redid all networks & added cloudflare tunnel

2023-12-26 22:40:54 +00:00 · 2023-12-26 22:40:54 +00:00 · e395b238ff
commit e395b238ff
parent 67af9cd3b0
20 changed files with 171 additions and 183 deletions
--- a/audiobookshelf/docker-compose.yml
+++ b/audiobookshelf/docker-compose.yml
@ -22,8 +22,11 @@ services:
     - audiobookshelf_podcasts:/podcasts

    networks:
-     - home-proxy
+      - web

+networks:
+  web:
+    external: true

 volumes:
  audiobookshelf_config:
@ -38,10 +41,3 @@ volumes:
  audiobookshelf_podcasts:
    external: true
    
-    
-networks:
-  home-proxy:
-    external: true
-
-
-
--- a/bitwarden/docker-compose.yml
+++ b/bitwarden/docker-compose.yml
@ -19,17 +19,13 @@ services:
     - vaultwarden_data:/data

    networks:
-     - home-proxy
+      - web

+networks:
+  web:
+    external: true

 volumes:
  vaultwarden_data:
    external: true
    
-    
-networks:
-  home-proxy:
-    external: true
-
-
-
--- a/changedetection/docker-compose.yml
+++ b/changedetection/docker-compose.yml
@ -5,9 +5,6 @@ services:
    image: dgtlmoon/changedetection.io
    container_name: changedetection

-    env_file:
-      - ../.env
-     
    volumes:
      - changedetection_data:/datastore

@ -19,9 +16,6 @@ services:
      - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000/
      - BASE_URL="https://changedetection.${DOMAIN_ROOT}"

-    networks:
-      - home-proxy
-
    labels:
      - "traefik.enable=true"
      - 'traefik.http.routers.changedetection.rule=Host(`changedetection.${DOMAIN_ROOT}`)'
@ -30,6 +24,9 @@ services:

    restart: unless-stopped

+    networks:
+      - web
+
  playwright:
    container_name: playwright
    image: browserless/chrome
@ -38,20 +35,19 @@ services:
    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}
      
-    networks:
-      - home-proxy
-
    labels:
      - "traefik.enable=true"
      - 'traefik.http.routers.playwright.rule=Host(`playwright.${DOMAIN_ROOT}`)'
      - 'traefik.http.routers.playwright.middlewares=authelia@docker'
      - "traefik.http.services.playwright.loadbalancer.server.port=3000"

+    networks:
+      - web
+
+networks:
+  web:
+    external: true
+
 volumes:
  changedetection_data:
    external: true
-
-    
-networks:
-  home-proxy:
-    external: true
--- a/cloudflare_tunnel/.env.example
+++ b/cloudflare_tunnel/.env.example
@ -0,0 +1,2 @@
+# TOKEN is the token for this cloudflare tunnel
+TOKEN=XXX
--- a/cloudflare_tunnel/docker-compose.yml
+++ b/cloudflare_tunnel/docker-compose.yml
@ -0,0 +1,23 @@
+---
+version: "3.8"
+services:
+  bitwarden:
+    image: cloudflare/cloudflared:latest
+    container_name: cloudflare-tunnel
+    restart: unless-stopped
+    command: tunnel --no-autoupdate run --token ${TOKEN}
+    
+    environment:
+      - TOKEN=${TOKEN}
+ 
+    networks:
+      - web
+
+networks:
+  web:
+    external: true
+
+volumes:
+  vaultwarden_data:
+    external: true
+    
--- a/dashy/docker-compose.yml
+++ b/dashy/docker-compose.yml
@ -14,9 +14,6 @@ services:
    volumes:
      - ./dashy.yml:/app/public/conf.yml

-    networks:
-      - home-proxy
-      
    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}
      - NODE_ENV=production
@ -32,6 +29,9 @@ services:
      start_period: 40s


+    networks:
+      - web
+
 networks:
-  home-proxy:
+  web:
    external: true
--- a/drone/docker-compose.yml
+++ b/drone/docker-compose.yml
@ -24,15 +24,14 @@ services:
     - drone_data:/data
     - /var/run/docker.sock:/var/run/docker.sock

-    networks:
-     - home-proxy
- 
-
    extra_hosts:
      - gitea.${DOMAIN_ROOT}:${HOST_IP}
      - nuc.${DOMAIN_ROOT}:${HOST_IP}
      - gitea-ssh.${DOMAIN_ROOT}:${HOST_IP}

+    networks:
+      - web
+
  runner:
    image: drone/drone-runner-docker:1

@ -44,31 +43,22 @@ services:
      - DRONE_RUNNER_NAME=runners
      - HOST_IP=${HOST_IP}

-#    ports:
-#      - 3000:3000/tcp
-
    depends_on:
      - drone

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

-    networks:
-      - home-proxy
-
    extra_hosts:
      - gitea.${DOMAIN_ROOT}:${HOST_IP}
      - nuc.${DOMAIN_ROOT}:${HOST_IP}
      - gitea-ssh.${DOMAIN_ROOT}:${HOST_IP}

+networks:
+  web:
+    external: true
+
 volumes:
  drone_data:
    external: true

-    
-networks:
-  home-proxy:
-    external: true
-
-
-
--- a/freshrss/docker-compose.yml
+++ b/freshrss/docker-compose.yml
@ -19,7 +19,11 @@ services:
     - freshrss_data:/var/www/FreshRSS/data

    networks:
-     - home-proxy
+      - web
+
+networks:
+  web:
+    external: true

 volumes:
  freshrss_extensions:
@ -27,9 +31,5 @@ volumes:
  freshrss_data:
    external: true
    
-networks:
-  home-proxy:
-    external: true
-


--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@ -30,12 +30,12 @@ services:
      - "${SSH_PORT}:222"

    networks:
-      - home-proxy
+      - web
+
+networks:
+  web:
+    external: true

 volumes:
  gitea_data:
    external: true
-
-networks:
-  home-proxy:
-    external: true
--- a/homeassistant/docker-compose.yml
+++ b/homeassistant/docker-compose.yml
@ -13,14 +13,6 @@ services:
    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}
     
-    #labels:
-     # - "traefik.enable=true"
-     # - "traefik.http.routers.homeassistant.rule=Host(`homeassistant.${DOMAIN_ROOT}`)"
-     # - "traefik.http.services.homeassistant.loadbalancer.server.port=8123"
-     # - "traefik.http.services.homeassistant.loadbalancer.server.url=http://192.168.0.197:8123"
-     # - 'traefik.http.routers.homeassistant.middlewares=authelia@docker'
-
-     
 volumes:
  homeassistant_config:
    external: true
--- a/mort/docker-compose.yml
+++ b/mort/docker-compose.yml
@ -17,20 +17,18 @@ services:
      - "traefik.http.routers.bobross-receiver-mort.rule=Host(`bobross-receiver-mort.dudenhoeffer.casa`)"
      - 'traefik.http.routers.bobross-receiver-mort.middlewares=authelia@docker'

- 
-    networks:
-     - home-proxy
-
    extra_hosts:
     - "gitea.dudenhoeffer.casa:192.168.0.197"


+    networks:
+      - web
+      - default
+
  tunnel:
    image: cloudflare/cloudflared:latest
    command: tunnel --no-autoupdate run --token ${CLOUDFLARE_TUNNEL_TOKEN}
    restart: unless-stopped
-    networks:
-      - home-proxy
    environment:
      - CLOUDFLARE_TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN}
      
@ -38,9 +36,6 @@ services:
    container_name: redis
    image: redis:latest

-    networks:
-     - home-proxy
-     
    labels:
      - "traefik.enabled=false"

@ -51,19 +46,17 @@ services:
    environment:
      MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}

-    networks:
-      - home-proxy
-
    volumes:
      - mariadb_data:/var/lib/mysql

+    networks:
+      - default
+

  adminer:
    image: adminer
    restart: always
    container_name: adminer
-    networks:
-      - home-proxy

