justus/Homelab-Ansible
1
0
Fork 0
Code Issues 4 Pull Requests 10 Actions Packages Projects Releases Wiki Activity

Fixed YAML syntax

Browse Source
This commit is contained in:
Justus Grunow 2024-11-12 19:27:39 -05:00
parent 53aa9d7f1c
commit 6ea1a7c46c
5 changed files with 348 additions and 393 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
ansible/assets/basementpi/compose.yml.j2
View File

@ -1,7 +1,5 @@
---
version: "3.5"
# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
networks:
network_pihole:
ipam:
@ -15,15 +13,13 @@ services:
ports:
- '80:80'
environment:
DEFAULT_HOST: {{ pihole_hostname }}.{{ pihole_domain }}
- DEFAULT_HOST: "{{ pihole_hostname }}.{{ pihole_domain }}"
volumes:
- '/var/run/docker.sock:/tmp/docker.sock'
restart: always
networks:
network_pihole:
ipv4_address: 172.16.3.6
pihole:
image: pihole/pihole:latest
ports:
@ -39,20 +35,20 @@ services:
- './etc-dnsmasq.d:/etc/dnsmasq.d'
# run `touch ./var-log/pihole.log` first unless you like errors
# - './var-log/pihole.log:/var/log/pihole/pihole.log'
# Recommended but not required (DHCP needs NET_ADMIN)
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# Recommended but not required (DHCP needs NET_ADMIN)
# https://github.com/pi-hole/docker-pi-hole# note-on-capabilities
cap_add:
- NET_ADMIN
expose:
- 80
environment:
ServerIP: 10.11.1.10
PIHOLE_DNS_: unbound#53;{{ pihole_additional_upstream_dnsservers }}
PROXY_LOCATION: {{ pihole_hostname }}
VIRTUAL_HOST: {{ pihole_hostname}}.{{ pihole_domain }}
PIHOLE_DNS_: unbound# 53;{{ pihole_additional_upstream_dnsservers }}
PROXY_LOCATION: "{{ pihole_hostname }}"
VIRTUAL_HOST: "{{ pihole_hostname}}.{{ pihole_domain }}"
VIRTUAL_PORT: 80
WEBPASSWORD: {{ pihole_password }}
FTLCONF_LOCAL_IPV4: {{ pi_ip }}
WEBPASSWORD: "{{ pihole_password }}"
FTLCONF_LOCAL_IPV4: "{{ pi_ip }}"
DNSMASQ_LISTENING: all
extra_hosts:
@ -101,34 +97,34 @@ services:
ipv4_address: 172.16.3.3
porkbunddns:
image: pavlinchen/porkbun-ddns
container_name: porkbun-ddns
restart: always
pull_policy: always
environment:
APIKey: {{ porkbun_api_key }}
SecretAPIKey: {{ porkbun_secret_api_key }}
Domain: {{ porkbun_domain }}
Schedule: "{{ porkbun_cron_sched }}"
TZ: {{ porkbun_tz }}
networks:
network_pihole:
ipv4_address: 172.16.3.4
image: pavlinchen/porkbun-ddns
container_name: porkbun-ddns
restart: always
pull_policy: always
environment:
APIKey: "{{ porkbun_api_key }}"
SecretAPIKey: "{{ porkbun_secret_api_key }}"
Domain: "{{ porkbun_domain }}"
Schedule: "{{ porkbun_cron_sched }}"
TZ: "{{ porkbun_tz }}"
networks:
network_pihole:
ipv4_address: 172.16.3.4
porkbunddns2:
image: pavlinchen/porkbun-ddns
container_name: porkbun-ddns2
restart: always
pull_policy: always
environment:
APIKey: {{ porkbun_api_key }}
SecretAPIKey: {{ porkbun_secret_api_key }}
Domain: {{ porkbun_domain2 }}
Schedule: "{{ porkbun_cron_sched }}"
TZ: {{ porkbun_tz }}
networks:
network_pihole:
ipv4_address: 172.16.3.7
image: pavlinchen/porkbun-ddns
container_name: porkbun-ddns2
restart: always
pull_policy: always
environment:
APIKey: "{{ porkbun_api_key }}"
SecretAPIKey: "{{ porkbun_secret_api_key }}"
Domain: "{{ porkbun_domain2 }}"
Schedule: "{{ porkbun_cron_sched }}"
TZ: "{{ porkbun_tz }}"
networks:
network_pihole:
ipv4_address: 172.16.3.7
ddclient:
image: lscr.io/linuxserver/ddclient:latest
@ -158,53 +154,18 @@ services:
- TZ=Canada/Eastern
- SERVERURL=vpn.coxgrunow.ca
- SERVERPORT=51820
- PEERS=phone,tedupnorth #oAdded Docker tags to Ansible playbookptional
- PEERDNS=172.16.3.2 #optional
- INTERNAL_SUBNET=10.11.4.0 #optional
- ALLOWEDIPS=10.11.1.0/24,172.16.3.2 #optional
- PEERS=phone,tedupnorth # oAdded Docker tags to Ansible playbookptional
- PEERDNS=172.16.3.2 # optional
- INTERNAL_SUBNET=10.11.4.0 # optional
- ALLOWEDIPS=10.11.1.0/24,172.16.3.2 # optional
- SERVER_ALLOWEDIPS_PEER_tedupnorth=10.10.0.0/16
- PERSISTENTKEEPALIVE_PEERS=all #optional - for dynamic DNS
- LOG_CONFS=true #optional
- PERSISTENTKEEPALIVE_PEERS=all # optional - for dynamic DNS
- LOG_CONFS=true # optional
volumes:
- ./wireguard/config:/config
- /lib/modules:/lib/modules #optional
- /lib/modules:/lib/modules # optional
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
# Another container you might want to have running through the proxy
# Note it also have ENV Vars like pihole and a host under pihole's extra_hosts
# ghost:
# image: fractalf/ghost
# ports:
# - '2368:2368/tcp'
# volumes:
# - '/etc/ghost:/ghost-override'
# environment:
# PROXY_LOCATION: ghost
# VIRTUAL_HOST: ghost.yourDomain.lan
# VIRTUAL_PORT: 2368
# restart: always
# homeassistant:
# container_name: homeassistant
# image: "ghcr.io/home-assistant/home-assistant:stable"
# volumes:
# - ./homeassistant/config:/config
# - /etc/localtime:/etc/localtime:ro
# restart: unless-stopped
# privileged: true
# network_mode: host
# #environment:
# # - VIRTUAL_HOST=homeassistant.coxgrunow.ca
# # - VIRTUAL_PORT=8123
yacy:
container_name: yacy
image: "docker.io/yacy/yacy_search_server:aarch64-latest"
volumes:
- ./yacy:/opt/yacy_search_server/DATA
ports:
- 8090:8090/tcp
- 8443:8443/tcp

323
ansible/assets/docker-ext/compose.yml.j2
View File

@ -23,7 +23,7 @@ services:
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- --experimental.plugins.crowdsec-bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
- --experimental.plugins.crowdsec-bouncer.version=v1.2.1
#- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
# - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
ports:
# The HTTP port
- "80:80"
@ -33,7 +33,7 @@ services:
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
#- ./traefik/traefik.yml:/etc/traefik/traefik.yml
# - ./traefik/traefik.yml:/etc/traefik/traefik.yml
- ./traefik:/etc/traefik
- ./letsencrypt:/letsencrypt
- "./logsTraefik:/var/log/traefik"
@ -48,28 +48,27 @@ services:
- "traefik.http.middlewares.authchain.chain.middlewares=crowdsec@docker,authentik@docker"
- "traefik.http.middlewares.internalOnly.ipallowlist.sourcerange=192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12"
- "traefik.http.middlewares.internalOnlyWithAuth.chain.middlewares=internalOnly@docker,crowdsec@docker,authentik@docker"
#ddclient:
# image: lscr.io/linuxserver/ddclient:latest
# container_name: ddclient
# environment:
# - PUID=1000
# - PGID=1000
# - TZ=America/Thunder_Bay
# volumes:
# - ./ddclient/:/config
# restart: unless-stopped
#porkbunddns:
# image: pavlinchen/porkbun-ddns
# container_name: porkbun-ddns
# restart: unless-stopped
# pull_policy: always
# environment:
# APIKey: pk1_6896ac0da1af81d9b7ae1ef0ee65b7f8bc655fc0099588e1db9bb9708da2d2ec
# SecretAPIKey: k1_8c0d61edd906856c4f4f979b6207049ea0b0b50aec5759dacb86c24cb0bf001d
# Domain: mycomputer.party wiki
# Schedule: "*/5 * * * *" #optional
# TZ: Canada/Eastern #optional
# ddclient:
# image: lscr.io/linuxserver/ddclient:latest
# container_name: ddclient
# environment:
# - PUID=1000
# - PGID=1000
# - TZ=America/Thunder_Bay
# volumes:
# - ./ddclient/:/config
# restart: unless-stopped
# porkbunddns:
# image: pavlinchen/porkbun-ddns
# container_name: porkbun-ddns
# restart: unless-stopped
# pull_policy: always
# environment:
# APIKey: pk1_6896ac0da1af81d9b7ae1ef0ee65b7f8bc655fc0099588e1db9bb9708da2d2ec
# SecretAPIKey: k1_8c0d61edd906856c4f4f979b6207049ea0b0b50aec5759dacb86c24cb0bf001d
# Domain: mycomputer.party wiki
# Schedule: "*/5 * * * *" #optional
# TZ: Canada/Eastern #optional
dokuwiki:
image: bitnami/dokuwiki:20240206
restart: unless-stopped
@ -82,7 +81,7 @@ services:
volumes:
- ./dokuwiki:/bitnami/dokuwiki
networks:
- backend
- backend
labels:
- "traefik.enable=true"
- "traefik.http.routers.dokuwiki.rule=Host(`wiki.mycomputer.party`)"
@ -91,31 +90,31 @@ services:
- traefik.http.routers.dokuwiki.tls=true
- "traefik.http.routers.dokuwiki.middlewares=crowdsec@docker"
mail-server:
tty: true
stdin_open: true
restart: unless-stopped
ports:
- 8443:443
- 8008:8080
- 25:25
- 587:587
- 465:465
- 143:143
- 993:993
- 4190:4190
volumes:
- ./stalwart-mail:/opt/stalwart-mail
container_name: stalwart-mail
image: stalwartlabs/mail-server:latest
labels:
- "traefik.enable=true"
- "traefik.http.routers.stalwart.rule=Host(`stalwart.mycomputer.party`)"
- "traefik.http.routers.stalwart.entrypoints=websecure"
- "traefik.http.routers.stalwart.tls.certresolver=myresolver"
- "traefik.http.routers.stalwart.tls=true"
- "traefik.http.services.stalwart-http.loadbalancer.server.port=8080"
tty: true
stdin_open: true
restart: unless-stopped
ports:
- 8443:443
- 8008:8080
- 25:25
- 587:587
- 465:465
- 143:143
- 993:993
- 4190:4190
volumes:
- ./stalwart-mail:/opt/stalwart-mail
container_name: stalwart-mail
image: stalwartlabs/mail-server:latest
labels:
- "traefik.enable=true"
- "traefik.http.routers.stalwart.rule=Host(`stalwart.mycomputer.party`)"
- "traefik.http.routers.stalwart.entrypoints=websecure"
- "traefik.http.routers.stalwart.tls.certresolver=myresolver"
- "traefik.http.routers.stalwart.tls=true"
- "traefik.http.services.stalwart-http.loadbalancer.server.port=8080"
# --- MariaDB
#linkace-db:
# linkace-db:
# image: mariadb:11.2
# container_name: linkace-db
# restart: unless-stopped
@ -129,7 +128,7 @@ services:
# - db:/var/lib/mysql
## --- LinkAce Image with PHP and nginx
#linkace-app:
# linkace-app:
# image: linkace/linkace:simple
# container_name: linkace-app
# restart: unless-stopped
@ -176,7 +175,7 @@ services:
restart: unless-stopped
image: wallabag/wallabag
environment:
#- MYSQL_ROOT_PASSWORD=wallaroot
# - MYSQL_ROOT_PASSWORD=wallaroot
- POSTGRES_USER=wallabag
- POSTGRES_PASSWORD=Mo8ntF92q5oWNV6TbS7t
- SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
@ -287,52 +286,52 @@ services:
# - ./proxies.json:/datastore/proxies.json
environment:
# Default listening port, can also be changed with the -p option
# - PORT=5000
# Default listening port, can also be changed with the -p option
# - PORT=5000
# - PUID=1000
# - PGID=1000
#
# Log levels are in descending order. (TRACE is the most detailed one)
# Log output levels: TRACE, DEBUG(default), INFO, SUCCESS, WARNING, ERROR, CRITICAL
# - LOGGER_LEVEL=DEBUG
#
# Alternative WebDriver/selenium URL, do not use "'s or 's!
# - WEBDRIVER_URL=http://browser-chrome:4444/wd/hub
#
# WebDriver proxy settings webdriver_proxyType, webdriver_ftpProxy, webdriver_noProxy,
# webdriver_proxyAutoconfigUrl, webdriver_autodetect,
# webdriver_socksProxy, webdriver_socksUsername, webdriver_socksVersion, webdriver_socksPassword
#
# https://selenium-python.readthedocs.io/api.html#module-selenium.webdriver.common.proxy
#
# Alternative Playwright URL, do not use "'s or 's!
# - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000
#
# Playwright proxy settings playwright_proxy_server, playwright_proxy_bypass, playwright_proxy_username, playwright_proxy_password
#
# https://playwright.dev/python/docs/api/class-browsertype#browser-type-launch-option-proxy
#
# Plain requests - proxy support example.
# - HTTP_PROXY=socks5h://10.10.1.10:1080
# - HTTPS_PROXY=socks5h://10.10.1.10:1080
#
# An exclude list (useful for notification URLs above) can be specified by with
# - NO_PROXY="localhost,192.168.0.0/24"
#
# Base URL of your changedetection.io install (Added to the notification alert)
# - PUID=1000
# - PGID=1000
#
# Log levels are in descending order. (TRACE is the most detailed one)
# Log output levels: TRACE, DEBUG(default), INFO, SUCCESS, WARNING, ERROR, CRITICAL
# - LOGGER_LEVEL=DEBUG
#
# Alternative WebDriver/selenium URL, do not use "'s or 's!
# - WEBDRIVER_URL=http://browser-chrome:4444/wd/hub
#
# WebDriver proxy settings webdriver_proxyType, webdriver_ftpProxy, webdriver_noProxy,
# webdriver_proxyAutoconfigUrl, webdriver_autodetect,
# webdriver_socksProxy, webdriver_socksUsername, webdriver_socksVersion, webdriver_socksPassword
#
# https://selenium-python.readthedocs.io/api.html#module-selenium.webdriver.common.proxy
#
# Alternative Playwright URL, do not use "'s or 's!
# - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000
#
# Playwright proxy settings playwright_proxy_server, playwright_proxy_bypass, playwright_proxy_username, playwright_proxy_password
#
# https://playwright.dev/python/docs/api/class-browsertype#browser-type-launch-option-proxy
#
# Plain requests - proxy support example.
# - HTTP_PROXY=socks5h://10.10.1.10:1080
# - HTTPS_PROXY=socks5h://10.10.1.10:1080
#
# An exclude list (useful for notification URLs above) can be specified by with
# - NO_PROXY="localhost,192.168.0.0/24"
#
# Base URL of your changedetection.io install (Added to the notification alert)
- BASE_URL=https://changedetection.mycomputer.party
# Respect proxy_pass type settings, `proxy_set_header Host "localhost";` and `proxy_set_header X-Forwarded-Prefix /app;`
# More here https://github.com/dgtlmoon/changedetection.io/wiki/Running-changedetection.io-behind-a-reverse-proxy-sub-directory
# Respect proxy_pass type settings, `proxy_set_header Host "localhost";` and `proxy_set_header X-Forwarded-Prefix /app;`
# More here https://github.com/dgtlmoon/changedetection.io/wiki/Running-changedetection.io-behind-a-reverse-proxy-sub-directory
