skrd/server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mejorando configuracion de stacks usando traefik

Browse Source
This commit is contained in:
Daniel Cortés
2025-11-08 01:11:42 -03:00
parent 115aac9d2a
commit cc93471cb0
22 changed files with 317 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
stacks/actual.yml
View File

@@ -1,12 +0,0 @@
services:
actual_server:
image: ghcr.io/actualbudget/actual:latest
restart: unless-stopped
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/actual:/data
networks:
macvlan_192_168_3_0:
ipv4_address: 192.168.103.13
networks:
macvlan_192_168_3_0:
external: true

20
stacks/actual/actual.yml Normal file
View File

@@ -0,0 +1,20 @@
services:
actual_server:
image: ghcr.io/actualbudget/actual:latest
restart: unless-stopped
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/actual:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.actual-web.rule=Host(`actual.skrd.fun`)"
- "traefik.http.routers.actual-web.entrypoints=web"
- "traefik.http.routers.actual-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.actual.rule=Host(`actual.skrd.fun`)"
- "traefik.http.routers.actual.entrypoints=websecure"
- "traefik.http.routers.actual.tls.certresolver=cf"
- "traefik.http.services.actual.loadbalancer.server.port=5006"
networks:
default:
name: traefik
external: true

12
stacks/gametabs.yml
View File

@@ -1,12 +0,0 @@
services:
gametabs:
image: nginx
restart: unless-stopped
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gametabs:/usr/share/nginx/html
networks:
macvlan_192_168_3_0:
ipv4_address: 192.168.103.6
networks:
macvlan_192_168_3_0:
external: true

20
stacks/gametabs/gametabs.yml Normal file
View File

@@ -0,0 +1,20 @@
services:
gametabs:
image: nginx
restart: unless-stopped
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gametabs:/usr/share/nginx/html
labels:
- "traefik.enable=true"
- "traefik.http.routers.gametabs-web.rule=Host(`gametabs.skrd.fun`)"
- "traefik.http.routers.gametabs-web.entrypoints=web"
- "traefik.http.routers.gametabs-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.gametabs.rule=Host(`gametabs.skrd.fun`)"
- "traefik.http.routers.gametabs.entrypoints=websecure"
- "traefik.http.routers.gametabs.tls.certresolver=cf"
- "traefik.http.services.gametabs.loadbalancer.server.port=80"
networks:
default:
name: traefik
external: true

46
stacks/gitea.yml
View File

@@ -1,46 +0,0 @@
services:
gitea:
image: gitea/gitea:latest
restart: unless-stopped
env_file:
- gitea.env
networks:
gitea_network:
macvlan_192_168_3_0:
ipv4_address: 192.168.103.3
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- gitea-db
runner:
image: gitea/act_runner:latest
restart: unless-stopped
env_file:
- gitea.env
networks:
- gitea_network
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/runner/config:/config
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/runner/data:/data
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- gitea
gitea-db:
image: postgres:16
restart: unless-stopped
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/db:/var/lib/postgresql/data
networks:
- gitea_network
env_file:
- gitea.env
networks:
gitea_network:
macvlan_192_168_3_0:
external: true

3
stacks/gitea.env.example → stacks/gitea/gitea.env.example
View File

@@ -1,10 +1,7 @@
USER_UID=1000
USER_GID=1000
CONFIG_FILE=/config/config.yaml
GITEA_INSTANCE_URL=https://git.skrd.fun
GITEA_RUNNER_REGISTRATION_TOKEN=secret
GITEA_RUNNER_NAME=gitea-runner-1
POSTGRES_PASSWORD=secret
POSTGRES_DB=gitea

62
stacks/gitea/gitea.yml Normal file
View File

@@ -0,0 +1,62 @@
services:
gitea:
image: gitea/gitea:latest
restart: unless-stopped
environment:
USER_UID: ${USER_UID}
USER_GID: ${USER_GID}
networks:
- internal
- proxy
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.gitea-web.rule=Host(`git.skrd.fun`)"
- "traefik.http.routers.gitea-web.entrypoints=web"
- "traefik.http.routers.gitea-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.gitea.rule=Host(`git.skrd.fun`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls.certresolver=cf"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- gitea-db
runner:
image: gitea/act_runner:latest
restart: unless-stopped
environment:
CONFIG_FILE: /config/config.yaml
GITEA_INSTANCE_URL: "https://git.skrd.fun"
GITEA_RUNNER_NAME: "gitea-runner-1"
GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}"
networks:
- internal
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/runner/config:/config
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/runner/data:/data
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- gitea
gitea-db:
image: postgres:16
restart: unless-stopped
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/db:/var/lib/postgresql/data
networks:
- internal
environment:
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_DB: "${POSTGRES_DB}"
POSTGRES_USER: "${POSTGRES_USER}"
networks:
internal:
name: gitea
proxy:
name: traefik
external: true

8
stacks/immich.env.example
View File

@@ -1,8 +0,0 @@
DB_PASSWORD=secret
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
POSTGRES_PASSWORD=secret
POSTGRES_USER=postgres
POSTGRES_DB=immich
POSTGRES_INITDB_ARGS='--data-checksums'

3
stacks/immich/immich.env.example Normal file
View File

@@ -0,0 +1,3 @@
DB_PASSWORD=secret
DB_USERNAME=postgres
DB_DATABASE_NAME=immich

57
stacks/immich.yml → stacks/immich/immich.yml
View File

@@ -6,11 +6,22 @@ services:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/immich/upload:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
networks:
immich_network:
macvlan_192_168_3_0:
ipv4_address: 192.168.103.12
env_file:
- immich.env
- internal
- proxy
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.immich-web.rule=Host(`photos.skrd.fun`)"
- "traefik.http.routers.immich-web.entrypoints=web"
- "traefik.http.routers.immich-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.immich.rule=Host(`photos.skrd.fun`)"
- "traefik.http.routers.immich.entrypoints=websecure"
- "traefik.http.routers.immich.tls.certresolver=cf"
- "traefik.http.services.immich.loadbalancer.server.port=2283"
environment:
DB_PASSWORD: ${DB_PASSWORD}
DB_USERNAME: ${DB_USERNAME}
DB_DATABASE_NAME: ${DB_DATABASE_NAME}
depends_on:
- redis
- database
@@ -19,7 +30,7 @@ services:
image: ghcr.io/immich-app/immich-machine-learning:release
restart: unless-stopped
networks:
immich_network:
- internal
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/immich/model-cache:/cache
@@ -27,7 +38,7 @@ services:
image: docker.io/redis:6.2-alpine@sha256:328fe6a5822256d065debb36617a8169dbfbd77b797c525288e465f56c1d392b
restart: unless-stopped
networks:
immich_network:
- internal
healthcheck:
test: redis-cli ping || exit 1
@@ -35,9 +46,12 @@ services:
image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
restart: unless-stopped
networks:
immich_network:
env_file:
- immich.env
- internal
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: "--data-checksums"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/immich/postgres:/var/lib/postgresql/data
healthcheck:
@@ -45,9 +59,26 @@ services:
interval: 5m
start_interval: 30s
start_period: 5m
command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
command:
[
"postgres",
"-c",
"shared_preload_libraries=vectors.so",
"-c",
'search_path="$$user", public, vectors',
"-c",
"logging_collector=on",
"-c",
"max_wal_size=2GB",
"-c",
"shared_buffers=512MB",
"-c",
"wal_compression=on",
]
networks:
immich_network:
macvlan_192_168_3_0:
internal:
name: immich
proxy:
name: traefik
external: true

17
stacks/jellyfin.yml → stacks/jellyfin/jellyfin.yml
View File

@@ -1,8 +1,17 @@
services:
jellyfin:
image: jellyfin/jellyfin
restart: 'unless-stopped'
restart: "unless-stopped"
user: 1000:1000
labels:
- "traefik.enable=true"
- "traefik.http.routers.jellyfin-web.rule=Host(`jelly.skrd.fun`)"
- "traefik.http.routers.jellyfin-web.entrypoints=web"
- "traefik.http.routers.jellyfin-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.jellyfin.rule=Host(`jelly.skrd.fun`)"
- "traefik.http.routers.jellyfin.entrypoints=websecure"
- "traefik.http.routers.jellyfin.tls.certresolver=cf"
- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/jellyfin/config:/config
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/jellyfin/cache:/cache
@@ -11,9 +20,7 @@ services:
- /srv/dev-disk-by-uuid-c7a96ee1-c08e-48b1-8afa-79c75380d142/tv:/data/tv
environment:
- JELLYFIN_PublishedServerUrl=https://jelly.skrd.fun
networks:
macvlan_192_168_3_0:
ipv4_address: 192.168.103.11
networks:
macvlan_192_168_3_0:
default:
name: traefik
external: true

