-than = 10
- "traefik.http.routers.hugo-rtr.tls=true"
- "traefik.http.routers.hugo-rtr.service=hugo-svc"
- "traefik.http.services.hugo-svc.loadbalancer.server.port=2015"
logging: *default-logging
#+end_src
** =syncthing= - File Synchronization
@ -872,6 +913,7 @@ older-than = 10
- "traefik.http.routers.syncthing-rtr.service=syncthing-svc"
- "traefik.http.routers.syncthing-rtr.middlewares=traefik-auth"
- "traefik.http.services.syncthing-svc.loadbalancer.server.port=8384"
logging: *default-logging
#+end_src
** =miniflux= - RSS reader
@ -900,7 +942,10 @@ older-than = 10
# - 'traefik.http.routers.miniflux-rtr.middlewares=authelia@docker'
- "traefik.http.routers.miniflux-rtr.service=miniflux-svc"
- "traefik.http.services.miniflux-svc.loadbalancer.server.port=8080"
logging: *default-logging
#+end_src
#+begin_src yaml
miniflux_db:
container_name: miniflux_db
image: postgres:12
@ -912,6 +957,7 @@ older-than = 10
- POSTGRES_PASSWORD=$MINIFLUX_POSTGRES_PASSWORD
volumes:
- $CONFIGDIR/miniflux_db:/var/lib/postgresql/data
logging: *default-logging
#+end_src
** =homeassistant= - Home Automation
@ -949,6 +995,7 @@ older-than = 10
- "traefik.http.routers.homeassistant-rtr.service=homeassistant-svc"
- "traefik.http.services.homeassistant-svc.loadbalancer.servers.url=http://172.17.0.1:8123"
#- "traefik.http.services.homeassistant-svc.loadbalancer.server.port=8123"
logging: *default-logging
#+end_src
** =jellyfin= - Media server
@ -977,6 +1024,7 @@ older-than = 10
- "traefik.http.routers.jellyfin-rtr.tls=true"
- "traefik.http.routers.jellyfin-rtr.service=jellyfin-svc"
- "traefik.http.services.jellyfin-svc.loadbalancer.server.port=8096"
logging: *default-logging
#+end_src
** =filebrowser= - Web file browser
@ -1003,6 +1051,7 @@ older-than = 10
- "traefik.http.routers.filebrowser-rtr.tls=true"
- "traefik.http.routers.filebrowser-rtr.service=filebrowser-svc"
- "traefik.http.services.filebrowser-svc.loadbalancer.server.port=80"
logging: *default-logging
#+end_src
*** =.filebrowser.json=
@ -1047,6 +1096,7 @@ older-than = 10
- /dev/nvme0n1:/dev/nvme0n1
ports:
- 8089:8080
logging: *default-logging
#+end_src
** =guacamole= - Remote connection
@ -1071,6 +1121,7 @@ older-than = 10
- "traefik.http.routers.guacamole-rtr.tls=true"
- "traefik.http.routers.guacamole-rtr.service=guacamole-svc"
- "traefik.http.services.guacamole-svc.loadbalancer.server.port=8080"
logging: *default-logging
#+end_src
** =transmission= - Torrent server
@ -1113,6 +1164,7 @@ older-than = 10
- "traefik.http.routers.transmission-rtr.service=transmission-svc"
- "traefik.http.routers.transmission-rtr.middlewares=traefik-auth"
- "traefik.http.services.transmission-svc.loadbalancer.server.port=9091"
logging: *default-logging
#+end_src
** =aria2= - Download daemon
@ -1132,6 +1184,7 @@ older-than = 10
- /srv/storage/Downloads:/downloads
ports:
- 6800:6800
logging: *default-logging
#+end_src
*** =aria2.conf=
@ -1179,6 +1232,7 @@ split=16
- "traefik.http.routers.aria2-rtr.tls=false"
- "traefik.http.routers.aria2-rtr.service=aria2-svc"
- "traefik.http.services.aria2-svc.loadbalancer.server.port=6880"
logging: *default-logging
#+end_src
** =deemix= - Music Download
@ -1205,6 +1259,7 @@ split=16
- "traefik.http.routers.deemix-rtr.service=deemix-svc"
# - "traefik.http.routers.deemix-rtr.middlewares=traefik-auth"
- "traefik.http.services.deemix-svc.loadbalancer.server.port=6595"
logging: *default-logging
#+end_src
*** =.arl=
@ -1233,6 +1288,7 @@ split=16
- "traefik.http.routers.linkding-rtr.tls=true"
- "traefik.http.routers.linkding-rtr.service=linkding-svc"
- "traefik.http.services.linkding-svc.loadbalancer.server.port=9090"
logging: *default-logging
#+end_src
** =restic= - Automatic online backups
@ -1240,7 +1296,7 @@ split=16
restic:
container_name: restic
image: mazzolino/restic
restart: "no"
restart: unless-stopped
networks:
- t2_proxy
environment:
@ -1249,13 +1305,58 @@ split=16
- RESTIC_PASSWORD=$RESTIC_PASSWORD
- RESTIC_BACKUP_SOURCES=/source
- RESTIC_FORGET_ARGS=--keep-daily 7 --keep-weekly 4 --keep-monthly 12
- RESTIC_BACKUP_ARGS=--exclude-file /exclude.txt
- B2_ACCOUNT_ID=$RESTIC_B2_ACCOUNT_ID
- B2_ACCOUNT_KEY=$RESTIC_B2_ACCOUNT_KEY
- UID=$PUID
- GID=$PGID
- TZ=$TZ
volumes:
- $CONFIGDIR/restic/exclude.txt:/exclude.txt:ro
- /srv/storage/Cloud/thesis:/source/Cloud/thesis:ro
- /home/thomas/docker:/source/docker:ro
logging: *default-logging
#+end_src
*** =exclude.txt= - Exclude files
#+begin_src conf :tangle /ssh:thomas@grenoble:~/docker/config/restic/exclude.txt
*.db
*.log
*.log.*
/source/docker/config/gitea/git/
/source/docker/config/guacamole/
/source/docker/config/guacamole_db/
/source/docker/config/mariadb/
/source/docker/config/miniflux_db/
/source/docker/config/jellyfin/data/
/source/docker/config/dotfiles/www/
/source/docker/config/web/www/
#+end_src
** =octoprint= - Web interface for 3D printing
#+begin_src yaml
octoprint:
container_name: octoprint
image: octoprint/octoprint
restart: unless-stopped
networks:
- t2_proxy
environment:
- UID=$PUID
- GID=$PGID
- TZ=$TZ
volumes:
- $CONFIGDIR/octoprint:/octoprint
labels:
- "traefik.enable=true"
- "traefik.http.routers.octoprint-rtr.entrypoints=https"
- "traefik.http.routers.octoprint-rtr.rule=Host(`octoprint.$DOMAINNAME`)"
- "traefik.http.routers.octoprint-rtr.tls=true"
- "traefik.http.routers.octoprint-rtr.service=octoprint-svc"
- "traefik.http.routers.octoprint-rtr.middlewares=traefik-auth"
- "traefik.http.services.octoprint-svc.loadbalancer.server.port=80"
logging: *default-logging
#+end_src
* Docker-Compose OLD :noexport: