redid all networks & added cloudflare tunnel

This commit is contained in:
Steve Dudenhoeffer 2023-12-26 22:40:54 +00:00
parent 67af9cd3b0
commit e395b238ff
20 changed files with 171 additions and 183 deletions

View File

@ -22,8 +22,11 @@ services:
- audiobookshelf_podcasts:/podcasts - audiobookshelf_podcasts:/podcasts
networks: networks:
- home-proxy - web
networks:
web:
external: true
volumes: volumes:
audiobookshelf_config: audiobookshelf_config:
@ -38,10 +41,3 @@ volumes:
audiobookshelf_podcasts: audiobookshelf_podcasts:
external: true external: true
networks:
home-proxy:
external: true

View File

@ -19,17 +19,13 @@ services:
- vaultwarden_data:/data - vaultwarden_data:/data
networks: networks:
- home-proxy - web
networks:
web:
external: true
volumes: volumes:
vaultwarden_data: vaultwarden_data:
external: true external: true
networks:
home-proxy:
external: true

View File

@ -5,9 +5,6 @@ services:
image: dgtlmoon/changedetection.io image: dgtlmoon/changedetection.io
container_name: changedetection container_name: changedetection
env_file:
- ../.env
volumes: volumes:
- changedetection_data:/datastore - changedetection_data:/datastore
@ -19,9 +16,6 @@ services:
- PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000/ - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000/
- BASE_URL="https://changedetection.${DOMAIN_ROOT}" - BASE_URL="https://changedetection.${DOMAIN_ROOT}"
networks:
- home-proxy
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- 'traefik.http.routers.changedetection.rule=Host(`changedetection.${DOMAIN_ROOT}`)' - 'traefik.http.routers.changedetection.rule=Host(`changedetection.${DOMAIN_ROOT}`)'
@ -30,6 +24,9 @@ services:
restart: unless-stopped restart: unless-stopped
networks:
- web
playwright: playwright:
container_name: playwright container_name: playwright
image: browserless/chrome image: browserless/chrome
@ -38,20 +35,19 @@ services:
environment: environment:
- DOMAIN_ROOT=${DOMAIN_ROOT} - DOMAIN_ROOT=${DOMAIN_ROOT}
networks:
- home-proxy
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- 'traefik.http.routers.playwright.rule=Host(`playwright.${DOMAIN_ROOT}`)' - 'traefik.http.routers.playwright.rule=Host(`playwright.${DOMAIN_ROOT}`)'
- 'traefik.http.routers.playwright.middlewares=authelia@docker' - 'traefik.http.routers.playwright.middlewares=authelia@docker'
- "traefik.http.services.playwright.loadbalancer.server.port=3000" - "traefik.http.services.playwright.loadbalancer.server.port=3000"
networks:
- web
networks:
web:
external: true
volumes: volumes:
changedetection_data: changedetection_data:
external: true external: true
networks:
home-proxy:
external: true

View File

@ -0,0 +1,2 @@
# TOKEN is the token for this cloudflare tunnel
TOKEN=XXX

View File

@ -0,0 +1,23 @@
---
version: "3.8"
services:
bitwarden:
image: cloudflare/cloudflared:latest
container_name: cloudflare-tunnel
restart: unless-stopped
command: tunnel --no-autoupdate run --token ${TOKEN}
environment:
- TOKEN=${TOKEN}
networks:
- web
networks:
web:
external: true
volumes:
vaultwarden_data:
external: true

View File

@ -14,9 +14,6 @@ services:
volumes: volumes:
- ./dashy.yml:/app/public/conf.yml - ./dashy.yml:/app/public/conf.yml
networks:
- home-proxy
environment: environment:
- DOMAIN_ROOT=${DOMAIN_ROOT} - DOMAIN_ROOT=${DOMAIN_ROOT}
- NODE_ENV=production - NODE_ENV=production
@ -32,6 +29,9 @@ services:
start_period: 40s start_period: 40s
networks:
- web
networks: networks:
home-proxy: web:
external: true external: true