0
stacks/moka.env.example → stacks/moka/moka.env.example
View File

52
stacks/moka.yml → stacks/moka/moka.yml
View File

@@ -3,9 +3,17 @@ services:
image: git.skrd.fun/skrd/moka:v0.3.9.1
restart: unless-stopped
env_file:
- moka.env
- .env
environment:
- SERVICE=server
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.moka.rule=Host(`moka.skrd.fun`)"
- "traefik.http.routers.moka.entrypoints=websecure"
- "traefik.http.routers.moka.tls.certresolver=cf"
- "traefik.http.services.moka.loadbalancer.server.port=80"
- "traefik.http.routers.moka.middlewares=redirect-to-https@file"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/moka:/app/storage
depends_on:
@@ -14,22 +22,22 @@ services:
pgsql:
condition: service_healthy
networks:
moka_network:
macvlan_192_168_3_0:
ipv4_address: 192.168.103.19
- internal
- proxy
init: true
healthcheck:
test: [ "CMD-SHELL", "curl -fsS http://localhost:8000/up >/dev/null || exit 1" ]
test:
["CMD-SHELL", "curl -fsS http://localhost:80/up >/dev/null || exit 1"]
interval: 30s
timeout: 5s
retries: 3
start_period: 20s
schedule:
image: git.skrd.fun/skrd/moka:v0.3.9.1
restart: unless-stopped
env_file:
- moka.env
- .env
environment:
- SERVICE=schedule
volumes:
@@ -40,10 +48,11 @@ services:
pgsql:
condition: service_healthy
networks:
moka_network:
- internal
init: true
healthcheck:
test: [ "CMD-SHELL", "pgrep -f 'artisan schedule:work' >/dev/null || exit 1" ]
test:
["CMD-SHELL", "pgrep -f 'artisan schedule:work' >/dev/null || exit 1"]
interval: 30s
timeout: 5s
retries: 3
@@ -64,10 +73,10 @@ services:
pgsql:
condition: service_healthy
networks:
moka_network:
- internal
init: true
healthcheck:
test: [ "CMD-SHELL", "pgrep -f 'artisan queue:work' >/dev/null || exit 1" ]
test: ["CMD-SHELL", "pgrep -f 'artisan queue:work' >/dev/null || exit 1"]
interval: 30s
timeout: 5s
retries: 3
@@ -79,9 +88,9 @@ services:
volumes:
- redis_data:/data
networks:
moka_network:
- internal
healthcheck:
test: [ "CMD-SHELL", "redis-cli -h 127.0.0.1 ping | grep -q PONG" ]
test: ["CMD-SHELL", "redis-cli -h 127.0.0.1 ping | grep -q PONG"]
interval: 3s
timeout: 3s
retries: 10
@@ -99,13 +108,14 @@ services:
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
moka_network:
- internal
init: true
healthcheck:
test: [
"CMD-SHELL",
"pg_isready -h 127.0.0.1 -p 5432 -U ${POSTGRES_USER:-postgres} -d ${POSTGRES_DB:-postgres}"
]
test:
[
"CMD-SHELL",
"pg_isready -h 127.0.0.1 -p 5432 -U ${POSTGRES_USER:-postgres} -d ${POSTGRES_DB:-postgres}",
]
interval: 3s
timeout: 3s
retries: 10
@@ -116,6 +126,8 @@ volumes:
postgres_data:
networks:
moka_network:
macvlan_192_168_3_0:
internal:
name: moka
proxy:
name: traefik
external: true

17
stacks/navidrome.yml
View File

@@ -1,17 +0,0 @@
services:
navidrome:
image: deluan/navidrome:latest
user: 1000:1000
restart: unless-stopped
environment:
ND_BASEURL: "https:://navi.skrd.fun"
networks:
macvlan_192_168_3_0:
ipv4_address: 192.168.103.10
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/navidrome:/data
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/music:/music:ro
networks:
macvlan_192_168_3_0:
external: true

24
stacks/navidrome/navidrome.yml Normal file
View File

@@ -0,0 +1,24 @@
services:
navidrome:
image: deluan/navidrome:latest
user: 1000:1000
restart: unless-stopped
environment:
ND_BASEURL: "https:://navi.skrd.fun"
labels:
- "traefik.enable=true"
- "traefik.http.routers.navidrome-web.rule=Host(`navi.skrd.fun`)"
- "traefik.http.routers.navidrome-web.entrypoints=web"
- "traefik.http.routers.navidrome-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.navidrome.rule=Host(`navi.skrd.fun`)"
- "traefik.http.routers.navidrome.entrypoints=websecure"
- "traefik.http.routers.navidrome.tls.certresolver=cf"
- "traefik.http.services.navidrome.loadbalancer.server.port=4533"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/navidrome:/data
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/music:/music:ro
networks:
default:
name: traefik
external: true

20
stacks/qbittorrent.yml
View File

@@ -1,20 +0,0 @@
services:
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
environment:
- PUID=1000
- PGID=1000
- TZ=America/Santiago
- WEBUI_PORT=80
- TORRENTING_PORT=6881
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/qbittorrent:/config:/config
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/downloads:/downloads
restart: unless-stopped
networks:
macvlan_192_168_3_0:
ipv4_address: 192.168.103.4
networks:
macvlan_192_168_3_0:
external: true

28
stacks/qbittorrent/qbittorrent.yml Normal file
View File

@@ -0,0 +1,28 @@
services:
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
environment:
- PUID=1000
- PGID=1000
- TZ=America/Santiago
- WEBUI_PORT=80
- TORRENTING_PORT=6881
ports:
- "6881:6881"
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/qbittorrent:/config:/config
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/downloads:/downloads
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.qbittorrent-web.rule=Host(`torrent.skrd.fun`)"
- "traefik.http.routers.qbittorrent-web.entrypoints=web"
- "traefik.http.routers.qbittorrent-web.middlewares=redirect-to-https@file"
- "traefik.http.routers.qbittorrent.rule=Host(`torrent.skrd.fun`)"
- "traefik.http.routers.qbittorrent.entrypoints=websecure"
- "traefik.http.routers.qbittorrent.tls.certresolver=cf"
- "traefik.http.services.qbittorrent.loadbalancer.server.port=80"
networks:
default:
name: traefik
external: true

16
stacks/traefik/dynamic/komodo.yml Normal file
View File

@@ -0,0 +1,16 @@
http:
routers:
komodo:
rule: Host(`komodo.skrd.fun`)
entryPoints:
- websecure
service: komodo-svc
tls:
certResolver: cf
middlewares:
- local-only
services:
komodo-svc:
loadBalancer:
servers:
- url: "http://192.168.102.1:9120"

12
stacks/traefik/dynamic/middlewares.yml Normal file
View File

@@ -0,0 +1,12 @@
http:
middlewares:
local-only:
ipWhiteList:
sourceRange:
- "192.168.0.0/16"
- "10.0.0.0/8"
- "127.0.0.1/32"
redirect-to-https:
redirectScheme:
scheme: https
permanent: true

42
stacks/traefik/trafik.yml Normal file
View File

@@ -0,0 +1,42 @@
services:
traefik:
image: traefik:v3.5
command:
- "--log.level=DEBUG"
- "--accesslog=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.file.directory=/dynamic"
- "--providers.file.watch=true"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.cf.acme.dnschallenge=true"
- "--certificatesresolvers.cf.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.cf.acme.email=tls@skrd.fun"
- "--certificatesresolvers.cf.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard-web.rule=Host(`traefik.skrd.fun`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))"
- "traefik.http.routers.dashboard-web.entrypoints=web"
- "traefik.http.routers.dashboard-web.middlewares=local-only@file, redirect-to-https@file"
- "traefik.http.routers.dashboard.rule=Host(`traefik.skrd.fun`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=cf"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=local-only@file"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/letsencrypt:/letsencrypt"
- "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/dynamic:/dynamic"
environment:
CF_API_EMAIL: "${CF_API_EMAIL}"
CF_DNS_API_TOKEN: "${CF_DNS_API_TOKEN}"
networks:
default:
name: traefik

0
stacks/zenithar.env.example → stacks/zenithar/zenithar.env.example
View File

10
stacks/zenithar.yml → stacks/zenithar/zenithar.yml
View File

@@ -3,15 +3,9 @@ services:
db:
image: mariadb
restart: unless-stopped
ports:
- "3306:3306"
env_file:
- zenithar.env
volumes:
- /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/zenithar:/var/lib/mysql:Z
networks:
macvlan_192_168_3_0:
ipv4_address: 192.168.103.7
networks:
macvlan_192_168_3_0:
external: true