From daccaf3819fabc78184f422bb22601011ad6fa59 Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 16 Feb 2026 07:51:58 -0300 Subject: [PATCH] Actualizando configuracion de stacks --- stacks/.gitignore | 3 +- stacks/actual/.env.example | 1 + .../{actual.yml => compose.traefik.yml} | 6 +- stacks/actual/compose.yml | 6 + stacks/crowdsec/.env.example | 3 + stacks/crowdsec/compose.yml | 24 ++++ .../ddns/{ddns.env.example => .env.example} | 1 + stacks/ddns/{ddns.yml => compose.yml} | 2 +- stacks/gametabs/.env.example | 1 + .../{gametabs.yml => compose.traefik.yml} | 5 +- stacks/gametabs/compose.yml | 6 + stacks/gitea/.env.example | 12 ++ stacks/gitea/compose.traefik.yml | 31 ++++ stacks/gitea/compose.yml | 38 +++++ stacks/gitea/gitea.env.example | 8 -- stacks/gitea/gitea.yml | 62 -------- stacks/immich/.env.example | 9 ++ stacks/immich/compose.traefik.yml | 35 +++++ stacks/immich/compose.yml | 49 +++++++ stacks/immich/immich.env.example | 3 - stacks/immich/immich.yml | 84 ----------- stacks/jellyfin/.env.example | 6 + stacks/jellyfin/compose.traefik.yml | 16 +++ stacks/jellyfin/compose.yml | 13 ++ stacks/jellyfin/jellyfin.yml | 26 ---- stacks/kavita/.env.example | 2 + stacks/kavita/compose.traefik.yml | 19 +++ stacks/kavita/compose.yml | 7 + stacks/miniflux/.env.example | 10 ++ stacks/miniflux/compose.traefik.yml | 26 ++++ stacks/miniflux/compose.yml | 28 ++++ stacks/moka/moka.env.example | 63 --------- stacks/moka/moka.yml | 133 ------------------ stacks/navidrome/.env.example | 4 + .../{navidrome.yml => compose.traefik.yml} | 9 +- stacks/navidrome/compose.yml | 10 ++ stacks/qbittorrent/.env.example | 8 ++ .../{qbittorrent.yml => compose.traefik.yml} | 16 +-- stacks/qbittorrent/compose.yml | 15 ++ stacks/speedtest/compose.traefik.yml | 17 +++ stacks/speedtest/compose.yml | 4 + stacks/traefik/.env.example | 6 + stacks/traefik/{trafik.yml => compose.yml} | 17 ++- stacks/traefik/dynamic/crafty.yml | 41 ++++++ stacks/traefik/dynamic/home-assistant.yml | 3 - stacks/traefik/dynamic/middlewares.yml | 22 +++ .../{zenithar.env.example => .env.example} | 1 + stacks/zenithar/compose.yml | 11 ++ stacks/zenithar/zenithar.yml | 11 -- 49 files changed, 503 insertions(+), 430 deletions(-) create mode 100644 stacks/actual/.env.example rename stacks/actual/{actual.yml => compose.traefik.yml} (77%) create mode 100644 stacks/actual/compose.yml create mode 100644 stacks/crowdsec/.env.example create mode 100644 stacks/crowdsec/compose.yml rename stacks/ddns/{ddns.env.example => .env.example} (65%) rename stacks/ddns/{ddns.yml => compose.yml} (89%) create mode 100644 stacks/gametabs/.env.example rename stacks/gametabs/{gametabs.yml => compose.traefik.yml} (78%) create mode 100644 stacks/gametabs/compose.yml create mode 100644 stacks/gitea/.env.example create mode 100644 stacks/gitea/compose.traefik.yml create mode 100644 stacks/gitea/compose.yml delete mode 100644 stacks/gitea/gitea.env.example delete mode 100644 stacks/gitea/gitea.yml create mode 100644 stacks/immich/.env.example create mode 100644 stacks/immich/compose.traefik.yml create mode 100644 stacks/immich/compose.yml delete mode 100644 stacks/immich/immich.env.example delete mode 100644 stacks/immich/immich.yml create mode 100644 stacks/jellyfin/.env.example create mode 100644 stacks/jellyfin/compose.traefik.yml create mode 100644 stacks/jellyfin/compose.yml delete mode 100644 stacks/jellyfin/jellyfin.yml create mode 100644 stacks/kavita/.env.example create mode 100644 stacks/kavita/compose.traefik.yml create mode 100644 stacks/kavita/compose.yml create mode 100644 stacks/miniflux/.env.example create mode 100644 stacks/miniflux/compose.traefik.yml create mode 100644 stacks/miniflux/compose.yml delete mode 100644 stacks/moka/moka.env.example delete mode 100644 stacks/moka/moka.yml create mode 100644 stacks/navidrome/.env.example rename stacks/navidrome/{navidrome.yml => compose.traefik.yml} (64%) create mode 100644 stacks/navidrome/compose.yml create mode 100644 stacks/qbittorrent/.env.example rename stacks/qbittorrent/{qbittorrent.yml => compose.traefik.yml} (57%) create mode 100644 stacks/qbittorrent/compose.yml create mode 100644 stacks/speedtest/compose.traefik.yml create mode 100644 stacks/speedtest/compose.yml create mode 100644 stacks/traefik/.env.example rename stacks/traefik/{trafik.yml => compose.yml} (70%) create mode 100644 stacks/traefik/dynamic/crafty.yml rename stacks/zenithar/{zenithar.env.example => .env.example} (64%) create mode 100644 stacks/zenithar/compose.yml delete mode 100644 stacks/zenithar/zenithar.yml diff --git a/stacks/.gitignore b/stacks/.gitignore index 18177e0..4c49bd7 100644 --- a/stacks/.gitignore +++ b/stacks/.gitignore @@ -1,2 +1 @@ -*.env -!