View File

@ -24,15 +24,14 @@ services:
- drone_data:/data - drone_data:/data
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
networks:
- home-proxy
extra_hosts: extra_hosts:
- gitea.${DOMAIN_ROOT}:${HOST_IP} - gitea.${DOMAIN_ROOT}:${HOST_IP}
- nuc.${DOMAIN_ROOT}:${HOST_IP} - nuc.${DOMAIN_ROOT}:${HOST_IP}
- gitea-ssh.${DOMAIN_ROOT}:${HOST_IP} - gitea-ssh.${DOMAIN_ROOT}:${HOST_IP}
networks:
- web
runner: runner:
image: drone/drone-runner-docker:1 image: drone/drone-runner-docker:1
@ -44,31 +43,22 @@ services:
- DRONE_RUNNER_NAME=runners - DRONE_RUNNER_NAME=runners
- HOST_IP=${HOST_IP} - HOST_IP=${HOST_IP}
# ports:
# - 3000:3000/tcp
depends_on: depends_on:
- drone - drone
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
networks:
- home-proxy
extra_hosts: extra_hosts:
- gitea.${DOMAIN_ROOT}:${HOST_IP} - gitea.${DOMAIN_ROOT}:${HOST_IP}
- nuc.${DOMAIN_ROOT}:${HOST_IP} - nuc.${DOMAIN_ROOT}:${HOST_IP}
- gitea-ssh.${DOMAIN_ROOT}:${HOST_IP} - gitea-ssh.${DOMAIN_ROOT}:${HOST_IP}
networks:
web:
external: true
volumes: volumes:
drone_data: drone_data:
external: true external: true
networks:
home-proxy:
external: true

View File

@ -19,7 +19,11 @@ services:
- freshrss_data:/var/www/FreshRSS/data - freshrss_data:/var/www/FreshRSS/data
networks: networks:
- home-proxy - web
networks:
web:
external: true
volumes: volumes:
freshrss_extensions: freshrss_extensions:
@ -27,9 +31,5 @@ volumes:
freshrss_data: freshrss_data:
external: true external: true
networks:
home-proxy:
external: true

View File

@ -30,12 +30,12 @@ services:
- "${SSH_PORT}:222" - "${SSH_PORT}:222"
networks: networks:
- home-proxy - web
networks:
web:
external: true
volumes: volumes:
gitea_data: gitea_data:
external: true external: true
networks:
home-proxy:
external: true

View File

@ -13,14 +13,6 @@ services:
environment: environment:
- DOMAIN_ROOT=${DOMAIN_ROOT} - DOMAIN_ROOT=${DOMAIN_ROOT}
#labels:
# - "traefik.enable=true"
# - "traefik.http.routers.homeassistant.rule=Host(`homeassistant.${DOMAIN_ROOT}`)"
# - "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
# - "traefik.http.services.homeassistant.loadbalancer.server.url=http://192.168.0.197:8123"
# - 'traefik.http.routers.homeassistant.middlewares=authelia@docker'
volumes: volumes:
homeassistant_config: homeassistant_config:
external: true external: true

View File

@ -17,20 +17,18 @@ services:
- "traefik.http.routers.bobross-receiver-mort.rule=Host(`bobross-receiver-mort.dudenhoeffer.casa`)" - "traefik.http.routers.bobross-receiver-mort.rule=Host(`bobross-receiver-mort.dudenhoeffer.casa`)"
- 'traefik.http.routers.bobross-receiver-mort.middlewares=authelia@docker' - 'traefik.http.routers.bobross-receiver-mort.middlewares=authelia@docker'
networks:
- home-proxy
extra_hosts: extra_hosts:
- "gitea.dudenhoeffer.casa:192.168.0.197" - "gitea.dudenhoeffer.casa:192.168.0.197"
networks:
- web
- default
tunnel: tunnel:
image: cloudflare/cloudflared:latest image: cloudflare/cloudflared:latest
command: tunnel --no-autoupdate run --token ${CLOUDFLARE_TUNNEL_TOKEN} command: tunnel --no-autoupdate run --token ${CLOUDFLARE_TUNNEL_TOKEN}
restart: unless-stopped restart: unless-stopped
networks:
- home-proxy
environment: environment:
- CLOUDFLARE_TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN} - CLOUDFLARE_TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN}
@ -38,9 +36,6 @@ services:
container_name: redis container_name: redis
image: redis:latest image: redis:latest
networks:
- home-proxy
labels: labels:
- "traefik.enabled=false" - "traefik.enabled=false"
@ -51,19 +46,17 @@ services:
environment: environment:
MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD} MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}
networks:
- home-proxy
volumes: volumes:
- mariadb_data:/var/lib/mysql - mariadb_data:/var/lib/mysql
networks:
- default
adminer: adminer:
image: adminer image: adminer
restart: always restart: always
container_name: adminer container_name: adminer
networks:
- home-proxy
environment: environment:
- DOMAIN_ROOT=${DOMAIN_ROOT} - DOMAIN_ROOT=${DOMAIN_ROOT}
@ -74,8 +67,12 @@ services:
- "traefik.http.services.adminer.loadbalancer.server.port=8080" - "traefik.http.services.adminer.loadbalancer.server.port=8080"
- 'traefik.http.routers.adminer.middlewares=authelia@docker' - 'traefik.http.routers.adminer.middlewares=authelia@docker'
networks:
- web
- default
networks: networks:
home-proxy: web:
external: true external: true

