redid all networks & added cloudflare tunnel

2023-12-26 22:40:54 +00:00 · 2023-12-26 22:40:54 +00:00 · e395b238ff
commit e395b238ff
parent 67af9cd3b0
20 changed files with 171 additions and 183 deletions
--- a/audiobookshelf/docker-compose.yml
+++ b/audiobookshelf/docker-compose.yml
@ -22,8 +22,11 @@ services:
     - audiobookshelf_podcasts:/podcasts
    networks:
-     - home-proxy
+      - web
- 
+
 networks:
  web:
    external: true
 volumes:
  audiobookshelf_config:
@ -38,10 +41,3 @@ volumes:
  audiobookshelf_podcasts:
    external: true
 networks:
  home-proxy:
    external: true
--- a/bitwarden/docker-compose.yml
+++ b/bitwarden/docker-compose.yml
@ -17,19 +17,15 @@ services:
    volumes:
     - vaultwarden_data:/data
-     
+
    networks:
-     - home-proxy
+      - web
- 
+
 networks:
  web:
    external: true
 volumes:
  vaultwarden_data:
    external: true
 networks:
  home-proxy:
    external: true
--- a/changedetection/docker-compose.yml
+++ b/changedetection/docker-compose.yml
@ -5,9 +5,6 @@ services:
    image: dgtlmoon/changedetection.io
    container_name: changedetection
    env_file:
      - ../.env
    volumes:
      - changedetection_data:/datastore
@ -19,9 +16,6 @@ services:
      - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000/
      - BASE_URL="https://changedetection.${DOMAIN_ROOT}"
    networks:
      - home-proxy
    labels:
      - "traefik.enable=true"
      - 'traefik.http.routers.changedetection.rule=Host(`changedetection.${DOMAIN_ROOT}`)'
@ -30,6 +24,9 @@ services:
    restart: unless-stopped
    networks:
      - web
  playwright:
    container_name: playwright
    image: browserless/chrome
@ -38,20 +35,19 @@ services:
    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}
    networks:
      - home-proxy
    labels:
      - "traefik.enable=true"
      - 'traefik.http.routers.playwright.rule=Host(`playwright.${DOMAIN_ROOT}`)'
      - 'traefik.http.routers.playwright.middlewares=authelia@docker'
      - "traefik.http.services.playwright.loadbalancer.server.port=3000"
    networks:
      - web
 networks:
  web:
    external: true
 volumes:
  changedetection_data:
    external: true
 networks:
  home-proxy:
    external: true
--- a/cloudflare_tunnel/.env.example
+++ b/cloudflare_tunnel/.env.example
@ -0,0 +1,2 @@
 # TOKEN is the token for this cloudflare tunnel
 TOKEN=XXX
--- a/cloudflare_tunnel/docker-compose.yml
+++ b/cloudflare_tunnel/docker-compose.yml
@ -0,0 +1,23 @@
 ---
 version: "3.8"
 services:
  bitwarden:
    image: cloudflare/cloudflared:latest
    container_name: cloudflare-tunnel
    restart: unless-stopped
    command: tunnel --no-autoupdate run --token ${TOKEN}
    environment:
      - TOKEN=${TOKEN}
    networks:
      - web
 networks:
  web:
    external: true
 volumes:
  vaultwarden_data:
    external: true
--- a/dashy/docker-compose.yml
+++ b/dashy/docker-compose.yml
@ -14,9 +14,6 @@ services:
    volumes:
      - ./dashy.yml:/app/public/conf.yml
    networks:
      - home-proxy
    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}
      - NODE_ENV=production
@ -31,7 +28,10 @@ services:
      retries: 3
      start_period: 40s
-    
+
    networks:
      - web
 networks:
-  home-proxy:
+  web:
    external: true
--- a/drone/docker-compose.yml
+++ b/drone/docker-compose.yml
@ -24,15 +24,14 @@ services:
     - drone_data:/data
     - /var/run/docker.sock:/var/run/docker.sock
    networks:
     - home-proxy
    extra_hosts:
      - gitea.${DOMAIN_ROOT}:${HOST_IP}
      - nuc.${DOMAIN_ROOT}:${HOST_IP}
      - gitea-ssh.${DOMAIN_ROOT}:${HOST_IP}
    networks:
      - web
  runner:
    image: drone/drone-runner-docker:1
@ -44,31 +43,22 @@ services:
      - DRONE_RUNNER_NAME=runners
      - HOST_IP=${HOST_IP}
 #    ports:
 #      - 3000:3000/tcp
    depends_on:
      - drone
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - home-proxy
    extra_hosts:
      - gitea.${DOMAIN_ROOT}:${HOST_IP}
      - nuc.${DOMAIN_ROOT}:${HOST_IP}
      - gitea-ssh.${DOMAIN_ROOT}:${HOST_IP}
 networks:
  web:
    external: true
 volumes:
  drone_data:
    external: true
 networks:
  home-proxy:
    external: true
--- a/freshrss/docker-compose.yml
+++ b/freshrss/docker-compose.yml
@ -19,7 +19,11 @@ services:
     - freshrss_data:/var/www/FreshRSS/data
    networks:
-     - home-proxy
+      - web
 networks:
  web:
    external: true
 volumes:
  freshrss_extensions:
@ -27,9 +31,5 @@ volumes:
  freshrss_data:
    external: true
 networks:
  home-proxy:
    external: true
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@ -30,12 +30,12 @@ services:
      - "${SSH_PORT}:222"
    networks:
-      - home-proxy
+      - web
 networks:
  web:
    external: true
 volumes:
  gitea_data:
    external: true
 networks:
  home-proxy:
    external: true
--- a/homeassistant/docker-compose.yml
+++ b/homeassistant/docker-compose.yml
@ -12,14 +12,6 @@ services:
    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}
    #labels:
     # - "traefik.enable=true"
     # - "traefik.http.routers.homeassistant.rule=Host(`homeassistant.${DOMAIN_ROOT}`)"
     # - "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
     # - "traefik.http.services.homeassistant.loadbalancer.server.url=http://192.168.0.197:8123"
     # - 'traefik.http.routers.homeassistant.middlewares=authelia@docker'
 volumes:
  homeassistant_config:
--- a/mort/docker-compose.yml
+++ b/mort/docker-compose.yml
@ -17,20 +17,18 @@ services:
      - "traefik.http.routers.bobross-receiver-mort.rule=Host(`bobross-receiver-mort.dudenhoeffer.casa`)"
      - 'traefik.http.routers.bobross-receiver-mort.middlewares=authelia@docker'
    networks:
     - home-proxy
    extra_hosts:
     - "gitea.dudenhoeffer.casa:192.168.0.197"
    networks:
      - web
      - default
  tunnel:
    image: cloudflare/cloudflared:latest
    command: tunnel --no-autoupdate run --token ${CLOUDFLARE_TUNNEL_TOKEN}
    restart: unless-stopped
    networks:
      - home-proxy
    environment:
      - CLOUDFLARE_TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN}
@ -38,9 +36,6 @@ services:
    container_name: redis
    image: redis:latest
    networks:
     - home-proxy
    labels:
      - "traefik.enabled=false"
@ -50,20 +45,18 @@ services:
    container_name: mariadb
    environment:
      MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}
    networks:
      - home-proxy
    volumes:
      - mariadb_data:/var/lib/mysql
    networks:
      - default
  adminer:
    image: adminer
    restart: always
    container_name: adminer
    networks:
      - home-proxy
    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}
@ -74,11 +67,15 @@ services:
      - "traefik.http.services.adminer.loadbalancer.server.port=8080"
      - 'traefik.http.routers.adminer.middlewares=authelia@docker'
    networks:
      - web
      - default
 networks:
-  home-proxy:
+  web:
    external: true
 volumes:
  mariadb_data:
-    external: true
+    external: true
--- a/pihole/docker-compose.yml
+++ b/pihole/docker-compose.yml
@ -5,15 +5,18 @@ services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
       - 53:53/udp
    environment:
      - TZ=${TIMEZONE}
      - CORS_HOSTS=pihole.${DOMAIN_ROOT}
      - DOMAIN_ROOT=${DOMAIN_ROOT}
      - WEBPASSWORD=${WEB_UI_PASSWORD}
-    ports:
+    network_mode: host
-      - "53:53/tcp"
+
      - "53:53/udp"
    # Volumes store your data between container upgrades
    volumes:
@ -23,37 +26,8 @@ services:
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN_ROOT}`)"
      - "traefik.http.services.pihole.loadbalancer.server.port=8081"
      - 'traefik.http.routers.pihole.middlewares=authelia@docker'
    networks:
      - home-proxy
    restart: unless-stopped
 #  pihole-proxy:
 #    container_name: pihole-proxy
 #    image: gitea.dudenhoeffer.casa/steve/simpleproxy:latest
 #    command: http://192.168.0.197:8081/
 #
 #    labels:
 #      - "traefik.enable=true"
 #      - "traefik.http.routers.pihole.rule=Host(`pihole.dudenhoeffer.casa`)"
 #      - "traefik.http.services.pihole.loadbalancer.server.port=8080"
 #      - 'traefik.http.routers.pihole.middlewares=authelia@docker'
 #
 #    networks:
 #      - home-proxy
 #
 #    restart: unless-stopped
 #
 networks:
  home-proxy:
    external: true
 volumes:
  pihole-config_data:
    external: true
--- a/portainer/.env.example
+++ b/portainer/.env.example
@ -0,0 +1,2 @@
 # DOMAIN_ROOT is the root domain that this service will register as with Traefik
 DOMAIN_ROOT=domain.tld
--- a/portainer/docker-compose.yml
+++ b/portainer/docker-compose.yml
@ -0,0 +1,31 @@
 version: "3"
 services:
  portainer:
    image: portainer/portainer-ee:latest
    container_name: portainer
    restart: unless-stopped
    ports:
      - 9000:9000/tcp
    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}
    labels:
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
    volumes:
      - portainer_data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - web
 networks:
  web:
    external: true
 volumes:
  portainer_data:
    external: true
--- a/privatebin/docker-compose.yml
+++ b/privatebin/docker-compose.yml
@ -7,28 +7,12 @@ services:
    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}
    labels:
      - "traefik.http.services.privatebin.loadbalancer.server.port=8080"
      - "traefik.enable=true"
      - "traefik.http.routers.privatebin.rule=Host(`privatebin.${DOMAIN_ROOT}`)"
      - 'traefik.http.routers.privatebin.middlewares=authelia@docker'
    volumes:
     - privatebin_data:/srv/data
     - ./cfg/conf.php:/srv/cfg/conf.php:ro
    networks:
     - home-proxy
    networks:
      - web
 volumes:
  privatebin_data:
-    external: true
+    external: true
 networks:
  home-proxy:
    external: true
--- a/repull-all.sh
+++ b/repull-all.sh
@ -0,0 +1,11 @@
 #!/bin/bash
 for dir in */ ; do
    if [ -d "$dir" ]; then
        echo "Entering directory: $dir"
        cd "$dir"
        docker compose down && docker compose pull && docker compose up -d
        cd ..