*.env.example \ No newline at end of file +.env diff --git a/stacks/actual/.env.example b/stacks/actual/.env.example new file mode 100644 index 0000000..0b31cc0 --- /dev/null +++ b/stacks/actual/.env.example @@ -0,0 +1 @@ +DATA_DIR="./data" diff --git a/stacks/actual/actual.yml b/stacks/actual/compose.traefik.yml similarity index 77% rename from stacks/actual/actual.yml rename to stacks/actual/compose.traefik.yml index 33f01a1..b7f51e9 100644 --- a/stacks/actual/actual.yml +++ b/stacks/actual/compose.traefik.yml @@ -1,9 +1,5 @@ services: actual_server: - image: ghcr.io/actualbudget/actual:latest - restart: unless-stopped - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/actual:/data labels: - "traefik.enable=true" - "traefik.http.routers.actual-web.rule=Host(`actual.skrd.fun`)" @@ -11,9 +7,9 @@ services: - "traefik.http.routers.actual-web.middlewares=redirect-to-https@file" - "traefik.http.routers.actual.rule=Host(`actual.skrd.fun`)" - "traefik.http.routers.actual.entrypoints=websecure" + - "traefik.http.routers.actual.middlewares=crowdsec@file" - "traefik.http.routers.actual.tls.certresolver=cf" - "traefik.http.services.actual.loadbalancer.server.port=5006" - networks: default: name: traefik diff --git a/stacks/actual/compose.yml b/stacks/actual/compose.yml new file mode 100644 index 0000000..c274ff7 --- /dev/null +++ b/stacks/actual/compose.yml @@ -0,0 +1,6 @@ +services: + actual_server: + image: ghcr.io/actualbudget/actual:latest + restart: unless-stopped + volumes: + - ${DATA_DIR}:/data diff --git a/stacks/crowdsec/.env.example b/stacks/crowdsec/.env.example new file mode 100644 index 0000000..c517dc7 --- /dev/null +++ b/stacks/crowdsec/.env.example @@ -0,0 +1,3 @@ +DATA_DIR="./crowdsec" +COLLECTIONS="crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/base-http-scenarios crowdsecurity/sshd crowdsecurity/linux crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-crs" +GID=1000 diff --git a/stacks/crowdsec/compose.yml b/stacks/crowdsec/compose.yml new file mode 100644 index 0000000..de6ba07 --- /dev/null +++ b/stacks/crowdsec/compose.yml @@ -0,0 +1,24 @@ +services: + crowdsec: + image: crowdsecurity/crowdsec + restart: unless-stopped + ports: + - 127.0.0.1:9876:8080 + expose: + - 8080 + - 6060 + - 7422 + environment: + COLLECTIONS: "${COLLECTIONS}" + GID: "${GID-1000}" + volumes: + - "${DATA_ROOT}/crowdsec/data:/var/lib/crowdsec/data/" + - "${DATA_ROOT}/crowdsec/config:/etc/crowdsec/" + - "${DATA_ROOT}/traefik/logs:/var/log/traefik:ro" + - /var/log/auth.log:/var/log/auth.log:ro + - /var/log/syslog:/var/log/syslog:ro + networks: + - traefik +networks: + traefik: + external: true diff --git a/stacks/ddns/ddns.env.example b/stacks/ddns/.env.example similarity index 65% rename from stacks/ddns/ddns.env.example rename to stacks/ddns/.env.example index 396ebdf..63217da 100644 --- a/stacks/ddns/ddns.env.example +++ b/stacks/ddns/.env.example @@ -1 +1,2 @@ API_TOKEN=secret +DOMAINS= diff --git a/stacks/ddns/ddns.yml b/stacks/ddns/compose.yml similarity index 89% rename from stacks/ddns/ddns.yml rename to stacks/ddns/compose.yml index 24b458d..9a13fe1 100644 --- a/stacks/ddns/ddns.yml +++ b/stacks/ddns/compose.yml @@ -8,5 +8,5 @@ services: security_opt: [no-new-privileges:true] environment: CLOUDFLARE_API_TOKEN: ${API_TOKEN} - DOMAINS: direct.skrd.fun + DOMAINS: ${DOMAINS} PROXIED: false diff --git a/stacks/gametabs/.env.example b/stacks/gametabs/.env.example new file mode 100644 index 0000000..73272c6 --- /dev/null +++ b/stacks/gametabs/.env.example @@ -0,0 +1 @@ +DATA_DIR=./gametabs diff --git a/stacks/gametabs/gametabs.yml b/stacks/gametabs/compose.traefik.yml similarity index 78% rename from stacks/gametabs/gametabs.yml rename to stacks/gametabs/compose.traefik.yml index 4913fc6..58f3609 100644 --- a/stacks/gametabs/gametabs.yml +++ b/stacks/gametabs/compose.traefik.yml @@ -1,9 +1,5 @@ services: gametabs: - image: nginx - restart: unless-stopped - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gametabs:/usr/share/nginx/html labels: - "traefik.enable=true" - "traefik.http.routers.gametabs-web.rule=Host(`gametabs.skrd.fun`)" @@ -11,6 +7,7 @@ services: - "traefik.http.routers.gametabs-web.middlewares=redirect-to-https@file" - "traefik.http.routers.gametabs.rule=Host(`gametabs.skrd.fun`)" - "traefik.http.routers.gametabs.entrypoints=websecure" + - "traefik.http.routers.gametabs.middlewares=crowdsec@file" - "traefik.http.routers.gametabs.tls.certresolver=cf" - "traefik.http.services.gametabs.loadbalancer.server.port=80" diff --git a/stacks/gametabs/compose.yml b/stacks/gametabs/compose.yml new file mode 100644 index 0000000..f5629e3 --- /dev/null +++ b/stacks/gametabs/compose.yml @@ -0,0 +1,6 @@ +services: + gametabs: + image: nginx + restart: unless-stopped + volumes: + - ${DATA_DIR}:/usr/share/nginx/html diff --git a/stacks/gitea/.env.example b/stacks/gitea/.env.example new file mode 100644 index 0000000..1594147 --- /dev/null +++ b/stacks/gitea/.env.example @@ -0,0 +1,12 @@ +DATA_ROOT="./gitea" + +USER_UID=1000 +USER_GID=1000 + +GITEA_RUNNER_REGISTRATION_TOKEN=sercret + +POSTGRES_PASSWORD=secret +POSTGRES_DB=gitea +POSTGRES_USER=gitea + +INSTANCE_URL="https://gitea.skrd.fun" diff --git a/stacks/gitea/compose.traefik.yml b/stacks/gitea/compose.traefik.yml new file mode 100644 index 0000000..3625441 --- /dev/null +++ b/stacks/gitea/compose.traefik.yml @@ -0,0 +1,31 @@ +services: + gitea: + networks: + - internal + - proxy + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.gitea-web.rule=Host(`git.skrd.fun`)" + - "traefik.http.routers.gitea-web.entrypoints=web" + - "traefik.http.routers.gitea-web.middlewares=redirect-to-https@file" + - "traefik.http.routers.gitea.rule=Host(`git.skrd.fun`)" + - "traefik.http.routers.gitea.entrypoints=websecure" + - "traefik.http.routers.gitea.middlewares=crowdsec@file" + - "traefik.http.routers.gitea.tls.certresolver=cf" + - "traefik.http.services.gitea.loadbalancer.server.port=3000" + + runner: + networks: + - internal + + gitea-db: + networks: + - internal + +networks: + internal: + name: gitea + proxy: + name: traefik + external: true diff --git a/stacks/gitea/compose.yml b/stacks/gitea/compose.yml new file mode 100644 index 0000000..a15b490 --- /dev/null +++ b/stacks/gitea/compose.yml @@ -0,0 +1,38 @@ +services: + gitea: + image: gitea/gitea:latest + restart: unless-stopped + environment: + USER_UID: ${USER_UID} + USER_GID: ${USER_GID} + volumes: + - ${DATA_ROOT}/data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + depends_on: + - gitea-db + + runner: + image: gitea/act_runner:latest + restart: unless-stopped + environment: + CONFIG_FILE: /config/config.yaml + GITEA_INSTANCE_URL: "${INSTANCE_URL}" + GITEA_RUNNER_NAME: "gitea-runner-1" + GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}" + volumes: + - ${DATA_ROOT}/runner/config:/config + - ${DATA_ROOT}/runner/data:/data + - /var/run/docker.sock:/var/run/docker.sock + depends_on: + - gitea + + gitea-db: + image: postgres:16 + restart: unless-stopped + volumes: + - ${DATA_ROOT}/db:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}" + POSTGRES_DB: "${POSTGRES_DB}" + POSTGRES_USER: "${POSTGRES_USER}" diff --git a/stacks/gitea/gitea.env.example b/stacks/gitea/gitea.env.example deleted file mode 100644 index bf48289..0000000 --- a/stacks/gitea/gitea.env.example +++ /dev/null @@ -1,8 +0,0 @@ -USER_UID=1000 -USER_GID=1000 - -GITEA_RUNNER_REGISTRATION_TOKEN=secret - -POSTGRES_PASSWORD=secret -POSTGRES_DB=gitea -POSTGRES_USER=gitea diff --git a/stacks/gitea/gitea.yml b/stacks/gitea/gitea.yml deleted file mode 100644 index e5c032b..0000000 --- a/stacks/gitea/gitea.yml +++ /dev/null @@ -1,62 +0,0 @@ -services: - gitea: - image: gitea/gitea:latest - restart: unless-stopped - environment: - USER_UID: ${USER_UID} - USER_GID: ${USER_GID} - networks: - - internal - - proxy - labels: - - "traefik.enable=true" - - "traefik.docker.network=traefik" - - "traefik.http.routers.gitea-web.rule=Host(`git.skrd.fun`)" - - "traefik.http.routers.gitea-web.entrypoints=web" - - "traefik.http.routers.gitea-web.middlewares=redirect-to-https@file" - - "traefik.http.routers.gitea.rule=Host(`git.skrd.fun`)" - - "traefik.http.routers.gitea.entrypoints=websecure" - - "traefik.http.routers.gitea.tls.certresolver=cf" - - "traefik.http.services.gitea.loadbalancer.server.port=3000" - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/data:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - depends_on: - - gitea-db - - runner: - image: gitea/act_runner:latest - restart: unless-stopped - environment: - CONFIG_FILE: /config/config.yaml - GITEA_INSTANCE_URL: "https://git.skrd.fun" - GITEA_RUNNER_NAME: "gitea-runner-1" - GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}" - networks: - - internal - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/runner/config:/config - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/runner/data:/data - - /var/run/docker.sock:/var/run/docker.sock - depends_on: - - gitea - - gitea-db: - image: postgres:16 - restart: unless-stopped - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/gitea/db:/var/lib/postgresql/data - networks: - - internal - environment: - POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}" - POSTGRES_DB: "${POSTGRES_DB}" - POSTGRES_USER: "${POSTGRES_USER}" - -networks: - internal: - name: gitea - proxy: - name: traefik - external: true diff --git a/stacks/immich/.env.example b/stacks/immich/.env.example new file mode 100644 index 0000000..0fb2c08 --- /dev/null +++ b/stacks/immich/.env.example @@ -0,0 +1,9 @@ +UPLOAD_LOCATION=./immich/upload +DB_DATA_LOCATION=./immich/postgres + +TZ=America/Santiago +IMMICH_VERSION=v2 + +DB_PASSWORD=secret +DB_USERNAME=postgres +DB_DATABASE_NAME=immich diff --git a/stacks/immich/compose.traefik.yml b/stacks/immich/compose.traefik.yml new file mode 100644 index 0000000..f473a89 --- /dev/null +++ b/stacks/immich/compose.traefik.yml @@ -0,0 +1,35 @@ +services: + immich-server: + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.immich-web.rule=Host(`photos.skrd.fun`)" + - "traefik.http.routers.immich-web.entrypoints=web" + - "traefik.http.routers.immich-web.middlewares=redirect-to-https@file" + - "traefik.http.routers.immich.rule=Host(`photos.skrd.fun`)" + - "traefik.http.routers.immich.entrypoints=websecure" + - "traefik.http.routers.immich.middlewares=crowdsec@file" + - "traefik.http.routers.immich.tls.certresolver=cf" + - "traefik.http.services.immich.loadbalancer.server.port=2283" + networks: + - internal + - proxy + + immich-machine-learning: + networks: + - internal + + redis: + networks: + - internal + + database: + networks: + - internal + +networks: + internal: + name: immich + proxy: + name: traefik + external: true diff --git a/stacks/immich/compose.yml b/stacks/immich/compose.yml new file mode 100644 index 0000000..1c3c50f --- /dev/null +++ b/stacks/immich/compose.yml @@ -0,0 +1,49 @@ +services: + immich-server: + image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} + volumes: + - ${UPLOAD_LOCATION}:/data + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + depends_on: + - redis + - database + restart: unless-stopped + healthcheck: + disable: false + + immich-machine-learning: + image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} + volumes: + - model-cache:/cache + env_file: + - .env + restart: always + healthcheck: + disable: false + + redis: + image: docker.io/valkey/valkey:9@sha256:546304417feac0874c3dd576e0952c6bb8f06bb4093ea0c9ca303c73cf458f63 + healthcheck: + test: redis-cli ping || exit 1 + restart: always + + database: + image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23 + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: "--data-checksums" + DB_STORAGE_TYPE: "HDD" + volumes: + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/immich2/extra:/tmp/extra + shm_size: 128mb + restart: always + healthcheck: + disable: false + +volumes: + model-cache: diff --git a/stacks/immich/immich.env.example b/stacks/immich/immich.env.example deleted file mode 100644 index 54a49af..0000000 --- a/stacks/immich/immich.env.example +++ /dev/null @@ -1,3 +0,0 @@ -DB_PASSWORD=secret -DB_USERNAME=postgres -DB_DATABASE_NAME=immich diff --git a/stacks/immich/immich.yml b/stacks/immich/immich.yml deleted file mode 100644 index 87024ef..0000000 --- a/stacks/immich/immich.yml +++ /dev/null @@ -1,84 +0,0 @@ -services: - immich-server: - image: ghcr.io/immich-app/immich-server:release - restart: unless-stopped - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/immich/upload:/usr/src/app/upload - - /etc/localtime:/etc/localtime:ro - networks: - - internal - - proxy - labels: - - "traefik.enable=true" - - "traefik.docker.network=traefik" - - "traefik.http.routers.immich-web.rule=Host(`photos.skrd.fun`)" - - "traefik.http.routers.immich-web.entrypoints=web" - - "traefik.http.routers.immich-web.middlewares=redirect-to-https@file" - - "traefik.http.routers.immich.rule=Host(`photos.skrd.fun`)" - - "traefik.http.routers.immich.entrypoints=websecure" - - "traefik.http.routers.immich.tls.certresolver=cf" - - "traefik.http.services.immich.loadbalancer.server.port=2283" - environment: - DB_PASSWORD: ${DB_PASSWORD} - DB_USERNAME: ${DB_USERNAME} - DB_DATABASE_NAME: ${DB_DATABASE_NAME} - depends_on: - - redis - - database - - immich-machine-learning: - image: ghcr.io/immich-app/immich-machine-learning:release - restart: unless-stopped - networks: - - internal - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/immich/model-cache:/cache - - redis: - image: docker.io/redis:6.2-alpine@sha256:328fe6a5822256d065debb36617a8169dbfbd77b797c525288e465f56c1d392b - restart: unless-stopped - networks: - - internal - healthcheck: - test: redis-cli ping || exit 1 - - database: - image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0 - restart: unless-stopped - networks: - - internal - environment: - POSTGRES_PASSWORD: ${DB_PASSWORD} - POSTGRES_USER: ${DB_USERNAME} - POSTGRES_DB: ${DB_DATABASE_NAME} - POSTGRES_INITDB_ARGS: "--data-checksums" - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/immich/postgres:/var/lib/postgresql/data - healthcheck: - test: pg_isready --dbname='immich' --username='postgres' || exit 1; Chksum="$$(psql --dbname='immich' --username='postgres' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1 - interval: 5m - start_interval: 30s - start_period: 5m - command: - [ - "postgres", - "-c", - "shared_preload_libraries=vectors.so", - "-c", - 'search_path="$$user", public, vectors', - "-c", - "logging_collector=on", - "-c", - "max_wal_size=2GB", - "-c", - "shared_buffers=512MB", - "-c", - "wal_compression=on", - ] - -networks: - internal: - name: immich - proxy: - name: traefik - external: true diff --git a/stacks/jellyfin/.env.example b/stacks/jellyfin/.env.example new file mode 100644 index 0000000..12d94fb --- /dev/null +++ b/stacks/jellyfin/.env.example @@ -0,0 +1,6 @@ +DATA_ROOT="./data" +MEDIA_ANIME="./anime" +MEDIA_MOVIES="./movies" +MEDIA_TV="./tv" + +SERVER_URL="localhost" diff --git a/stacks/jellyfin/compose.traefik.yml b/stacks/jellyfin/compose.traefik.yml new file mode 100644 index 0000000..ad18abf --- /dev/null +++ b/stacks/jellyfin/compose.traefik.yml @@ -0,0 +1,16 @@ +services: + jellyfin: + labels: + - "traefik.enable=true" + - "traefik.http.routers.jellyfin-web.rule=Host(`jelly.skrd.fun`)" + - "traefik.http.routers.jellyfin-web.entrypoints=web" + - "traefik.http.routers.jellyfin-web.middlewares=redirect-to-https@file" + - "traefik.http.routers.jellyfin.rule=Host(`jelly.skrd.fun`)" + - "traefik.http.routers.jellyfin.entrypoints=websecure" + - "traefik.http.routers.jellyfin.tls.certresolver=cf" + - "traefik.http.routers.jellyfin.middlewares=crowdsec@file" + - "traefik.http.services.jellyfin.loadbalancer.server.port=8096" +networks: + default: + name: traefik + external: true diff --git a/stacks/jellyfin/compose.yml b/stacks/jellyfin/compose.yml new file mode 100644 index 0000000..604c726 --- /dev/null +++ b/stacks/jellyfin/compose.yml @@ -0,0 +1,13 @@ +services: + jellyfin: + image: jellyfin/jellyfin + restart: "unless-stopped" + user: 1000:1000 + volumes: + - ${DATA_ROOT}/config:/config + - ${DATA_ROOT}/cache:/cache + - ${MEDIA_ANIME}:/data/anime + - ${MEDIA_MOVIES}:/data/movies + - ${MEDIA_TV}:/data/tv + environment: + - JELLYFIN_PublishedServerUrl=${SERVER_URL} diff --git a/stacks/jellyfin/jellyfin.yml b/stacks/jellyfin/jellyfin.yml deleted file mode 100644 index 083cc0c..0000000 --- a/stacks/jellyfin/jellyfin.yml +++ /dev/null @@ -1,26 +0,0 @@ -services: - jellyfin: - image: jellyfin/jellyfin - restart: "unless-stopped" - user: 1000:1000 - labels: - - "traefik.enable=true" - - "traefik.http.routers.jellyfin-web.rule=Host(`jelly.skrd.fun`)" - - "traefik.http.routers.jellyfin-web.entrypoints=web" - - "traefik.http.routers.jellyfin-web.middlewares=redirect-to-https@file" - - "traefik.http.routers.jellyfin.rule=Host(`jelly.skrd.fun`)" - - "traefik.http.routers.jellyfin.entrypoints=websecure" - - "traefik.http.routers.jellyfin.tls.certresolver=cf" - - "traefik.http.services.jellyfin.loadbalancer.server.port=8096" - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/jellyfin/config:/config - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/jellyfin/cache:/cache - - /srv/dev-disk-by-uuid-5392509c-5ccd-4d8f-8719-60064c4404d6/anime:/data/anime - - /srv/dev-disk-by-uuid-c7a96ee1-c08e-48b1-8afa-79c75380d142/movies:/data/movies - - /srv/dev-disk-by-uuid-c7a96ee1-c08e-48b1-8afa-79c75380d142/tv:/data/tv - environment: - - JELLYFIN_PublishedServerUrl=https://jelly.skrd.fun -networks: - default: - name: traefik - external: true diff --git a/stacks/kavita/.env.example b/stacks/kavita/.env.example new file mode 100644 index 0000000..81b09c9 --- /dev/null +++ b/stacks/kavita/.env.example @@ -0,0 +1,2 @@ +DATA_ROOT="/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker" +MEDIA_BOOKS="/srv/dev-disk-by-uuid-5392509c-5ccd-4d8f-8719-60064c4404d6/books" diff --git a/stacks/kavita/compose.traefik.yml b/stacks/kavita/compose.traefik.yml new file mode 100644 index 0000000..1886fab --- /dev/null +++ b/stacks/kavita/compose.traefik.yml @@ -0,0 +1,19 @@ +services: + kavita: + labels: + - "traefik.enable=true" + - "traefik.http.routers.books-web.rule=Host(`books.skrd.fun`)" + - "traefik.http.routers.books-web.entrypoints=web" + - "traefik.http.routers.books-web.middlewares=redirect-to-https@file" + + - "traefik.http.routers.books.rule=Host(`books.skrd.fun`)" + - "traefik.http.routers.books.entrypoints=websecure" + - "traefik.http.routers.books.middlewares=crowdsec@file" + - "traefik.http.routers.books.tls.certresolver=cf" + + - "traefik.http.services.books.loadbalancer.server.port=5000" + +networks: + default: + name: traefik + external: true diff --git a/stacks/kavita/compose.yml b/stacks/kavita/compose.yml new file mode 100644 index 0000000..1772748 --- /dev/null +++ b/stacks/kavita/compose.yml @@ -0,0 +1,7 @@ +services: + kavita: + image: jvmilazz0/kavita:latest + restart: unless-stopped + volumes: + - "${MEDIA_BOOKS}:/books" + - "${DATA_ROOT}/kavita/config:/kavita/config" diff --git a/stacks/miniflux/.env.example b/stacks/miniflux/.env.example new file mode 100644 index 0000000..b55a5be --- /dev/null +++ b/stacks/miniflux/.env.example @@ -0,0 +1,10 @@ +POSTGRES_USER="miniflux" +POSTGRES_PASSWORD="secret" +POSTGRES_DB="miniflux" + +DATABASE_URL="postgres://miniflux:secret@db/miniflux?sslmode=disable" + +ADMIN_USERNAME="ryuuji" +ADMIN_PASSWORD="secret" + +BASE_URL="https://rss.skrd.fun" diff --git a/stacks/miniflux/compose.traefik.yml b/stacks/miniflux/compose.traefik.yml new file mode 100644 index 0000000..43a1c70 --- /dev/null +++ b/stacks/miniflux/compose.traefik.yml @@ -0,0 +1,26 @@ +services: + miniflux: + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.rss-web.rule=Host(`rss.skrd.fun`)" + - "traefik.http.routers.rss-web.entrypoints=web" + - "traefik.http.routers.rss-web.middlewares=redirect-to-https@file" + - "traefik.http.routers.rss.rule=Host(`rss.skrd.fun`)" + - "traefik.http.routers.rss.entrypoints=websecure" + - "traefik.http.routers.rss.middlewares=crowdsec@file" + - "traefik.http.routers.rss.tls.certresolver=cf" + - "traefik.http.services.rss.loadbalancer.server.port=8080" + networks: + - internal + - proxy + db: + networks: + - internal + +networks: + internal: + name: miniflux + proxy: + name: traefik + external: true diff --git a/stacks/miniflux/compose.yml b/stacks/miniflux/compose.yml new file mode 100644 index 0000000..ee88116 --- /dev/null +++ b/stacks/miniflux/compose.yml @@ -0,0 +1,28 @@ +services: + miniflux: + image: miniflux/miniflux:latest + depends_on: + db: + condition: service_healthy + environment: + DATABASE_URL: ${DATABASE_URL} + RUN_MIGRATIONS: 1 + CREATE_ADMIN: 1 + ADMIN_USERNAME: ${ADMIN_USERNAME} + ADMIN_PASSWORD: ${ADMIN_PASSWORD} + BASE_URL: ${BASE_URL} + db: + image: postgres:18 + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_DB: ${POSTGRES_DB} + volumes: + - miniflux-db:/var/lib/postgresql + healthcheck: + test: ["CMD", "pg_isready", "-U", "miniflux"] + interval: 10s + start_period: 30s + +volumes: + miniflux-db: diff --git a/stacks/moka/moka.env.example b/stacks/moka/moka.env.example deleted file mode 100644 index 81e4985..0000000 --- a/stacks/moka/moka.env.example +++ /dev/null @@ -1,63 +0,0 @@ -APP_NAME=Moka -APP_ENV=production -APP_KEY=secret -APP_DEBUG=false -APP_URL=https://moka.skrd.fun - -APP_LOCALE=es -APP_FALLBACK_LOCALE=en -APP_FAKER_LOCALE=en_US -APP_MAINTENANCE_DRIVER=file - -HTTPS=on -PHP_CLI_SERVER_WORKERS=4 -BCRYPT_ROUNDS=12 - -LOG_CHANNEL=stack -LOG_STACK=single -LOG_DEPRECATIONS_CHANNEL=null -LOG_LEVEL=debug - -DB_CONNECTION=pgsql -DB_HOST=pgsql -DB_PORT=5432 -DB_DATABASE=moka -DB_USERNAME=moka -DB_PASSWORD=secret - -SESSION_DRIVER=database -SESSION_LIFETIME=120 -SESSION_ENCRYPT=false -SESSION_PATH=/ -SESSION_DOMAIN=null - -BROADCAST_CONNECTION=log -FILESYSTEM_DISK=local -QUEUE_CONNECTION=database -CACHE_STORE=database - -MEMCACHED_HOST=127.0.0.1 - -REDIS_CLIENT=phpredis -REDIS_HOST=127.0.0.1 -REDIS_PASSWORD=null -REDIS_PORT=6379 - -MAIL_MAILER=log -MAIL_SCHEME=null -MAIL_HOST=127.0.0.1 -MAIL_PORT=2525 -MAIL_USERNAME=null -MAIL_PASSWORD=null -MAIL_FROM_ADDRESS="hello@example.com" -MAIL_FROM_NAME="${APP_NAME}" - -AWS_ACCESS_KEY_ID= -AWS_SECRET_ACCESS_KEY= -AWS_DEFAULT_REGION=us-east-1 -AWS_BUCKET= -AWS_USE_PATH_STYLE_ENDPOINT=false - -VITE_APP_NAME="${APP_NAME}" -OCTANE_SERVER=frankenphp - diff --git a/stacks/moka/moka.yml b/stacks/moka/moka.yml deleted file mode 100644 index 7283305..0000000 --- a/stacks/moka/moka.yml +++ /dev/null @@ -1,133 +0,0 @@ -services: - moka: - image: git.skrd.fun/skrd/moka:v0.3.9.1 - restart: unless-stopped - env_file: - - .env - environment: - - SERVICE=server - labels: - - "traefik.enable=true" - - "traefik.docker.network=traefik" - - "traefik.http.routers.moka.rule=Host(`moka.skrd.fun`)" - - "traefik.http.routers.moka.entrypoints=websecure" - - "traefik.http.routers.moka.tls.certresolver=cf" - - "traefik.http.services.moka.loadbalancer.server.port=80" - - "traefik.http.routers.moka.middlewares=redirect-to-https@file" - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/moka:/app/storage - depends_on: - redis: - condition: service_healthy - pgsql: - condition: service_healthy - networks: - - internal - - proxy - init: true - healthcheck: - test: - ["CMD-SHELL", "curl -fsS http://localhost:80/up >/dev/null || exit 1"] - interval: 30s - timeout: 5s - - start_period: 20s - - schedule: - image: git.skrd.fun/skrd/moka:v0.3.9.1 - restart: unless-stopped - env_file: - - .env - environment: - - SERVICE=schedule - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/moka:/app/storage - depends_on: - redis: - condition: service_healthy - pgsql: - condition: service_healthy - networks: - - internal - init: true - healthcheck: - test: - ["CMD-SHELL", "pgrep -f 'artisan schedule:work' >/dev/null || exit 1"] - interval: 30s - timeout: 5s - retries: 3 - start_period: 15s - - queue: - image: git.skrd.fun/skrd/moka:v0.3.9.1 - restart: unless-stopped - env_file: - - .env - environment: - - SERVICE=queue - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/moka:/app/storage - depends_on: - redis: - condition: service_healthy - pgsql: - condition: service_healthy - networks: - - internal - init: true - healthcheck: - test: ["CMD-SHELL", "pgrep -f 'artisan queue:work' >/dev/null || exit 1"] - interval: 30s - timeout: 5s - retries: 3 - start_period: 15s - - redis: - image: redis:alpine - restart: unless-stopped - volumes: - - redis_data:/data - networks: - - internal - healthcheck: - test: ["CMD-SHELL", "redis-cli -h 127.0.0.1 ping | grep -q PONG"] - interval: 3s - timeout: 3s - retries: 10 - start_period: 5s - - pgsql: - image: "postgres:18" - restart: unless-stopped - shm_size: 128mb - environment: - PGPASSWORD: "${DB_PASSWORD:-secret}" - POSTGRES_DB: "${DB_DATABASE}" - POSTGRES_USER: "${DB_USERNAME}" - POSTGRES_PASSWORD: "${DB_PASSWORD:-secret}" - volumes: - - postgres_data:/var/lib/postgresql/data - networks: - - internal - init: true - healthcheck: - test: - [ - "CMD-SHELL", - "pg_isready -h 127.0.0.1 -p 5432 -U ${POSTGRES_USER:-postgres} -d ${POSTGRES_DB:-postgres}", - ] - interval: 3s - timeout: 3s - retries: 10 - start_period: 10s - -volumes: - redis_data: - postgres_data: - -networks: - internal: - name: moka - proxy: - name: traefik - external: true diff --git a/stacks/navidrome/.env.example b/stacks/navidrome/.env.example new file mode 100644 index 0000000..cb77802 --- /dev/null +++ b/stacks/navidrome/.env.example @@ -0,0 +1,4 @@ +BASE_URL="http://localhost" + +DATA_DIR="./data" +MEDIA_MUSIC="./music" diff --git a/stacks/navidrome/navidrome.yml b/stacks/navidrome/compose.traefik.yml similarity index 64% rename from stacks/navidrome/navidrome.yml rename to stacks/navidrome/compose.traefik.yml index dfd7a1b..6e3ce90 100644 --- a/stacks/navidrome/navidrome.yml +++ b/stacks/navidrome/compose.traefik.yml @@ -1,10 +1,5 @@ services: navidrome: - image: deluan/navidrome:latest - user: 1000:1000 - restart: unless-stopped - environment: - ND_BASEURL: "https:://navi.skrd.fun" labels: - "traefik.enable=true" - "traefik.http.routers.navidrome-web.rule=Host(`navi.skrd.fun`)" @@ -12,11 +7,9 @@ services: - "traefik.http.routers.navidrome-web.middlewares=redirect-to-https@file" - "traefik.http.routers.navidrome.rule=Host(`navi.skrd.fun`)" - "traefik.http.routers.navidrome.entrypoints=websecure" + - "traefik.http.routers.navidrome.middlewares=crowdsec@file" - "traefik.http.routers.navidrome.tls.certresolver=cf" - "traefik.http.services.navidrome.loadbalancer.server.port=4533" - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/navidrome:/data - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/music:/music:ro networks: default: diff --git a/stacks/navidrome/compose.yml b/stacks/navidrome/compose.yml new file mode 100644 index 0000000..b8257c4 --- /dev/null +++ b/stacks/navidrome/compose.yml @@ -0,0 +1,10 @@ +services: + navidrome: + image: deluan/navidrome:latest + user: 1000:1000 + restart: unless-stopped + environment: + ND_BASEURL: ${BASE_URL} + volumes: + - ${DATA_DIR}:/data + - ${MEDIA_MUSIC}:/music:ro diff --git a/stacks/qbittorrent/.env.example b/stacks/qbittorrent/.env.example new file mode 100644 index 0000000..3234fac --- /dev/null +++ b/stacks/qbittorrent/.env.example @@ -0,0 +1,8 @@ +DATA_DIR=./data +DOWNLOADS_DIR=./downloads + +PUID=1000 +PGID=1000 +TZ=America/Santiago +WEBUI_PORT=80 +TORRENTING_PORT=6881 diff --git a/stacks/qbittorrent/qbittorrent.yml b/stacks/qbittorrent/compose.traefik.yml similarity index 57% rename from stacks/qbittorrent/qbittorrent.yml rename to stacks/qbittorrent/compose.traefik.yml index d80060c..4402604 100644 --- a/stacks/qbittorrent/qbittorrent.yml +++ b/stacks/qbittorrent/compose.traefik.yml @@ -1,18 +1,5 @@ services: qbittorrent: - image: lscr.io/linuxserver/qbittorrent:latest - environment: - - PUID=1000 - - PGID=1000 - - TZ=America/Santiago - - WEBUI_PORT=80 - - TORRENTING_PORT=6881 - ports: - - "6881:6881" - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/qbittorrent:/config:/config - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/downloads:/downloads - restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.qbittorrent-web.rule=Host(`torrent.skrd.fun`)" @@ -20,8 +7,9 @@ services: - "traefik.http.routers.qbittorrent-web.middlewares=redirect-to-https@file" - "traefik.http.routers.qbittorrent.rule=Host(`torrent.skrd.fun`)" - "traefik.http.routers.qbittorrent.entrypoints=websecure" + - "traefik.http.routers.qbittorrent.middlewares=crowdsec@file" - "traefik.http.routers.qbittorrent.tls.certresolver=cf" - - "traefik.http.services.qbittorrent.loadbalancer.server.port=80" + - "traefik.http.services.qbittorrent.loadbalancer.server.port=${WEBUI_PORT}" networks: default: name: traefik diff --git a/stacks/qbittorrent/compose.yml b/stacks/qbittorrent/compose.yml new file mode 100644 index 0000000..331e317 --- /dev/null +++ b/stacks/qbittorrent/compose.yml @@ -0,0 +1,15 @@ +services: + qbittorrent: + image: lscr.io/linuxserver/qbittorrent:latest + environment: + - PUID=${PUID} + - PGID=${PGID} + - TZ=${TZ} + - WEBUI_PORT=${WEBUI_PORT} + - TORRENTING_PORT=${TORRENTING_PORT} + ports: + - "${TORRENTING_PORT}:${TORRENTING_PORT}" + volumes: + - ${DATA_DIR}:/config + - ${DOWNLOADS_DIR}:/downloads + restart: unless-stopped diff --git a/stacks/speedtest/compose.traefik.yml b/stacks/speedtest/compose.traefik.yml new file mode 100644 index 0000000..61f1422 --- /dev/null +++ b/stacks/speedtest/compose.traefik.yml @@ -0,0 +1,17 @@ +services: + speedtest: + labels: + - "traefik.enable=true" + - "traefik.http.routers.speed-web.rule=Host(`speed.skrd.fun`)" + - "traefik.http.routers.speed-web.entrypoints=web" + - "traefik.http.routers.speed-web.middlewares=redirect-to-https@file" + - "traefik.http.routers.speed.rule=Host(`speed.skrd.fun`)" + - "traefik.http.routers.speed.entrypoints=websecure" + - "traefik.http.routers.speed.middlewares=crowdsec@file" + - "traefik.http.routers.speed.tls.certresolver=cf" + - "traefik.http.services.speed.loadbalancer.server.port=3000" + +networks: + default: + name: traefik + external: true diff --git a/stacks/speedtest/compose.yml b/stacks/speedtest/compose.yml new file mode 100644 index 0000000..7434082 --- /dev/null +++ b/stacks/speedtest/compose.yml @@ -0,0 +1,4 @@ +services: + speedtest: + image: openspeedtest/latest + restart: unless-stopped diff --git a/stacks/traefik/.env.example b/stacks/traefik/.env.example new file mode 100644 index 0000000..f496470 --- /dev/null +++ b/stacks/traefik/.env.example @@ -0,0 +1,6 @@ +DATA_ROOT="./data" +DYNAMIC_DIR="./dynamic" + +CF_API_EMAIL=email@example.com +CF_DNS_API_TOKEN=secret +CROWDSEC_LAPI_KEY="secret" diff --git a/stacks/traefik/trafik.yml b/stacks/traefik/compose.yml similarity index 70% rename from stacks/traefik/trafik.yml rename to stacks/traefik/compose.yml index e6857bc..dc35b3c 100644 --- a/stacks/traefik/trafik.yml +++ b/stacks/traefik/compose.yml @@ -1,20 +1,30 @@ services: traefik: image: traefik:v3.5 + restart: unless-stopped command: - "--log.level=DEBUG" - "--accesslog=true" + - "--accesslog.filepath=/logs/traefik-access.log" + - "--accesslog.format=json" + - "--accesslog.filters.statusCodes=200-299, 400-599" + - "--accesslog.bufferingSize=0" + - "--accesslog.fields.headers.defaultMode=drop" + - "--accesslog.fields.headers.names.User-Agent=keep" - "--api.dashboard=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.file.directory=/dynamic" - "--providers.file.watch=true" + - "--serversTransport.insecureSkipVerify=true" - "--entryPoints.web.address=:80" - "--entryPoints.websecure.address=:443" - "--certificatesresolvers.cf.acme.dnschallenge=true" - "--certificatesresolvers.cf.acme.dnschallenge.provider=cloudflare" - "--certificatesresolvers.cf.acme.email=tls@skrd.fun" - "--certificatesresolvers.cf.acme.storage=/letsencrypt/acme.json" + - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin" + - "--experimental.plugins.bouncer.version=v1.4.6" ports: - "80:80" - "443:443" @@ -28,11 +38,12 @@ services: - "traefik.http.routers.dashboard.tls=true" - "traefik.http.routers.dashboard.tls.certresolver=cf" - "traefik.http.routers.dashboard.service=api@internal" - - "traefik.http.routers.dashboard.middlewares=local-only@file" + - "traefik.http.routers.dashboard.middlewares=local-only@file, crowdsec@file" volumes: - "/var/run/docker.sock:/var/run/docker.sock" - - "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/letsencrypt:/letsencrypt" - - "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/dynamic:/dynamic" + - "${DYNAMIC_DIR}:/dynamic" + - "${DATA_ROOT}/traefik/letsencrypt:/letsencrypt" + - "${DATA_ROOT}/traefik/logs:/logs" environment: CF_API_EMAIL: "${CF_API_EMAIL}" CF_DNS_API_TOKEN: "${CF_DNS_API_TOKEN}" diff --git a/stacks/traefik/dynamic/crafty.yml b/stacks/traefik/dynamic/crafty.yml new file mode 100644 index 0000000..2846337 --- /dev/null +++ b/stacks/traefik/dynamic/crafty.yml @@ -0,0 +1,41 @@ +http: + routers: + crafty-web: + rule: Host(`crafty.skrd.fun`) + entryPoints: + - web + middlewares: + - redirect-to-https + service: noop + + crafty: + rule: Host(`crafty.skrd.fun`) + entryPoints: + - websecure + service: crafty-svc + tls: + certResolver: cf + middlewares: + - crafty-headers + + services: + crafty-svc: + loadBalancer: + servers: + - url: "https://192.168.3.3:8443" + serversTransport: crafty-transport + + noop: + loadBalancer: + servers: + - url: "http://0.0.0.0" + + middlewares: + crafty-headers: + headers: + customRequestHeaders: + X-Forwarded-Proto: https + + serversTransports: + crafty-transport: + insecureSkipVerify: true diff --git a/stacks/traefik/dynamic/home-assistant.yml b/stacks/traefik/dynamic/home-assistant.yml index 077424d..d3135d6 100644 --- a/stacks/traefik/dynamic/home-assistant.yml +++ b/stacks/traefik/dynamic/home-assistant.yml @@ -5,7 +5,6 @@ http: entryPoints: - web middlewares: - - local-only - redirect-to-https service: noop home-assistant: @@ -15,8 +14,6 @@ http: service: home-assistant-svc tls: certResolver: cf - middlewares: - - local-only services: home-assistant-svc: loadBalancer: diff --git a/stacks/traefik/dynamic/middlewares.yml b/stacks/traefik/dynamic/middlewares.yml index 95283d3..32a7547 100644 --- a/stacks/traefik/dynamic/middlewares.yml +++ b/stacks/traefik/dynamic/middlewares.yml @@ -12,3 +12,25 @@ http: replacePathRegex: regex: ^/$ replacement: /admin/ + crowdsec: + plugin: + bouncer: + enabled: true + defaultDecisionSeconds: 60 + crowdsecMode: live + crowdsecAppsecEnabled: true + crowdsecAppsecHost: crowdsec:7422 + crowdsecAppsecFailureBlock: true + crowdsecAppsecUnreachableBlock: true + crowdsecLapiKey: mvBM8BzhJ1/P8Lcb72gsIn5JNgQCzwsRSKNuBJqJ/0Q + crowdsecLapiHost: crowdsec:8080 + crowdsecLapiScheme: http + crowdsecLapiTLSInsecureVerify: false + forwardedHeadersTrustedIPs: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + clientTrustedIPs: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 diff --git a/stacks/zenithar/zenithar.env.example b/stacks/zenithar/.env.example similarity index 64% rename from stacks/zenithar/zenithar.env.example rename to stacks/zenithar/.env.example index 5e4f4c5..7e5cac5 100644 --- a/stacks/zenithar/zenithar.env.example +++ b/stacks/zenithar/.env.example @@ -1 +1,2 @@ MARIADB_ROOT_PASSWORD=secret +DATA_DIR=./data diff --git a/stacks/zenithar/compose.yml b/stacks/zenithar/compose.yml new file mode 100644 index 0000000..dd2e84d --- /dev/null +++ b/stacks/zenithar/compose.yml @@ -0,0 +1,11 @@ +version: "3" +services: + db: + image: mariadb + restart: unless-stopped + ports: + - "3306:3306" + environment: + MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD} + volumes: + - ${DATA_DIR}:/var/lib/mysql:Z diff --git a/stacks/zenithar/zenithar.yml b/stacks/zenithar/zenithar.yml deleted file mode 100644 index 3109265..0000000 --- a/stacks/zenithar/zenithar.yml +++ /dev/null @@ -1,11 +0,0 @@ -version: "3" -services: - db: - image: mariadb - restart: unless-stopped - ports: - - "3306:3306" - env_file: - - zenithar.env - volumes: - - /srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/zenithar:/var/lib/mysql:Z