View File

@ -5,15 +5,18 @@ services:
pihole: pihole:
container_name: pihole container_name: pihole
image: pihole/pihole:latest image: pihole/pihole:latest
ports:
- 53:53/udp
environment: environment:
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
- CORS_HOSTS=pihole.${DOMAIN_ROOT} - CORS_HOSTS=pihole.${DOMAIN_ROOT}
- DOMAIN_ROOT=${DOMAIN_ROOT} - DOMAIN_ROOT=${DOMAIN_ROOT}
- WEBPASSWORD=${WEB_UI_PASSWORD} - WEBPASSWORD=${WEB_UI_PASSWORD}
ports: network_mode: host
- "53:53/tcp"
- "53:53/udp"
# Volumes store your data between container upgrades # Volumes store your data between container upgrades
volumes: volumes:
@ -23,37 +26,8 @@ services:
cap_add: cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
labels:
- "traefik.enable=true"
- "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN_ROOT}`)"
- "traefik.http.services.pihole.loadbalancer.server.port=8081"
- 'traefik.http.routers.pihole.middlewares=authelia@docker'
networks:
- home-proxy
restart: unless-stopped restart: unless-stopped
# pihole-proxy:
# container_name: pihole-proxy
# image: gitea.dudenhoeffer.casa/steve/simpleproxy:latest
# command: http://192.168.0.197:8081/
#
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.pihole.rule=Host(`pihole.dudenhoeffer.casa`)"
# - "traefik.http.services.pihole.loadbalancer.server.port=8080"
# - 'traefik.http.routers.pihole.middlewares=authelia@docker'
#
# networks:
# - home-proxy
#
# restart: unless-stopped
#
networks:
home-proxy:
external: true
volumes: volumes:
pihole-config_data: pihole-config_data:
external: true external: true

2
portainer/.env.example Normal file
View File

@ -0,0 +1,2 @@
# DOMAIN_ROOT is the root domain that this service will register as with Traefik
DOMAIN_ROOT=domain.tld

View File

@ -0,0 +1,31 @@
version: "3"
services:
portainer:
image: portainer/portainer-ee:latest
container_name: portainer
restart: unless-stopped
ports:
- 9000:9000/tcp
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
labels:
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
volumes:
- portainer_data:/data
- /var/run/docker.sock:/var/run/docker.sock
networks:
- web
networks:
web:
external: true
volumes:
portainer_data:
external: true

View File

@ -7,28 +7,12 @@ services:
environment: environment:
- DOMAIN_ROOT=${DOMAIN_ROOT} - DOMAIN_ROOT=${DOMAIN_ROOT}
labels:
- "traefik.http.services.privatebin.loadbalancer.server.port=8080"
- "traefik.enable=true"
- "traefik.http.routers.privatebin.rule=Host(`privatebin.${DOMAIN_ROOT}`)"
- 'traefik.http.routers.privatebin.middlewares=authelia@docker'
volumes: volumes:
- privatebin_data:/srv/data - privatebin_data:/srv/data
- ./cfg/conf.php:/srv/cfg/conf.php:ro - ./cfg/conf.php:/srv/cfg/conf.php:ro
networks: networks:
- home-proxy - web
volumes: volumes:
privatebin_data: privatebin_data:
external: true external: true
networks:
home-proxy:
external: true

11
repull-all.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
for dir in */ ; do
if [ -d "$dir" ]; then
echo "Entering directory: $dir"
cd "$dir"
docker compose down && docker compose pull && docker compose up -d
cd ..
fi
done

View File

@ -0,0 +1,13 @@
http:
routers:
wireguard2-router:
rule: "Host(`wireguard2.dudenhoeffer.casa`)"
service: wireguard2-service
services:
wireguard2-service:
loadBalancer:
servers:
- url: "http://192.168.0.197:51821"
passHostHeader: true