- USE_X_SETTINGS=1
#
# Hides the `Referer` header so that monitored websites can't see the changedetection.io hostname.
#- HIDE_REFERER=true
#
# Default number of parallel/concurrent fetchers
# - FETCH_WORKERS=10
#
# Hides the `Referer` header so that monitored websites can't see the changedetection.io hostname.
# - HIDE_REFERER=true
#
# Default number of parallel/concurrent fetchers
# - FETCH_WORKERS=10
# Comment out ports: when using behind a reverse proxy , enable networks: etc.
# Comment out ports: when using behind a reverse proxy , enable networks: etc.
ports:
- 5000:5000
restart: unless-stopped
@ -351,41 +350,41 @@ services:
# If WEBDRIVER or PLAYWRIGHT are enabled, changedetection container depends on that
# and must wait before starting (substitute "browser-chrome" with "playwright-chrome" if last one is used)
# depends_on:
# browser-chrome:
# condition: service_started
# depends_on:
# browser-chrome:
# condition: service_started
# Used for fetching pages via Playwright+Chrome where you need Javascript support.
# RECOMMENDED FOR FETCHING PAGES WITH CHROME
# playwright-chrome:
# hostname: playwright-chrome
# image: dgtlmoon/sockpuppetbrowser:latest
# cap_add:
# - SYS_ADMIN
## SYS_ADMIN might be too much, but it can be needed on your platform https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md#running-puppeteer-on-gitlabci
# restart: unless-stopped
# environment:
# - SCREEN_WIDTH=1920
# - SCREEN_HEIGHT=1024
# - SCREEN_DEPTH=16
# - MAX_CONCURRENT_CHROME_PROCESSES=10
# playwright-chrome:
# hostname: playwright-chrome
# image: dgtlmoon/sockpuppetbrowser:latest
# cap_add:
# - SYS_ADMIN
## SYS_ADMIN might be too much, but it can be needed on your platform https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md#running-puppeteer-on-gitlabci
# restart: unless-stopped
# environment:
# - SCREEN_WIDTH=1920
# - SCREEN_HEIGHT=1024
# - SCREEN_DEPTH=16
# - MAX_CONCURRENT_CHROME_PROCESSES=10
# Used for fetching pages via Playwright+Chrome where you need Javascript support.
# Note: Works well but is deprecated, does not fetch full page screenshots (doesnt work with Visual Selector)
# Does not report status codes (200, 404, 403) and other issues
# browser-chrome:
# hostname: browser-chrome
# image: selenium/standalone-chrome:4
# environment:
# - VNC_NO_PASSWORD=1
# - SCREEN_WIDTH=1920
# - SCREEN_HEIGHT=1080
# - SCREEN_DEPTH=24
# volumes:
# # Workaround to avoid the browser crashing inside a docker container
# # See https://github.com/SeleniumHQ/docker-selenium#quick-start
# - /dev/shm:/dev/shm
# restart: unless-stopped
# browser-chrome:
# hostname: browser-chrome
# image: selenium/standalone-chrome:4
# environment:
# - VNC_NO_PASSWORD=1
# - SCREEN_WIDTH=1920
# - SCREEN_HEIGHT=1080
# - SCREEN_DEPTH=24
# volumes:
# # Workaround to avoid the browser crashing inside a docker container
# # See https://github.com/SeleniumHQ/docker-selenium#quick-start
# - /dev/shm:/dev/shm
# restart: unless-stopped
healthchecks:
container_name: healthchecks
@ -394,12 +393,12 @@ services:
# and uncomment the following line:
image: healthchecks/healthchecks:latest
env_file:
- .healthchecks-env
- .healthchecks-env
ports:
- "8011:8000"
# To enable SMTP on port 2525, set SMTPD_PORT=2525 in .env
# and uncomment the following line:
# - "2525:2525"
- "8011:8000"
# To enable SMTP on port 2525, set SMTPD_PORT=2525 in .env
# and uncomment the following line:
# - "2525:2525"
command: bash -c 'uwsgi /opt/healthchecks/docker/uwsgi.ini'
labels:
- "traefik.enable=true"
@ -440,32 +439,32 @@ services:
- "traefik.http.routers.apache2.tls.certresolver=myresolver"
- "traefik.http.routers.apache2.tls=true"
- "traefik.http.services.apache2-http.loadbalancer.server.port=80"
#- traefik.http.routers.apache2.middlewares=authchain@docker
# - traefik.http.routers.apache2.middlewares=authchain@docker
networks:
- backend
#wireguard:
# image: lscr.io/linuxserver/wireguard
# container_name: wireguard
# cap_add:
# - NET_ADMIN
# - SYS_MODULE
# environment:
# - PUID=1001
# - PGID=1001
# - TZ=America/Thunder_Bay
# - PEERS=thelma
# - INTERNAL_SUBNET=10.11.20.0/24
# - ALLOWEDIPS=10.11.0.0/16
# volumes:
# - ./wireguard:/config
# - /lib/modules:/lib/modules
# networks:
# wireguard:
# ipv4_address: 172.20.0.50
# sysctls:
# - net.ipv4.conf.all.src_valid_mark=1
# restart: unless-stopped
# wireguard:
# image: lscr.io/linuxserver/wireguard
# container_name: wireguard
# cap_add:
# - NET_ADMIN
# - SYS_MODULE
# environment:
# - PUID=1001
# - PGID=1001
# - TZ=America/Thunder_Bay
# - PEERS=thelma
# - INTERNAL_SUBNET=10.11.20.0/24
# - ALLOWEDIPS=10.11.0.0/16
# volumes:
# - ./wireguard:/config
# - /lib/modules:/lib/modules
# networks:
# wireguard:
# ipv4_address: 172.20.0.50
# sysctls:
# - net.ipv4.conf.all.src_valid_mark=1
# restart: unless-stopped
crowdsec:
image: crowdsecurity/crowdsec
container_name: crowdsec
@ -477,7 +476,7 @@ services:
expose:
- "8080"
volumes:
#- ./crowdsec/logs:/var/log/crowdsec:ro
# - ./crowdsec/logs:/var/log/crowdsec:ro
- ./crowdsec/db:/var/lib/crowdsec/data
- /var/log:/var/log:ro
- ./crowdsec/opt:/etc/crowdsec
@ -486,10 +485,10 @@ services:
restart: unless-stopped
labels:
- "traefik.enable=false"
#- "traefik.http.routers.crowdsec.rule=Host(`crowdsec.mycomputer.party`)"
#- "traefik.http.routers.crowdsec.entrypoints=websecure"
#- "traefik.http.routers.crowdsec.tls.certresolver=myresolver"
#- "traefik.http.routers.crowdsec.tls=true"
# - "traefik.http.routers.crowdsec.rule=Host(`crowdsec.mycomputer.party`)"
# - "traefik.http.routers.crowdsec.entrypoints=websecure"
# - "traefik.http.routers.crowdsec.tls.certresolver=myresolver"
# - "traefik.http.routers.crowdsec.tls=true"
networks:
- proxy
- backend
@ -554,10 +553,10 @@ services:
DB_NAME: wikijs
restart: unless-stopped
labels:
- "traefik.http.routers.wiki.rule=Host(`wikijs.mycomputer.party`)"
- traefik.http.routers.wiki.tls=true
- "traefik.http.routers.wiki.entrypoints=websecure"
- "traefik.http.routers.wiki.tls.certresolver=myresolver"
- "traefik.http.routers.wiki.rule=Host(`wikijs.mycomputer.party`)"
- traefik.http.routers.wiki.tls=true
- "traefik.http.routers.wiki.entrypoints=websecure"
- "traefik.http.routers.wiki.tls.certresolver=myresolver"
# immich-server:
# container_name: immich_server
@ -621,9 +620,6 @@ services:
# # test: redis-cli ping || exit 1
# # restart: always
volumes:
linkace_logs:
db:
@ -641,7 +637,4 @@ networks:
backend:
proxy:
docker_default:
external: True
external: true

283
ansible/assets/docker-int/compose.yml.j2
View File

@ -1,39 +1,40 @@
---
version: '3.3'
services:
traefik:
container_name: traefik
# The official v2 Traefik docker image
image: traefik:v2.11
# Enables the web UI and tells Traefik to listen to docker
command:
- --api.insecure=true
- --providers.docker
- "--log.filePath=/var/log/traefik/traefik.log"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=jg@justus.ws"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
# The HTTP port
- "80:80"
- "443:443"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
- "./letsencrypt:/letsencrypt"
- "./logsTraefik:/var/log/traefik"
environment:
- "CF_API_KEY=4fa4711ae24bd19c1c17a06ce2ec6b3fa7629"
- "CF_API_EMAIL=jg@justus.ws"
#squid:
container_name: traefik
# The official v2 Traefik docker image
image: traefik:v2.11
# Enables the web UI and tells Traefik to listen to docker
command:
- --api.insecure=true
- --providers.docker
- "--log.filePath=/var/log/traefik/traefik.log"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
# - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=jg@justus.ws"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
# The HTTP port
- "80:80"
- "443:443"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
- "./letsencrypt:/letsencrypt"
- "./logsTraefik:/var/log/traefik"
environment:
- "CF_API_KEY=4fa4711ae24bd19c1c17a06ce2ec6b3fa7629"
- "CF_API_EMAIL=jg@justus.ws"
# squid:
# container_name: squid
# volumes:
# #- '/root/docker/squid/logs:/var/log/squid'
# # - '/root/docker/squid/logs:/var/log/squid'
# # - '/root/docker/squid/data:/var/spool/squid'
# - '/root/docker/squid/squid.conf:/etc/squid/squid.conf'
# # - '/rood/docker/squid/config-snippet:/etc/squid/conf.d/snippet.conf'
@ -42,7 +43,7 @@ services:
# ports:
# - '3128:3128'
# image: 'ubuntu/squid:5.2-22.04_beta'
# #yacy_search_server:
# # yacy_search_server:
# # container_name: yacy
# # ports:
# # - '8090:8090'
@ -53,119 +54,117 @@ services:
# # max-file: 2
# # image: 'yacy/yacy_search_server:latest'
paperless-broker:
image: docker.io/library/redis:7
container_name: paperless-broker
restart: unless-stopped
volumes:
- redisdata:/data
# db:
# image: docker.io/library/postgres:15
# restart: unless-stopped
# volumes:
# - pgdata:/var/lib/postgresql/data
# environment:
# POSTGRES_DB: paperless
# POSTGRES_USER: paperless
# POSTGRES_PASSWORD: paperless
image: docker.io/library/redis:7
container_name: paperless-broker
restart: unless-stopped
volumes:
- redisdata:/data
# db:
# image: docker.io/library/postgres:15
# restart: unless-stopped
# volumes:
# - pgdata:/var/lib/postgresql/data
# environment:
# POSTGRES_DB: paperless
# POSTGRES_USER: paperless
# POSTGRES_PASSWORD: paperless
paperless-webserver:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
container_name: paperless-webserver
restart: unless-stopped
depends_on:
# - db
- paperless-broker
ports:
- "8000:8000"
volumes:
- data:/usr/src/paperless/data
- media:/usr/src/paperless/media
- export:/usr/src/paperless/export
- consume:/usr/src/paperless/consume
env_file: docker-compose.env
#environment:
labels:
- "traefik.http.routers.paperless.rule=Host(`paperless.injust.us`)"
- "traefik.http.routers.paperless.entrypoints=websecure"
- traefik.http.routers.paperless.tls=true
- "traefik.http.routers.paperless.tls.certresolver=myresolver"
image: ghcr.io/paperless-ngx/paperless-ngx:latest
container_name: paperless-webserver
restart: unless-stopped
depends_on:
# - db
- paperless-broker
ports:
- "8000:8000"
volumes:
- data:/usr/src/paperless/data
- media:/usr/src/paperless/media
- export:/usr/src/paperless/export
- consume:/usr/src/paperless/consume
env_file: docker-compose.env
# environment:
labels:
- "traefik.http.routers.paperless.rule=Host(`paperless.injust.us`)"
- "traefik.http.routers.paperless.entrypoints=websecure"
- traefik.http.routers.paperless.tls=true
- "traefik.http.routers.paperless.tls.certresolver=myresolver"
webdav:
container_name: webdav
image: ionelmc/webdav
restart: unless-stopped
ports:
- "8081:8080"
environment:
WEBDAV_USERNAME: alice
WEBDAV_PASSWORD: secret1234
UID: 1001
volumes:
- ./consume:/media
#webdav:
# container_name: webdav
# image: bytemark/webdav
# restart: unless-stopped
# ports:
# - "8081:80"
# environment:
# AUTH_TYPE: Digest
# USERNAME: alice
# PASSWORD: secret1234
# volumes:
# - consume:/var/lib/dav/data/ScannerPro
labels:
- "traefik.http.routers.webdav.rule=Host(`webdav.injust.us`)"
container_name: webdav
image: ionelmc/webdav
restart: unless-stopped
ports:
- "8081:8080"
environment:
WEBDAV_USERNAME: alice
WEBDAV_PASSWORD: secret1234
UID: 1001
volumes:
- ./consume:/media
# webdav:
# container_name: webdav
# image: bytemark/webdav
# restart: unless-stopped
# ports:
# - "8081:80"
# environment:
# AUTH_TYPE: Digest
# USERNAME: alice
# PASSWORD: secret1234
# volumes:
# - consume:/var/lib/dav/data/ScannerPro
labels:
- "traefik.http.routers.webdav.rule=Host(`webdav.injust.us`)"
testweb:
image: httpd:2.4
ports:
- "8008:80"
volumes:
- ./htdocs:/usr/local/apache2/htdocs/
labels:
- "traefik.http.routers.testweb.rule=Host(`testweb.injust.us`)"
- traefik.http.routers.testweb.tls=true
- "traefik.http.routers.testweb.entrypoints=websecure"
- "traefik.http.routers.testweb.tls.certresolver=myresolver"
image: httpd:2.4
ports:
- "8008:80"
volumes:
- ./htdocs:/usr/local/apache2/htdocs/
labels:
- "traefik.http.routers.testweb.rule=Host(`testweb.injust.us`)"
- traefik.http.routers.testweb.tls=true
- "traefik.http.routers.testweb.entrypoints=websecure"
- "traefik.http.routers.testweb.tls.certresolver=myresolver"
actual_server:
image: docker.io/actualbudget/actual-server:latest
ports:
# This line makes Actual available at port 5006 of the device you run the server on,
# i.e. http://localhost:5006. You can change the first number to change the port, if you want.
- '5006:5006'
#environment:
# Uncomment any of the lines below to set configuration options.
# - ACTUAL_HTTPS_KEY=/data/selfhost.key
# - ACTUAL_HTTPS_CERT=/data/selfhost.crt
# - ACTUAL_PORT=5006
# - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20
# - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50
# - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20
# See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration
# !! If you are not using any of these options, remove the 'environment:' tag entirely.
volumes:
# Change './actual-data' below to the path to the folder you want Actual to store its data in on your server.
# '/data' is the path Actual will look for its files in by default, so leave that as-is.
- ./actual-data:/data
labels:
- "traefik.http.routers.actual.rule=Host(`actual.injust.us`)"
- traefik.http.routers.actual.tls=true
- "traefik.http.routers.actual.entrypoints=websecure"
- "traefik.http.routers.actual.tls.certresolver=myresolver"
restart: unless-stopped
image: docker.io/actualbudget/actual-server:latest
ports:
# This line makes Actual available at port 5006 of the device you run the server on,
# i.e. http://localhost:5006. You can change the first number to change the port, if you want.
- '5006:5006'
# environment:
# Uncomment any of the lines below to set configuration options.
# - ACTUAL_HTTPS_KEY=/data/selfhost.key
# - ACTUAL_HTTPS_CERT=/data/selfhost.crt
# - ACTUAL_PORT=5006
# - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20
# - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50
# - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20
# See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration
# !! If you are not using any of these options, remove the 'environment:' tag entirely.
volumes:
# Change './actual-data' below to the path to the folder you want Actual to store its data in on your server.
# '/data' is the path Actual will look for its files in by default, so leave that as-is.
- ./actual-data:/data
labels:
- "traefik.http.routers.actual.rule=Host(`actual.injust.us`)"
- traefik.http.routers.actual.tls=true
- "traefik.http.routers.actual.entrypoints=websecure"
- "traefik.http.routers.actual.tls.certresolver=myresolver"
restart: unless-stopped
volumes:
data:
media:
pgdata:
redisdata:
consume:
driver_opts:
type: "nfs"
o: "addr=omv.injust.us,nolock,soft,rw"
device: ":/export/Paperless"
export:
driver_opts:
type: "nfs"
o: "addr=omv.injust.us,nolock,soft,rw"
device: ":/export/Paperless_Export"
data:
media:
pgdata:
redisdata:
consume:
driver_opts:
type: "nfs"
o: "addr=omv.injust.us,nolock,soft,rw"
device: ":/export/Paperless"
export:
driver_opts:
type: "nfs"
o: "addr=omv.injust.us,nolock,soft,rw"
device: ":/export/Paperless_Export"

1
ansible/assets/git/compose.yml.j2
View File

@ -1,3 +1,4 @@
---
version: "3"
networks:

1
ansible/assets/gitea/compose.yml.j2
View File

@ -1,3 +1,4 @@
---
version: '3.3'
services:
runner: