From e395b238fff94da649026fb56205ec89fde51713 Mon Sep 17 00:00:00 2001 From: Steve Dudenhoeffer Date: Tue, 26 Dec 2023 22:40:54 +0000 Subject: [PATCH] redid all networks & added cloudflare tunnel --- audiobookshelf/docker-compose.yml | 14 ++++------ bitwarden/docker-compose.yml | 16 +++++------- changedetection/docker-compose.yml | 24 ++++++++---------- cloudflare_tunnel/.env.example | 2 ++ cloudflare_tunnel/docker-compose.yml | 23 +++++++++++++++++ dashy/docker-compose.yml | 10 ++++---- drone/docker-compose.yml | 24 +++++------------- freshrss/docker-compose.yml | 10 ++++---- gitea/docker-compose.yml | 10 ++++---- homeassistant/docker-compose.yml | 8 ------ mort/docker-compose.yml | 29 ++++++++++----------- pihole/docker-compose.yml | 38 +++++----------------------- portainer/.env.example | 2 ++ portainer/docker-compose.yml | 31 +++++++++++++++++++++++ privatebin/docker-compose.yml | 22 +++------------- repull-all.sh | 11 ++++++++ traefik/custom/wireguard.yml | 13 ++++++++++ traefik/docker-compose.yml | 26 +++++++++---------- whoogle/docker-compose.yml | 20 +++------------ wireguard/docker-compose.yml | 21 +++++---------- 20 files changed, 171 insertions(+), 183 deletions(-) create mode 100644 cloudflare_tunnel/.env.example create mode 100644 cloudflare_tunnel/docker-compose.yml create mode 100644 portainer/.env.example create mode 100644 portainer/docker-compose.yml create mode 100755 repull-all.sh create mode 100644 traefik/custom/wireguard.yml diff --git a/audiobookshelf/docker-compose.yml b/audiobookshelf/docker-compose.yml index b9ecffe..f6fd425 100755 --- a/audiobookshelf/docker-compose.yml +++ b/audiobookshelf/docker-compose.yml @@ -22,8 +22,11 @@ services: - audiobookshelf_podcasts:/podcasts networks: - - home-proxy - + - web + +networks: + web: + external: true volumes: audiobookshelf_config: @@ -38,10 +41,3 @@ volumes: audiobookshelf_podcasts: external: true - -networks: - home-proxy: - external: true - - - diff --git a/bitwarden/docker-compose.yml b/bitwarden/docker-compose.yml index 57140bd..b6148e8 100755 --- a/bitwarden/docker-compose.yml +++ b/bitwarden/docker-compose.yml @@ -17,19 +17,15 @@ services: volumes: - vaultwarden_data:/data - + networks: - - home-proxy - + - web + +networks: + web: + external: true volumes: vaultwarden_data: external: true - -networks: - home-proxy: - external: true - - - diff --git a/changedetection/docker-compose.yml b/changedetection/docker-compose.yml index 0749c72..ca51abd 100755 --- a/changedetection/docker-compose.yml +++ b/changedetection/docker-compose.yml @@ -5,9 +5,6 @@ services: image: dgtlmoon/changedetection.io container_name: changedetection - env_file: - - ../.env - volumes: - changedetection_data:/datastore @@ -19,9 +16,6 @@ services: - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000/ - BASE_URL="https://changedetection.${DOMAIN_ROOT}" - networks: - - home-proxy - labels: - "traefik.enable=true" - 'traefik.http.routers.changedetection.rule=Host(`changedetection.${DOMAIN_ROOT}`)' @@ -30,6 +24,9 @@ services: restart: unless-stopped + networks: + - web + playwright: container_name: playwright image: browserless/chrome @@ -38,20 +35,19 @@ services: environment: - DOMAIN_ROOT=${DOMAIN_ROOT} - networks: - - home-proxy - labels: - "traefik.enable=true" - 'traefik.http.routers.playwright.rule=Host(`playwright.${DOMAIN_ROOT}`)' - 'traefik.http.routers.playwright.middlewares=authelia@docker' - "traefik.http.services.playwright.loadbalancer.server.port=3000" + networks: + - web + +networks: + web: + external: true + volumes: changedetection_data: external: true - - -networks: - home-proxy: - external: true \ No newline at end of file diff --git a/cloudflare_tunnel/.env.example b/cloudflare_tunnel/.env.example new file mode 100644 index 0000000..3774e68 --- /dev/null +++ b/cloudflare_tunnel/.env.example @@ -0,0 +1,2 @@ +# TOKEN is the token for this cloudflare tunnel +TOKEN=XXX \ No newline at end of file diff --git a/cloudflare_tunnel/docker-compose.yml b/cloudflare_tunnel/docker-compose.yml