View File

@ -5,7 +5,7 @@ services:
image: traefik:latest image: traefik:latest
container_name: traefik container_name: traefik
hostname: traefik hostname: traefik
command: --providers.file.filename=/etc/traefik/dynamic.yml --providers.docker restart: unless-stopped
environment: environment:
@ -29,10 +29,6 @@ services:
- /var/run/docker.sock:/tmp/docker.sock:ro - /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/letsencrypt - certs:/letsencrypt
networks:
- home-proxy
labels: labels:
- 'traefik.enable=true' - 'traefik.enable=true'
- 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN_ROOT}`)' - 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN_ROOT}`)'
@ -53,14 +49,16 @@ services:
- 'certificatesresolvers.letsencrypt.acme.email=${CLOUDFLARE_EMAIL}' - 'certificatesresolvers.letsencrypt.acme.email=${CLOUDFLARE_EMAIL}'
- 'certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json' - 'certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json'
networks:
- web
authelia: authelia:
image: docker.io/authelia/authelia:latest image: docker.io/authelia/authelia:latest
container_name: authelia container_name: authelia
restart: unless-stopped restart: unless-stopped
networks:
- home-proxy
environment: environment:
- TZ=${TIMEZONE} - TZ=${TIMEZONE}
- AUTHELIA_JWT_SECRET=${AUTH_JWT_SECRET} - AUTHELIA_JWT_SECRET=${AUTH_JWT_SECRET}
@ -76,14 +74,16 @@ services:
- 'traefik.http.routers.authelia.rule=Host(`login.${DOMAIN_ROOT}`)' - 'traefik.http.routers.authelia.rule=Host(`login.${DOMAIN_ROOT}`)'
- 'traefik.http.services.authelia.loadbalancer.server.port=9091' - 'traefik.http.services.authelia.loadbalancer.server.port=9091'
networks:
- web
networks:
web:
external: true
volumes: volumes:
certs: certs:
external: true external: true
authelia_config: authelia_config:
external: true external: true
networks:
home-proxy:
external: true

View File

@ -1,25 +1,13 @@
version: "3.8" version: "3.8"
services: services:
whoogle: whoogle:
image: benbusby/whoogle-search image: benbusby/whoogle-search:latest
container_name: whoogle container_name: whoogle
restart: unless-stopped restart: unless-stopped
labels:
- "traefik.http.services.whoogle.loadbalancer.server.port=5000"
- "traefik.enable=true"
- "traefik.http.routers.whoogle.rule=Host(`whoogle.${DOMAIN_ROOT}`)"
- 'traefik.http.routers.whoogle.middlewares=authelia@docker'
environment:
- DOMAIN_ROOT=${DOMAIN_ROOT}
networks: networks:
- home-proxy - web
networks: networks:
home-proxy: web:
external: true external: true

View File

@ -1,14 +1,11 @@
version: "3" version: "3"
services: services:
wireguard: wireguard:
image: ghcr.io/wg-easy/wg-easy image: ghcr.io/wg-easy/wg-easy:latest
restart: unless-stopped restart: unless-stopped
container_name: wireguard container_name: wireguard
labels: labels:
- "traefik.enable=true"
- "traefik.http.routers.wireguard.rule=Host(`wireguard.${DOMAIN_ROOT}`)"
- "traefik.http.services.wireguard.loadbalancer.server.port=51821" - "traefik.http.services.wireguard.loadbalancer.server.port=51821"
- 'traefik.http.routers.wireguard.middlewares=authelia@docker'
ports: ports:
- target: 51820 - target: 51820
@ -23,6 +20,7 @@ services:
volumes: volumes:
- wireguard_data:/etc/wireguard - wireguard_data:/etc/wireguard
environment: environment:
- WG_HOST=wireguard.${DOMAIN_ROOT} - WG_HOST=wireguard.${DOMAIN_ROOT}
- PASSWORD=${UI_PASSWORD} - PASSWORD=${UI_PASSWORD}
@ -37,17 +35,12 @@ services:
- "net.ipv4.ip_forward=1" - "net.ipv4.ip_forward=1"
networks: networks:
- default - web
- home-proxy
networks:
web:
external: true
volumes: volumes:
wireguard_data: wireguard_data:
external: true external: true
networks:
default:
home-proxy:
external: true