From 6ea1a7c46cee6f733d671c7a715b9e828a40a6a7 Mon Sep 17 00:00:00 2001 From: Justus Grunow Date: Tue, 12 Nov 2024 19:27:39 -0500 Subject: [PATCH] Fixed YAML syntax --- ansible/assets/basementpi/compose.yml.j2 | 125 +++------ ansible/assets/docker-ext/compose.yml.j2 | 329 +++++++++++------------ ansible/assets/docker-int/compose.yml.j2 | 285 ++++++++++---------- ansible/assets/git/compose.yml.j2 | 1 + ansible/assets/gitea/compose.yml.j2 | 1 + 5 files changed, 348 insertions(+), 393 deletions(-) diff --git a/ansible/assets/basementpi/compose.yml.j2 b/ansible/assets/basementpi/compose.yml.j2 index 364af87..3343484 100644 --- a/ansible/assets/basementpi/compose.yml.j2 +++ b/ansible/assets/basementpi/compose.yml.j2 @@ -1,7 +1,5 @@ +--- version: "3.5" - -# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md - networks: network_pihole: ipam: @@ -15,15 +13,13 @@ services: ports: - '80:80' environment: - DEFAULT_HOST: {{ pihole_hostname }}.{{ pihole_domain }} + - DEFAULT_HOST: "{{ pihole_hostname }}.{{ pihole_domain }}" volumes: - '/var/run/docker.sock:/tmp/docker.sock' restart: always networks: network_pihole: ipv4_address: 172.16.3.6 - - pihole: image: pihole/pihole:latest ports: @@ -39,20 +35,20 @@ services: - './etc-dnsmasq.d:/etc/dnsmasq.d' # run `touch ./var-log/pihole.log` first unless you like errors # - './var-log/pihole.log:/var/log/pihole/pihole.log' - # Recommended but not required (DHCP needs NET_ADMIN) - # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + # Recommended but not required (DHCP needs NET_ADMIN) + # https://github.com/pi-hole/docker-pi-hole# note-on-capabilities cap_add: - NET_ADMIN expose: - 80 environment: ServerIP: 10.11.1.10 - PIHOLE_DNS_: unbound#53;{{ pihole_additional_upstream_dnsservers }} - PROXY_LOCATION: {{ pihole_hostname }} - VIRTUAL_HOST: {{ pihole_hostname}}.{{ pihole_domain }} + PIHOLE_DNS_: unbound# 53;{{ pihole_additional_upstream_dnsservers }} + PROXY_LOCATION: "{{ pihole_hostname }}" + VIRTUAL_HOST: "{{ pihole_hostname}}.{{ pihole_domain }}" VIRTUAL_PORT: 80 - WEBPASSWORD: {{ pihole_password }} - FTLCONF_LOCAL_IPV4: {{ pi_ip }} + WEBPASSWORD: "{{ pihole_password }}" + FTLCONF_LOCAL_IPV4: "{{ pi_ip }}" DNSMASQ_LISTENING: all extra_hosts: @@ -101,34 +97,34 @@ services: ipv4_address: 172.16.3.3 porkbunddns: - image: pavlinchen/porkbun-ddns - container_name: porkbun-ddns - restart: always - pull_policy: always - environment: - APIKey: {{ porkbun_api_key }} - SecretAPIKey: {{ porkbun_secret_api_key }} - Domain: {{ porkbun_domain }} - Schedule: "{{ porkbun_cron_sched }}" - TZ: {{ porkbun_tz }} - networks: - network_pihole: - ipv4_address: 172.16.3.4 + image: pavlinchen/porkbun-ddns + container_name: porkbun-ddns + restart: always + pull_policy: always + environment: + APIKey: "{{ porkbun_api_key }}" + SecretAPIKey: "{{ porkbun_secret_api_key }}" + Domain: "{{ porkbun_domain }}" + Schedule: "{{ porkbun_cron_sched }}" + TZ: "{{ porkbun_tz }}" + networks: + network_pihole: + ipv4_address: 172.16.3.4 porkbunddns2: - image: pavlinchen/porkbun-ddns - container_name: porkbun-ddns2 - restart: always - pull_policy: always - environment: - APIKey: {{ porkbun_api_key }} - SecretAPIKey: {{ porkbun_secret_api_key }} - Domain: {{ porkbun_domain2 }} - Schedule: "{{ porkbun_cron_sched }}" - TZ: {{ porkbun_tz }} - networks: - network_pihole: - ipv4_address: 172.16.3.7 + image: pavlinchen/porkbun-ddns + container_name: porkbun-ddns2 + restart: always + pull_policy: always + environment: + APIKey: "{{ porkbun_api_key }}" + SecretAPIKey: "{{ porkbun_secret_api_key }}" + Domain: "{{ porkbun_domain2 }}" + Schedule: "{{ porkbun_cron_sched }}" + TZ: "{{ porkbun_tz }}" + networks: + network_pihole: + ipv4_address: 172.16.3.7 ddclient: image: lscr.io/linuxserver/ddclient:latest @@ -142,7 +138,7 @@ services: restart: unless-stopped wireguard: - depends_on: + depends_on: - pihole networks: network_pihole: @@ -158,53 +154,18 @@ services: - TZ=Canada/Eastern - SERVERURL=vpn.coxgrunow.ca - SERVERPORT=51820 - - PEERS=phone,tedupnorth #oAdded Docker tags to Ansible playbookptional - - PEERDNS=172.16.3.2 #optional - - INTERNAL_SUBNET=10.11.4.0 #optional - - ALLOWEDIPS=10.11.1.0/24,172.16.3.2 #optional + - PEERS=phone,tedupnorth # oAdded Docker tags to Ansible playbookptional + - PEERDNS=172.16.3.2 # optional + - INTERNAL_SUBNET=10.11.4.0 # optional + - ALLOWEDIPS=10.11.1.0/24,172.16.3.2 # optional - SERVER_ALLOWEDIPS_PEER_tedupnorth=10.10.0.0/16 - - PERSISTENTKEEPALIVE_PEERS=all #optional - for dynamic DNS - - LOG_CONFS=true #optional + - PERSISTENTKEEPALIVE_PEERS=all # optional - for dynamic DNS + - LOG_CONFS=true # optional volumes: - ./wireguard/config:/config - - /lib/modules:/lib/modules #optional + - /lib/modules:/lib/modules # optional ports: - 51820:51820/udp sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped - -# Another container you might want to have running through the proxy -# Note it also have ENV Vars like pihole and a host under pihole's extra_hosts -# ghost: -# image: fractalf/ghost -# ports: -# - '2368:2368/tcp' -# volumes: -# - '/etc/ghost:/ghost-override' -# environment: -# PROXY_LOCATION: ghost -# VIRTUAL_HOST: ghost.yourDomain.lan -# VIRTUAL_PORT: 2368 -# restart: always - -# homeassistant: -# container_name: homeassistant -# image: "ghcr.io/home-assistant/home-assistant:stable" -# volumes: -# - ./homeassistant/config:/config -# - /etc/localtime:/etc/localtime:ro -# restart: unless-stopped -# privileged: true -# network_mode: host -# #environment: -# # - VIRTUAL_HOST=homeassistant.coxgrunow.ca -# # - VIRTUAL_PORT=8123 - yacy: - container_name: yacy - image: "docker.io/yacy/yacy_search_server:aarch64-latest" - volumes: - - ./yacy:/opt/yacy_search_server/DATA - ports: - - 8090:8090/tcp - - 8443:8443/tcp diff --git a/ansible/assets/docker-ext/compose.yml.j2 b/ansible/assets/docker-ext/compose.yml.j2 index 2adeebb..18c8001 100644 --- a/ansible/assets/docker-ext/compose.yml.j2 +++ b/ansible/assets/docker-ext/compose.yml.j2 @@ -8,7 +8,7 @@ services: depends_on: - crowdsec # Enables the web UI and tells Traefik to listen to docker - command: + command: - "--api.insecure=true" - "--providers.docker=true" - "--providers.file=true" @@ -23,7 +23,7 @@ services: - "--entrypoints.web.http.redirections.entrypoint.scheme=https" - --experimental.plugins.crowdsec-bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin - --experimental.plugins.crowdsec-bouncer.version=v1.2.1 - #- "--certificatesresolvers.myresolver.acme.tlschallenge=true" + # - "--certificatesresolvers.myresolver.acme.tlschallenge=true" ports: # The HTTP port - "80:80" @@ -33,7 +33,7 @@ services: volumes: # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock - #- ./traefik/traefik.yml:/etc/traefik/traefik.yml + # - ./traefik/traefik.yml:/etc/traefik/traefik.yml - ./traefik:/etc/traefik - ./letsencrypt:/letsencrypt - "./logsTraefik:/var/log/traefik" @@ -48,28 +48,27 @@ services: - "traefik.http.middlewares.authchain.chain.middlewares=crowdsec@docker,authentik@docker" - "traefik.http.middlewares.internalOnly.ipallowlist.sourcerange=192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12" - "traefik.http.middlewares.internalOnlyWithAuth.chain.middlewares=internalOnly@docker,crowdsec@docker,authentik@docker" - - #ddclient: - # image: lscr.io/linuxserver/ddclient:latest - # container_name: ddclient - # environment: - # - PUID=1000 - # - PGID=1000 - # - TZ=America/Thunder_Bay - # volumes: - # - ./ddclient/:/config - # restart: unless-stopped - #porkbunddns: - # image: pavlinchen/porkbun-ddns - # container_name: porkbun-ddns - # restart: unless-stopped - # pull_policy: always - # environment: - # APIKey: pk1_6896ac0da1af81d9b7ae1ef0ee65b7f8bc655fc0099588e1db9bb9708da2d2ec - # SecretAPIKey: k1_8c0d61edd906856c4f4f979b6207049ea0b0b50aec5759dacb86c24cb0bf001d - # Domain: mycomputer.party wiki - # Schedule: "*/5 * * * *" #optional - # TZ: Canada/Eastern #optional + # ddclient: + # image: lscr.io/linuxserver/ddclient:latest + # container_name: ddclient + # environment: + # - PUID=1000 + # - PGID=1000 + # - TZ=America/Thunder_Bay + # volumes: + # - ./ddclient/:/config + # restart: unless-stopped + # porkbunddns: + # image: pavlinchen/porkbun-ddns + # container_name: porkbun-ddns + # restart: unless-stopped + # pull_policy: always + # environment: + # APIKey: pk1_6896ac0da1af81d9b7ae1ef0ee65b7f8bc655fc0099588e1db9bb9708da2d2ec + # SecretAPIKey: k1_8c0d61edd906856c4f4f979b6207049ea0b0b50aec5759dacb86c24cb0bf001d + # Domain: mycomputer.party wiki + # Schedule: "*/5 * * * *" #optional + # TZ: Canada/Eastern #optional dokuwiki: image: bitnami/dokuwiki:20240206 restart: unless-stopped @@ -82,7 +81,7 @@ services: volumes: - ./dokuwiki:/bitnami/dokuwiki networks: - - backend + - backend labels: - "traefik.enable=true" - "traefik.http.routers.dokuwiki.rule=Host(`wiki.mycomputer.party`)" @@ -91,31 +90,31 @@ services: - traefik.http.routers.dokuwiki.tls=true - "traefik.http.routers.dokuwiki.middlewares=crowdsec@docker" mail-server: - tty: true - stdin_open: true - restart: unless-stopped - ports: - - 8443:443 - - 8008:8080 - - 25:25 - - 587:587 - - 465:465 - - 143:143 - - 993:993 - - 4190:4190 - volumes: - - ./stalwart-mail:/opt/stalwart-mail - container_name: stalwart-mail - image: stalwartlabs/mail-server:latest - labels: - - "traefik.enable=true" - - "traefik.http.routers.stalwart.rule=Host(`stalwart.mycomputer.party`)" - - "traefik.http.routers.stalwart.entrypoints=websecure" - - "traefik.http.routers.stalwart.tls.certresolver=myresolver" - - "traefik.http.routers.stalwart.tls=true" - - "traefik.http.services.stalwart-http.loadbalancer.server.port=8080" + tty: true + stdin_open: true + restart: unless-stopped + ports: + - 8443:443 + - 8008:8080 + - 25:25 + - 587:587 + - 465:465 + - 143:143 + - 993:993 + - 4190:4190 + volumes: + - ./stalwart-mail:/opt/stalwart-mail + container_name: stalwart-mail + image: stalwartlabs/mail-server:latest + labels: + - "traefik.enable=true" + - "traefik.http.routers.stalwart.rule=Host(`stalwart.mycomputer.party`)" + - "traefik.http.routers.stalwart.entrypoints=websecure" + - "traefik.http.routers.stalwart.tls.certresolver=myresolver" + - "traefik.http.routers.stalwart.tls=true" + - "traefik.http.services.stalwart-http.loadbalancer.server.port=8080" # --- MariaDB - #linkace-db: + # linkace-db: # image: mariadb:11.2 # container_name: linkace-db # restart: unless-stopped @@ -129,7 +128,7 @@ services: # - db:/var/lib/mysql ## --- LinkAce Image with PHP and nginx - #linkace-app: + # linkace-app: # image: linkace/linkace:simple # container_name: linkace-app # restart: unless-stopped @@ -176,7 +175,7 @@ services: restart: unless-stopped image: wallabag/wallabag environment: - #- MYSQL_ROOT_PASSWORD=wallaroot + # - MYSQL_ROOT_PASSWORD=wallaroot - POSTGRES_USER=wallabag - POSTGRES_PASSWORD=Mo8ntF92q5oWNV6TbS7t - SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql @@ -287,52 +286,52 @@ services: # - ./proxies.json:/datastore/proxies.json environment: - # Default listening port, can also be changed with the -p option - # - PORT=5000 + # Default listening port, can also be changed with the -p option + # - PORT=5000 - # - PUID=1000 - # - PGID=1000 - # - # Log levels are in descending order. (TRACE is the most detailed one) - # Log output levels: TRACE, DEBUG(default), INFO, SUCCESS, WARNING, ERROR, CRITICAL - # - LOGGER_LEVEL=DEBUG - # - # Alternative WebDriver/selenium URL, do not use "'s or 's! - # - WEBDRIVER_URL=http://browser-chrome:4444/wd/hub - # - # WebDriver proxy settings webdriver_proxyType, webdriver_ftpProxy, webdriver_noProxy, - # webdriver_proxyAutoconfigUrl, webdriver_autodetect, - # webdriver_socksProxy, webdriver_socksUsername, webdriver_socksVersion, webdriver_socksPassword - # - # https://selenium-python.readthedocs.io/api.html#module-selenium.webdriver.common.proxy - # - # Alternative Playwright URL, do not use "'s or 's! - # - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000 - # - # Playwright proxy settings