new file mode 100644 index 0000000..f81322d --- /dev/null +++ b/cloudflare_tunnel/docker-compose.yml @@ -0,0 +1,23 @@ +--- +version: "3.8" +services: + bitwarden: + image: cloudflare/cloudflared:latest + container_name: cloudflare-tunnel + restart: unless-stopped + command: tunnel --no-autoupdate run --token ${TOKEN} + + environment: + - TOKEN=${TOKEN} + + networks: + - web + +networks: + web: + external: true + +volumes: + vaultwarden_data: + external: true + diff --git a/dashy/docker-compose.yml b/dashy/docker-compose.yml index cff3022..62fd0ff 100644 --- a/dashy/docker-compose.yml +++ b/dashy/docker-compose.yml @@ -14,9 +14,6 @@ services: volumes: - ./dashy.yml:/app/public/conf.yml - networks: - - home-proxy - environment: - DOMAIN_ROOT=${DOMAIN_ROOT} - NODE_ENV=production @@ -31,7 +28,10 @@ services: retries: 3 start_period: 40s - + + networks: + - web + networks: - home-proxy: + web: external: true diff --git a/drone/docker-compose.yml b/drone/docker-compose.yml index ff19ef2..1ea7778 100644 --- a/drone/docker-compose.yml +++ b/drone/docker-compose.yml @@ -24,15 +24,14 @@ services: - drone_data:/data - /var/run/docker.sock:/var/run/docker.sock - networks: - - home-proxy - - extra_hosts: - gitea.${DOMAIN_ROOT}:${HOST_IP} - nuc.${DOMAIN_ROOT}:${HOST_IP} - gitea-ssh.${DOMAIN_ROOT}:${HOST_IP} + networks: + - web + runner: image: drone/drone-runner-docker:1 @@ -44,31 +43,22 @@ services: - DRONE_RUNNER_NAME=runners - HOST_IP=${HOST_IP} -# ports: -# - 3000:3000/tcp - depends_on: - drone volumes: - /var/run/docker.sock:/var/run/docker.sock - networks: - - home-proxy - extra_hosts: - gitea.${DOMAIN_ROOT}:${HOST_IP} - nuc.${DOMAIN_ROOT}:${HOST_IP} - gitea-ssh.${DOMAIN_ROOT}:${HOST_IP} +networks: + web: + external: true + volumes: drone_data: external: true - - -networks: - home-proxy: - external: true - - diff --git a/freshrss/docker-compose.yml b/freshrss/docker-compose.yml index 4bf4b9c..b3467b4 100644 --- a/freshrss/docker-compose.yml +++ b/freshrss/docker-compose.yml @@ -19,7 +19,11 @@ services: - freshrss_data:/var/www/FreshRSS/data networks: - - home-proxy + - web + +networks: + web: + external: true volumes: freshrss_extensions: @@ -27,9 +31,5 @@ volumes: freshrss_data: external: true -networks: - home-proxy: - external: true - diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml index 6e797e2..3724be2 100755 --- a/gitea/docker-compose.yml +++ b/gitea/docker-compose.yml @@ -30,12 +30,12 @@ services: - "${SSH_PORT}:222" networks: - - home-proxy + - web + +networks: + web: + external: true volumes: gitea_data: external: true - -networks: - home-proxy: - external: true \ No newline at end of file diff --git a/homeassistant/docker-compose.yml b/homeassistant/docker-compose.yml index c5fbdb5..cc850f4 100644 --- a/homeassistant/docker-compose.yml +++ b/homeassistant/docker-compose.yml @@ -12,14 +12,6 @@ services: environment: - DOMAIN_ROOT=${DOMAIN_ROOT} - - #labels: - # - "traefik.enable=true" - # - "traefik.http.routers.homeassistant.rule=Host(`homeassistant.${DOMAIN_ROOT}`)" - # - "traefik.http.services.homeassistant.loadbalancer.server.port=8123" - # - "traefik.http.services.homeassistant.loadbalancer.server.url=http://192.168.0.197:8123" - # - 'traefik.http.routers.homeassistant.middlewares=authelia@docker' - volumes: homeassistant_config: diff --git a/mort/docker-compose.yml b/mort/docker-compose.yml index 983ab0e..c3582d3 100644 --- a/mort/docker-compose.yml +++ b/mort/docker-compose.yml @@ -17,20 +17,18 @@ services: - "traefik.http.routers.bobross-receiver-mort.rule=Host(`bobross-receiver-mort.dudenhoeffer.casa`)" - 'traefik.http.routers.bobross-receiver-mort.middlewares=authelia@docker' - - networks: - - home-proxy - extra_hosts: - "gitea.dudenhoeffer.casa:192.168.0.197" + networks: + - web + - default + tunnel: image: cloudflare/cloudflared:latest command: tunnel --no-autoupdate run --token ${CLOUDFLARE_TUNNEL_TOKEN} restart: unless-stopped - networks: - - home-proxy environment: - CLOUDFLARE_TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN} @@ -38,9 +36,6 @@ services: container_name: redis image: redis:latest - networks: - - home-proxy - labels: - "traefik.enabled=false" @@ -50,20 +45,18 @@ services: container_name: mariadb environment: MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD} - - networks: - - home-proxy volumes: - mariadb_data:/var/lib/mysql + networks: + - default + adminer: image: adminer restart: always container_name: adminer - networks: - - home-proxy environment: - DOMAIN_ROOT=${DOMAIN_ROOT} @@ -74,11 +67,15 @@ services: - "traefik.http.services.adminer.loadbalancer.server.port=8080" - 'traefik.http.routers.adminer.middlewares=authelia@docker' + networks: + - web + - default + networks: - home-proxy: + web: external: true volumes: mariadb_data: - external: true \ No newline at end of file + external: true diff --git a/pihole/docker-compose.yml b/pihole/docker-compose.yml index 625257e..142e8bf 100644 --- a/pihole/docker-compose.yml +++ b/pihole/docker-compose.yml @@ -5,15 +5,18 @@ services: pihole: container_name: pihole image: pihole/pihole:latest + + ports: + - 53:53/udp + environment: - TZ=${TIMEZONE} - CORS_HOSTS=pihole.${DOMAIN_ROOT} - DOMAIN_ROOT=${DOMAIN_ROOT} - WEBPASSWORD=${WEB_UI_PASSWORD} - ports: - - "53:53/tcp" - - "53:53/udp" + network_mode: host + # Volumes store your data between container upgrades volumes: @@ -23,37 +26,8 @@ services: cap_add: - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed - labels: - - "traefik.enable=true" - - "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN_ROOT}`)" - - "traefik.http.services.pihole.loadbalancer.server.port=8081" - - 'traefik.http.routers.pihole.middlewares=authelia@docker' - - networks: - - home-proxy - restart: unless-stopped -# pihole-proxy: -# container_name: pihole-proxy -# image: gitea.dudenhoeffer.casa/steve/simpleproxy:latest -# command: http://192.168.0.197:8081/ -# -# labels: -# - "traefik.enable=true" -# - "traefik.http.routers.pihole.rule=Host(`pihole.dudenhoeffer.casa`)" -# - "traefik.http.services.pihole.loadbalancer.server.port=8080" -# - 'traefik.http.routers.pihole.middlewares=authelia@docker' -# -# networks: -# - home-proxy -# -# restart: unless-stopped -# -networks: - home-proxy: - external: true - volumes: pihole-config_data: external: true diff --git a/portainer/.env.example b/portainer/.env.example new file mode 100644 index 0000000..c378c6a --- /dev/null +++ b/portainer/.env.example @@ -0,0 +1,2 @@ +# DOMAIN_ROOT is the root domain that this service will register as with Traefik +DOMAIN_ROOT=domain.tld \ No newline at end of file diff --git a/portainer/docker-compose.yml b/portainer/docker-compose.yml new file mode 100644 index 0000000..6f28b51 --- /dev/null +++ b/portainer/docker-compose.yml @@ -0,0 +1,31 @@ +version: "3" +services: + portainer: + image: portainer/portainer-ee:latest + container_name: portainer + restart: unless-stopped + + ports: + - 9000:9000/tcp + + environment: + - DOMAIN_ROOT=${DOMAIN_ROOT} + + labels: + - "traefik.http.services.portainer.loadbalancer.server.port=9000" + + volumes: + - portainer_data:/data + - /var/run/docker.sock:/var/run/docker.sock + + networks: + - web + +networks: + web: + external: true + +volumes: + portainer_data: + external: true + diff --git a/privatebin/docker-compose.yml b/privatebin/docker-compose.yml index 111f2a7..bb483c9 100644 --- a/privatebin/docker-compose.yml +++ b/privatebin/docker-compose.yml @@ -7,28 +7,12 @@ services: environment: - DOMAIN_ROOT=${DOMAIN_ROOT} - labels: - - "traefik.http.services.privatebin.loadbalancer.server.port=8080" - - "traefik.enable=true" - - "traefik.http.routers.privatebin.rule=Host(`privatebin.${DOMAIN_ROOT}`)" - - 'traefik.http.routers.privatebin.middlewares=authelia@docker' - volumes: - privatebin_data:/srv/data - ./cfg/conf.php:/srv/cfg/conf.php:ro - - networks: - - home-proxy - + networks: + - web volumes: privatebin_data: - external: true - - -networks: - home-proxy: - external: true - - - + external: true \ No newline at end of file diff --git a/repull-all.sh b/repull-all.sh new file mode 100755 index 0000000..8a6787d --- /dev/null +++ b/repull-all.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +for dir in */ ; do + if [ -d "$dir" ]; then + echo "Entering directory: $dir" + cd "$dir" + docker compose down && docker compose pull && docker compose up -d + cd .. + fi +done + diff --git a/traefik/custom/wireguard.yml b/traefik/custom/wireguard.yml new file mode 100644 index 0000000..af2c9df --- /dev/null +++ b/traefik/custom/wireguard.yml @@ -0,0 +1,13 @@ + +http: + routers: + wireguard2-router: + rule: "Host(`wireguard2.dudenhoeffer.casa`)" + service: wireguard2-service + + services: + wireguard2-service: + loadBalancer: + servers: + - url: "http://192.168.0.197:51821" + passHostHeader: true \ No newline at end of file diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml index 075a4bf..620c00d 100644 --- a/traefik/docker-compose.yml +++ b/traefik/docker-compose.yml @@ -5,9 +5,9 @@ services: image: traefik:latest container_name: traefik hostname: traefik - command: --providers.file.filename=/etc/traefik/dynamic.yml --providers.docker + restart: unless-stopped - + environment: - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL} - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_KEY} @@ -29,10 +29,6 @@ services: - /var/run/docker.sock:/tmp/docker.sock:ro - certs:/letsencrypt - networks: - - home-proxy - - labels: - 'traefik.enable=true' - 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN_ROOT}`)' @@ -53,14 +49,16 @@ services: - 'certificatesresolvers.letsencrypt.acme.email=${CLOUDFLARE_EMAIL}' - 'certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json' + networks: + - web authelia: image: docker.io/authelia/authelia:latest container_name: authelia restart: unless-stopped - networks: - - home-proxy + + environment: - TZ=${TIMEZONE} - AUTHELIA_JWT_SECRET=${AUTH_JWT_SECRET} @@ -76,14 +74,16 @@ services: - 'traefik.http.routers.authelia.rule=Host(`login.${DOMAIN_ROOT}`)' - 'traefik.http.services.authelia.loadbalancer.server.port=9091' + networks: + - web + +networks: + web: + external: true + volumes: certs: external: true authelia_config: external: true - - -networks: - home-proxy: - external: true diff --git a/whoogle/docker-compose.yml b/whoogle/docker-compose.yml index 0319876..606af51 100644 --- a/whoogle/docker-compose.yml +++ b/whoogle/docker-compose.yml @@ -1,25 +1,13 @@ version: "3.8" services: whoogle: - image: benbusby/whoogle-search + image: benbusby/whoogle-search:latest container_name: whoogle restart: unless-stopped - labels: - - "traefik.http.services.whoogle.loadbalancer.server.port=5000" - - "traefik.enable=true" - - "traefik.http.routers.whoogle.rule=Host(`whoogle.${DOMAIN_ROOT}`)" - - 'traefik.http.routers.whoogle.middlewares=authelia@docker' - - environment: - - DOMAIN_ROOT=${DOMAIN_ROOT} - networks: - - home-proxy + - web - - networks: - home-proxy: - external: true - + web: + external: true \ No newline at end of file diff --git a/wireguard/docker-compose.yml b/wireguard/docker-compose.yml index f626309..8ba830a 100644 --- a/wireguard/docker-compose.yml +++ b/wireguard/docker-compose.yml @@ -1,14 +1,11 @@ version: "3" services: wireguard: - image: ghcr.io/wg-easy/wg-easy + image: ghcr.io/wg-easy/wg-easy:latest restart: unless-stopped container_name: wireguard labels: - - "traefik.enable=true" - - "traefik.http.routers.wireguard.rule=Host(`wireguard.${DOMAIN_ROOT}`)" - "traefik.http.services.wireguard.loadbalancer.server.port=51821" - - 'traefik.http.routers.wireguard.middlewares=authelia@docker' ports: - target: 51820 @@ -19,10 +16,11 @@ services: published: 51820 protocol: udp mode: host - + volumes: - wireguard_data:/etc/wireguard + environment: - WG_HOST=wireguard.${DOMAIN_ROOT} - PASSWORD=${UI_PASSWORD} @@ -37,17 +35,12 @@ services: - "net.ipv4.ip_forward=1" networks: - - default - - home-proxy + - web +networks: + web: + external: true volumes: wireguard_data: external: true - -networks: - default: - home-proxy: - external: true - -