    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}
@ -74,8 +67,12 @@ services:
      - "traefik.http.services.adminer.loadbalancer.server.port=8080"
      - 'traefik.http.routers.adminer.middlewares=authelia@docker'

+    networks:
+      - web
+      - default
+
 networks:
-  home-proxy:
+  web:
    external: true


--- a/pihole/docker-compose.yml
+++ b/pihole/docker-compose.yml
@ -5,15 +5,18 @@ services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
+
+    ports:
+       - 53:53/udp
+
    environment:
      - TZ=${TIMEZONE}
      - CORS_HOSTS=pihole.${DOMAIN_ROOT}
      - DOMAIN_ROOT=${DOMAIN_ROOT}
      - WEBPASSWORD=${WEB_UI_PASSWORD}

-    ports:
-      - "53:53/tcp"
-      - "53:53/udp"
+    network_mode: host
+

    # Volumes store your data between container upgrades
    volumes:
@ -23,37 +26,8 @@ services:
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed

-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN_ROOT}`)"
-      - "traefik.http.services.pihole.loadbalancer.server.port=8081"
-      - 'traefik.http.routers.pihole.middlewares=authelia@docker'
-
-    networks:
-      - home-proxy
-
    restart: unless-stopped

-#  pihole-proxy:
-#    container_name: pihole-proxy
-#    image: gitea.dudenhoeffer.casa/steve/simpleproxy:latest
-#    command: http://192.168.0.197:8081/
-#
-#    labels:
-#      - "traefik.enable=true"
-#      - "traefik.http.routers.pihole.rule=Host(`pihole.dudenhoeffer.casa`)"
-#      - "traefik.http.services.pihole.loadbalancer.server.port=8080"
-#      - 'traefik.http.routers.pihole.middlewares=authelia@docker'
-#
-#    networks:
-#      - home-proxy
-#
-#    restart: unless-stopped
-#
-networks:
-  home-proxy:
-    external: true
-
 volumes:
  pihole-config_data:
    external: true
--- a/portainer/.env.example
+++ b/portainer/.env.example
@ -0,0 +1,2 @@
+# DOMAIN_ROOT is the root domain that this service will register as with Traefik
+DOMAIN_ROOT=domain.tld
--- a/portainer/docker-compose.yml
+++ b/portainer/docker-compose.yml
@ -0,0 +1,31 @@
+version: "3"
+services:
+  portainer:
+    image: portainer/portainer-ee:latest
+    container_name: portainer
+    restart: unless-stopped
+
+    ports:
+      - 9000:9000/tcp
+      
+    environment:
+      - DOMAIN_ROOT=${DOMAIN_ROOT}
+
+    labels:
+      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
+      
+    volumes:
+      - portainer_data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+
+    networks:
+      - web
+
+networks:
+  web:
+    external: true
+
+volumes:
+  portainer_data:
+    external: true
+
--- a/privatebin/docker-compose.yml
+++ b/privatebin/docker-compose.yml
@ -7,28 +7,12 @@ services:
    environment:
      - DOMAIN_ROOT=${DOMAIN_ROOT}

-    labels:
-      - "traefik.http.services.privatebin.loadbalancer.server.port=8080"
-      - "traefik.enable=true"
-      - "traefik.http.routers.privatebin.rule=Host(`privatebin.${DOMAIN_ROOT}`)"
-      - 'traefik.http.routers.privatebin.middlewares=authelia@docker'
- 
    volumes:
     - privatebin_data:/srv/data
     - ./cfg/conf.php:/srv/cfg/conf.php:ro

    networks:
-     - home-proxy
- 
-
+      - web
 volumes:
  privatebin_data:
    external: true
-    
-    
-networks:
-  home-proxy:
-    external: true
-
-
-
--- a/repull-all.sh
+++ b/repull-all.sh
@ -0,0 +1,11 @@
+#!/bin/bash
+
+for dir in */ ; do
+    if [ -d "$dir" ]; then
+        echo "Entering directory: $dir"
+        cd "$dir"
+        docker compose down && docker compose pull && docker compose up -d
+        cd ..
+    fi
+done
+
--- a/traefik/custom/wireguard.yml
+++ b/traefik/custom/wireguard.yml
@ -0,0 +1,13 @@
+
+http:
+  routers:
+   wireguard2-router:
+      rule: "Host(`wireguard2.dudenhoeffer.casa`)"
+      service: wireguard2-service
+
+  services:
+    wireguard2-service:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.0.197:51821"
+        passHostHeader: true
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@ -5,7 +5,7 @@ services:
    image: traefik:latest
    container_name: traefik
    hostname: traefik
-    command: --providers.file.filename=/etc/traefik/dynamic.yml --providers.docker
+    restart: unless-stopped

   
    environment:
@ -29,10 +29,6 @@ services:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - certs:/letsencrypt

-    networks:
-      - home-proxy
-
-
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN_ROOT}`)'
@ -53,14 +49,16 @@ services:
      - 'certificatesresolvers.letsencrypt.acme.email=${CLOUDFLARE_EMAIL}'
      - 'certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json'

+    networks:
+      - web


  authelia:
    image: docker.io/authelia/authelia:latest
    container_name: authelia
    restart: unless-stopped
-    networks:
-      - home-proxy
+  
+
    environment:
      - TZ=${TIMEZONE}
      - AUTHELIA_JWT_SECRET=${AUTH_JWT_SECRET}
@ -76,14 +74,16 @@ services:
      - 'traefik.http.routers.authelia.rule=Host(`login.${DOMAIN_ROOT}`)'
      - 'traefik.http.services.authelia.loadbalancer.server.port=9091'

+    networks:
+      - web
+
+networks:
+  web:
+    external: true
+
 volumes:
  certs:
    external: true

  authelia_config:
    external: true
-
-    
-networks:
-  home-proxy:
-    external: true
--- a/whoogle/docker-compose.yml
+++ b/whoogle/docker-compose.yml
@ -1,25 +1,13 @@
 version: "3.8"
 services:
  whoogle:
-    image: benbusby/whoogle-search
+    image: benbusby/whoogle-search:latest
    container_name: whoogle
    restart: unless-stopped

-    labels:
-      - "traefik.http.services.whoogle.loadbalancer.server.port=5000"
-      - "traefik.enable=true"
-      - "traefik.http.routers.whoogle.rule=Host(`whoogle.${DOMAIN_ROOT}`)"
-      - 'traefik.http.routers.whoogle.middlewares=authelia@docker'
-
-    environment:
-      - DOMAIN_ROOT=${DOMAIN_ROOT}
- 
    networks:
-     - home-proxy
-
-    
+      - web

 networks:
-  home-proxy:
+  web:
    external: true
-
--- a/wireguard/docker-compose.yml
+++ b/wireguard/docker-compose.yml
@ -1,14 +1,11 @@
 version: "3"
 services:
  wireguard:
-    image: ghcr.io/wg-easy/wg-easy
+    image: ghcr.io/wg-easy/wg-easy:latest
    restart: unless-stopped
    container_name: wireguard
    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.wireguard.rule=Host(`wireguard.${DOMAIN_ROOT}`)"
      - "traefik.http.services.wireguard.loadbalancer.server.port=51821"
-      - 'traefik.http.routers.wireguard.middlewares=authelia@docker'

    ports:
      - target: 51820
@ -23,6 +20,7 @@ services:
    volumes:
     - wireguard_data:/etc/wireguard

+
    environment:
      - WG_HOST=wireguard.${DOMAIN_ROOT}
      - PASSWORD=${UI_PASSWORD}
@ -37,17 +35,12 @@ services:
      - "net.ipv4.ip_forward=1"

    networks:
-      - default
-      - home-proxy
+      - web

+networks:
+  web:
+    external: true

 volumes:
  wireguard_data:
    external: true
-
-networks:
-  default:
-  home-proxy:
-    external: true
-
-