    fi
 done
--- a/traefik/custom/wireguard.yml
+++ b/traefik/custom/wireguard.yml
@ -0,0 +1,13 @@
 http:
  routers:
   wireguard2-router:
      rule: "Host(`wireguard2.dudenhoeffer.casa`)"
      service: wireguard2-service
  services:
    wireguard2-service:
      loadBalancer:
        servers:
          - url: "http://192.168.0.197:51821"
        passHostHeader: true
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@ -5,9 +5,9 @@ services:
    image: traefik:latest
    container_name: traefik
    hostname: traefik
-    command: --providers.file.filename=/etc/traefik/dynamic.yml --providers.docker
+    restart: unless-stopped
-  
+   
    environment:
      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
      - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_KEY}
@ -29,10 +29,6 @@ services:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - certs:/letsencrypt
    networks:
      - home-proxy
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN_ROOT}`)'
@ -53,14 +49,16 @@ services:
      - 'certificatesresolvers.letsencrypt.acme.email=${CLOUDFLARE_EMAIL}'
      - 'certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json'
    networks:
      - web
  authelia:
    image: docker.io/authelia/authelia:latest
    container_name: authelia
    restart: unless-stopped
-    networks:
+  
-      - home-proxy
+
    environment:
      - TZ=${TIMEZONE}
      - AUTHELIA_JWT_SECRET=${AUTH_JWT_SECRET}
@ -76,14 +74,16 @@ services:
      - 'traefik.http.routers.authelia.rule=Host(`login.${DOMAIN_ROOT}`)'
      - 'traefik.http.services.authelia.loadbalancer.server.port=9091'
    networks:
      - web
 networks:
  web:
    external: true
 volumes:
  certs:
    external: true
  authelia_config:
    external: true
 networks:
  home-proxy:
    external: true
--- a/whoogle/docker-compose.yml
+++ b/whoogle/docker-compose.yml
@ -1,25 +1,13 @@
 version: "3.8"
 services:
  whoogle:
-    image: benbusby/whoogle-search
+    image: benbusby/whoogle-search:latest
    container_name: whoogle
    restart: unless-stopped
    labels:
      - "traefik.http.services.whoogle.loadbalancer.server.port=5000"
      - "traefik.enable=true"
      - "traefik.http.routers.whoogle.rule=Host(`whoogle.${DOMAIN_ROOT}`)"
      - 'traefik.http.routers.whoogle.middlewares=authelia@docker'
    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}
    networks:
-     - home-proxy
+      - web
 networks:
-  home-proxy:
+  web:
-    external: true
+    external: true
--- a/wireguard/docker-compose.yml
+++ b/wireguard/docker-compose.yml
@ -1,14 +1,11 @@
 version: "3"
 services:
  wireguard:
-    image: ghcr.io/wg-easy/wg-easy
+    image: ghcr.io/wg-easy/wg-easy:latest
    restart: unless-stopped
    container_name: wireguard
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.wireguard.rule=Host(`wireguard.${DOMAIN_ROOT}`)"
      - "traefik.http.services.wireguard.loadbalancer.server.port=51821"
      - 'traefik.http.routers.wireguard.middlewares=authelia@docker'
    ports:
      - target: 51820
@ -19,10 +16,11 @@ services:
        published: 51820
        protocol: udp
        mode: host
- 
+         
    volumes:
     - wireguard_data:/etc/wireguard
    environment:
      - WG_HOST=wireguard.${DOMAIN_ROOT}
      - PASSWORD=${UI_PASSWORD}
@ -37,17 +35,12 @@ services:
      - "net.ipv4.ip_forward=1"
    networks:
-      - default
+      - web
      - home-proxy
 networks:
  web:
    external: true
 volumes:
  wireguard_data:
    external: true
 networks:
  default:
  home-proxy:
    external: true
		`@ -0,0 +1,2 @@`
							`# TOKEN is the token for this cloudflare tunnel`
							`TOKEN=XXX`
		`@ -0,0 +1,2 @@`
							`# DOMAIN_ROOT is the root domain that this service will register as with Traefik`
							`DOMAIN_ROOT=domain.tld`