playwright_proxy_server, playwright_proxy_bypass, playwright_proxy_username, playwright_proxy_password - # - # https://playwright.dev/python/docs/api/class-browsertype#browser-type-launch-option-proxy - # - # Plain requests - proxy support example. - # - HTTP_PROXY=socks5h://10.10.1.10:1080 - # - HTTPS_PROXY=socks5h://10.10.1.10:1080 - # - # An exclude list (useful for notification URLs above) can be specified by with - # - NO_PROXY="localhost,192.168.0.0/24" - # - # Base URL of your changedetection.io install (Added to the notification alert) + # - PUID=1000 + # - PGID=1000 + # + # Log levels are in descending order. (TRACE is the most detailed one) + # Log output levels: TRACE, DEBUG(default), INFO, SUCCESS, WARNING, ERROR, CRITICAL + # - LOGGER_LEVEL=DEBUG + # + # Alternative WebDriver/selenium URL, do not use "'s or 's! + # - WEBDRIVER_URL=http://browser-chrome:4444/wd/hub + # + # WebDriver proxy settings webdriver_proxyType, webdriver_ftpProxy, webdriver_noProxy, + # webdriver_proxyAutoconfigUrl, webdriver_autodetect, + # webdriver_socksProxy, webdriver_socksUsername, webdriver_socksVersion, webdriver_socksPassword + # + # https://selenium-python.readthedocs.io/api.html#module-selenium.webdriver.common.proxy + # + # Alternative Playwright URL, do not use "'s or 's! + # - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000 + # + # Playwright proxy settings playwright_proxy_server, playwright_proxy_bypass, playwright_proxy_username, playwright_proxy_password + # + # https://playwright.dev/python/docs/api/class-browsertype#browser-type-launch-option-proxy + # + # Plain requests - proxy support example. + # - HTTP_PROXY=socks5h://10.10.1.10:1080 + # - HTTPS_PROXY=socks5h://10.10.1.10:1080 + # + # An exclude list (useful for notification URLs above) can be specified by with + # - NO_PROXY="localhost,192.168.0.0/24" + # + # Base URL of your changedetection.io install (Added to the notification alert) - BASE_URL=https://changedetection.mycomputer.party - # Respect proxy_pass type settings, `proxy_set_header Host "localhost";` and `proxy_set_header X-Forwarded-Prefix /app;` - # More here https://github.com/dgtlmoon/changedetection.io/wiki/Running-changedetection.io-behind-a-reverse-proxy-sub-directory + # Respect proxy_pass type settings, `proxy_set_header Host "localhost";` and `proxy_set_header X-Forwarded-Prefix /app;` + # More here https://github.com/dgtlmoon/changedetection.io/wiki/Running-changedetection.io-behind-a-reverse-proxy-sub-directory - USE_X_SETTINGS=1 - # - # Hides the `Referer` header so that monitored websites can't see the changedetection.io hostname. - #- HIDE_REFERER=true - # - # Default number of parallel/concurrent fetchers - # - FETCH_WORKERS=10 + # + # Hides the `Referer` header so that monitored websites can't see the changedetection.io hostname. + # - HIDE_REFERER=true + # + # Default number of parallel/concurrent fetchers + # - FETCH_WORKERS=10 - # Comment out ports: when using behind a reverse proxy , enable networks: etc. + # Comment out ports: when using behind a reverse proxy , enable networks: etc. ports: - 5000:5000 restart: unless-stopped @@ -351,41 +350,41 @@ services: # If WEBDRIVER or PLAYWRIGHT are enabled, changedetection container depends on that # and must wait before starting (substitute "browser-chrome" with "playwright-chrome" if last one is used) -# depends_on: -# browser-chrome: -# condition: service_started + # depends_on: + # browser-chrome: + # condition: service_started # Used for fetching pages via Playwright+Chrome where you need Javascript support. # RECOMMENDED FOR FETCHING PAGES WITH CHROME -# playwright-chrome: -# hostname: playwright-chrome -# image: dgtlmoon/sockpuppetbrowser:latest -# cap_add: -# - SYS_ADMIN -## SYS_ADMIN might be too much, but it can be needed on your platform https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md#running-puppeteer-on-gitlabci -# restart: unless-stopped -# environment: -# - SCREEN_WIDTH=1920 -# - SCREEN_HEIGHT=1024 -# - SCREEN_DEPTH=16 -# - MAX_CONCURRENT_CHROME_PROCESSES=10 + # playwright-chrome: + # hostname: playwright-chrome + # image: dgtlmoon/sockpuppetbrowser:latest + # cap_add: + # - SYS_ADMIN + ## SYS_ADMIN might be too much, but it can be needed on your platform https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md#running-puppeteer-on-gitlabci + # restart: unless-stopped + # environment: + # - SCREEN_WIDTH=1920 + # - SCREEN_HEIGHT=1024 + # - SCREEN_DEPTH=16 + # - MAX_CONCURRENT_CHROME_PROCESSES=10 # Used for fetching pages via Playwright+Chrome where you need Javascript support. # Note: Works well but is deprecated, does not fetch full page screenshots (doesnt work with Visual Selector) # Does not report status codes (200, 404, 403) and other issues -# browser-chrome: -# hostname: browser-chrome -# image: selenium/standalone-chrome:4 -# environment: -# - VNC_NO_PASSWORD=1 -# - SCREEN_WIDTH=1920 -# - SCREEN_HEIGHT=1080 -# - SCREEN_DEPTH=24 -# volumes: -# # Workaround to avoid the browser crashing inside a docker container -# # See https://github.com/SeleniumHQ/docker-selenium#quick-start -# - /dev/shm:/dev/shm -# restart: unless-stopped + # browser-chrome: + # hostname: browser-chrome + # image: selenium/standalone-chrome:4 + # environment: + # - VNC_NO_PASSWORD=1 + # - SCREEN_WIDTH=1920 + # - SCREEN_HEIGHT=1080 + # - SCREEN_DEPTH=24 + # volumes: + # # Workaround to avoid the browser crashing inside a docker container + # # See https://github.com/SeleniumHQ/docker-selenium#quick-start + # - /dev/shm:/dev/shm + # restart: unless-stopped healthchecks: container_name: healthchecks @@ -394,12 +393,12 @@ services: # and uncomment the following line: image: healthchecks/healthchecks:latest env_file: - - .healthchecks-env + - .healthchecks-env ports: - - "8011:8000" - # To enable SMTP on port 2525, set SMTPD_PORT=2525 in .env - # and uncomment the following line: - # - "2525:2525" + - "8011:8000" + # To enable SMTP on port 2525, set SMTPD_PORT=2525 in .env + # and uncomment the following line: + # - "2525:2525" command: bash -c 'uwsgi /opt/healthchecks/docker/uwsgi.ini' labels: - "traefik.enable=true" @@ -411,7 +410,7 @@ services: - "traefik.http.routers.healthchecks.middlewares=authchain@docker" apache: image: php:7.2-apache - volumes: + volumes: - ./apache:/var/www/html ports: - 8012:80 @@ -428,7 +427,7 @@ services: - backend apache2: image: php:7.2-apache - volumes: + volumes: - ./apache:/var/www/html ports: - 8013:80 @@ -440,32 +439,32 @@ services: - "traefik.http.routers.apache2.tls.certresolver=myresolver" - "traefik.http.routers.apache2.tls=true" - "traefik.http.services.apache2-http.loadbalancer.server.port=80" - #- traefik.http.routers.apache2.middlewares=authchain@docker + # - traefik.http.routers.apache2.middlewares=authchain@docker networks: - backend - #wireguard: - # image: lscr.io/linuxserver/wireguard - # container_name: wireguard - # cap_add: - # - NET_ADMIN - # - SYS_MODULE - # environment: - # - PUID=1001 - # - PGID=1001 - # - TZ=America/Thunder_Bay - # - PEERS=thelma - # - INTERNAL_SUBNET=10.11.20.0/24 - # - ALLOWEDIPS=10.11.0.0/16 - # volumes: - # - ./wireguard:/config - # - /lib/modules:/lib/modules - # networks: - # wireguard: - # ipv4_address: 172.20.0.50 - # sysctls: - # - net.ipv4.conf.all.src_valid_mark=1 - # restart: unless-stopped + # wireguard: + # image: lscr.io/linuxserver/wireguard + # container_name: wireguard + # cap_add: + # - NET_ADMIN + # - SYS_MODULE + # environment: + # - PUID=1001 + # - PGID=1001 + # - TZ=America/Thunder_Bay + # - PEERS=thelma + # - INTERNAL_SUBNET=10.11.20.0/24 + # - ALLOWEDIPS=10.11.0.0/16 + # volumes: + # - ./wireguard:/config + # - /lib/modules:/lib/modules + # networks: + # wireguard: + # ipv4_address: 172.20.0.50 + # sysctls: + # - net.ipv4.conf.all.src_valid_mark=1 + # restart: unless-stopped crowdsec: image: crowdsecurity/crowdsec container_name: crowdsec @@ -477,7 +476,7 @@ services: expose: - "8080" volumes: - #- ./crowdsec/logs:/var/log/crowdsec:ro + # - ./crowdsec/logs:/var/log/crowdsec:ro - ./crowdsec/db:/var/lib/crowdsec/data - /var/log:/var/log:ro - ./crowdsec/opt:/etc/crowdsec @@ -486,10 +485,10 @@ services: restart: unless-stopped labels: - "traefik.enable=false" - #- "traefik.http.routers.crowdsec.rule=Host(`crowdsec.mycomputer.party`)" - #- "traefik.http.routers.crowdsec.entrypoints=websecure" - #- "traefik.http.routers.crowdsec.tls.certresolver=myresolver" - #- "traefik.http.routers.crowdsec.tls=true" + # - "traefik.http.routers.crowdsec.rule=Host(`crowdsec.mycomputer.party`)" + # - "traefik.http.routers.crowdsec.entrypoints=websecure" + # - "traefik.http.routers.crowdsec.tls.certresolver=myresolver" + # - "traefik.http.routers.crowdsec.tls=true" networks: - proxy - backend @@ -554,10 +553,10 @@ services: DB_NAME: wikijs restart: unless-stopped labels: - - "traefik.http.routers.wiki.rule=Host(`wikijs.mycomputer.party`)" - - traefik.http.routers.wiki.tls=true - - "traefik.http.routers.wiki.entrypoints=websecure" - - "traefik.http.routers.wiki.tls.certresolver=myresolver" + - "traefik.http.routers.wiki.rule=Host(`wikijs.mycomputer.party`)" + - traefik.http.routers.wiki.tls=true + - "traefik.http.routers.wiki.entrypoints=websecure" + - "traefik.http.routers.wiki.tls.certresolver=myresolver" # immich-server: # container_name: immich_server @@ -621,9 +620,6 @@ services: # # test: redis-cli ping || exit 1 # # restart: always - - - volumes: linkace_logs: db: @@ -641,7 +637,4 @@ networks: backend: proxy: docker_default: - external: True - - - + external: true diff --git a/ansible/assets/docker-int/compose.yml.j2 b/ansible/assets/docker-int/compose.yml.j2 index b83d528..d1bd799 100644 --- a/ansible/assets/docker-int/compose.yml.j2 +++ b/ansible/assets/docker-int/compose.yml.j2 @@ -1,39 +1,40 @@ +--- version: '3.3' services: traefik: - container_name: traefik - # The official v2 Traefik docker image - image: traefik:v2.11 - # Enables the web UI and tells Traefik to listen to docker - command: - - --api.insecure=true - - --providers.docker - - "--log.filePath=/var/log/traefik/traefik.log" - - "--entryPoints.web.address=:80" - - "--entryPoints.websecure.address=:443" - - "--certificatesresolvers.myresolver.acme.dnschallenge=true" - - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare" - #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - - "--certificatesresolvers.myresolver.acme.email=jg@justus.ws" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - ports: - # The HTTP port - - "80:80" - - "443:443" - # The Web UI (enabled by --api.insecure=true) - - "8080:8080" - volumes: - # So that Traefik can listen to the Docker events - - /var/run/docker.sock:/var/run/docker.sock - - "./letsencrypt:/letsencrypt" - - "./logsTraefik:/var/log/traefik" - environment: - - "CF_API_KEY=4fa4711ae24bd19c1c17a06ce2ec6b3fa7629" - - "CF_API_EMAIL=jg@justus.ws" - #squid: + container_name: traefik + # The official v2 Traefik docker image + image: traefik:v2.11 + # Enables the web UI and tells Traefik to listen to docker + command: + - --api.insecure=true + - --providers.docker + - "--log.filePath=/var/log/traefik/traefik.log" + - "--entryPoints.web.address=:80" + - "--entryPoints.websecure.address=:443" + - "--certificatesresolvers.myresolver.acme.dnschallenge=true" + - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare" + # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + - "--certificatesresolvers.myresolver.acme.email=jg@justus.ws" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + ports: + # The HTTP port + - "80:80" + - "443:443" + # The Web UI (enabled by --api.insecure=true) + - "8080:8080" + volumes: + # So that Traefik can listen to the Docker events + - /var/run/docker.sock:/var/run/docker.sock + - "./letsencrypt:/letsencrypt" + - "./logsTraefik:/var/log/traefik" + environment: + - "CF_API_KEY=4fa4711ae24bd19c1c17a06ce2ec6b3fa7629" + - "CF_API_EMAIL=jg@justus.ws" + # squid: # container_name: squid # volumes: - # #- '/root/docker/squid/logs:/var/log/squid' + # # - '/root/docker/squid/logs:/var/log/squid' # # - '/root/docker/squid/data:/var/spool/squid' # - '/root/docker/squid/squid.conf:/etc/squid/squid.conf' # # - '/rood/docker/squid/config-snippet:/etc/squid/conf.d/snippet.conf' @@ -42,130 +43,128 @@ services: # ports: # - '3128:3128' # image: 'ubuntu/squid:5.2-22.04_beta' - # #yacy_search_server: + # # yacy_search_server: # # container_name: yacy # # ports: # # - '8090:8090' # # - '8443:8443' # # logging: - # # options: + # # options: # # max-size: 200 # # max-file: 2 # # image: 'yacy/yacy_search_server:latest' paperless-broker: - image: docker.io/library/redis:7 - container_name: paperless-broker - restart: unless-stopped - volumes: - - redisdata:/data - - # db: - # image: docker.io/library/postgres:15 - # restart: unless-stopped - # volumes: - # - pgdata:/var/lib/postgresql/data - # environment: - # POSTGRES_DB: paperless - # POSTGRES_USER: paperless - # POSTGRES_PASSWORD: paperless - + image: docker.io/library/redis:7 + container_name: paperless-broker + restart: unless-stopped + volumes: + - redisdata:/data + # db: + # image: docker.io/library/postgres:15 + # restart: unless-stopped + # volumes: + # - pgdata:/var/lib/postgresql/data + # environment: + # POSTGRES_DB: paperless + # POSTGRES_USER: paperless + # POSTGRES_PASSWORD: paperless paperless-webserver: - image: ghcr.io/paperless-ngx/paperless-ngx:latest - container_name: paperless-webserver - restart: unless-stopped - depends_on: - # - db - - paperless-broker - ports: - - "8000:8000" - volumes: - - data:/usr/src/paperless/data - - media:/usr/src/paperless/media - - export:/usr/src/paperless/export - - consume:/usr/src/paperless/consume - env_file: docker-compose.env - #environment: - labels: - - "traefik.http.routers.paperless.rule=Host(`paperless.injust.us`)" - - "traefik.http.routers.paperless.entrypoints=websecure" - - traefik.http.routers.paperless.tls=true - - "traefik.http.routers.paperless.tls.certresolver=myresolver" + image: ghcr.io/paperless-ngx/paperless-ngx:latest + container_name: paperless-webserver + restart: unless-stopped + depends_on: + # - db + - paperless-broker + ports: + - "8000:8000" + volumes: + - data:/usr/src/paperless/data + - media:/usr/src/paperless/media + - export:/usr/src/paperless/export + - consume:/usr/src/paperless/consume + env_file: docker-compose.env + # environment: + labels: + - "traefik.http.routers.paperless.rule=Host(`paperless.injust.us`)" + - "traefik.http.routers.paperless.entrypoints=websecure" + - traefik.http.routers.paperless.tls=true + - "traefik.http.routers.paperless.tls.certresolver=myresolver" webdav: - container_name: webdav - image: ionelmc/webdav - restart: unless-stopped - ports: - - "8081:8080" - environment: - WEBDAV_USERNAME: alice - WEBDAV_PASSWORD: secret1234 - UID: 1001 - volumes: - - ./consume:/media - #webdav: - # container_name: webdav - # image: bytemark/webdav - # restart: unless-stopped - # ports: - # - "8081:80" - # environment: - # AUTH_TYPE: Digest - # USERNAME: alice - # PASSWORD: secret1234 - # volumes: - # - consume:/var/lib/dav/data/ScannerPro - labels: - - "traefik.http.routers.webdav.rule=Host(`webdav.injust.us`)" + container_name: webdav + image: ionelmc/webdav + restart: unless-stopped + ports: + - "8081:8080" + environment: + WEBDAV_USERNAME: alice + WEBDAV_PASSWORD: secret1234 + UID: 1001 + volumes: + - ./consume:/media + # webdav: + # container_name: webdav + # image: bytemark/webdav + # restart: unless-stopped + # ports: + # - "8081:80" + # environment: + # AUTH_TYPE: Digest + # USERNAME: alice + # PASSWORD: secret1234 + # volumes: + # - consume:/var/lib/dav/data/ScannerPro + labels: + - "traefik.http.routers.webdav.rule=Host(`webdav.injust.us`)" testweb: - image: httpd:2.4 - ports: - - "8008:80" - volumes: - - ./htdocs:/usr/local/apache2/htdocs/ - labels: - - "traefik.http.routers.testweb.rule=Host(`testweb.injust.us`)" - - traefik.http.routers.testweb.tls=true - - "traefik.http.routers.testweb.entrypoints=websecure" - - "traefik.http.routers.testweb.tls.certresolver=myresolver" + image: httpd:2.4 + ports: + - "8008:80" + volumes: + - ./htdocs:/usr/local/apache2/htdocs/ + labels: + - "traefik.http.routers.testweb.rule=Host(`testweb.injust.us`)" + - traefik.http.routers.testweb.tls=true + - "traefik.http.routers.testweb.entrypoints=websecure" + - "traefik.http.routers.testweb.tls.certresolver=myresolver" actual_server: - image: docker.io/actualbudget/actual-server:latest - ports: - # This line makes Actual available at port 5006 of the device you run the server on, - # i.e. http://localhost:5006. You can change the first number to change the port, if you want. - - '5006:5006' - #environment: - # Uncomment any of the lines below to set configuration options. - # - ACTUAL_HTTPS_KEY=/data/selfhost.key - # - ACTUAL_HTTPS_CERT=/data/selfhost.crt - # - ACTUAL_PORT=5006 - # - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20 - # - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50 - # - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20 - # See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration - # !! If you are not using any of these options, remove the 'environment:' tag entirely. - volumes: - # Change './actual-data' below to the path to the folder you want Actual to store its data in on your server. - # '/data' is the path Actual will look for its files in by default, so leave that as-is. - - ./actual-data:/data - labels: - - "traefik.http.routers.actual.rule=Host(`actual.injust.us`)" - - traefik.http.routers.actual.tls=true - - "traefik.http.routers.actual.entrypoints=websecure" - - "traefik.http.routers.actual.tls.certresolver=myresolver" - restart: unless-stopped + image: docker.io/actualbudget/actual-server:latest + ports: + # This line makes Actual available at port 5006 of the device you run the server on, + # i.e. http://localhost:5006. You can change the first number to change the port, if you want. + - '5006:5006' + # environment: + # Uncomment any of the lines below to set configuration options. + # - ACTUAL_HTTPS_KEY=/data/selfhost.key + # - ACTUAL_HTTPS_CERT=/data/selfhost.crt + # - ACTUAL_PORT=5006 + # - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20 + # - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50 + # - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20 + # See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration + # !! If you are not using any of these options, remove the 'environment:' tag entirely. + volumes: + # Change './actual-data' below to the path to the folder you want Actual to store its data in on your server. + # '/data' is the path Actual will look for its files in by default, so leave that as-is. + - ./actual-data:/data + labels: + - "traefik.http.routers.actual.rule=Host(`actual.injust.us`)" + - traefik.http.routers.actual.tls=true + - "traefik.http.routers.actual.entrypoints=websecure" + - "traefik.http.routers.actual.tls.certresolver=myresolver" + restart: unless-stopped volumes: - data: - media: - pgdata: - redisdata: - consume: - driver_opts: - type: "nfs" - o: "addr=omv.injust.us,nolock,soft,rw" - device: ":/export/Paperless" - export: - driver_opts: - type: "nfs" - o: "addr=omv.injust.us,nolock,soft,rw" - device: ":/export/Paperless_Export" + data: + media: + pgdata: + redisdata: + consume: + driver_opts: + type: "nfs" + o: "addr=omv.injust.us,nolock,soft,rw" + device: ":/export/Paperless" + export: + driver_opts: + type: "nfs" + o: "addr=omv.injust.us,nolock,soft,rw" + device: ":/export/Paperless_Export" diff --git a/ansible/assets/git/compose.yml.j2 b/ansible/assets/git/compose.yml.j2 index 1723562..76689dc 100644 --- a/ansible/assets/git/compose.yml.j2 +++ b/ansible/assets/git/compose.yml.j2 @@ -1,3 +1,4 @@ +--- version: "3" networks: diff --git a/ansible/assets/gitea/compose.yml.j2 b/ansible/assets/gitea/compose.yml.j2 index 70fff78..85435f6 100644 --- a/ansible/assets/gitea/compose.yml.j2 +++ b/ansible/assets/gitea/compose.yml.j2 @@ -1,3 +1,4 @@ +--- version: '3.3' services: runner: