music stack and general improvements

2025-10-11 15:52:07 +02:00
parent 4caf3f5266
commit 2bb4bfa337
8 changed files with 111 additions and 6 deletions
--- a/project/infrastructure/headscale/headscale.yml
+++ b/project/infrastructure/headscale/headscale.yml
@@ -0,0 +1,33 @@
+services:
+  headscale:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: docker.io/headscale/headscale:sha-474ea236-debug
+    container_name: headscale 
+    ports:
+      - 3001:8080
+      - 3002:9090
+    networks: 
+      - ip4net
+      - ip6net
+    environment:
+      - DOMAIN=${PUBLIC_DOMAIN}
+      - CLIENT_SECRET_OIDC=${HEADSCALE_CLIENT_SECRET_OIDC}
+      - HEADSCALE_CLI_ADDRESS="https://headscale.${PUBLIC_DOMAIN}:443"
+      - HEADSCALE_CLI_API_KEY="ksC2HnX.3Rv5a2n32Rfgi8aWeaXhp6lAfAwG_NAq"
+    volumes:
+      - ${INFRA_PATH}/headscale/config:/etc/headscale
+      - ${INFRA_PATH}/headscale/lib:/var/lib/headscale
+      - ${INFRA_PATH}/headscale/data:/var/lib/headscale
+    command: serve
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.headscale.rule=Host(`headscale.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.headscale.entrypoints=https"
+      - "traefik.http.routers.headscale.tls=true"
+      - "traefik.http.services.headscale.loadbalancer.server.port=8080"
+      - "traefik.http.routers.headscale.middlewares=crowdsec-bouncer@file"
--- a/project/infrastructure/uptime-kuma/uptime-kuma.yml
+++ b/project/infrastructure/uptime-kuma/uptime-kuma.yml
@@ -14,6 +14,7 @@ services:
      TZ: ${TZ}
    volumes:
      - ${INFRA_PATH}/uptime-kuma/config:/app/data
+      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - 5001:3001
    networks:
@@ -26,4 +27,4 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.uptime-kuma.rule=Host(`uptime-kuma.${LOCAL_DOMAIN}`)"
      - "traefik.http.routers.uptime-kuma.entrypoints=https"
-      - "traefik.http.routers.uptime-kuma.tls=true"
+      - "traefik.http.routers.uptime-kuma.tls=true"
--- a/project/infrastructure/web-finger/webfinger.yml
+++ b/project/infrastructure/web-finger/webfinger.yml
@@ -0,0 +1,21 @@
+services:
+  webfinger:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: peeley/carpal 
+    container_name: webfinger 
+    ports:
+      - 8888:8008
+    networks: 
+      - ip6net
+    volumes:
+      - ${INFRA_PATH}/web-finger/config/:/etc/carpal/resources
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.webfinger.rule=Host(`${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.webfinger.entrypoints=https"
+      - "traefik.http.routers.webfinger.tls=true"