diff --git a/docker-compose.yml b/docker-compose.yml index 075a71a..0332a59 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,19 +17,19 @@ include: - path: - ${INFRA_PATH}/authelia/authelia.yml - ${INFRA_PATH}/crowdsec/crowdsec.yml - # - ${INFRA_PATH}/headscale/headscale.yml - ${INFRA_PATH}/homepage/homepage.yml + - ${INFRA_PATH}/ntfy/ntfy.yml - ${INFRA_PATH}/speedtest/speedtest.yml - ${INFRA_PATH}/syncthing/syncthing.yml - ${INFRA_PATH}/traefik/traefik.yml - ${INFRA_PATH}/uptime-kuma/uptime-kuma.yml - ${INFRA_PATH}/watchtower/watchtower.yml - # - ${INFRA_PATH}/web-finger/webfinger.yml env_file: ${INFRA_PATH}/.env - path: - ${MONITORING_PATH}/dozzle/dozzle.yml - ${MONITORING_PATH}/grafana/grafana.yml + - ${MONITORING_PATH}/loki/loki.yml - ${MONITORING_PATH}/prometheus/prometheus.yml env_file: ${MONITORING_PATH}/.env @@ -52,7 +52,6 @@ include: - ${SERVICE_PATH}/gitea/gitea.yml - ${SERVICE_PATH}/home-assistant/home-assistant.yml - ${SERVICE_PATH}/ghost/ghost.yml - - ${SERVICE_PATH}/home-assistant/ha-addon/ha-ewelink-addon.yml - ${SERVICE_PATH}/it-tools/it-tools.yml - ${SERVICE_PATH}/jupyter-notebook/jupyter-notebook.yml - ${SERVICE_PATH}/linkwarden/linkwarden.yml @@ -61,7 +60,6 @@ include: # - ${SERVICE_PATH}/ollama/ollama.yml - ${SERVICE_PATH}/paperless-ngx/paperless-ngx.yml - ${SERVICE_PATH}/radicale/radicale.yml - - ${SERVICE_PATH}/shlink/shlink.yml - ${SERVICE_PATH}/stirling-pdf/stirling-pdf.yml - ${SERVICE_PATH}/vaultwarden/vaultwarden.yml - ${SERVICE_PATH}/vikunja/vikunja.yml diff --git a/project/infrastructure/authelia/authelia.yml b/project/infrastructure/authelia/authelia.yml index 55aa70e..8918520 100644 --- a/project/infrastructure/authelia/authelia.yml +++ b/project/infrastructure/authelia/authelia.yml @@ -29,7 +29,6 @@ services: # AUTHELIA_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} # this does not work for access control or openID yet # AUTHELIA_LOCAL_DOMAIN: ${LOCAL_DOMAIN} # this does not work for access control or openID yet volumes: - - ${INFRA_PATH}/authelia/config:/config - ${INFRA_PATH}/authelia/config:/config - "/var/log/authelia/:/config/log" labels: diff --git a/project/infrastructure/headscale/headscale.yml b/project/infrastructure/headscale/headscale.yml deleted file mode 100644 index 2f97b6a..0000000 --- a/project/infrastructure/headscale/headscale.yml +++ /dev/null @@ -1,33 +0,0 @@ -services: - headscale: - extends: - file: ${TEMPLATES_PATH} - service: default - image: docker.io/headscale/headscale:sha-474ea236-debug - container_name: headscale - ports: - - 3001:8080 - - 3002:9090 - networks: - - ip4net - - ip6net - environment: - - DOMAIN=${PUBLIC_DOMAIN} - - CLIENT_SECRET_OIDC=${HEADSCALE_CLIENT_SECRET_OIDC} - - HEADSCALE_CLI_ADDRESS="https://headscale.${PUBLIC_DOMAIN}:443" - - HEADSCALE_CLI_API_KEY="ksC2HnX.3Rv5a2n32Rfgi8aWeaXhp6lAfAwG_NAq" - volumes: - - ${INFRA_PATH}/headscale/config:/etc/headscale - - ${INFRA_PATH}/headscale/lib:/var/lib/headscale - - ${INFRA_PATH}/headscale/data:/var/lib/headscale - command: serve - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" - # Traefik - - "traefik.enable=true" - - "traefik.http.routers.headscale.rule=Host(`headscale.${PUBLIC_DOMAIN}`)" - - "traefik.http.routers.headscale.entrypoints=https" - - "traefik.http.routers.headscale.tls=true" - - "traefik.http.services.headscale.loadbalancer.server.port=8080" - - "traefik.http.routers.headscale.middlewares=crowdsec-bouncer@file" diff --git a/project/infrastructure/ntfy/ntfy.yml b/project/infrastructure/ntfy/ntfy.yml new file mode 100644 index 0000000..80895ee --- /dev/null +++ b/project/infrastructure/ntfy/ntfy.yml @@ -0,0 +1,27 @@ +services: + ntfy: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: ntfy + image: binwiederhier/ntfy + ports: + - "4023:80" + networks: + - ip4net + command: + - serve + volumes: + - /var/cache/ntfy:/var/cache/ntfy + - ${INFRA_PATH}/ntfy/config:/etc/ntfy + - ${INFRA_PATH}/ntfy/data:/var/lib/ntfy + labels: + # Watchtower + - 'com.centurylinklabs.watchtower.enable=true' + # Traefik + - 'traefik.enable=true' + - 'traefik.http.routers.ntfy.rule=Host(`ntfy.${PUBLIC_DOMAIN}`)' + - 'traefik.http.routers.ntfy.entrypoints=https' + - 'traefik.http.routers.ntfy.tls=true' + # Middlewares + - "traefik.http.routers.ntfy.middlewares=crowdsec-bouncer@file" diff --git a/project/infrastructure/web-finger/webfinger.yml b/project/infrastructure/web-finger/webfinger.yml deleted file mode 100644 index b38b35d..0000000 --- a/project/infrastructure/web-finger/webfinger.yml +++ /dev/null @@ -1,21 +0,0 @@ -services: - webfinger: - extends: - file: ${TEMPLATES_PATH} - service: default - image: peeley/carpal - container_name: webfinger - ports: - - 8888:8008 - networks: - - ip6net - volumes: - - ${INFRA_PATH}/web-finger/config/:/etc/carpal/resources - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" - # Traefik - - "traefik.enable=true" - - "traefik.http.routers.webfinger.rule=Host(`${PUBLIC_DOMAIN}`)" - - "traefik.http.routers.webfinger.entrypoints=https" - - "traefik.http.routers.webfinger.tls=true" diff --git a/project/media/navidrome/navidrome.yml b/project/media/navidrome/navidrome.yml index a260f89..7ad4257 100644 --- a/project/media/navidrome/navidrome.yml +++ b/project/media/navidrome/navidrome.yml @@ -17,6 +17,8 @@ services: - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - - "traefik.http.routers.navidrome.rule=Host(`navidrome.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.navidrome.rule=Host(`navidrome.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.navidrome.entrypoints=https" - 'traefik.http.routers.navidrome.tls=true' + # Middlewares + - "traefik.http.routers.navidrome.middlewares=crowdsec-bouncer@file" diff --git a/project/monitoring/loki/loki.yml b/project/monitoring/loki/loki.yml new file mode 100644 index 0000000..e4e4dff --- /dev/null +++ b/project/monitoring/loki/loki.yml @@ -0,0 +1,37 @@ +services: + loki: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: loki + image: grafana/loki + ports: + - 8094:3100 + networks: + - ip4net + volumes: + - ${MONITORING_PATH}/loki/config/loki-config.yml:/etc/loki/local-config.yaml + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.loki.rule=Host(`loki.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.loki.entrypoints=https" + - "traefik.http.routers.loki.tls=true" + + promtail: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: promtail + image: grafana/promtail + networks: + - ip4net + volumes: + - ${MONITORING_PATH}/loki/config/promtail-config.yml:/etc/promtail/config.yml + - /var/log:/var/log + - /var/run/docker.sock:/var/run/docker.sock:ro + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" diff --git a/project/service/home-assistant/ha-addon b/project/service/home-assistant/ha-addon deleted file mode 160000 index 032fb20..0000000 --- a/project/service/home-assistant/ha-addon +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 032fb202d4893b552db32a259618ff5ca8ae31e3 diff --git a/project/service/shlink/shlink.yml b/project/service/shlink/shlink.yml deleted file mode 100644 index 9e2de33..0000000 --- a/project/service/shlink/shlink.yml +++ /dev/null @@ -1,59 +0,0 @@ -services: - shlink-backend: - extends: - file: ${TEMPLATES_PATH} - service: default - image: shlinkio/shlink:latest - container_name: shlink-backend - ports: - - '4004:8080' - networks: - - ip6net - volumes: - - ${SERVICE_PATH}/shlink/data:/usr/share/tesseract-ocr/4.00/tessdata #Required for extra OCR languages - - ${SERVICE_PATH}/shlink/config:/configs - environment: - DEFAULT_DOMAIN: shlink.${PUBLIC_DOMAIN} - IS_HTTPS_ENABLED: true - # GEOLITE_LICENSE_KEY: # optional, to geolocate visit, see https://shlink.io/documentation/geolite-license-key/ - # DB - DB_DRIVER: postgres - DB_USER: shlink - DB_PASSWORD: ${SHLINK_DATABASE_PASSWORD} - DB_HOST: postgres - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" - # Traefik - - "traefik.enable=true" - - "traefik.http.routers.shlink-backend.rule=Host(`shlink.${PUBLIC_DOMAIN}`)" - - "traefik.http.routers.shlink-backend.entrypoints=https" - - "traefik.http.routers.shlink-backend.tls.certresolver=myresolver" - - "traefik.http.routers.shlink-backend.tls=true" - - "traefik.http.routers.shlink-backend.service=shlink-backend-svc" - - "traefik.http.services.shlink-backend-svc.loadbalancer.server.port=8080" - # Middlewares - - "traefik.http.routers.shlink-backend.middlewares=crowdsec-bouncer@file" - - shlink-frontend: - extends: - file: ${TEMPLATES_PATH} - service: default - image: shlinkio/shlink-web-client:latest - container_name: shlink-frontend - ports: - - '4005:8080' - networks: - - ip6net - environment: - SHLINK_SERVER_URL: https://shlink.${PUBLIC_DOMAIN} - SHLINK_SERVER_API_KEY: ${SHLINK_SERVER_API_KEY} - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" - # Traefik - - "traefik.enable=true" - - "traefik.http.routers.shlink-frontend.rule=Host(`shlink.${LOCAL_DOMAIN}`)" - - "traefik.http.routers.shlink-frontend.entrypoints=https" - - "traefik.http.routers.shlink-frontend.tls=true" - \ No newline at end of file